effective from January 1st, 2023
HIGGS – Higher Incubator Giving Growth and Sustainability (15 Victoros Ougko St., Metaxourgio – P.C. 10437, Greece)
LAEA – Latvian Adult Education Association (Merķeļa iela 11, Rīga, LV-1050, Latvia);
MB „Efekto grupe“ (Gedimino str. 47, 3000 Kaunas, Lithuania);
DLEARN – European Digital Learning Network (Via Domenico Scarlatti 30 20124, Milano, Italy);
Yaşar Üniversitesi (Üniversite Caddesi, No:37-39, Ağaçlı Yol, Bornova, İzmir, Turkey);
CTRIA – Central Transdanubian Regional Innovation Agency Nonprofit Ltd. (H-8000 Seregélyesi út 113, Székesfehérvár, Hungary);
(hereinafter referred to as “us” or “we”), institutions that developed and maintain the EDUCATE HUB interactive online collaborative platform for persons and organisations participated in circular tourism.
If you have any questions concerning how we process your personal data, you can contact our Joint Contact Point. All privacy enquiries sent to us are received and reviewed by our Joint Contact Point, which serve as a contact point for you and supervisory authorities. Contact to Joint Contact Point:
|HUNGARY||Central Transdanubian Regional Innovation Agency Nonprofit Ltd.||email@example.com|
|LITHUANIA||MB “Efekto grupe”||firstname.lastname@example.org|
|ITALY||European Digital Learning Networkemail@example.com|
|GREECE||Higher Incubator Giving Growth and Sustainabilityfirstname.lastname@example.org|
|LATVIA||Latvian Adult Education Associationemail@example.com|
Data subjects’ requests delivered at the Joint Contact Point shall be handled individually and on behalf of us by the controller from the country from which data subject request was sent.
Why we process personal data?
Generally, we need to process personal data to:
- provide our services and for that purpose process personal data of users of the EDUCATE HUB;
- meet our legal and contractual obligations; and
- pursue our own legitimate interests.
For what purposes and under which legal bases do we process personal data?
We process personal data for the following purposes and legal grounds:
|Purpose of the processing personal data||Legal ground|
|Establishment, exercise, or defence of legal claims (legal agenda)||Legitimate interest|
|Management of data subject requests||Compliance with legal obligation|
|Provide our services – operating the EDUCATE contract||Contract|
|Protection of property and security||Legitimate interest|
What are our legitimate interests that we pursue?
We rely on a legal ground of legitimate interest pursuant to Article 6 (1) f) of GDPR for the following purposes. We provide description of these purposes and legitimate interests below:
|Establishment, exercise or defense of legal claims (legal agenda)||From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, or report certain facts to public authorities and aforementioned processing operations shall be considered as our legitimate interest.|
|Protection of property and security||We consider our legitimate interest protecting the property and security of us including our employees or users of EDUCATE HUB. We rely on this legal ground to ensure the security of our information assets and IT systems.|
What personal data we process?
We process personal data for two types of users. Firstly, in most cases we process standard contact and identification types of personal data such as name, surname, country, and email for the persons. Secondly, we process standard identification types of personal data such as name, country, and email for organisations.
Who are recipients of your personal data?
We take the confidentiality of your personal data very seriously and have internal policies in place to ensure that your data is only shared with authorized personnel or a verified third party. Our staff might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. Personal data of users or other natural persons are provided to the extent necessary to following categories of recipients:
- our verified and properly mandated processors;
- our professional advisors (e.g., attorneys or auditors);
- providers of standard software and cloud services;
- providers of technical (IT) and organizational (events agency) support of us;
We also use sub-contractors to support us in providing services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR in terms of technical and organizational security of processing operations. If we use our own recipients to process personal data (our internal staff), your personal data are always processed based on authorizations and instructions that inform our recipients about not only our internal privacy policies but also about their legal responsibility for their violations. If we are requested by the public authorities to provide your personal data, we examine the conditions laid down in the legislation to accept the request and to ensure that if conditions are not met, we do not adhere to the request. In case that you have a question about our current processors, do not hesitate to contact our Joint Contact Point for further information.
What countries do we transfer your personal data to?
By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary.
How long do we store your personal data?
We must not and we do not want to store your personal data for longer than necessary for the given purpose of processing. Due to this legal requirement but also due to technical and financial aspects of data storage we actively delete data where no longer necessary. Retention periods are either provisioned in respective laws or are set out by us in our internal policies. When processing of your personal data is based on consent and you decide to withdraw your consent, we do further not process your personal data for the specific purpose. However, it does not exclude the possibility that we process your personal data on different legal grounds especially due to our legal obligations.
General retention periods for our purposes are as follows:
|Purpose||General retention period|
|Establishment, exercise, or defence of legal claims (legal agenda)||Based on limitation period according to the law.|
|Management of data subject requests||Based on limitation period according to the law.|
|Provide our services – operating the EDUCATE HUB||During the contractual relationship with users and 2 years after termination of the contract|
|Protection of property and security||1 year|
The above retention periods only specify the general periods during which personal data are processed for the specific purposes. However, we proceed to erasure or anonymization of personal data before the expiry of these general periods if we consider the personal data to be unnecessary in view of the above-mentioned processing purposes. Conversely, in some specific situations, we may keep your personal data longer than stated above if it is required by law or our legitimate interest.
How we collect your personal data?
Generally, we collect your personal data directly from you. You can provide your personal data to us by different means e.g.:
- by registration on our website;
- communication with you;
- completing and submitting a contact form with your comments, queries, or questions.
What rights do you have?
If we process your personal data based on consent to the processing of personal data, you have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. You have the right to effectively object to the processing of personal data for direct marketing purposes, including profiling.
You also have the right to object to the processing of your personal data based on the legitimate interests we follow, as explained above. You are also entitled to the processing of personal data on the legal basis of a public interest.
If you exercise your right to object, we will gladly demonstrate to you the way how we evaluated these legitimate interests as overriding the interests, rights and freedoms of the data subjects.
The GDPR lays down general conditions for the exercise of your individual rights. However, their existence does not automatically mean that they will be accepted by us because in a particular case exception may apply. Some rights are linked to specific conditions that do not have to be met in every case. Your request for an enforcing specific right will always be dealt with and examined in terms of legal regulations and applicable exemptions.
Among others, you have:
- Right to request access to your personal data according to Article 15 of the GDPR. This right includes the right to confirm whether we process personal data about you, the right to access to personal data and the right to obtain a copy of the personal data we process about you if it is technically feasible.
- Right to rectification according to Article 16 of the GDPR, if we process incomplete or inaccurate personal data about you.
- Right to erasure of personal data according to Article of the 17 GDPR;
- Right to restriction of processing according to Article 18 GDPR
- Right to data portability according to Article 20 GDPR;
- Right to object against the processing including profiling based on legitimate or public interest according to Article 21 (1) of the GDPR;
- Right to object against processing for direct marketing purposes including profiling according to Article 21 (2) of the GDPR;
- Right to not be subject to the automated individual decision making according to the Article 22 of the GDPR.
If you feel that we are processing incorrect personal data about you given the purpose and circumstances, you can request rectification of incorrect or incomplete personal data.
You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that because of leading controller, Central Transdanubian Regional Innovation Agency Nonprofit Ltd. is from Hungary our competent data protection authority is the Hungarian National Authority for Data Protection and Freedom of Information (https://www.naih.hu/). In any case we advise to primarily consult us with your questions or requests.
Do we process your personal data via automated means which produces legal effects concerning you?
We do not currently conduct processing operations that would lead to the decision which produces legal effects or similarly significantly affects concerning you based solely on automated processing of your personal data in light of Article 22 GDPR.
How we protect your personal data
It is our obligation to protect your personal data in an appropriate manner and for this reason we focus on the questions related to protection of personal data. We have implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially considering the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. In situations where special categories of data are processed, we use encryption technologies e.g., during communication with the payment gateway. Your personal data are stored on our secure servers or servers of our web site providers located in data centers in Hungary. If third-party analytics tools are used data are stored on third-party servers (see cookies).
 See Articles. 12 – 22 GDPR: https://eur-lex.europa.eu/legal-content/SK/TXT/HTML/?uri=CELEX:32016R0679&from=EN