Privacy information pursuant to the art. 13 of the EU Regulation n. 679/2016
A. DATA CONTROLLER
The data controller is Synallagma SA (hereafter, “Synallagma”), with registered office in Rue De Hollande 13, 1060 Brussels (Belgium), n. TVA BE0774857180. The data controller can be contacted by email for questions relating to this policy at the address firstname.lastname@example.org. The Data Protection Officer (DPO) can be contacted at the email address email@example.com.
B. WHAT PERSONAL DATA WE COLLECT AND WHEN AND WHY WE PROCESS IT
The Consumer Empowerment Project (CEP) website, www.cep-project.org, is managed by our trustworthy service provider, OVH Hosting Ltd. (hereafter, also, “OVHcloud”), based in France. OVHcloud acts as a processor of data whereas Synallagma is the data controller. We have signed a data processing agreement with OVHcloud. OVHcloud will only use the logs and any other information for troubleshooting the supplied services and for monitoring usage patterns for security purposes.
For reporting and evaluation purposes, we collect some statistics on the visits and downloads on our website with Matomo, a web analytics platform that gives us 100% data ownership . All data collected is anonymised, and we do not share it with third parties. The server software retains access logs (which contain individual IP addresses and pages visited) for the purposes of troubleshooting and generating aggregate statistics. We use this information to provide an indication of faults and to identify peak usage times so that we can decide when to make major site modifications.
We run a variety of mailing lists hosted by our trustworthy service provider, SendinBlue, a simplified joint stock company, based in France. If you subscribe to one of our public mailing lists, the membership of these mailing lists is kept confidential, and only available to selected CEP staff members for the purpose of list management.
We also collect personal data that you provide, on a voluntary basis, when you fill in a form on our website, requesting for information.
C. THE PURPOSE AND LEGAL BASIS FOR USING YOUR PERSONAL DATA
When you fill in a form on our website asking for information, the purpose is to provide you the information about the Consumer Empowerment Project and its initiatives: in this case, the legal basis of such processing is the legitimate interest. You are not obliged to provide us your personal data visiting our Website. Only in case you will fill in the Form, you shall provide us your personal data so we will able to give you the necessary information and assistance.
If you want to keep in touch with CEP and subscribe our newsletters or receive updates on upcoming events or other initiatives organized or promoted by CEP or its partners, you may be asked to give your consent: if this occurs, the legal basis of the processing is the data subject’s consent.
D. SHARING PERSONAL INFORMATION WITHIN DATA PROCESSOR AND WITH SERVICE PROVIDERS
Your personal information won’t be transferred to any Third Country and it will be shared only for the purposes listed in the present privacy notice with Data Processors appointed by Synallagma in charge of the management of the communication and public relation services.
E. RETENTION POLICY
The Data Controller will keep your personal data for 12 months from the fulfilment of your request. At the end of the above-mentioned period, all your personal data will be erased.
However, The Data Controller will continue processing the data of those who have express their consent to subscribe our newsletters or receive information on upcoming events or other initiatives organized or promoted by CEP and its partners, accordingly, to point C). In this case, the Data will be stored until the data subject subjects request for them to be deleted.
The Data Controller implements and maintains appropriate technical and organizational security measure, policies and procedures designed to reduce the risk of accidental destruction or loss, or the unauthorized disclosure or access to personal information. The measures the Data Controller and the Processors adopt, include the execution of confidentiality appointment of the employees and staff members and service providers; limiting the access to personal information; destroying the personal information when it is no longer needed for the purposes for which it was collected. As the security of information depends in part on the security of the computer or device you use to communicate with the Data Controller and the security you use to protect user names and passwords, please take appropriate measures to protect this information.
G. DATA SUBJECTS’ RIGHTS
At any moment you can exercise the following rights writing to firstname.lastname@example.org:
– to access personal information
– rectify or erase personal information
– limit the processing of your personal information
– object to how we use your personal information
– obtain a copy personal information
– lodge a complaint with your local Supervisory Authority, but we kindly ask you to attempt to resolve any issue with us before contacting your local authority.
According to the art. 11 of the EU Regulation n. 679/2016, we may ask you to provide us further information to confirm your identity, otherwise we won’t be able to accomplish your request. As the security of information depends in part on the security of the computer or device you use to communicate with us and the security you use to protect (where relevant) user names and passwords, please take appropriate measures to protect this information.