The processing of the User’s personal data will take place in compliance with the applicable data protection legislation, with particular regard to the Regulation (EU) 2016/679 (the ‘GDPR’) concerning the protection of natural person with regard to the processing of personal data, as well as free movement of such data.
1. DATA CONTROLLER AND DATA PROCESSOR
The Controller is Universitätsklinikum Hamburg-Eppendorf, established in MARTINISTRASSE 52, 20246 HAMBURG , Germany.
The Processor is the European Society of Cardiology established in ROUTE DES COLLES 2035, 06903 BIOT SOPHIA ANTIPOLIS, France.
2. THE WEBSITE
This Website aims to provide information regarding AFFECT-EU, a project funded by the European
Union’s Horizon 2020 Research and Innovation Programme under grant agreement No. 847770.
It has been designed to minimize the collection and the processing of Users’ personal data, as well as to exclude the processing of such data in all cases when the purposes described below can be achieved with different and more privacy-preserving means.
3. CATEGORIES OF PERSONAL DATA COLLECTED
Traffic and Internet data
The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.
These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.
Personal data provided by the User
The provision of personal data by the User (e.g., name, surname, email address) implies the acquisition of such data by CAT and their subsequent processing for the sole purposes set out below.
4. PURPOSE AND LEGAL BASES OF THE PROCESSING
The User’s personal data will be processed by the Processor solely for the following purposes:
- allowing the User to easily and correctly navigate the This processing is necessary to run the Website and to allow the User to access its contents, according to Art. 6.1, b) of the GDPR;
- fulfil any request made by the User through the contact form available on the Website. This processing is needed to provide the Users with the information they have directly requested, according to 6.1, b) of the GDPR;
- complying with the obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c);
- delivering the AFFECT-EU newsletter, surveys , events and/or updates to the User. As this processing is optional, User’s consent must be acquired before processing the User’s personal data for this purpose.
5. METHODS OF THE PROCESSING, DATA RETENTION AND DATA SECURITY
The personal data are collected and processed lawfully and fairly, solely for the purposes described above and in accordance with the fundamental principles established by the applicable legislation.
Personal data may be processed either manually, through information technology tools or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data.
The processing operations will be carried out only by persons who have been duly authorized and instructed by the Controller.
6. COMMUNICATIONS TO THIRD PARTIES
The personal data collected by the Processor will not be shared or communicated to third parties, unless upon specific consent of the data subject or as otherwise required by applicable laws.
Should the communication to third-party suppliers or partners of the Controller (e.g., service providers, hosting providers, IT companies, communication agencies) be necessary for organizational, administrative or support needs, it will be the Controller’s responsibility to appoint such parties as additional data processors by virtue of the capacity, experience and reliability demonstrated.
It remains understood that the Users’ personal data can be made available to third parties, such as competent and police authorities, whenever this is required by applicable law or by an order issued by them.
7. DATA RETENTION
The personal data will be kept in a format that allows User’s identification only for the time strictly necessary to fulfil the purposes for which the data have been originally collected and, in any case, within the limits set forth by applicable laws and regulations, as well as to enforce or protect the rights of the Controller, where necessary.
In particular, the data provided by the User in relation to the AFFECT-EU newsletter, consultations events and/or updates will be retained for a maximum of 60 months.
When no longer necessary, the data will be immediately cancelled or made anonymous.
8. TRANSFER OF DATA ABROAD
The User’s personal data will not be transferred outside the European Economic Area (hereinafter, the ‘EEA’).
In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely informed about this processing.
9. REDIRECT TO OTHER WEB SITES
The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.
Therefore, each User who accesses such web pages and/or social platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties which, as autonomous controllers, will provide and manage such websites.
10. DATA SUBJECTS’ RIGHTS
In compliance with applicable law, Users can exercise their rights at any time, including:
- accessing their personal data, obtaining evidence of the purposes pursued by the Controller, the categories of data involved, the recipients to whom they may be disclosed, the applicable storage period, the existence of automated decision-making processes;
- having incorrect personal data referred to them rectified without delay;
- having their data erased in the cases provided for by the law;
- obtaining restrictions to processing, where possible;
- requesting portability of the data provided to the Data Controller, i.e., receiving them in a structured, commonly used and machine-readable format, also for transmitting such data to another controller, without any hindrance by the Controller, in all situations where it is required by the law in force;
- objecting to the processing of their data for marketing and commercial purposes;
- easily withdrawing any consent they have previously given, without this affecting in any manner the lawfulness of the processing operations carried out before;
- lodging a complaint to the data protection Supervisory Authority.