Phoenix Privacy Policy

Introduction

Electrical Power System’s Shield against complex incidents and extensive cyber and privacy attacks (hereinafter “Project”, “Phoenix”, or “Consortium”), is committed to ensure the security and privacy of your Personal Data. As a Controller, the Consortium takes its responsibility regarding the security and privacy of Personal Data very seriously and is going to be transparent about the type of data it collects and how it is being handled.

Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Processing of the Personal Data carried out by the Consortium for the implementation and execution of the Project will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability.

To this extent, please read the following Privacy Policy (hereinafter the “Privacy Policy”) that explains the reason for the processing of your Personal Data, the way we collect, handle and ensure protection of all Personal Data provided, how that information is used and what rights you have in relation to your Personal Data

Any term indicated in capital letter shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.

Data Controller

The Data Controller will be the Consortium.

Which kind of Personal Data we collect

We may ask you to provide us your Personal Data such as first name, last name, address, e-mail. We may also publish video or photographs of your image in case of events or workshops that you attended. The Consortium will also process your Personal Data that you will voluntarily provide to us to post a comment or to send a message to the Consortium itself.

Without prejudice to the above, we collect your Personal Data only with your Consent and only if it is necessary for the purposes of the Project.

Why we process your Personal Data

We will process your Personal Data exclusively within the purposes of the research within the Project. Further information on the Project may be find at following URL: https://phoenix-h2020.eu/

Cookies

The web pages of the Consortium use cookies. Further information on the use of cookies may be find at the following URL: https://phoenix-h2020.eu/cookie-policy/

Data protection provisions about the application and use of YouTube

On the Phoenix website, the Controller has integrated components of YouTube. YouTube is an Internet video portal that enables video publishers to set video clips and other users free of charge, which also provides free viewing, review and commenting on them. YouTube allows you to publish all kinds of videos, so you can access both full movies and TV broadcasts, as well as music videos, trailers, and videos made by users via the Internet portal.

The operating project consortium of YouTube is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, UNITED STATES. The YouTube, LLC is a subsidiary of Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the Data Subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the Data Subject.

If the Data Subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the Data Subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the Data Subject.

YouTube and Google will receive information through the YouTube component that the Data Subject has visited our website, if the Data Subject at the time of the call to our website is logged in on YouTube; this occurs regardless of whether the person clicks on a YouTube video or not. If such a transmission of this information to YouTube and Google is not desirable for the Data Subject, the delivery may be prevented if the Data Subject logs off from their own YouTube account before a call-up to our website is made.

YouTube’s data protection provisions, available at https://www.google.com/intl/en/policies/privacy/, provide information about the collection, processing and use of Personal Data by YouTube and Google.

Data protection provisions about the application and use of Google Analytics (with anonymization function)

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.

The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.

For the web analytics through Google Analytics the controller uses the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the Data Subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us.

Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.

Data protection provisions about the application and use of LinkedIn

The Controller has integrated components of the LinkedIn Corporation on this website. LinkedIn is a web-based social network that enables users with existing business contacts to connect and to make new business contacts. Over 400 million registered people in more than 200 countries use LinkedIn. Thus, LinkedIn is currently the largest platform for business contacts and one of the most visited websites in the world.

The operating project consortium of LinkedIn is LinkedIn Corporation, 2029 Stierlin Court Mountain View, CA 94043, UNITED STATES. For privacy matters outside of the UNITED STATES LinkedIn Ireland, Privacy Policy Issues, Wilton Plaza, Wilton Place, Dublin 2, Ireland, is responsible.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a LinkedIn component (LinkedIn plug-in) was integrated, the Internet browser on the information technology system of the Data Subject is automatically prompted to the download of a display of the corresponding LinkedIn component of LinkedIn. Further information about the LinkedIn plug-in may be accessed under https://developer.linkedin.com/plugins. During the course of this technical procedure, LinkedIn gains knowledge of what specific sub-page of our website was visited by the Data Subject.

If the Data Subject is logged in at the same time on LinkedIn, LinkedIn detects with every call-up to our website by the Data Subject—and for the entire duration of their stay on our Internet site—which specific sub-page of our Internet page was visited by the Data Subject. This information is collected through the LinkedIn component and associated with the respective LinkedIn account of the Data Subject. If the Data Subject clicks on one of the LinkedIn buttons integrated on our website, then LinkedIn assigns this information to the personal LinkedIn user account of the Data Subject and stores the Personal Data.

