Effective as of %DATE%
WHO WE ARE
“Data controllers” are the people or organisations that determine the purposes for which, and the manner in which, any Personal Data is processed, and make independent decisions in relation to the Personal Data and/or who/which otherwise control that Personal Data.
1. POLICY SCOPE
2. WHY AND HOW DO WE ENSURE COMPLIANCE?
Data protection and privacy laws provide rights to individuals with regard to the use of their Personal Data by organisations, including the SIRENE Project. Portuguese and EU laws on data protection govern all activities we engage in with regard to our collection, storage, handling, disclosure and other uses of Personal Data.
We must comply with data protection and privacy laws because the law requires us to, but we also would like you to have confidence in dealing with us, and compliance with data protection law helps us to maintain a positive reputation in relation to how we handle Personal Data.
We are required to demonstrate accountability for our data protection obligations. This means that we must be able to show how we comply with the applicable data protection and privacy laws, and that we have in fact complied with the laws.
We do this, among other ways, by our written policies and procedures, by building data protection and privacy compliance into our systems and business rules, by internally monitoring our data protection and privacy compliance and keeping it under review, and by acting if our representatives, including employees or contractors, fail to follow the rules.
We also have certain obligations in relation to keeping records about our data processing.
3. WHO MUST COMPLY?
What are the data protection principles and rules?
We aim to comply with the following principles found in Data Protection Law:
- Lawfulness, fairness and transparency – Personal data must be processed lawfully, fairly and in a transparent manner.
- Purpose Limitation – Personal data must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Data minimisation – Personal Data must be adequate, relevant and limited to what is necessary in relation to purposes for which they are processed.
- Accuracy – Personal data must be accurate and, where necessary, kept up to date. Inaccurate Personal Data should be corrected or deleted.
- Retention – Personal data should be kept in an identifiable format for no longer than is necessary.
- Integrity and confidentiality – Personal data should be kept secure.
- Accountability – Under the GDPR, we must not only comply with the above six general principles but we must be able to demonstrate that we comply by documenting and keeping records of all decisions
4. PERSONAL DATA THAT THIS WEBSITE COLLECTS PROVIDED BY YOU AND HOW WE USE IT
Any personal information which you volunteer to the SIRENE Project through the use of this website will be treated with the highest standards of security and confidentiality, strictly in accordance with the EU GDPR and the Data Protection Acts 1988 to 2018. Unless stated otherwise in detail in the relevant sections of the Website, Personal Data generated from the use of our Website is processed as follows:
(i) Contact via contact form
Should you choose to communicate with us via the contact form, we invite you to provide your name, your email address, and message which are managed by https://www.hubspot.com/ according to their terms and conditions. The website does not store your personal data. The legal basis for processing Personal Data for the purposes set out in this item is art. 6(1)(b) of GDPR.
Should you choose to subscribe to our newsletter, we invite you to provide your name, and your email address which are managed by https://mailchimp.com/ according to their terms and conditions. The website does not store your personal data. The legal basis for processing Personal Data for the purposes set out in this item is art. 6(1)(a) of GDPR. You can withdraw your consent from any communication from the SIRENE project by using the ‘Unsubscribe’ link in any communication.
(iii) Social Media
Some of our webpages use social media plug-ins from other organizations. We embed widgets from these social media networks to provide retweet / sharing functions, like boxes, stream embeds and follow buttons. These other organizations may receive and use personal data about your visit to our sites or apps. If you browse our Website or view content on our apps, the information that these third-party social media organisations collect may be connected to your account on their site. For more information on how these organizations use personal data, please read their privacy policies. The legal basis for processing Personal Data for the purposes set out in this item is art. 6(1)(a) of GDPR.
(iv) Special Category Data
We will not collect special category data from you (for example information around your political/philosophical beliefs, racial/ethnic origins, sex life/sexual orientation) through your use of this website.
(v) Site visitation tracking
We use Google Analytics (GA) to track user interaction and for statistical reasons. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Your computer’s IP address is anonymized by GA services and cannot be used to personally identify you. We consider Google to be a third party.
5. COOKIES AND THIRD PARTY – COOKIES
Cookies are small text files that can be used by websites to make a user’s experience more efficient. Our Website does not collect any cookies apart from the necessary ones.
You reserve the right to set up your browser to warn you before accepting cookies, or you can simply set it to refuse them, although you may not have access to all the features of this website if you do so. See your browser ‘help’ button for how you can do this. You do not need to have Cookies on to use or navigate through many parts of this Website. Remember that if you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your Cookie preferences.
6. HOW WE STORE YOUR PERSONAL DATA
If you submit your contact details via the contact form or newsletter subscription form, your data is stored and managed in the platforms mentioned in section 2. We will not share your contact details with no one and will be securely stored by SIRENE with access only by authorized personnel.
Cookies are currently the only occasion where personal data will be stored by this Website.
We utilize state-of-the-art technology to store your data. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorized processing:
- Access to personal data is restricted to a limited number of authorized persons for the stated purposes.
- The IT systems used for processing data are technically isolated from other systems to prevent unauthorized access and hacking.
- Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.
7. HOW LONG WE WILL KEEP YOUR PERSONAL DATA FOR
We will keep your personal information only for as long as it is relevant and useful for the intended purpose for which it was originally collected, or as required by law.
8. DATA BREACHES
We will report any unlawful data breach of your data within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
9. YOUR RIGHTS AS DATA SUBJECT WITH RESPECT TO YOUR PERSONAL DATA
Under the General Data Protection Regulation [Articles 15-21], you have a number of important rights. In summary, those include rights to:
Right of access:
You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.
Right to rectification:
You have the right to study, correct, update or modify your personal data by contacting SIRENE at the firstname.lastname@example.org
Right to erasure (Right to be forgotten):
You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.
Right to restriction of processing:
You have the right to request a restriction of the processing of your personal data in the following cases:
(a) when the accuracy of the personal data is contested and until the accuracy is verified
(b) when you oppose the deletion of your personal data and request the restriction of their use instead,
(c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and
(d) when you object to the processing and the decision on your objection to processing is pending.
Right to object to processing:
You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.
Right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another controller. Your right to do so exists for the data you have provided to us and is processed by automated means based on your consent or for the execution of a relevant contract.
Right to withdraw your consent:
In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal.
If you would like to exercise any of those rights, please:
- contact us using our Contact details below,
- let us have enough information to identify you,
- let us have proof of your identity and address, and
- let us know the information to which your request relates.
10. TIME LIMITS FOR COMPLIANCE WITH YOUR RIGHTS AS DATA SUBJECT
We make every effort to comply with all requests within one month of the receipt of the request. However, this period may be extended for reasons relating to the specific right or complexity of your request.
11. DATA CONTROLLER AND CONTACT DETAILS
following contact: email@example.com or post address to our Company.
12. HOW TO COMPLAIN
As the Data Subject, you have the right to complain at any time to a supervisory authority in relation to any issues related to our processing of your Personal Data. We would like to hear from you first if you have a complaint about how we use your data so that we may rectify the issue. As The SIRENE Project and SHINE 2Europe are located in Portugal and we conduct our data processing in the EU, we are regulated for data protection purposes by the GDPR and the Portuguese Data Protection Commissioner.
You can contact the Data Protection Commissioner as follows:
CNPD – Comissão Nacional de Proteção de Dados
Address: Av. D. Carlos I, 134, 1º, 1200-651 Lisboa
Telephone: (+351) 213 928 400