Introduction
The goal of SMART4ALL Platform (including Networking, Marketplace, Matchmaking and communication lists) is to create a network and connect professionals to grow. To achieve it, we collect and process both personal data and data connected to your business. SMART4ALL consortium, represented by University of the Peloponnese, acts with respect to the right of any person to protect its privacy. We are transparent about the data we collect, how we use them and with whom we share them. We respect your right to choose what you want to share. The protection of your privacy is a commitment for us and we always follow the applicable data protection rules.
Scope of this policy
This Privacy Policy applies when you use our Services and constitutes an integral part of our Terms of Service .
The provisions of the Terms of Service shall be applied accordingly. Please read the Terms of Service for the explanation of definitions being provided at this Privacy Policy. If the User does not agree with this Policy, it is asked to refrain from using the Platform.
Data Controller
The controller of your personal data is the University of the Peloponnese (Erythroy Stavroy 28 & Karyotaki, 22131, Tripolis, Greece, www.uop.gr). In all matters regarding personal data, you can contact us using the following email address: privacy@esda-lab.gr
In case of open calls the data controller is the open call organizer.
In case of Networking, Marketplace, Matchmaking and communication lists the data controller is the University of the Peloponnese.
Scope of processing of personal data
In connection with the use of the Platform by the User, University of the Peloponnese processes personal data in the scope necessary to provide particular services offered, as well as information about the User’s activity on the Platform. The detailed purposes of processing personal data during the use of this Platform by the User are described below.
Platform is not a storage service. We have no obligation to store, maintain or provide you a copy of any content or information that you or others provide, except to the extent required by applicable law (in particular GDPR rules).
If the User posts on the Platform any personal data of other people (including their name, address, telephone number or e-mail address), they may do so only on condition that they do not violate the applicable law and personal rights of such persons.
Members of the SMART4ALL Platform might share their professional identities, engage with communities within Networking, Marketplace, Matchmaking and communication lists, exchange knowledge and their experience, post and view relevant content, find business and funding opportunities. Content and data of the Services are not viewable to the non-Members as a rule. The only exception is that the name of the Members choosing to participate at the Networking service will be viewable to Users. The name of the Members is usually a name of an organization participating thus no personal data regulation applies. In any other case in order to provide you the possibility to participate in the networking map, your name is necessary to appear, or else our service of Networking cannot be provided if others cannot find you.
Legal basis for data processing
We process only those personal data that are necessary to achieve the following described purposes. We process personal data where we have a lawful basis about the data processing. Unless otherwise stipulated at the time of collection of personal data, the legal basis for the processing of such data is one of the following: consent (where you have given consent), contract (where processing is necessary for the performance of a contract with you – to deliver the services you have requested) and “legitimate interest” (provided that our interest does not exceed the rights and freedoms of the data subject).
Where we rely on your provided consent to process your personal data, you have the right to withdraw it at any time and where we rely on legitimate interest, you have the right to object.
Purposes of data processing:
-
Registration: To create an Account, it is necessary to provide basic personal data necessary to create and service the account: your name and surname, user name, email address and a password.
Those data are required to set up and service an account, and failure to do so results in the inability to set up an account.
-
Profile: You can create your Profile on the Platform. Profile is a functionality of the Account that allows you to include information about your business activity, professional experience, interest etc. You are free to choose which information you want to include on your Profile (such as your education, work experience, skills, photo, origin, business activity etc.). You do not have to provide additional information on your Profile; however, profile information helps you to get more from our Platform. We never ask for sensitive information but you are free to include such data on your Profile. Please always consider it carefully. Such additional data can be deleted at any time without removing your Account.
Platform provides functionality of the Account that allows the User, using the selected Services, to properly manage these Services.
-
Activity on the Platform: We collect personal data that you provide when you join the Platform, post or upload it to our Services (for example within Marketplace). You can always object to this in accordance to the procedure below.
We allow Members to connect with each other. To do so, you will “connect” with the professionals you choose, and wish to “connect” with you. Subject to your settings different interactions are possible. We might use data provided in your Profile to help others find your profile, suggest connections and activities, inform you about news, events and ideas regarding professional topics you might be interested in.
SMART4ALL also allows you to explore business and funding opportunities and to set up business relations.
The User’s activity on the Platform can be recorded in system logs (a special computer program used to store a chronological record containing information about events and activities regarding the IT system used to provide services by us). Information collected in logs is processed primarily for purposes related to the provision of services. The data controller also processes them for technical and administrative purposes, to ensure the security of the IT system and management of this system, as well as for analytical and statistical purposes. Some of your tools might be reviewed from us and not be allowed to upload on our sole discretion to safeguard the Platform and our Services. There is also a possibility to contact you providing feedback on what might need to be amended in order to be allowed to upload your tool on the Platform.
Our Services also enable communications between Users through our Services.
-
Contact: We provide an option to contact us using this email privacy@esda-lab.gr. In this scope we require you provide us personal data necessary to contact you and reply to your request (depending on the nature of request, you may be requested to provide more information but always only the necessary personal data).
