Privacy Policy

he privacy policy refers to the provisions of the General Data Protection Regulation in the framework of the Interreg Euro-MED programme.

PERSONAL DATA PROTECTION

DESIGNATIONS

Partners / partnership: In the following text, “partner” / “partnership” designate partner institutions / organisations participating in projects co-financed by the Programme and likely to collect data within the framework of their project.

Supervisory Authority: independent public authority established by a member State under article 51 of the GDPR. In France, the Supervisory Authority is the CNIL. The list of Supervisory Authorities is available here: ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm

The NaTour4CChange project treats carefully all data collected as confidential and use it only under the legal compliance with EU regulations.

All data collected and managed by the NaTour4CChange project, namely accounts, databases of project partners, beneficiaries list and newsletter subscribers, event participants, is in strict compliance with the new Regulation (EU) 2016/679, General Data Protection Regulation.

The responsible for management of personal data is HSPN that has appointed as Data Protection Officer (DPO) Dr. Xanthi CHANTZISTROUNTSIOU.

To contact the DPO: xanthich@eepf.gr

WHO IS CONCERNED BY THIS NOTICE?

This notice is addressed to the following public:

  • project partners included in the list of beneficiaries;
  • project website webmasters;
  • respondents to surveys of the project
  • event participants;
  • account owners in the exchange areas;
  • newsletter subscribers.

WHO COLLECTS DATA: ROLES AND RESPONSIBILITIES?

In the Interreg Euro-MED web platform, there are two types of data processors: the Joint Secretariat, as webmaster of the Programme website, and project partners that manage projects’ websites.

The Programme Managing Authority is responsible for the data collected and stored exclusively by the Joint Secretariat, in order to perform its legal public contractual duties. This data is under the supervision of PACA Region DPO.

The data collected and stored in the web platform by the project partners, is the sole responsibility of the institutional partners in charge of this task (not forcibly the Lead Partner), and these data are under the responsibility of the organisation’s DPO that has been appointed by the partnership.

The data collected by project partners, using cloud-based services is also their responsibility, such as accounts and other types of registration and newsletter service providers.

FOR WHAT PURPOSES DOES THE natour4cchange project STORE YOUR DATA?

 The scope of the data collected is limited to what is strictly necessary for each purpose, avoiding as much as possible personal information. However, no personal information is collected without the knowledge of the target public.

No data will be shared with third parties outside the Interreg Euro-MED NaTour4CChange project, other than the external providers or used for unintended purposes without the express consent and prior notification to the interested individuals.  When personal data is collected, the purpose will be clearly expressed.

The data collected within the framework of the Interreg Euro-MED Programme will be retained by the project partners and the Programme until 31/12/2034 to comply with the regulatory obligations. Once the retention period has passed, the Interreg Euro-MED Programme, the project partners and the potential sub-contractors / external providers Programme will take adequate measures to delete all personal data collected within the project.

EXTERNAL PROVIDERS

NaTour4CChange project may use external providers to process your personal data. You will be informed and your express consent required whenever this is the case.

NaTour4CChange project makes sure to demand its external providers to provide it with adequate safeguards regarding personal data protection.

External providers of the NaTour4CChange project website will have a limited access to personal data strictly necessary for the completion of the services rendered. They will also be contractually bound to use the personal data in compliance with the current regulation regarding personal data.

WHAT ABOUT COOKIES AND TRACKING TECHNOLOGIES?

The Programme web platform collects and stores information using cookies and similar tracking technologies to track web behaviors. We use this information to provide analytics of only statistical nature.

WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

According to the GDPR Regulation (EU) 2016/679, “Every person may, on simple request addressed to the DPO of NaTour4CChange, have free access to all the information concerning them in clear language (any codes must be explained) and obtain a copy against payment of a fee, fixed by the State, of 3 € for the public sector and 4,6 € for the private sector.

Every person may directly require from an organisation holding information about them the data to be corrected (if they are wrong), completed or clarified (if they are incomplete or equivocal), or erased (if this information could not legally be collected).

Anyone may oppose that information about them is used for advertising purposes or for commercial purposes;

They may also oppose to information concerning them being disclosed to a third party for such purposes. The persons concerned should have the possibility of exercising their right to oppose the disclosure of their data to a third party at the moment the data is collected. The use of automatic calling machines or faxes for advertising purposes is prohibited unless the person has given their prior consent.”*

If you believe that the processing of your personal data constitutes a violation of the legislation in force, you have the possibility to lodge a complaint with the supervisory authority concerned. (check here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)

List of the data subject rights as stated in the Chapter 3 of the GPDR:

  • Transparency and modalities
  • Information and access to personal data
  • Rectification and erasure
  • Right to object and automated individual decision-making**

* CNIL : https://www.cnil.fr/en/rights-and-obligations

** For detailed information on each specific right, please check Chapter 3 of the GDPR Regulation (UE) no 2016/679.

HOW IS THE DATA COLLECTED?

The NaTour4CChange project stores different types of personal data, in several ways:

  • E-mail, postal and telephone contacts;
  • Newsletters subscriptions;
  • Customer relationship and contact management software
  • Registration for events and trainings;
  • Surveys;
  • Contact forms;
  • Data collected through the Interreg Euro-MED Web NaTour4CChange project

WHO CAN YOU CONTACT FOR QUESTIONS REGARDING DATA PROTECTION?

For questions or concerns regarding the collection of your personal data within the NaTour4CChange project, please contact the Data Protection Officer: Dr. Xanthi CHANTZISTROUNTSIOU, xanthich@eepf.gr