Privacy Policy

Information on Data Protection (Privacy Policy)

Notice for users of this website

Please read this notice before using our website. If you choose to use our website, then you agree to the collection and use of information in relation to this Notice.

This page is used to inform website visitors regarding the privacy rules and practices for www.fruitflies-ipm.eu and applies solely to information collected by this website.

The use of this website entails acceptance of the terms and conditions described below. Please note that the terms and conditions may be changed from time to time without warning. Changes are effective immediately after they are posted on this page.

Definitions

For the avoidance of doubt, and for consistency in terminology, the following definitions will apply within this Policy.

Data: This includes both automated and manual data. Automated data means data held on a computer or stored with the intention that it is processed on a computer. Manual data means data that is processed as part of a relevant filing system, or which is stored with the intention that it forms part of a relevant filing system.

Personal Data: Personal data means any information relating to an identified or identifiable living natural person (the “data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Controller: A person or entity who, either alone or with others, controls the content and use of Personal Data by determining the purposes and means by which that Personal Data is processed.

Data Subject: A living individual who is the subject of the Personal Data, i.e. to whom the data relates either directly or indirectly.

Processor: A person or entity who processes Personal Data on behalf of a Data Controller on the basis of a formal, written contract, but who is not an employee of the Data Controller, processing such Data in the course of his/her employment.

Processing: Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Consent: Consent is defined as the processing of personal data that is freely given, specific, informed and explicit indication of a Data Subject’s wishes either through a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Relevant Filing System: Any set of information in relation to living individuals which is not processed by means of equipment operating automatically (computers), and that is structured, either by reference to individuals, or by reference to criteria relating to individuals, in such a manner that specific information relating to an individual is readily retrievable.

Introduction

FF-IPM is an international scientific project which has received funding under the European Commission’s “HORIZON 2020” Research and Innovation Programme Framework. FF-IPM refers to a consortium of 21 independent partners, governed by a Partner Agreement and led by the University of Thessaly, Volos, Greece. FF-IPM’s Project Manager is Professor Nikolaos Papadopoulos, Department of Entomology, University of Thessaly.

Controller: The University of Thessaly, Department of Entomology, in its capacity as the coordinating institution of FF-IPM (hereinafter referred to as “UTH” or “we”).

UTH is committed to protecting your privacy while using technology that gives you the most powerful and safe online experience. UTH operates under the provisions of the European Directive for Data Protection (GDPR 2016/679), which came into force on 25 May 2018 and is applicable for all Data Protection affairs. No further obligation for declaration on compliance and/or authorisation is required under national Greek law for collecting and processing personal data.

Data Protection Officer: UTH has assigned Priority Quality Consultants S.A. with the role of Data Protection Officer (DPO), representing UTH in all research projects’ legal affairs, including GDPR issues.  The DPO’s contact details are:

Priority Quality Consultants S.A.

Att.: Mr. Giannis Varkas

Tel: (+30) 210 250 9900

e-mail: dpo@uth.gr

Third-party Processors: In the course of its role as Data Controller, UTH engages a number of Data Processors to process Personal Data on its behalf. In each case, a formal contract is in place with the Processor, outlining their obligations in relation to the Personal Data, the specific purpose or purposes for which they are engaged, and the understanding that they will process the data in compliance with applicable GDPR legislation. FF-IPM consortium partner R & DO Ltd, legally registered in Nicosia, Cyprus operates this website under the terms and stipulations of FF-IPM’s Partner Agreement. Other consortium partners participate in research activities which may require them to process Personal Data. All such activities are specified in detail in FF-IPM’s Partner Agreement and a set of binding documents pertaining to the obligations of all FF-IPM partner organisations, the ethical framework and the terms of engagement with Data Subjects has been agreed upon.

Data Protection Principles

The following key GDPR principles are fundamental to our Data Protection policy. In its capacity as Data Controller, UTH ensures that all personal data shall:

  1. … be obtained and processed fairly, lawfully and transparently (Fairness, Lawfulness & Transparency).

