Privacy Notice Pursuant to Article 13 of Regulation (EU) 2016/679
content of this website is produced under the DECICE project, which has
received funding from the Horizon Europe.
Data controller and Data protection officer
Georg-August-Universität Göttingen Stiftung Öffentlichen Rechts Wilhelmsplatz 1 (Aula) 37073 Göttingen, as Data Controller (“Data Controller”), will
process your personal data collected in this website, operated by the partner
SYNYO (SYNYO GmbH – Otto-Bauer-Gasse 5/14 – 1060 Vienna, Austria Phone: +43 1
9962011 DPO Email: email@example.com) that has been appointed as Data
Processor. The Data Controller has appointed a Data Protection Officer (“DPO”)
who can be contacted to obtain clarifications regarding the processing of your
Personal Data and the retention periods at the following e-mail address: firstname.lastname@example.org
Processed personal data and Purposes of processing
inform you that the Data Controller will process your personal data, falling
within the definition set out in art. 4(1) of Regulation (EU) 2016/679
(hereinafter “GDPR”), in this case:
- email address;
purpose of the processing is to send you a periodic newsletter on project
activities, and at any time it will be possible to unsubscribe by following the
instructions at the bottom of the newsletter.
Legal Bases for the Processing and how data are processed
the purposes set out above, the legal basis for processing Your personal data
is your consent pursuant to art. 6(1)(a) of the GDPR.
processing of Personal Data will take place – according to the principles of
fairness, lawfulness, and transparency – through the support of IT and manual
tools, with logic strictly related to the purposes of the processing and, in
any case, guaranteeing the confidentiality and security of the data. and
compliance with specific obligations established by law. The availability,
management, access, storage, and usability of data is guaranteed by the
adoption of technical and organizational measures to ensure appropriate levels
of security pursuant to Articles 25 and 32 of the GDPR, as well as, in relation
to the specific processing purposes identified by the applicable legislation.
The processing is carried out by persons duly authorized and instructed by the
Data Controller and in compliance with the provisions of art. 29 GDPR.
processing of Your personal data will take place using the “MailerLite”
newsletter management platform (www.mailerlite.com), an EU based company that
stores data in EU and has GDPR compliancy statement (https://www.mailerlite.com/gdpr-compliance).
Disclosure of personal data
personal data may be shared with:
other DECICE project consortium PARTNERS that to pursue project objectives need
to process data: those subjects act as data processors pursuant to art. 28 of
the GDPR. Upon your request you can access the updated and complete list of
processors. Requests must be sent to Data Controller at the addresses indicated
other data processor appointed by DATA CONTROLLER (Georg-August-Universität Göttingen Stiftung Öffentlichen Rechts )
Transfer of data outside the EU
personal data may be transferred by the Data Controller to DECICE partners
(Data Processor) located outside the European Economic Area, in particular:
Bosnia and Herzegovina, Ukraine, Georgia.
European Union has – so far – recognized Israel to provide an adequate level of
transferring data in the other countries listed above that do not guarantee an
essentially equivalent level of protection to that guaranteed in the EEA,
Recital 108 and Article 46 (1) GDPR provide that in the absence of an EU
adequacy decision, a controller or processor should take measures to compensate
for the lack of data protection in a third country by way of appropriate
safeguards for the data subject. A controller or processor may provide
appropriate safeguards, without requiring any specific authorisation from a
supervisory authority, through its use of one of the transfer tools listed
under Article 46 (2) GDPR, such as standard data protection clauses. For
transferring data in the other countries listed above standard contractual
clauses (known as “SCC”) are used as a ground for data transfers from the EU to
these third countries according to Article 46 of the GDPR.
personal data will be kept only for the time necessary to pursue the purposes
set up in point 2 above, respecting the principle of minimization referred to
in Art. 5(1)(b) of the GDPR.
particular Personal Data collected will be kept for 24 months after the end of
the project (scheduled for November 30th, 2027)
information is available from the Data Controller that can be reached at the
addresses indicated above.
Data Subject Rights
GDPR recognizes a number of rights to Data Subjects pursuant to art. 15-22 of
the Regulation. In particular, you may request the access (Art. 15), the
rectification (Art. 16), the erasure (Art. 17, Right to be forgotten), the
restriction of processing of the data in the cases provided by Art. 18 of the
GDPR. Based on Art. 18 (2) the conditions of restricted processing will be
strict. Although it seems a technical solution, it will provide an
interlocutory treatment of risk, while the data subjects decide the actual
to Art. 20 You have the right to receive your personal data, which you have
provided to a controller, in a structured, commonly used and machine-readable
format. You have the right to transmit those data to another controller without
hindrance from the controller to which the personal data have been provided.
You have the right to a judicial remedy and the right to receive compensation
when you consider that your rights under this Regulation have been infringed as
a result of the processing of your personal data in non-compliance with this
Regulation pursuant to Art. 79 of the GDPR.
also have the right to lodge a complaint with the competent Supervisory
Authority pursuant to article 77 of the Regulation