We might contact you through email, notices posted on our Services and other ways through our Services (including push notifications).
-
Marketing purposes: We might process Users’ personal data, upon your consent in order to carry out marketing activities, which may consist of:
-
direct email notifications about interesting offers or content, which in some cases contain commercial information (newsletter service). In the newsletter, we or any entity that orders such newsletter informs, among others about upcoming open calls, interesting events in the community;
-
conducting other types of activities related to the direct marketing of goods and services (sending commercial information by electronic means and telemarketing activities);
-
sending advertising based on your individual interests. We use data and information about you to make relevant suggestions to you and others.
We will use the information and data that you provide and that we have about Members to make recommendations for connections, content and features that may be useful to you. Keeping your profile accurate and up-to-date helps us to make these recommendations more accurate and relevant.
In order to implement marketing activities, we use profiling in some cases. Profiling means that due to the automatic processing of data, the University of the Peloponnese evaluates selected factors concerning natural persons in order to analyze their behavior or create a forecast for the future.
We analyze the User location and interests, related to communities and topics. In order to do these activities we will use your confirmation about that.
-
Conduct of our Services: In our Platform and for our Services, we might process data in the following scope:
- to provide services related to running and servicing a User’s Account on the Platform;
- in order to support our Matchmaking and Marketplace Services;
- in order to verify the entities populating Marketplace;
- for analytical and statistical purposes;
Each time the specific rules for the processing of personal data should be described in an open call.
The Platform may automatically store http enquiries, therefore the files containing web server logs may store data pertaining to the user, including the IP address of the computer sending the enquiry, the name of user’s station, if possible, date and system time of registration in the service and receipt of the enquiry, number of bytes sent by the server, information concerning User’s browser or information concerning errors which occurred by realization of the http transaction. Files containing web server logs shall be mainly analyzed for the purposes of preparing statistics concerning traffic on the website and occurring errors. Information shall be anonymous and summary of such details shall not identify particular users. Web server logs may be collected for the purposes of proper administration of the SMART4ALL Platform. Only the persons authorized to administer the IT system shall have access to the data.
In some cases we might have a legitimate interest to process personal data in order to fulfill the obligations laid down in the grant agreements we are participating and in this scope it might be necessary to report and collaborate with other partners or manage potential complaints etc.
Data Recipients
We may disclose Users’ personal data to the trusted recipients, such as IT services provider, hosting (who provide services to us), marketing agencies (in the field of marketing services) of the European Commission, project partners. In such cases, depending on the circumstances, the data controller will ensure e.g via contractual provisions that the access of these parties is being done with due observance of the applicable data protection legislation. We might be obliged to provide your personal data to official authorities if law requires it.
In case you choose to provide your personal data to other Members / Users via our Platform we are no longer deemed as data controller and we assume no responsibility. We are also not responsible of how the Users use the personal data you share as public in our Platform. Our Users must be compliant to our Privacy Policy and relevant data protection regulation and must not use any personal data received from our Platform outside of the scope of our Services. If so, we have the right to delete their Accounts and complain at the relevant Data Protection Authority
Personal data of minors
Our Services are not intended for persons under 16 years of age.
Storage period
The period of data processing by us depends on the type of service provided and the purpose of the processing. The data will be deleted as soon as they are no longer necessary in relation to the purposes for which they were processed, unless otherwise provided by applicable law.
As a rule, the data connected to and on your Account are processed as long as your Account is active or until your consent is withdrawn or effective opposition to the data processing is filed. If you decide to close your Account your personal data will stop being visible to others on our Platform within 15 days. We generally delete closed account information within 30 days of account closure, except as noted below.
We might retain your personal data even after you have closed your account if it is reasonably necessary to comply with our legal obligations, meet regulatory requirements, resolve disputes, prevent fraud and abuse.
Information you have shared with others might remain visible after you erase your Account or deleted that information from your Profile.
Information security
We apply technological and organizational means to secure your personal data. We implement security safeguards corresponding to the threats and category of personal data to be secured. In particular, we shall secure personal data against publishing to unauthorized persons, taking over by an unauthorized person, processing in violation of the law and change, loss, damage or destruction; among others the SSL (Secure Socket Layer) certificates shall be applied. The Users’ personal data shall be collected and stored on a secured server. Moreover, the personal data shall be secured by our internal procedures related to processing personal data and information security policy. However, we cannot warrant the security of any information that you send us. There is no guarantee that personal data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
In order to log in to the Account, it shall be necessary to provide relevant username and password. In order to ensure an appropriate level of security, the password for the Account shall exist on the Platform only in a coded form. Furthermore, registration on and logging in to the Platform shall proceed to secure https connection. Communication between the User’s device and the servers shall be encoded using e.g., the SSL protocol.
At the same time, we state that using the Internet and services provided by electronic means may pose a threat of malware breaking into User’s IT system and device, as well as any other unauthorized access to the User’s data, including personal details, by third parties. In order to minimize such threats, the User shall use appropriate technical security means, e.g. using updated antivirus programs or programs securing identification of the User on the Internet. In order to obtain detailed and professional information related to the security in the Internet we recommend taking advice from entities specializing in relevant IT services.
We undertake all necessary actions, so that our subcontractors and other cooperating entities would guarantee that appropriate security measures will be applied whenever they process personal data at our request.
Cookies
For the purposes of correct operation of the Platform, we use Cookies support technology. Cookies are packages of information stored on the User’s device through the Platform, usually containing information corresponding to the intended use of particular file, by means of which the User uses the Platform.
Usually, Cookies contain the address of the Internet service, date of publishing, lifetime of the Cookie, unique number and additional information corresponding to the intended use of particular file.
We shall use two types of Cookies: session cookies, which are permanently deleted upon closing the session of the User’s browser and permanent cookies, which remain on the User’s device after closing the session until they are deleted.
It is not possible to identify the User on the basis of Cookie files, whether session or permanent. The Cookie mechanism prevents collecting any personal data.
Cookies used on the Platform are safe for the User’s device; in particular they prevent viruses or other software break into to the device.
Files generated directly by the Platform may not be read by other Internet services. Third-Party Cookies (i.e. Cookies provided by our associates) may be read by an external server.
The User may disable storing Cookies on his/her device in accordance with the instructions of the browser producer, but this may disable certain parts of or the entire operation of the Platform.
We shall use own Cookies for the following purposes: authenticating the User at the Platform and preserving the User’s session; configuration of the Platform and adjustment of the content of pages to the User’s preferences, such as: recognizing the User’s device, remembering settings set up by the User; Cookies ensuring security of data and use of the Platform; analyses and researches of views; advertisement services.
We shall use Third-Party Cookies for the following purposes:
- preparing statistics (anonymous) for optimizing functionality of the Platform, by means of analytic tools e.g., Google Analytics (Cookies administrator: Google Inc. with its registered office in the USA);
- analyse users and visitors behaviour for improve, support and operate the service using for example Intercom (Cookies administrator: Intercom Inc. with its registered office in the USA); Mixpanel (Cookies administrator: Mixpanel Inc. with its registered office in the USA)
- improve advertising, target publicity according to contents that are relevant for a User, improve performance reports of the campaigns and avoid showing advertisements that the user has already seen using for example Google Marketing Platform (Cookies administrator: Google Inc. with its registered office in the USA);
- using interactive functions by means of social networks, including: twitter.com (Cookies administrator: Twitter Inc. with its registered office in the USA); plus.google.com (Cookies administrator: Google Inc with its registered office in the USA); Facebook.com (Cookies administrator: Facebook Inc with its registered office in the USA or Facebook Ireland with its registered office in Ireland); LinkedIn.com (Cookies administrator: LinkedIn Ireland with its registered office in Ireland);
The User may individually change Cookies settings at any time, stating the conditions of their storage, through the Internet browser settings or configuration of the service. The User may also individually delete Cookies stored on his/her device at any time in accordance with the instructions of the browser producer.
Detailed information concerning Cookies support are available in the browser settings.
Links to other websites
The Privacy Policy shall pertain only to the use of the Platform and Services. However, on the Platform there may be references and links to other websites, which are not controlled us, so their separate privacy policies apply to them. Therefore, the User shall not hold us liable for the consequences of using such references.
Your privacy rights
As a data subject, you have many rights in respect to of personal data we hold on you. Under applicable laws and subject to any legal restrictions, you may have the following rights:
-
request access to your personal data (you have a right to access the personal data we are keeping about you),
-
request the correction of incorrect or incomplete personal data (you can edit some of your personal data through your Profile, as well as ask us to change, update or fix your data),
-
request restriction of processing of your personal data, where specified by law,
-
object to the processing of your data (based on our legitimate interest)
-
request data portability (this right applies to personal data processed only by automated means and on the basis of consent or fulfilling a contract),
-
request erasure of your personal data,
-
withdraw consent at any time without affecting the legality of the processing carried out on the basis of your consent until you revoke it,
-
you have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you.
Exercise your privacy rights
In order to exercise your privacy rights you can send your request at privacy@esda-lab.gr.
If you believe that your privacy rights are infringed, you have the right to complaint to the relevant supervisory authority. The competent Authority for these matters in Greece is the Hellenic Data Protection Authority (Kifisias Avenue 1-3, 115 23 – Αthens, contact@dpa.gr)
Privacy Policy Updates
This Privacy Policy may be modified at any time. The amendments shall become effective upon the lapse of 7 (seven) days from the date of their publishing on the Platform website. If we make material changes in this Privacy Policy, we will provide you notice through email, to give you the opportunity to review the changes. If the Member fails to terminate the Agreement within the said period, then it shall be assumed that it has accepted the amendments.
Contact us
If you have any further questions and complaints pertaining to the manner in which University of the Peloponnese processes personal data, please contact us at the address: privacy@esda-lab.gr.