Privacy Policy

Website Privacy Policy

Data protection is a high priority for the CyberNEMO Consortium, and its member organisations are committed to full compliance with Regulation (EU) 2016/679 (the General Data Protection Regulation, or GDPR), as well as any other applicable data protection legislation.

This Privacy Policy is aimed at illustrating the means and purposes of the processing of personal data carried out by SYNELIXIS S.A., having its registered office in Chalkida, Greece, in its quality of data controller (hereinafter “SYN” or the “Controller”), through the website https://cybernemo.eu/ (hereinafter the “Website”).

Please note that this Privacy Policy applies to anyone who accesses and visits the Website or otherwise interacts with the web services offered on the Website (the “User”).

Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Processing of the Personal Data carried out by the Controller for the development and management of the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability.

1. Definitions

This privacy policy is based on the terms used by the European legislator for the adoption of the GDPR. It should be legible and understandable for the general public, as well as our website visitors and partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

Personal data – Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject – Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
Processing – Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing – Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling – Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Controller or controller responsible for the processing – Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor – Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Third party – Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent – Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Any other term indicated in capital letters shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.

2. Data Controller

The data controller of the data processing through the CyberNEMO website is SYNELIXIS S.A. / Theodore Zahariadis.

3. Contact Information

If Users would like to exercise their rights under GDPR, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their Personal Data, they might contact the following email address: zahariad@synelixis.com

4. Which kind of Personal Data is collected

4.1. Traffic and Internet data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.

These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.

In order to consent the collection of this category of data, the Website uses cookies. Please, read the Cookies Policy of this Website for any further information about them.

4.2. Personal data provided by the User

The Website also offers the possibility to subscribe to the CyberNEMO newsletter by providing your email address in order to receive updates about our activities and results.

Moreover, the Project will organise events such as workshops, conferences, or roundtables. These events may be recorded, photographed, or otherwise documented for communication and dissemination purposes, and selected materials may be published on the Project’s official communication channels (e.g., the Project website, YouTube, X, LinkedIn, or similar platforms).

If recording or photography takes place, participants will be clearly informed in advance, and their explicit consent will be obtained before any personal data (such as their image or voice) is processed or made publicly available.

5. Why Personal Data is processed and Lawful basis

User’s Personal Data will be processed exclusively for the following purposes, and exclusively in the framework of the research Project’s activities (further information on the Project may be found at the following URL: https://cybernemo.eu/index.php/about/):

To manage the User’s subscription to the CyberNEMO newsletter and to send regular updates regarding our activities, events, and project results. This processing is necessary to provide the newsletter service requested by the User, based on their freely given and informed consent, in accordance with Art. 6(1)(a) of the GDPR.
To comply with obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6(1)(c).

In any case, please be aware that User’s Personal Data will not be used for any automated decision-making, including profiling, nor will it be further processed without the previous consent of the User.

6. Cookies – Definition

The Website has implemented the use of cookies. Further information on the use of cookies may be found at the following URL: https://cybernemo.eu/index.php/cookie-policy/

7. How Personal Data is secured

All processing is carried out in compliance with Article 32 of the GDPR, with the adoption of appropriate security measures. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk of the processing and of the nature of the personal data. Organisational measures include restricting access to the personal data solely to authorised persons or third parties where duly authorised and instructed by the Controller for the purposes of processing operation, and according to the ‘need to know’ principle. Such staff abide by statutory and, when required, additional confidentiality agreements.

8. Access to processed personal data

The Personal Data collected by the Controller might be shared with:

Members of the CyberNEMO Consortium, only to fulfil the User’s requests regarding the Project’s activities and objectives and especially CyberNEMO partner UPM who is responsible for dispatching the CyberNEMO newsletter to the registered interested persons;
Controller’s service provider(s), which is Top.Host, and is/are located within the European Economic Area in Greece (with infrastructure hosted in Germany), exclusively for IT organisational, administrative, or support needs;
The Controller might be required to disclose Users’ information in order to comply with the law, a judicial proceeding, court order, subpoena, or other legal process, or where it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.

Without prejudice to the above, unless upon specific consent of the data subject or as otherwise required by applicable laws, User’s Personal Data shall not be shared with any other organisations.

In particular, the Controller will not share User’s Personal Data with other countries outside the European Economic Area (hereinafter, the ‘EEA’). However, if the User’s data is transferred to entities or third parties whose headquarters or data processing location is outside the EU or EEA, such transfer will be carried out in accordance with Chapter V of the GDPR. Before any transfer takes place, the Controller ensures that, except in legally permitted exceptional cases, an appropriate level of data protection exists (for example, through an adequacy decision of the European Commission, or the use of EU Standard Contractual Clauses). If none of these conditions apply, the User will be timely informed about this processing.

9. Period for which the personal data will be stored

The Controller only keeps your data for the time necessary to fulfil the purposes for which the data have been originally collected and/or the purpose of the Project. In any case, the said data will be destroyed after 5 years from the completion of the Project.

10. Redirection to other websites

The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.

Therefore, each User who accesses such web pages and/or social media platforms through the Website must carefully read the relevant privacy policies in order to better understand how their personal data will be processed by the third parties, which, as autonomous controllers, will provide and manage such websites.

Rights of the data subject

Pursuant to the GDPR, Users have a number of rights concerning the Personal Data that the Controller holds about them. If Users wish to exercise any of these rights, please use the contact details set out above:

The right to be informed – Users have the right to be provided with clear, transparent and easily understandable information about how the Controller uses their information and about their rights. This is why the Controller is providing the information in this Privacy Policy.
The right of access – Users have the right to obtain access to their Personal Data subject matter of the data Processing. This will enable Users, for example, to check that the Controller is using their Personal Data in accordance with the relevant data protection law.
The right to rectification – Users are entitled to have their Personal Data corrected if it is inaccurate or incomplete.
The right to erasure – Also known as “the right to be forgotten”, this enables Users to request the deletion or removal of certain of their Personal Data. Please remember that pursuant to applicable law, the Controller may not have all Users’ Personal Data erased.
The right to restrict processing – Users have the right to ‘block’ or ‘suppress’ certain further use of their Personal Data. When processing is restricted, the Controller can still store Users’ Personal Data, but will not use it further.
The right to lodge a complaint – Users have the right to lodge a complaint about the way the Controller handles or processes their Personal Data with the relevant national Data Protection Authority (list of European DPAs).
The right to data portability – Users have the right to obtain their personal information in an accessible and transferable format so that they can re-use it for their own purposes across different service providers.
The right to object to processing – Users have the right to object to certain types of processing, for example, to the publication of pictures taken during events.
The right to withdraw data protection consent – If Users have given their consent to anything the Controller does with their Personal Data, they have the right to withdraw that consent at any time by contacting the Controller. Withdrawing consent will not make unlawful any use of User’s information while consent was in place.

Where Users wish to exercise their rights in the context of one or several specific processing operations, please provide their description in the requests. Users’ requests will be handled within a maximum of 30 (thirty) working days.

Changes

Where appropriate, we will notify you of any changes to this privacy declaration, for example, by email.

The present Privacy Policy entered into force on 01/10/2024, version 1.0.