Privacy Policy

Privacy Notice Pursuant to Article 13 of Regulation (EU) 2016/679

The content of this website is produced under the NOTIONES project, which has received funding from the European Union’s Horizon2020 Programme for research and innovation under grant agreement No.101021853.

1. Data controller and Data protection officer

TECNALIA (Fundación Tecnalia Research and Innovation), established in Parque Científico y Tecnológico de Gipuzkoa, Mikeletegi Pasealekua, 2, 20009 Donostia, Gipuzkoa, Spain, VAT number: ESG48975767, as Data Controller (“Data Controller”), will process your personal data collected in this website, operated by the partner SYNYO (SYNYO GmbH – Otto-Bauer-Gasse 5/14 – 1060 Vienna, Austria Phone: +43 1 9962011 DPO Email: contact@SYNYO.com) that has been appointed as Data Processor. The Data Controller has appointed a Data Protection Officer (“DPO”) who can be contacted to obtain clarifications regarding the processing of your Personal Data and the retention periods at the following e-mail address: javier.lerma@tecnalia.com

2. Processed personal data and Purposes of processing

We inform you that the Data Controller will process your personal data, falling within the definition set out in art. 4(1) of Regulation (EU) 2016/679 (hereinafter “GDPR”), in this case:

  • name
  • surname
  • email address

the processing of Your personal data will take place using electronic and IT tools and will be store in Google Sheet.

The purpose of the processing is to send you a periodic newsletter on project activities or to follow up with you on any inquires send via the website’s contact form.

NOTIONES is a 60-month project funded by the European Union under the Horizon 2020 Programme (Grant Agreement n. 101021853). NOTIONES aims (a) to build a network of practitioners from security and intelligence services of EU MS & AC that has the objective (b) to support the needs of the security and intelligence services of the MS & AC for future security research programming.

3. Legal Bases for the Processing and how data are processed

For the purposes set out above, the legal basis for processing Your personal data is your consent pursuant to art. 6(1)(a) of the GDPR.

The processing of Personal Data will take place – according to the principles of fairness, lawfulness, and transparency – through the support of IT and manual tools, with logic strictly related to the purposes of the processing and, in any case, guaranteeing the confidentiality and security of the data. and compliance with specific obligations established by law. The availability, management, access, storage, and usability of data is guaranteed by the adoption of technical and organizational measures to ensure appropriate levels of security pursuant to Articles 25 and 32 of the GDPR, as well as, in relation to the specific processing purposes identified by the applicable legislation. The processing is carried out by persons duly authorized and instructed by the Data Controller and in compliance with the provisions of art. 29 GDPR.

4. Disclosure of personal data

Your personal data may be shared with:

– other NOTIONES project consortium PARTNERS that to pursue project objectives need to process data: those subjects act as data processors pursuant to art. 28 of the GDPR. Upon your request you can access the updated and complete list of processors. Requests must be sent to Data Controller at the addresses indicated above;

– other data processor appointed by DATA CONTROLLER (TECNALIA)

5. Transfer of data outside the EU

Your personal data may be transferred by the Data Controller to NOTIONES partners (Data Processor) located outside the European Economic Area, in particular:

USA, Israel, Bosnia and Herzegovina, Ukraine, Georgia, North Macedonia.

The European Union has – so far – recognized Israel to provide an adequate level of data protection:

https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

For transferring data in the other countries listed above that do not guarantee an essentially equivalent level of protection to that guaranteed in the EEA, Recital 108 and Article 46 (1) GDPR provide that in the absence of an EU adequacy decision, a controller or processor should take measures to compensate for the lack of data protection in a third country by way of appropriate safeguards for the data subject. A controller or processor may provide appropriate safeguards, without requiring any specific authorisation from a supervisory authority, through its use of one of the transfer tools listed under Article 46 (2) GDPR, such as standard data protection clauses. For transferring data in the other countries listed above standard contractual clauses (known as “SCC”) are used as a ground for data transfers from the EU to these third countries according to Article 46 of the GDPR.

6. Data Retention

Your personal data will be kept only for the time necessary to pursue the purposes set up in point 2 above, respecting the principle of minimization referred to in Art. 5(1)(b) of the GDPR.

In particular Personal Data collected will be kept for 24 months after the end of the project (scheduled for August 31st, 2026)

More information is available from the Data Controller that can be reached at the addresses indicated above.

7. Data Subject Rights

The GDPR recognizes a number of rights to Data Subjects pursuant to art. 15-22 of the Regulation. In particular, you may request the access (Art. 15), the rectification (Art. 16), the erasure (Art. 17, Right to be forgotten), the restriction of processing of the data in the cases provided by Art. 18 of the GDPR. Based on Art. 18 (2) the conditions of restricted processing will be strict. Although it seems a technical solution, it will provide an interlocutory treatment of risk, while the data subjects decide the actual treatment.

According to Art. 20 You have the right to receive your personal data, which you have provided to a controller, in a structured, commonly used and machine-readable format. You have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. You have the right to a judicial remedy and the right to receive compensation when you consider that your rights under this Regulation have been infringed as a result of the processing of your personal data in non-compliance with this Regulation pursuant to Art. 79 of the  GDPR.

You also have the right to lodge a complaint with the competent Supervisory Authority pursuant to article 77 of the Regulation.

8. Contact possibility via project website

The project website notiones.eu contains information that enables a quick electronic contact to our enterprise, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data subject contacts the controller by e-mail or via a contact form, the personal data transmitted by the data subject are automatically stored. Such personal data transmitted on a voluntary basis by a data subject to the data controller are stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.

9. Google Analytics and external scripts

This website uses functions of Google Analytics of Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States, which support interest-based advertising and advertising based on user browsing behaviour. Google Analytics uses a third-party cookie from DoubleClick to evaluate data regarding users’ browsing behaviour on different websites. These data can be used to prepare statistical statements on demographic data and areas of interest of website users.

We expressly draw your attention to the fact that we cannot view data related to individual users and that the statistical data we use cannot be traced back to specific users.

You can disable the DoubleClick cookie at any time:

For more information about Google’s terms of use and privacy, please visit: