GDPR, Privacy and Cookies Policy

Last updated: 30 June 2022

This Privacy and Cookies Policy describes how and when ARETE collects, uses, and shares your information when you use the ARETE Market website. Pursuant to article no. 13 of the Regulation EU n. 2016/679 (GDPR), and in general in observance of the principle of transparency set forth in the above Regulation, personal data will be processed with automated tools for the management of web services connected with the ARETE Market website, within the framework of the institutional objectives of scientific research and administrative activities.

Place of Data Processing and Data Sharing: The personal data that appear on the website and the relevant web services are mainly processed in the offices located in Dublin, Ireland. Physical location of the server, where the website is hosted, is Dublin. In case of need, website and newsletter related data may be processed by the staff of the website technological maintenance provider, at the provider’s headquarters. No data deriving from the web service is shared or disseminated, except in cases expressly provided for by the law. Personal data provided by users are used only to perform the service or work required and are disclosed to third parties only if this is necessary for that purpose.

Security: We use physical, technical, and administrative measures to safeguard information in our possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.

Types of processed data and purpose of the processing

Data input to the site: When you voluntarily create a profile on ARETE Market and upload ARLEM content, it is stored on the physical server in Dublin. Data are stored only for as long as it is necessary. Data may be used to ascertain the responsibility of users in case of potential digital crimes affecting the website. Data provided voluntarily by users – The optional, voluntary and explicit transmission of personal data, including email address, required in the website related web services (e.g. subscribing to newsletters) entails the subsequent acquisition of such data for the sole purpose of replying/responding to the users’ requests and managing the web services. Specific policies will be progressively posted or displayed on the website pages designed for special on-demand services.

Browsing data: When users browse the website, it acquires some navigation data, whose transmission is implicit in the internet communication protocols. Data are not collected to be associated to the identified people concerned. Data may be used to obtain aggregated and anonymous statistical information on website usage and to check its correct operation. Data are stored only for as long as it is necessary. Data may be used to ascertain the responsibility of users in case of potential digital crimes affecting the website. Data provided voluntarily by users – The optional, voluntary and explicit transmission of personal data, including email address, required in the website related web services (e.g. subscribing to newsletters) entails the subsequent acquisition of such data for the sole purpose of replying/responding to the users’ requests and managing the web services. Specific policies will be progressively posted or displayed on the website pages designed for special on-demand services.

Cookies: Cookies active on this website do not record personal data. The website uses the following cookies:

Technical Cookies & Cookies that allow:

  • Website navigation and usability (for example data)
  • Browsing in function of selected criteria (e.g. language, “functionalities cookies”) to improve user experience.

These cookies are not used for purposes other than those described above.

Method and length of data processing: Personal data shall be processed:

  • with automatic tools;
  • by individuals authorized to perform such tasks by the Law;
  • by using proper measures to ensure confidentiality and avoid access by non-authorized third parties;
  • only for the time necessary to achieve the purposes for which they were collected.

Rights of the person concerned:  Pursuant to Section III of the GDPR, the person concerned shall be entitled to exercise their right to:

  • access personal data (you will therefore have the right to have free information about the personal data held by the Data Controller, as well as to obtain a copy thereof in an accessible format);
  • amend incorrect, inaccurate or old data (upon your request, where the data do not express evaluation elements);
  • withdraw consent (if you had consented to the processing, you may withdraw your consent at any time and upon such revocation of consent your data shall no longer be processed);
  • cancel their personal data – right to be forgotten (for example, in case of withdrawal of consent, if there is no other legal basis for data processing);
  • restrict data processing (in certain cases – dispute the accuracy of the data, within the timeframe necessary for verification; dispute the lawfulness of the processing with refusal to the cancellation; your need to use the data to exercise your defense rights, while they are no longer useful for the purposes of the processing; in the event that the processing has been denied, while the necessary checks are being carried out – the data will be stored in such a manner that they may be restored if need be, but, in the meantime, cannot be consulted by the Controller if not in relation to the validity of your request for restriction);
  • deny consent to the processing due to legitimate reasons (under certain circumstances, you may in any case object to the processing of data, and in any case you may refuse processing for direct marketing purposes);
  • data portability (upon your request, the data shall be transmitted to the subject indicated by you in such a format that they can be easily consulted and used);
  • advance a dispute to the Supervisory Authority (Privacy Authority).

