Data Privacy Policy for the MAMMOth website
Introduction
Thank you for visiting the MAMMOth website.
This privacy policy concerns processing of personal data with the MAMMOth project due to the operation of the website. This covers personal data that you provide us with through the website, and the personal data that you see on our website.
We are committed to processing personal data responsibly, securely, and proportionally throughout our activities in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and the free movement of such data and repealing Directive 95/46/EC (GDPR). In line with the data minimisation principle (Art.5.1.c of the GDPR), we limit the collection of personal information to what is directly relevant and necessary for the good functioning of our project.
Who we are
Our website address is: mammoth-ai.eu
This website is managed by: Center for Social Innovation Ltd., Rigenis 62, 1st floor, 1010, Nicosia, Cyprus
The website is hosted by: Google LLC
Address/website: mammoth-ai.eu
More information on MAMMOth project from the CORDIS website.
Personal data processed through the website
Should you contact us through the website, we are going to collect your contact details and the message you provided us with. We are not going to collect metadata that you did not expressly provide us with (e.g., IP/MAC addresses).
The content we upload or otherwise make available through the website might contain personal data, such as the names of our researchers and their work.
Legal bases of processing
For the personal data received through the contact form, we embrace the following lawful bases of our processing are embraced:
- Consent (Art.6.1.a of the GDPR) – When you consent directly to the processing of your personal data, for example, when you subscribe to our newsletter. If you provide us with sensitive personal data, falling within Art. 9 of the GDPR, we will process it under Art. 9.2.a of the GDPR.
- Legitimate interests (Art.6.1.f) – We process personal data when it is necessary for us to achieve the following legitimate interests:
- Enhancing our research delivery, by providing information about MAMMOth to the individuals we deem as likely to be interested in our project. This may include:
- Sending invitations and providing access to guests attending our events and webinars;
- Monitoring the activity on this project website.
- Should the recipient of the information communicate to us that they are not interested in further communications from us, we will cease processing their personal data.
- Enhancing our research delivery, by providing information about MAMMOth to the individuals we deem as likely to be interested in our project. This may include:
For the personal data we communicate through the website, the following lawful bases of our processing are embraced:
- Consent (Art.6.1.a of the GDPR) – When we have received consent to publish personal data – e.g., a blog post from one of our researchers.
- Legal obligations (Art.6.1.c of the GDPR) – We may process personal data in order to meet a legal obligation, e.g., promoting project results to multiple audiences, including the media and the public.
- Legitimate interests (Art.6.1.f of the GDPR) – We process personal data when it is necessary for us to achieve the following legitimate interests (as long as they are not overridden by the data subject’s interests):
- Enhancing our research delivery, by providing information about MAMMOth’s activities on the website;
- Undertaking dissemination activities.
How we secure your personal data when we process it
We have put technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. Wherever possible, we ensure that access to your personal data is password-protected. Those individuals who have access to the data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software in use on all of our systems. Nevertheless, the security of data transmitted over the Internet cannot be completely guaranteed.
Please be aware that transmissions over the Internet are never completely private or secure.
How long do we retain personal data?
We retain personal data only as long as it is necessary for the purposes described above. Please note that we have an obligation to retain data concerning European Union Horizon Europe research projects for up to five years after the EC’s last payment to the consortium (unless further retention is requested by the EU auditors).
As the records and documentation containing personal data have been collected within the delivery of an EC project, we expect that the Commission will process it in compliance with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC. After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.
Do we share personal data with third parties?
The MAMMOth consortium will generally not share personal information with anyone except the European Commission if it so requests. All partners will treat information received from other partners as confidential and will not disclose it to third parties, unless it is obvious that the information is already publicly available or there is a legal obligation to do so. The partners will impose the same obligations on their employees and suppliers.
