en

AshCycle Privacy Policy on the protection of personal data

At AshCycle consortium, privacy is a serious matter, and we are committed to protecting it. This document acts as combined Data Protection Policy and Information Notice. The policy on the protection of natural persons regarding the processing of personal data is based on Regulation (EU) No 2016/679 of the European Parliament and of the Council of 27 October 2016 and on the free movement of such a data. The Information Notice provides the information required by the applicable regulations on the protection of personal data and in particular by the General Data Protection Regulations (GDPR).

In accordance with the General Data Protection Regulation ("GDPR"), this policy explains when, why and how partners of AshCycle consortium are governed by this Regulation:

  • collect personal data about individuals; 
  • use this information; 
  • disclose this kind of data to others, when this is necessary and under certain conditions;
  • keep secure and confidential this personal data.

WHAT ARE THE POLICY CHANGES?

This policy may evolve over time so please check the date on this page to make sure that you have the latest version. This policy was last updated on 28th of September 2022.

WHO ARE WE?

AshCycle consortium (hereafter the "Consortium") consists of research and technology organisations, enterprises and non-governmental organisations working together in the AshCycle project. The Consortium is established around Horizon Europe Research and Innovation project. Whenever dealing with one of our Consortium partners (hereafter the "Partner"), the "controller" of your personal data will be the Partner that decides why and how your personal data is processed.

Where this policy refers to "we", "our" or "us" below, unless mentioned otherwise, this refers to the particular Partner that is the controller of your personal data.

WHO IS THE CONTROLLER OF YOUR DATA?

AshCycle Project Coordinator, University of Oulu (FI02458955), Pentti Kaiterankatu 1, 90014 Oulu, tel. +358294480000

This project has received funding from the European Union's Twin Green and Digital Transition 2021 research and innovation programme under grant agreement No 101058162. The opinions expressed in this document reflect only the author's view and in no way reflect the European Commission's opinions. The European Commission is not responsible for any use that may be made of the information it contains.

HOW AND WHAT PERSONNEL INFORMATION IS COLLECTED

We may collect and process the following personal data:

Personal data you give to us
This is information about you that you give to us, entirely voluntarily, by entering information via:

  • one of our websites
  • social media platforms
  • corresponding with us by phone, email or otherwise.

Example: this includes information provided at the time of registering to use our websites, subscribing to the services we provide through our websites, posting material or requesting further services, managing your account online (including accessing documentation and engaging in correspondence with us by phone, email or otherwise). We may also ask you for information when you report a problem with our websites.

The information you give us may relate to your identification, such as your name, address, email address and phone number, or inquiry details, and may include records of any correspondence and responses related to AshCycle project and its conducting.

Personal data we collect about you:
We may automatically collect the following information:

  • details of transactions you carry out through the websites, and your visits to our websites, including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources you access;
  • technical information, automatically collected, including anonymous data collected by the hosting server for statistical purposes, the Internet protocol (IP) address used to connect your computer or device to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. Please see cookies for further information;
  • any personal data which you allow to be shared that is part of your public profile or third-party social network.

Personal data we may receive from other sources:
We obtain certain personal data about you from sources outside our activities which may include our Consortium partners or other third-party companies.

The remaining provisions of this policy also apply to any personal data we obtain from these sources. We do not collect nor treat sensitive data.

WHY AND HOW WE USE YOUR PERSONAL DATA

We process your personal data lawfully for:

  • the purpose of handling communication and exchange of information between Consortium partners and external stakeholders;
  • the purpose of handling communication and exchange of information with our websites users;
  • enable you to participate in consultations or on-line surveys and willingly participate in follow-up to a survey;
  • to accomplish mission to disseminate the results of scientific research projects to the general public;
  • to provide information and answers about our activities, research results and content from the projects we work on;
  • to carry out statistics and reports in anonymous form (e.g. assessment the download of the material provided, the number of times a website was accessed, the most visited pages, the average visit duration, the country of origin of users etc.);
  • to carry out other legitimate purposes, as well as other lawful purposes, such as communication activities in relation to other similar areas, projects or about other networking activities of the Consortium;
  • any other specific purpose indicated at the time of collecting the information.

We may use and process your personal data principally
where you have provided freely given and explicit CONSENT and for specific, determined and legitimate purposes. You may withdraw your consent for us to use your information by contacting us at any time.

LEGAL BASIS FOR PROCESSING THE DATA

The Data Controller has the Legitimate Interest to treat your personal data as per art. 6 (f) GDPR 179/2016. We believe that it is a mutual benefit to remain in contact; you will receive from us communications exclusively as detailed in the previous paragraphs. We are counting to hear from you back on the specific topics through our communication activity for a mutual growth.