Changes To This Policy: We may revise this Privacy Policy from time to time. The most recent version of the policy will govern our use of your information and will be located at ARETE website. We may make changes to this policy at our sole discretion. By continuing to access or use our website after those changes become effective, you agree to be bound by the revised Privacy Policy.

Exercise of users’ data protection rights:  You may contact us via email at arete@ucd.ie, in order to assert your rights, namely: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the cancellation, transformation into anonymous form or the blocking of data processed in violation of the law; the updating, rectification or integration of data; certification that the operations have been brought to the attention of those to whom the data were communicated or disseminated. You may also object at any time to the possible profiling of your personal data.

Questions: If you have any questions about this policy or your privacy on the Services, please contact us at arete@ucd.ie.

GDPR Responsibilities: The EU General Data Protection Regulation (GDPR) introduces more robust requirements for collecting and using people’s data with their consent. Under the GDPR there must be an ‘affirmative act establishing a freely given, informed, and unambiguous indication’ of the person’s wishes. As such the ARETE website reflects the project-specific policies and those of the hosting provider, University College Dublin. Following the Data Protection guidelines the ARETE project has been set up and implemented a cookie consent policy on the website. With implementation of the cookie consent policy, the user can choose to accept all cookies or change the cookie settings when they browse the ARETE website.

HTTPS Certificate

HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). Project coordinator has purchased the HTTPS certificate for the ARETE website from the beginning of the project. The principal motivations for HTTPS are authentication of the accessed website, protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication. In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.

The authentication aspect of HTTPS requires a trusted third party to sign server side digital certificates. HTTPS is now used more often by web users than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and to keep private user communications, identity, and web browsing. This will become especially important in year 2 when the forum (including user accounts and user generated content) will be integrated in the website.

ARETE has purchased SSL certificate from Blacknight solutions http://www.blacknight.com for initial two years. ARETE plans to renew the SSL certificate for one more year until the end of the project. 

ARETE Pilots’ GDPR Compliance

Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data Protection Officer: ensures, in an independent manner, that an organization applies the laws protecting individuals’ personal data. In particular, the DPO must:

  • inform and advise the controller or processor, as well as their employees, of their obligations under data protection law;
  • monitor compliance of the organisation with all legislation in relation to data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations;
  • provide advice where a DPIA has been carried out and monitor its performance;
  • act as a contact point for requests from individuals regarding the processing of their personal data and the exercise of their rights;
  • cooperate with DPAs and act as a contact point for DPAs on issues relating to processing;

Within the different Pilots of ARETE project, all partners involved are Data Controllers in their own right. For the communication purposes with the stakeholders involved, the Project Coordinator institution (UCD DPO) will act as an overarching communicator with the ARETE Pilots’ Data Controllers and DPOs.

If any stakeholder would like to contact us in order to assert their rights at any point during the project lifetime and within 5 years after the project termination (April 2023), please email us to: arete@ucd.ie

If you feel that your private data or your rights were infringed under the GDPR, you may make an official complaint to the data protection authorities in your country:

https://edpb.europa.eu/about-edpb/about-edpb/members_en

ARETE Pilots’ Privacy Policy

  • The ARETE Pilot 1 Privacy Policy for Mobile Application can be found at the link here.
  • The ARETE Pilot 2 Privacy Policy for Mobile Application can be found at the link here
  • The ARETE Pilot 3 Privacy Policy for Mobile Application will be released soon.