For data to be obtained fairly, the Data Subject will, at the time the data are being collected, be made aware of:

  • The identity of the Data Controller;
  • The purpose(s) for which the data is being collected;
  • The person(s) to whom the data may be disclosed by the Data Controller;
  • Any other information that is necessary so that the processing may be fair.

We will meet this obligation in the following way:

  • Where personal data is processed on the basis of consent, the informed consent of the Data Subject will be sought before their data is processed;
  • Where it is not possible to seek consent, we will ensure that collection of the data is justified under one of the other lawful processing conditions – legal obligation, contractual necessity, etc.;
  • Processing of the personal data will be carried out only as part of our lawful activities, and we will implement appropriate technical and organisational measures to safeguard the rights and freedoms of the Data Subject;
  • The Data Subject’s personal data will not be disclosed to a third party other than to a party contracted to us and operating on our behalf within the scope of FF-IPM project.

  1. …. be obtained only for one or more specified, legitimate purposes (Purpose Limitation).

We will obtain data for purposes which are specific, lawful and clearly stated. A Data Subject will have the right to question the purpose(s) for which we hold their data, and we will be able to clearly state that purpose or purposes. Any use of the data will be compatible with the purposes for which the data was acquired i.e. there shall be no variation in purpose.

  1. …. be kept safe and secure (Integrity & Confidentiality).

We will employ high standards of security and integrity in order to protect the personal data under our care. Appropriate security, technical and organisational measures shall be taken to protect personal data against unauthorised access to, or alteration, destruction or disclosure of any personal data held by UTH in its capacity as Data Controller. Access to and management of records is limited to those staff members who have appropriate authorisation and access privileges. Where we employ the services of a Data Processor or, the latter employs the services of a sub Processor, appropriate measures shall be put in place to protect personal data and guarantee its integrity, safety and accuracy.

  1. … be kept accurate, complete and up-to-date where necessary (Accuracy).

We will:

  • ensure that administrative and IT validation processes are in place to conduct regular assessments of data accuracy;
  • conduct regular assessments in order to establish the need to keep certain Personal Data.

  1. … be adequate, relevant and not excessive in relation to the purpose(s) for which the data were collected and processed (Data Minimisation).

We will ensure that the data we process in relation to Data Subjects are relevant to the purposes for which those data are collected. Data which are not relevant to such processing will not be acquired or maintained.

  1. … not be kept for longer than is necessary to satisfy the specified purpose(s) (Storage Limitation).

UTH’s DPO has identified a relevant list of data categories and assign an appropriate data retention period for each category. The matrix shall apply to data in both a manual and automated format. Once the respective retention period has elapsed, UTH undertakes to irrevocably delete this data.

  1. … be managed and stored in such a manner that, in the event a Data Subject submits a valid Subject Access Request seeking a copy of their Personal Data, this data can be readily retrieved and provided to them.

UTH’s DPO has implemented a Subject Access Request procedure by which to manage such requests in an efficient and timely manner, within the timelines stipulated in the legislation.

Implementation

As Data Controller, UTH ensures that any entity which processes Personal Data on its behalf (a Data Processor) does so in a manner compliant with the GDPR legislation. Failure of a Data Processor to manage data in a compliant manner will be viewed as a breach of contract and will be pursued through the courts of law.

Personal Data Processing

The legal basis for processing your data is the consent you have given when accepting the processing of the data provided in each form of the FF-IPM website.

What personal data do we collect and use?

To use most of this website, you do not need to provide UTH with any personal data. However, we do collect personal data with your consent when you sign up to our newsletter or order an electronic publication or respond to one of our blog posts.

Your personal data will only be used by us to administer the service that you have requested. When you provide personal data for any of the above reasons, we will take all necessary steps and use suitable security measures to protect your personal data against loss, misuse and alteration. We will never give away or sell your personal data to third parties. The databases in which your data is stored are protected against unauthorised access.

