Privacy Policy

Privacy Notice Pursuant to Article 13 of Regulation (EU) 2016/679

The content of this website is produced under the NOTIONES project, which has received funding from the European Union’s Horizon2020 Programme for research and innovation under grant agreement No.101021853.

NOTIONES (iNteracting netwOrk of inTelligence and securIty practitiOners with iNdustry and acadEmia actorS) is a research project that has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 101021853. Duration of the project is 01.09.2021 – 31.08.2026.

The project coordinator is Fundación Tecnalia Research and Innovation, established in Parque Científico y Tecnológico de Gipuzkoa, Mikeletegi Pasealekua, 2, 20009 Donostia, Gipuzkoa, Spain, VAT number: ESG48975767,

For personal data processing related to project activities, as detailed in Grant Ageement, the partners of NOTIONES project have signed a Joint Controllership Agreement pursuant to Art. 26 GDPR.

As partners in the EU research project NOTIONES, the joint controllers are committed to protecting the privacy and security of personal data of subject involved in research activities. This Data Protection Information Sheet is designed to inform you about how we, as joint controllers, collect, process, and protect your personal information in accordance with the General Data Protection Regulation (GDPR).

The partner in charge of managing NOTIONES project’s website, newsletter and online commmunication activities, and therefore that the Data Controller in charge of abovementioned activities, is SYNYO Gmbh established in Otto-Bauer-Gasse 5/14 – 1060 Wien – Austria.

1. Joint Controllers and respective roles

Considering that the processing of personal data carried out within the project is aimed at carrying out research activities defined by the grant agreement, the roles of the respective data controllers are defined by the activities planned within the NOTIONES project.

The Joint Controllers are as follows:


2. Processed personal data and Purposes of processing

As above specified, the The Data Controller in charge of managing the NOTIONES project website and newsletter is SYNYO, that will process your personal data falling within the definition set out in art. 4(1) of Regulation (EU) 2016/679 (hereinafter “GDPR”) which will process the following categories of data:

  • identification and contact data

The purpose of the processing is to send you a periodic newsletter on project activities or to follow up with you on any inquires send via the website’s contact form.

3. Categories of data subjects

The categories of data subjects whose personal data shall be processed are as follows:

  • people with interest in the topic, development and evolution of the NOTIONES project.

4. Legal Bases for the Processing and how data are processed

For the purposes set out above, the legal basis for processing Your personal data is your consent pursuant to art. 6(1)(a) of the GDPR.

The processing of Personal Data will take place – according to the principles of fairness, lawfulness, and transparency – through the support of IT and manual tools, with logic strictly related to the purposes of the processing and, in any case, guaranteeing the confidentiality and security of the data and in compliance with specific obligations established by law. The availability, management, access, storage, and usability of data is guaranteed by the adoption of technical and organizational measures to ensure appropriate levels of security pursuant to Articles 25 and 32 of the GDPR, as well as, in relation to the specific processing purposes identified by the applicable legislation. The processing is carried out by persons duly authorized and instructed by the Data Controller and in compliance with the provisions of art. 29 GDPR.

In case of newsletter subscription the processing of Your personal data will take place using the “MailerLite” newsletter management platform (, an EU based company that stores data in EU and has GDPR compliancy statement (

In case of filling the contact form, your data will be processed through SYNYO mail server and stored in a secure database till the project is finalized.

5. Disclosure of personal data

Your personal data may be shared with: 

– other NOTIONES project consortium PARTNERS that to pursue project objectives need to process data as Joint Controllers;

– other data processor appointed by data controllers;

– personnel in charge of the processing pursuant to art. 29 of the GDPR; 

– subjects, bodies or authorities, independent data controllers, to whom it is mandatory to communicate the aforementioned personal data by virtue of legal provisions or orders of the authorities; 

6. Transfer of data outside the EU

Your personal data may be transferred, within the Joint Controllership Framework, to and from NOTIONES partners (Joint Data Controllers) located outside the European Union, in particular:  

Israel,  Ukraine, Georgia, North Macedonia.  

The European Union has – so far – recognized Israel to provide an adequate level of data protection: 

For transferring data in the other countries listed above that do not guarantee an essentially equivalent level of protection to that guaranteed in the EEA, the Joint Controllers have signed a specific agreement based on the EU Standard Contractual Clauses (Controller to Controller transfer).

7. Data Retention

Your personal data will be kept only for the time necessary to pursue the purposes set up in point 2 above, respecting the principle of minimization referred to in Art. 5(1)(b) of the GDPR.

In particular Personal Data collected will be kept for 24 months after the end of the project (scheduled for August 31st, 2026)

8. Data Subject Rights

The GDPR recognizes a number of rights to Data Subjects pursuant to art. 15-22 of the Regulation. In particular, you may request the access (Art. 15), the rectification (Art. 16), the erasure (Art. 17, Right to be forgotten), the restriction of processing of the data in the cases provided by Art. 18 of the GDPR. Based on Art. 18 (2) the conditions of restricted processing will be strict. Although it seems a technical solution, it will provide an interlocutory treatment of risk, while the data subjects decide the actual treatment. 

According to Art. 20 You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. You have the right to a judicial remedy and the right to receive compensation when you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation pursuant to Art. 79 of the  GDPR. 

You also have the right to lodge a complaint with the competent Supervisory Authority pursuant to article 77 of the Regulation.  

Although the data subject has the right to contact any of the Data Controller to exercise the aforementioned rights, the Joint Controller Agreement has appointed as contact point the Data Protection Officer (DPO) of NOTIONES project: TECOMS Srl, established in Rome (ITALY) and can be contacted at the following email address The data controller SYNYO can be contacted at; the project coordinator, Tecnalia, can also be contacted at the following email address:

9. Google Analytics and external scripts

This website uses functions of Google Analytics of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, which support interest-based advertising and advertising based on user browsing behaviour. Google Analytics uses a third-party cookie from DoubleClick to evaluate data regarding users’ browsing behaviour on different websites. These data can be used to prepare statistical statements on demographic data and areas of interest of website users.

We expressly draw your attention to the fact that we cannot view data related to individual users and that the statistical data we use cannot be traced back to specific users.

You can disable the DoubleClick cookie at any time:

For more information about Google’s terms of use and privacy, please visit: