1. Data Protection Notice
The processing of personal data must comply with the guidelines provided for by the GDPR, (EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016), as defined in AtlantECO's Grant Agreement, and In AtlantECO's Deliverable D11.1 – POPD Requirement No. 1. To this end, the Data Protection Notice is proposed as a compliance instrument, which will be described below, and made available on the project website, in order to clearly inform users about their rights, the purpose of collecting information, as well as enable the registration of consent declarations.
AtlantECO's Data Protection Notice
This document describes the Data Protection Notice of the AtlantECO project, which has received funding from the European Union’s Horizon 2020 research and innovation programme under Grant Agreement Nº 862923. This policy is in compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data - General Data Protection Regulation (GDPR) and affects all personal information collected and processed by AtlantECO throughout its activities, website and information systems.
All personal data processed by AtlantECO will be done according to the principles of protection and accountability in line with Article 5.1-2 of the GDPR.
● Lawfulness, fairness and transparency: Processing will be lawful, fair, and transparent to the data subject.
● Purpose limitation: Data will be processed for the legitimate purposes specified explicitly to the data subject when collected.
● Data minimization: Collection and processing will only be done as much data as absolutely necessary for the purposes specified.
● Accuracy: Personal data will be kept accurate and up to date.
● Storage limitation: Personal data will only be kept for as long as necessary for the AtlantECO specified purposes.
● Integrity and confidentiality: Processing will be done in such a way as to ensure appropriate security, integrity, and confidentiality.
● Accountability: The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
● Personal data: Personal data is any information that relates to an individual who can be directly or indirectly identified.
● Data processing: Any action performed on data, whether automated or manual.
● Data subject: The person whose data is processed.
● Data controller: The person who decides why and how personal data will be processed.
● Data processor: A third party that processes personal data on behalf of a data controller.
3. Appointed data protection officers
● Data protection officers: AtlantECO’s appointed data protection officers are:
Eloïse Trabut: firstname.lastname@example.org
Camille Lextray: email@example.com
Caíque Martinez Neves: firstname.lastname@example.org
José Julio Fernández Rodríguez: email@example.com
4. Why does AtlantECO collect personal data?
The AtlantECO Project aims to study the Atlantic Ocean from pole to pole to determine the structure and function of the Atlantic microbiome in the context of ocean circulation and presence of pollutants to assess 1) its role in driving the dynamics of Atlantic ecosystems at basin and regional scales; 2) its potential of being used as a sensor of ecosystem state and 3) the mechanism by which it drives the provision of ecosystem services.
In order to deliver this, the project builds on four activity streams (AS)
• AS1: Assess the status of the ecosystem structures, functions, health and services at regional, basin and all Atlantic scales and provide high-quality gridded data products and maps
• AS2: Enhance knowledge and innovate by adopting standard optical and genetic observations protocols, cutting-edge network analysis methods and better parametrisation of connectivity and biogeochemical models
• AS3: Assess drivers and stressors of change and forecast their impact on tipping points and recovery of ecosystem structures, functions and services and develop eco-socio-economic models to predict their future states
• AS4: Share and use capacity and knowledge across the four continents bordering the Atlantic Ocean ensuring a seamless engagement between science, industry, policy and society.
Envisioning the consolidation of these activities, AtlantECO will develop Interactions with several stakeholder groups, as well as the dissemination and exploitation of its results, which may occur through different channels, such as events, emails, newsletters, etc. Thus, requiring mechanisms for the proper identification and management of stakeholders, enabling assertiveness in AtlantECO's tasks.
5. How is personal data collected?
In order to support the actions described above, the AtlantECO project will collect personal data by the following means:
5.1. Stakeholder Database: The Key Stakeholder Database is organized as a repository of information about stakeholders who are interested in collaborating or engaging with AtlantECO. The data will be collected through consensual registration on the project’s website (atlanteco.eu).
5.2. Newsletters: Contact data will be collected for the distribution of regular e-newsletters, which implies the existence of a project mailing list. The collection of data is ensured by voluntary registration and can be undone at any time by a request addressed to firstname.lastname@example.org.
5.3. Website visitor tracking: In order to optimise the user experience on AtlantECO's website, information such as name, email, IP address, date and location of access may be collected.
5.4. Events: Considering operational objectives for the organization of events, personal information may be collected through registration, such as Name; Position; Email; Phone number; Areas of interest; and LinkedIn / Social network. Communications may also be sent to event attendees, who may request the removal of their information from the communication listings by sending an email to email@example.com.
6. What is the legitimation for personal data collection?
In accordance with article 6 of the GDPR, it is pointed out that the processing of personal data carried out by the project is legitimate due to:
a) The data subject has given consent to the processing of his or her personal data for one or more specific purposes;
b) The need in the execution of contracts, compliance with specific legal provisions, or the fulfilment of a mission carried out in the public interest or in the exercise of public powers. All these conditions are in line with article 6.1 of the European Regulation.
7. Who has access to the collected information?
The personal information collected by AtlantECO will be available to the people and organizations that are part of its consortium, with the aim of carrying out the tasks described in the project's Grant Agreement (GA No. 862923) with the exception of UNESCO and its staff, who are not represented by this document. The full list of organizations that participate in AtlantECO's consortium is available at www.atlanteco.eu/a-to-z-contributors.
8. What are the protection measurements for personal data collected?
Personal data collected will be stored in digital format, in confidential files with access limited only to members of AtlantECO project. AtlantECO conforms with Horizon 2020 ethical guidelines, including “Data protection and privacy ethics guidelines” and the “Guidance for Applicants on Informed Consent”. The Project’s partners have been informed and briefed about the ethical requirements of the project in conducting, progressing and completing it.
9. How long will the data be stored for?
Personal data collected will be stored until the conclusion of the AtlantECO project, after this period the information will be destroyed. Revocation of consent for the management of personal data can be requested at any time to firstname.lastname@example.org.
10. Updates to the Data Protection Notice.
The adherents of this data protection notice will be informed of any updates made to its content. If substantial changes occur, consent to manage the personal data may be required again.
11. Your rights as a data subject.
As described in chapter III of the General Data Protection Regulation, the rights of the data subject are:
- Information about the processing of your personal data;
- Obtain access to the personal data held about you;
- Ask for incorrect, inaccurate or incomplete personal data to be corrected;
- Request that personal data be erased when it’s no longer needed or if processing it is unlawful;
- Object to the processing of your personal data for marketing purposes or on grounds relating to your particular situation;
- Request the restriction of the processing of your personal data in specific cases;
- Receive your personal data in a machine-readable format and send it to another controller (‘data portability’);
- Request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers. You also have the right in this case to express your point of view and to contest the decision.