Data Controllers – Who are the controllers of the personal data that you supply hereunder?
- EUROPEAN DYNAMICS LUXEMBOURG SA (ED LUXEMBOURG), established in RUE JEAN ENGLING 12, LUXEMBOURG 1466, Luxembourg, VAT number: LU17535424,
- UNIVERZA V LJUBLJANI, established in KONGRESNI TRG 12, 1000 , LJUBLJANA Slovenia, VAT number: SI54162513
- IEXEC BLOCKCHAIN TECH, established in 1 RUE JACQUES MONOD, 69007 , LYON France, VAT number: FR90 823070925
- INTELLISEMANTIC SRL, established in CORSO SUSA 299/A, 10090 , RIVOLI Italy, VAT number: IT09124770018
- ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS - RESEARCH CENTER, established in: KEFALLINIAS STREET 46, 11251 , ATHENS Greece, VAT number: EL90034337
- GERMAN HELLENIC CHAMBER OF COMMERCE AND INDUSTRY, established in DORYLAIOU 10, po box: 000, 11521 , ATHENS Greece, VAT number: EL090012763
- F6S NETWORK LIMITED, established in DOGPATCH LABS UNIT 1 THE CHQ BUILDING NORTH WALL QUAY D01Y6H7 , DUBLIN Ireland, VAT number: 643630
Together, these organisations, which constitute the ONTOCHAIN Consortium, have jointly determine the purposes and means of processing personal data, and hence according to Article 26 of the General Data Protection Regulation (GDPR), they shall be joint controllers and they shall in a transparent manner determine their respective responsibilities for compliance with the obligations under this Regulation, in particular, as regards the exercising of the rights of the data subject and their respective duties to provide the information referred to in Articles 13 and 14, by means of an arrangement between them.
Purpose – Why do we process your personal data?
Personal data you supply are used to manage the ONTOCHAIN project.
Under this Horizon 2020 project, the Controllers will exclusively share the collected personal data within the members of the ONTOCHAIN consortium, all of them based in Europe.
Personal data will be shared with the European Commission, only when the ONTOCHAIN open-call participant will sign a contract with the ONTOCHAIN consortium and receive funding from the ONTOCHAIN project, since it is the funding body of the ONTOCHAIN project.
Processing of personal data is strictly related to its use for the purposes of:
- Sending communications by email to the professional contacts of the potential interested entities related to the relevant calls and events;
- Involving the participating entities in the developed activities under this Project;
- Executing the due fund transfers for the involved entities under the Project terms and conditions;
- Complying with any reporting obligations in relation to the European Commission under the Project;
- Compliance with reporting and/or other legal obligations resulting from the Horizon 2020 legal framework.
Personal Data Categories
For clarity purposes, the types of personal data that are subject to processing, for the purposes described above, are the following:
- Full name;
- Professional email;
- Professional telephone contact;
- Country of establishment;
- Short CV and/or LinkedIn profile;
- Bank accounts of beneficiaries (Granted Parties, Advisory Board Members, Independent Experts), in order to enable the due fund transfers to the aforementioned sub-grantees;
- Attendance sheets (with names and signatures of people present at events);
- Photo and video recording of events (e.g.: ideation kick-offs, workshops, demo days, webinars …). Such recordings (e.g.: general perspective of an auditorium, video of a beneficiary pitch, testimonials by the participants), to the extent applicable in accordance with the applicable personal data protection laws, will only capture people that had expressed consent for the use of their image (limited to the promotion of ONTOCHAIN open call and results).
Legal ground – What is the legal basis to process your data?
The Controllers may process your collected personal data for the purposes stated above. The legal basis for the said processing may be:
- Necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract (e.g., in order to enter a sub-grant agreement);
- Necessary for compliance with a legal obligation to which the Controllers are subject to (e.g. reporting and/or other legal obligations resulting from the Horizon 2020 legal framework);
- Necessary for the purposes of the legitimate interests pursued by the Controllers or by a third party (e.g. professional contacts for divulging calls that may be of interest of the recipient entity); and/or consent, if applicable in accordance with the applicable laws (previous consent, if applicable, may be requested in case of video, audio or image collection of participants in an event).
Data Processors – Who will be able to process your data?
Processing of personal data excludes transfer to any third party, as well as international transfers (that is, personal data transfers outside the EEA).
The Controllers may, namely, share the personal data, to the extent strictly necessary, with the following entities:
- Public entities, within the necessary compliance of legal obligations applicable to the Controllers within the ONTOCHAIN Project;
- Participating entities within the ONTOCHAIN Project;
- Service providers of the Controllers on a need to know basis and strictly regarding the purposes defined hereunder within the ONTOCHAIN Project. In these circumstances and where necessary, the Controllers will only use subcontracted entities which present sufficient guarantees to carry out appropriate technical and organizational measures in a way that the processing meets the requirements of the applicable standards in accordance with the level of security appropriate to the risk and sensibility of the personal data in question, and such guarantees will be established by contract signed between the corresponding Controller and each of these third parties.
Storage – How long will we keep your data?
The gathered personal data will be kept until the end of the project (August 2023).
Data needed to answer to potential audits by the European Commission Services (e.g.: data that enables the assessment of ONTOCHAIN activities’ impact), may be kept for up to 5 years after the end of the project (prospectively until August 2028).
However, any personal data may always be deleted earlier, if you request its deletion and the applicable requirements to the exercise and execution of the right to erasure are fulfilled.
In order to follow the principle of data minimization, personal data will be deleted/destructed the earliest possible, in accordance with the applicable criteria and requirements resulting from the applicable personal data protection laws, namely, the General Data Protection Regulation (GDPR EU Regulation 2016/679).
Rights – Which are your rights when you supply your data?
Under the, and in accordance with, the applicable personal data protection laws, as data subject and in relation to the personal data processed by the Controllers, you have the right to request from the Controllers access to, rectification or erasure of your personal data or restriction of processing concerning you or to object to processing, as well as the right to data portability.
We will use reasonable efforts, within our legal duty, to supply, correct or delete personal data about you on our files. For the said purposes, please contact us through the following e-mail contact: email@example.com
To the extent applicable, where the processing is based on your consent for the relevant processing and purpose, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
Without prejudice of all the means of contact between you and the Controllers, you have, in any case, the right to lodge a complaint with a supervisory authority.
Security – How is the data collected protected?
Your personal data will be treated in a confidential manner and subject to suitable technical and organization measures to avoid their loss or unauthorized access and processing.
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, as well as the risks, of probability and variable severity, for your personal data, the Controllers will apply the appropriate technical and organizational measures to ensure a level of safety appropriate to the relevant risk.
The Controllers use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure.
In case of need to subcontract services to third parties that may have access to your personal data, each Controllers subcontractors will adopt the security and organizational measures, as well as the necessary technical measures, necessary to the protection of the confidentiality and security of your personal data, in order to prevent, namely, unauthorized access, loss or destruction of your personal data.