We will disclose your personal information, without notice, only if required to do so by law or when such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on UTH or the website; (b) protect the rights or property of UTH; and, (c) protect the personal safety of users of the website, or the public.

Log Data

We want to inform you that whenever you visit our website, we collect information that your browser sends to us that is called Log Data. This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser version, pages of our website service that you visit, the time and date of your visit, the time spent on those pages, and other statistics.

This information is used by UTH for the operation of the service, to maintain quality of the service, and to provide general statistics regarding use of the FF-IPM website.

All the information provided by you when using the website must be true. The user warrants that all the data provided when completing the form required to subscribe to the Newsletter or other service are true. Likewise, the user undertakes to keep all information provided to FF-IPM updated so that it matches at all times his/her actual circumstances. In any event, the User shall be liable for any false or incorrect information he/she may provide and for any damages caused to UTH. If the User is a minor, he/she shall request the consent of his/her parents or tutors prior to entering his/her personal data in any of the forms in our website.

Inquiries and Complaints

At any time, you shall be entitled to exercise your rights established by the General Data Protection Regulation, including the right to:

  • Obtain confirmation as to the existence of your personal data and access to such data;
  • Obtain updating, modification and/or rectification of your personal data;
  • Obtain erasure of personal data, render personal data anonymous, block data whose processing is unlawful or set limits to the processing;
  • Object to processing based on legitimate grounds;
  • Obtain a copy of personal data provided by the user and request that such data shall be transferred to another controller.

Contact Information

If you wish to exercise any of your privacy rights, for instance, you would like to see what data we have on you, correct or change any data, or express any concerns, please address your request by email together with a copy of your ID (which we will only use to verify your identity), to UTH, as data controller at the following address: dpo@uth.gr.

Individuals will not be charged for subject access requests, except if the requests are manifestly unfounded or excessive (e.g. repetitive). In such case, we may refuse to act on the request.

We will aim at responding to data subject requests without undue delay and in any event within 6 weeks of receipt of the request.

Note on outside Links

This website contains links to other web pages managed by third parties. The purpose of such links is to make available to our visitors other sources of information within the internet that could be of interest to them. We are not liable for the information referred to in such links and the user shall access the contents therein under his or her responsibility and under the conditions set forth therein.

Links to third-party websites. Our Website includes links to other websites, whose privacy practices may be different from ours. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Blog. We have a public blog on our Website. Any information you include in a comment on our blog may be read, collected, and used by any third party. If your Personal Information appears on our blog and you want it removed, please contact our DPO.

Social media platforms and widgets. Our Website includes social media features, such as the Facebook Like button. These features may collect information about your IP address and which page you are visiting on our Website, and they may set a cookie to make sure the feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. We also maintain presences on social media platforms, including Facebook, Twitter, and Youtube. Any information, communications, or materials you submit to us via such social media platforms is done at your own risk without any expectation of privacy. We cannot control the actions of other users of these platforms or the actions of the platforms themselves. Your interactions with those features and platforms are governed by the privacy policies of the companies that provide them.

Mailchimp. We do not ordinarily transfer personal data outside of the EU, with the following exception: when we create mailing campaigns, especially for our Newsletter, we may use the email marketing automation service of “Mailchimp”, developed by The Rocket Science Group LLC, 675 Ponce de Leon Ave, NE Suite 5000, Atlanta, GA 30308, USA. Mailchimp adheres to the “Safe Harbor Privacy Principles” agreement between the European Union and the United States of America since 2008 and participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework. If you have any questions or comments, or if you have a concern about the way in which Mailchimp handles any privacy matter, their Data Protection Officer can be contacted at dpo@mailchimp.com. Non-EEA Residents should contact privacy@mailchimp.com instead.

Limitation of liability

UTH does not guarantee that this website shall always be fully operational or that the contents shall be complete or accurate on a permanent basis.

UTH is not liable for any direct or indirect damages resulting from the use of any information contained in this website and reserves the right to amend any information contained in this website without prior notice.