Privacy Notice Pursuant to Article 13 of Regulation (EU) 2016/679
The content of this website is produced under the DECICE project, which has received funding from the Horizon Europe.
Data controller and Data protection officer
Georg-August-Universität Göttingen Stiftung Öffentlichen Rechts Wilhelmsplatz 1 (Aula) 37073 Göttingen, as Data Controller (“Data Controller”), will process your personal data collected in this website, operated by the partner SYNYO (SYNYO GmbH – Otto-Bauer-Gasse 5/14 – 1060 Vienna, Austria Phone: +43 1 9962011 DPO Email: email@example.com) that has been appointed as Data Processor. The Data Controller has appointed a Data Protection Officer (“DPO”) who can be contacted to obtain clarifications regarding the processing of your Personal Data and the retention periods at the following e-mail address: firstname.lastname@example.org
Processed personal data and Purposes of processing
We inform you that the Data Controller will process your personal data, falling within the definition set out in art. 4(1) of Regulation (EU) 2016/679 (hereinafter “GDPR”), in this case:
- email address;
The purpose of the processing is to send you a periodic newsletter on project activities, and at any time it will be possible to unsubscribe by following the instructions at the bottom of the newsletter.
Legal Bases for the Processing and how data are processed
For the purposes set out above, the legal basis for processing Your personal data is your consent pursuant to art. 6(1)(a) of the GDPR.
The processing of Personal Data will take place – according to the principles of fairness, lawfulness, and transparency – through the support of IT and manual tools, with logic strictly related to the purposes of the processing and, in any case, guaranteeing the confidentiality and security of the data. and compliance with specific obligations established by law. The availability, management, access, storage, and usability of data is guaranteed by the adoption of technical and organizational measures to ensure appropriate levels of security pursuant to Articles 25 and 32 of the GDPR, as well as, in relation to the specific processing purposes identified by the applicable legislation. The processing is carried out by persons duly authorized and instructed by the Data Controller and in compliance with the provisions of art. 29 GDPR.
The processing of Your personal data will take place using the “MailerLite” newsletter management platform (www.mailerlite.com), an EU based company that stores data in EU and has GDPR compliancy statement (https://www.mailerlite.com/gdpr-compliance).
Disclosure of personal data
Your personal data may be shared with:
– other DECICE project consortium PARTNERS that to pursue project objectives need to process data: those subjects act as data processors pursuant to art. 28 of the GDPR. Upon your request you can access the updated and complete list of processors. Requests must be sent to Data Controller at the addresses indicated above;
– other data processor appointed by DATA CONTROLLER (Georg-August-Universität Göttingen Stiftung Öffentlichen Rechts )
Transfer of data outside the EU
Your personal data may be transferred by the Data Controller to DECICE partners (Data Processor) located outside the European Economic Area, in particular:
Israel, Bosnia and Herzegovina, Ukraine, Georgia.
The European Union has – so far – recognized Israel to provide an adequate level of data protection:
For transferring data in the other countries listed above that do not guarantee an essentially equivalent level of protection to that guaranteed in the EEA, Recital 108 and Article 46 (1) GDPR provide that in the absence of an EU adequacy decision, a controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. A controller or processor may provide appropriate safeguards, without requiring any specific authorisation from a supervisory authority, through its use of one of the transfer tools listed under Article 46 (2) GDPR, such as standard data protection clauses. For transferring data in the other countries listed above standard contractual clauses (known as “SCC”) are used as a ground for data transfers from the EU to these third countries according to Article 46 of the GDPR.
Your personal data will be kept only for the time necessary to pursue the purposes set up in point 2 above, respecting the principle of minimization referred to in Art. 5(1)(b) of the GDPR.
In particular Personal Data collected will be kept for 24 months after the end of the project (scheduled for November 30th, 2027)
More information is available from the Data Controller that can be reached at the addresses indicated above.
Data Subject Rights
The GDPR recognizes a number of rights to Data Subjects pursuant to art. 15-22 of the Regulation. In particular, you may request the access (Art. 15), the rectification (Art. 16), the erasure (Art. 17, Right to be forgotten), the restriction of processing of the data in the cases provided by Art. 18 of the GDPR. Based on Art. 18 (2) the conditions of restricted processing will be strict. Although it seems a technical solution, it will provide an interlocutory treatment of risk, while the data subjects decide the actual treatment.
According to Art. 20 You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. You have the right to a judicial remedy and the right to receive compensation when you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation pursuant to Art. 79 of the GDPR.
You also have the right to lodge a complaint with the competent Supervisory Authority pursuant to article 77 of the Regulation