LinkedIn receives information via the LinkedIn component that the Data Subject has visited our website, provided that the Data Subject is logged in at LinkedIn at the time of the call-up to our website. This occurs regardless of whether the person clicks on the LinkedIn button or not. If such a transmission of information to LinkedIn is not desirable for the Data Subject, then he or she may prevent this by logging off from their LinkedIn account before a call-up to our website is made.

LinkedIn provides under https://www.linkedin.com/psettings/guest-controls the possibility to unsubscribe from e-mail messages, SMS messages and targeted ads, as well as the ability to manage ad settings. LinkedIn also uses affiliates such as Eire, Google Analytics, BlueKai, DoubleClick, Nielsen, Comscore, Eloqua, and Lotame.

The setting of such cookies may be denied under https://www.linkedin.com/psettings/guest-controls. The applicable privacy policy for LinkedIn is available under https://www.linkedin.com/legal/privacy-policy.

The LinkedIn Cookie Policy is available under https://www.linkedin.com/legal/cookie-policy.

Data protection provisions about the application and use of Facebook

On this website, the controller has integrated components of the enterprise Facebook. Facebook is a social network.

A social network is a place for social meetings on the Internet, an online community, which usually allows users to communicate with each other and interact in a virtual space. A social network may serve as a platform for the exchange of opinions and experiences, or enable the Internet community to provide personal or business-related information. Facebook allows social network users to include the creation of private profiles, upload photos, and network through friend requests.

The operating company of Facebook is Facebook, Inc., 1 Hacker Way, Menlo Park, CA 94025, United States. If a person lives outside of the United States or Canada, the controller is the Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.

With each call-up to one of the individual pages of this Internet website, which is operated by the controller and into which a Facebook component (Facebook plug-ins) was integrated, the web browser on the information technology system of the data subject is automatically prompted to download display of the corresponding Facebook component from Facebook through the Facebook component. An overview of all the Facebook Plug-ins may be accessed under https://developers.facebook.com/docs/plugins/. During the course of this technical procedure, Facebook is made aware of what specific sub-site of our website was visited by the data subject.

If the data subject is logged in at the same time on Facebook, Facebook detects with every call-up to our website by the data subject—and for the entire duration of their stay on our Internet site—which specific sub-site of our Internet page was visited by the data subject. This information is collected through the Facebook component and associated with the respective Facebook account of the data subject. If the data subject clicks on one of the Facebook buttons integrated into our website, e.g. the “Like” button, or if the data subject submits a comment, then Facebook matches this information with the personal Facebook user account of the data subject and stores the personal data.

Facebook always receives, through the Facebook component, information about a visit to our website by the data subject, whenever the data subject is logged in at the same time on Facebook during the time of the call-up to our website. This occurs regardless of whether the data subject clicks on the Facebook component or not. If such a transmission of information to Facebook is not desirable for the data subject, then he or she may prevent this by logging off from their Facebook account before a call-up to our website is made.

The data protection guideline published by Facebook, which is available at https://facebook.com/about/privacy/, provides information about the collection, processing and use of personal data by Facebook. In addition, it is explained there what setting options Facebook offers to protect the privacy of the data subject. In addition, different configuration options are made available to allow the elimination of data transmission to Facebook. These applications may be used by the data subject to eliminate a data transmission to Facebook.

Data protection provisions about the application and use of Twitter
On this website, the Controller has integrated components of Twitter. Twitter is a multilingual, publicly-accessible microblogging service on which users may publish and spread so-called ‘tweets,’ e.g. short messages, which are limited to 140 characters. These short messages are available for everyone, including those who are not logged on to Twitter. The tweets are also displayed to so-called followers of the respective user. Followers are other Twitter users who follow a user’s tweets. Furthermore, Twitter allows you to address a wide audience via hashtags, links or retweets.

The operating project consortium of Twitter is Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, UNITED STATES.

With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a Twitter component (Twitter button) was integrated, the Internet browser on the information technology system of the Data Subject is automatically prompted to download a display of the corresponding Twitter component of Twitter. Further information about the Twitter buttons is available under https://about.twitter.com/de/resources/buttons. During the course of this technical procedure, Twitter gains knowledge of what specific sub-page of our website was visited by the Data Subject. The purpose of the integration of the Twitter component is a retransmission of the contents of this website to allow our users to introduce this web page to the digital world and increase our visitor numbers.

If the Data Subject is logged in at the same time on Twitter, Twitter detects with every call-up to our website by the Data Subject and for the entire duration of their stay on our Internet site which specific sub-page of our Internet page was visited by the Data Subject. This information is collected through the Twitter component and associated with the respective Twitter account of the Data Subject. If the Data Subject clicks on one of the Twitter buttons integrated on our website, then Twitter assigns this information to the personal Twitter user account of the Data Subject and stores the Personal Data.

