Your personal data are processed in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
The information in this communication follows Article 13 (data are collected directly from the data subject) and Article 14 (data have not been collected directly from the data subject) of the said Regulation.
If we handle your personal data then you are a 'Data Subject'. This means you have certain rights under the GDPR in relation to how your personal data is processed.
1. The Controller
The controller of the processing operation is:
GOPA Com. S.A.
Boulevard de la Woluwe 2
2. Data Protection Officer
You as data subject may, at any time, contact our Data Protection Officer (DPO) directly with all questions and suggestions concerning data protection. The contact data of our DPO is GOPA Com. S.A.
Boulevard de la Woluwe 2
3. Legal basis for processing your data
The legal basis of the processing operation is Article 6; more specifically para. 1 lit. f GDPR:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes
4. Purpose of processing your personal data
Your personal data will be processed for the specific purpose of sending you
- project updates such as news and events (both online and in-person) via the Smarter Together newsletter
- event information and invitations relevant to Smarter Together and the European Commission’s Smart Cities and Communities and Horizon 2020 programmes
5. Who may access your data?
Access to personal data will be granted exclusively to organisations and/or individuals directly related to the implementation of the Smarter Together project (e.g., to the partners) or of related projects and exclusively on a need-to-know-basis for the execution of their functional responsibilities and tasks associated to this project.
6. How long do we keep you data?
Your data will in principle be retained only for the time needed to fulfil the intended objectives during the duration of the project (currently 60 months). Some parts of the data might be kept for a longer period where stipulated by financial authorities (10 years in case of financial transactions) or for auditing purposes (usually 7 years). Data will be automatically removed at the end of the respective period or when no longer needed.
7. What is/are the source(s) of your data?
Your data might be collected by means of the project interfaces (surveys, forms, etc.) in which you enter your data directly. The data could also have been collected from other sources; including lists of participants in related events, topic-related databases, business cards, etc. as well as various public sources.
8. Your rights to access, delete or rectify your data
In line with Articles 15, 16, 17, 18, 19 and 20, you have the following rights, respectively:
You have the right to obtain from the controller confirmation as to whether or not your data are being processed; information as to the purposes of the processing operation, the categories of data concerned, and the recipients or categories of recipients to whom the data are disclosed; source(s) of the data being processed; or the logic involved in any automated decision process concerning the data
You have the right to have any inaccurate or incomplete personal data corrected or data completed as needed
- Erasure (right to be forgotten):
You have the right to request the erasure of your data if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; if you withdraw your consent to process your personal data; or if the personal data have been unlawfully processed
Note: If the data have been made public with your prior consent, then taking account of available technology and the cost of implementation, we shall take reasonable steps, including technical measures, to inform other controllers which are processing the personal data that you have requested the erasure by such controllers of any links to, or copy or replication of, those personal data
- Restriction of processing:
You have the right to request restriction of processing (except for storage) in case you contest the accuracy of the personal data or when you consider that the processing is unlawful but you do not want your data to be erased
- Notification after rectification, erasure or restriction of processing:
We will communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. We will inform you about those recipients if you request it
- Data portability:
You shall have the right to receive a file with your personal data in a structured, machine-readable format
Any requests pertaining to these rights should be sent to the above-mentioned data controller at the following email: firstname.lastname@example.org (link sends e-mail).
We will provide information on action taken on your request within one month of receipt of the request. Considering the volume and complexity of the incoming requests that period may be extended by two further months. In such case, we shall inform you accordingly in advance.
9. About securing your data
All personal data is collected and stored using secured IT systems. If any processes are performed by a third party, then the controller will ensure that the same security standards are applied at all times and stages in the process.
Individuals and organisations participating in the processing of personal data have a declaration of confidentiality signed with the controller.
10. What happens if you do not provide your consent?
By not providing your consent to the processing of your personal data, we won’t be in position to perform the following activities:
- contact you with an answer to your question, suggestion or comment
- contact you with project updates such as news and events (both online and in-person) via the Smarter Together newsletter
- notify you of upcoming events and complete your registration process in case of confirmation necessary
11. Your right to recourse
In case your request or complaint is not resolved to your satisfaction by the Data Controller or the Data Protection Officer, you shall have right of recourse at any time to the European Data Protection Supervisor. (https://edps.europa.eu).