We may occasionally share personal data with trusted third parties, such as those listed below, to help us deliver efficient and quality services. When we do so, we will ensure that recipients are contractually bound to safeguard the data we entrust to them before we actually share the data. We may engage with several or all of the following categories of recipients:
- Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google Analytics);
- Our professional advisers, including lawyers, auditors and insurers;
- Payment service providers;
- E-mail management services (e.g., Moosend);
- Law enforcement or other government and regulatory agencies (e.g., tax authorities) or other third parties as required by, and in accordance with, applicable law or regulation;
- The European Commission when we are required to do so in relation to our work on EC Horizon Europe projects.
Do we transfer your personal data outside the EU?
By default, we store personal data on servers located in the EU. However, we may also store personal data to reputable third-party service providers, notably Google Drive, who may be located outside of the EU.
Wherever such personal data transfers are based on Standard Contractual Clauses within the meaning of Commission Implementing Decision (EU) 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of personal data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council,, we are keeping track of their validity, especially in the light of any national Data Protection Authority decisions on the matter and in line with the European Court of Justice (CJEU) decision in Case C-311/18 Data Protection Commissioner v Facebook Ireland Limited and Maximillian Schrems.
Your rights under data protection legislation
As a data subject, you can exercise the rights outlined in this section of the privacy policy. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make an initial request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.
Right to access (Art. 15 of the GDPR)
The data subject has the right to obtain confirmation as to whether processing of personal data concerning them takes place in the MAMMOth project. If this is the case, the data subject can request access to their data. Granting the right to access only occurs where the identification of the data subject is possible.
Right to rectification (Art. 16 of the GDPR)
The data subject has the right to obtain the rectification of inaccurate personal data concerning them. The exercise of this right is only possible where the data subject can be identified and the inaccuracy of data is verified.
Restriction of processing (Art. 18 of the GDPR)
The data subject has the right to obtain the restriction of processing, where:
- the accuracy of the personal data is contested;
- the processing is unlawful, the data subject opposes the erasure of personal data and requests the restriction of processing instead;
- the controller no longer needs the personal data, but they are required by the data subject for the establishment, exercise or defence of legal claims;
- the data subject has objected to processing pursuant to GDPR Art. 21.1 pending the verification whether the legitimate grounds of the controller override those of the data subject.
The exertion of this right may require provision of further information to allow identification of the data subject.
Right to be Notified Regarding the Rectification or Erasure of Personal Data or Processing Restriction (Art. 19 of the GDPR)
The data subject has the right to be notified about any rectification or erasure of their personal data or any restriction of processing regarding any receiver, to that degree, this notification is neither impossible nor disproportionate.
Right to object (Art. 21 of the GDPR)
A legal basis for the processing of personal data in the MAMMOth project is Art. 6.1.f of the GDPR. The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them unless the MAMMOth consortium demonstrates compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
The exertion of this right may require provision of further information to allow identification of the data subject.
Right to erasure (’Right to be forgotten’) (Art. 17 of the GDPR)
The data subject has the right to obtain erasure of personal data concerning them, if:
- the data subject objects to the processing pursuant to Art. 21.1 and there are no overriding legitimate grounds;
- the personal data have been unlawfully processed;
- the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
Right to data portability (Art. 20 of the GDPR)
In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used and machine-readable format) directly to another company.
Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)
The data subject has the right to lodge a complaint with a data protection supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.
A list of national supervisory authorities can be found here.
Disclaimer and limitations of liability
We aim to keep the information that appears on the MAMMOth website as complete and up to date as possible. If errors are brought to our attention, we will take all reasonable steps to make any necessary corrections within a reasonable time. Please be aware that the information published on our website is for informational purposes only. None of the information contained on the website constitutes legal or professional advice, nor can we accept responsibility for how it might be used, and we are not responsible or liable for any errors or omissions in any of the information provided on the website. We cannot be held liable for any direct or indirect damage that may result from use of this site. Links to other websites are provided in good faith and for information only. A link to another website does not mean that we endorse or accept any responsibility for the content or use of such website.
While we take all possible steps to minimise disruption caused by technical errors, we cannot guarantee that our website will not be interrupted or otherwise affected by such problems. Please note that access may be suspended temporarily and without notice in the case of system failure, website maintenance or repair or for reasons beyond our control.