Twitter receives information via the Twitter component that the Data Subject has visited our website, provided that the Data Subject is logged in on Twitter at the time of the call-up to our website. This occurs regardless of whether the person clicks on the Twitter component or not. If such a transmission of information to Twitter is not desirable for the Data Subject, then he or she may prevent this by logging off from their Twitter account before a call-up to our website is made.

The applicable data protection provisions of Twitter may be accessed under https://twitter.com/privacy?lang=en.

Lawful basis

We process your Personal Data, as long as you, in your quality of Data Subject, has provided us with your Consent for the Processing of your Personal Data for one or more specific purposes such as to contribute and support Phoenix project participating in workshop and training to provide feedback, to participate in surveys, to answer questionnaire or to disseminate the results of EU-funded research and innovation projects.

We also may process your Personal Data if it is necessary for compliance with a legal obligation to which the Data Controller is subject.

Additional lawful basis for the processing may be the Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 – the Framework Programme for Research and Innovation (2014-2020) and its annex.

Your Personal Data will not be used for any automated decision-making including profiling.

For how long we keep your Personal Data

Phoenix only keeps your Personal Data for the time necessary to fulfil the purpose of the Project and will be destroyed when no longer needed for that purpose.

How do we protect and safeguard your Personal Data

All processing is carried out in compliance with article 32 of the GDPR, with the adoption of appropriate security measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk of the processing and of the nature of the Personal Data. Organisational measures include restricting access to the Personal Data solely to authorised persons or third parties where legitimated by the Data Controller for the purposes of processing operation.

Who may access to your Personal Data

Access to your Personal Data is provided to the Consortium who is responsible for carrying out this Processing operation and to authorised staff according to the ‘need to know’ principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

However, we may disclose your information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process or where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.

We may share your information with our service provider, Seravo Ltd., which located in Tampere, Finland. We may also share your information with competent regulatory authorities for legitimate reason.

Which are your rights and how you can exercise them

Pursuant to the GDPR, you have a number of rights concerning the Personal Data we hold about you. If you wish to exercise any of these rights, please contact use the contact details set out above.

  • The right to be informed. You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we’re providing you with the information in this Privacy Policy.
  • The right of access. You have the right to obtain access to your Personal Data subject matter of the data Processing. This will enable you, for example, to check that we’re using your Personal Data in accordance with the relevant data protection law. If you wish to access the information we hold about you in this way, please get in touch (please see section Contact information here below).
  • The right to rectification. You are entitled to have your Personal Data corrected if it is inaccurate or incomplete. You can request that we rectify any errors in information that we hold by contacting us (please see section Contact information here below).
  • The right to erasure. This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of certain of the Personal Data that we hold about you by contacting us (please see section Contact information here below). Please remember that it is possible that pursuant any applicable law you may not have all your Personal Data erased.
  • The right to restrict processing. You have rights to ‘block’ or ‘suppress’ certain further use of your Personal Data. When processing is restricted, we can still store your Personal Data, but will not use it further.
  • The right to data portability. You have the right to obtain your personal information in an accessible and transferrable format so that you can re-use it for your own purposes across different service providers. This is not a general right however and there are exceptions. To learn more please get in touch (please see section Contact information here below)).
  • The right to lodge a complaint. You have the right to lodge a complaint about the way we handle or process your Personal Data with the relevant national Data Protection Authority.
  • The right to withdraw consent. If you have given your consent to anything we do with your Personal Data (i.e. we rely on consent as a legal basis for processing your information), you have the right to withdraw that consent at any time. You can do this by contacting us (please see section Contact information here below). Withdrawing consent will not however make unlawful our use of your information while consent had been apparent.
  • The right to object to processing. You have the right to object to certain types of processing. You can for example object to the publication of pictures taken of you within the context of a conference.

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description in your request.

Your requests will be handled within a maximum of 30 (thirty) working days.

Contact information

If you would like to exercise your rights under GDPR, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your Personal Data, please feel free to contact the following email address: farhan.sahito@capgemini.com.

 

Changes

Where appropriate, we will notify you of any changes to this privacy policy, for example by email or push notification.

Entry into force

The present Privacy Policy entered into force the 1st November 2019.

Last update 21/11/2019.


This project has received funding from the European Union’s Horizon 2020 research and Innovation programme under grant agreement N°832989. All information on this website reflects only the authors’ view. The Agency and the Commission are not responsible for any use that may be made of the information this website contains.

Sign up to our newsletter