TO WHOM IS YOUR DATA DISCLOSED 

To Project Coordinator, Communications Specialist (WP7 leader) and Consortium partners' personnel processing of your information and dealing with our websites and survey tools have access to your data. Survey tool service providers will have access to your personal data. Survey tool service providers as well as tools enabling Consortium work collaboration (Skype, Webex, Microsoft Teams, Doodle etc.) are chosen in a way that data processing meets requirements of GDPR and is proven by service providers Data Processing Agreement that are kept in file.

WHERE WE STORE YOUR PERSONAL DATA

The data processing takes place in University of Oulu premises. The applicable law is the EU GDPR 679/2016, considering the effective and actual processing activity and the context in which personal data are processed. The data processing is performed by authorized members of the staff who have been appointed and trained in maintaining security and confidentiality of personal data. In addition to the data collection, the processing of your personal data may involve their recording, storage, modification, communication and cancellation. The data processing shall be carried out with the use of electronic equipment. Storage of personal data shall be in electronic form, for the time that is strictly necessary to meet the purposes and in accordance with local regulations and internal processes. With regards to the personal information you provide, please note that all the necessary steps will be taken to ensure the confidentiality and security of shared data, in compliance with the provisions of the Privacy Regulation. In particular, we have implemented all the technical, organizational, logistical and procedural security measures in line with technological developments pursuant to the Regulation, in order to guarantee the minimum level of data protection required by the legislation in force. The data are stored in a database that is hosted internally at data controller premises. The hosting and the related responsibilities are ruled by a specific contract. In this contract the above-mentioned Provider claims that the servers used to host and store the database are located in data centres within the European Union. The services offered are in compliance with the relevant legislation on data protection thanks to the adoption of appropriate security measures

Mainly because of the international dimension of the AshCycle Consortium, the information you provide to us may be transferred to countries outside the European Union (EU).

In such cases, we will take to the appropriate security and confidentiality measures to ensure that your privacy rights continue to be protected as outlined in this policy.

HOW LONG WE KEEP YOUR PERSONAL DATA 

Your data will be processed for the whole duration of the project that you subscribed to or of other similar projects that we proposed to you. You will always have the possibility to opt-out from any of the projects if you are not interested in them anymore. Once a specific project is over, starting from the last communication that you receive from us, we will keep your data for a further period of 2 years. If in this period of time you don't receive any further updates from us, we will get in contact with you to verify if you are still interested in being part of the community and in case extend the retention period for 2 additional years. We retain your personal data for a period of time necessary to achieve the purpose for which we use that information and to fulfill our obligations under other laws. Except in specific cases, this period is specified at the time the information is collected. We do not retain personal data in an identifiable format for longer than is necessary.

WHAT ARE YOUR RIGHTS

Subject to applicable law and certain exemptions, restrictions or circumstances, you may have the right:

  • to access your personal data;
  • to correct, modify and update your personal data;
  • to erase your personal data or restrict its processing;
  • to withdraw your consent;
  • to object to our use of your personal data for automated decisions made about you;
  • to ask us to transfer your personal data in a structured data file to you or to another service provider if it is technically possible (data portability);
  • to lodge a complaint with the competent supervisory authority and seek a judicial remedy.
  • the competent supervisory authorities for Coordinator and Scientific Coordinator as by country of establishment is the following:

Office of the Data Protection Ombudsman, Finland - contact: tietosuoja@om.fi | https://tietosuoja.fi/en/contact-information

The local competent supervisory authorities related to any of AshCycle Partners activities locally can be found here: https://www.ombudsman.europa.eu/en/european-network-of-ombudsmen/members/national-ombudsmen

These rights may be exercised by written request sent to the contact details that will be provided to you at the time of data collection. A reply will be provided to you within a reasonable delay, in accordance with the applicable regulations.

HOW WE ENSURE SECURITY AND CONFIDENTIALITY OF YOUR DATA 

Our aim is to keep your data as safe and secure as possible at all times. Once we have received your personal data, we put in place reasonable and appropriate technical and organisational measures and controls to prevent as much as possible any accidental or unlawful destruction, loss, alteration, or unauthorised access. 

HOW COOKIES WORK 

Like many other websites, our websites use cookies to obtain an overall view of the volumes and the habits of our visitors on our websites. "Cookies" are small pieces of information sent to your device and stored on its hard drive to allow our website to recognise you when you visit. It is possible to switch off cookies by setting your browser preferences. For more information on how we use cookies and how to switch them off on your device, please visit the applicable cookies policy of the concerned website.