The use of our website is governed by the law of Ireland (Google LLC Europe). Any dispute arising from or related to the use of this website shall be subject to the non-exclusive jurisdiction of the courts of Ireland (Google LLC Europe).
Do we link to other websites?
Our websites may contain links to other sites, including the sites of the consortium partners, which are not governed by this privacy policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our standards and respect for privacy, we are not responsible for the content, security or privacy practices employed by other sites.
Do we change this privacy policy?
We regularly review this privacy policy and will post any updates to it on this webpage. This privacy policy was last updated on 30/1/2023.
Cookie policy
What is a Cookie?
A cookie is a simple text file downloaded to your computer or mobile device when you visit a website or page, so the website can recognise your device the next time you visit. Cookies are essential used for easy navigation, making your experience faster, easier, and more personalised. The term ‘cookies’ in this Policy is used to refer to all files that collect information in this way.
There are many functions cookies serve. For example, they can help us to remember your language preferences or login information or analyse how well the site is performing, or even allow us to recommend content we believe will be most relevant to you.
Cookies on our website
In order to make your visits to our project site as pleasant as possible, the MAMMOth Consortium uses cookies. These cookies automatically track and collect certain technical information that your browser sends to us. This information might include Internet protocol (IP) addresses, the browser type, browser language, Internet service providers (ISP), referring/exit pages, URLs, operating systems, date/time stamps, and other similar information. However, this information doesn’t identify individual users and we use it exclusively to analyse trends, to administer the site, to track user movements around the site as a whole to improve the services provided. Where a cookie is not strictly necessary, we give you the opportunity to opt out of its usage. We do not use cookies to track your behaviour once you have left our website, and the data from cookies will not be passed on to or used by any commercial enterprise that is not operating under our instruction and only process data as laid out in this policy.
How do we use cookies?
A visit to our website may generate ‘first-party’ cookies and ‘third-party’ cookies. First-party cookies are set by us and relate to the domain of our website. A third-party cookie is a cookie that is associated with a domain name different from that of the page where the cookie is encountered. They are only generated with your agreement. We use third-party cookies to provide enhanced site functionality such as embedded video content.
We use the following types of cookies:
- Strictly Necessary Cookies: These are the most important cookies because they are essential for the operation of the site. You need them to move around our website and access many basic features. If you opt to disable these cookies, you will not be able to access or use MAMMOth website at all.
- Functionality Cookies: We use functionality cookies to allow us to remember your preferences and give a more personalised experience. They record information about choices you’ve made on our website, such as language etc.
- Performance / Analytics Cookies: We utilise performance/analytics cookies to analyse how the website is accessed, used, or is performing in order to provide you with a better user experience and to maintain, operate and continually improve the website. For example, these cookies allow us to better understand our website’s visitors so that we can improve how we present our content or collect general and not personalised information about website visitors such as what browsers or devices they are using, determine the number of first-time users etc.
Within these three categories, cookies are classified as either session or persistent cookies. ‘Session’ cookies are temporary and once you close the browser window, they are deleted from your device. ‘Persistent’ cookies remain on your device for a longer period and are used by the website to recognise your device when you return.
Retention period of the Cookies we use
The session cookies are temporary and they are not retaining after closing the browser window. The functionality cookies and the performance/analytics cookies are stored by Google to ‘remember’ the user’s interactions with the website (Google Analytics) for a period not exceeding 2 years.
How to control Cookies
You have the right to choose whether or not to accept cookies through the pop-up on this site. However, please note that if you choose to refuse cookies you may not be able to use the full functionality of our Website.
Most browsers allow you to change your cookie settings. These settings will typically be found in the “options” or “preferences” menu of your browser.
Change of this Policy
We may change this policy to reflect changes in the legal framework and our practices and services. We suggest you visit this policy from time to time for updates.
Contact us
If you have any concerns as to how your data is processed, you can contact us by e-mail or post: info@csicy.com
We will respond to your queries within 30 days from when we receive them.