Personal Data Protection
Partners / partnership: In the following text, “partner” / “partnership” designate partner institutions / organisations participating in SHERPA and likely to collect data within the framework of the project, namely the Government of Catalonia (Department of Territory and Sustainability) – ES; the Valencian Institute of Building (IVE) – Government of Valencia – ES; the International Centre for Numerical Methods in Engineering (CIMNE-UPC) – ES; the Conference of Peripheral Maritime Regions of Europe – Intermediterranean Commission (CPMR-IMC) – FR; the National Association of Local Authorities, Associations and Companies for Waste Management, Energy Management and District Heating (AMORCE) – FR; the Emilia-Romagna Region – IT; the Lazio Region – IT; the Abruzzo Region – IT; the Ministry for Gozo – MT; the Dubrovnik Neretva Regional Development Agency (DUNEA) – HR; the Centre for Renewable Energy Sources and Saving (CRES) – EL; the Region of Crete – EL.
Supervisory Authority: independent public authority established by a member State under article 51 of the GDPR. The Supervisory Authority is the CNIL in France. The list of Supervisory Authorities is available here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
The SHERPA project's partners carefully treat all data collected as confidential and strictly use it under the framework of SHERPA's activities in compliance with the EU legal regulations and the Interreg MED Programme rules.
All data collected and managed under the activities of the SHERPA project, namely accounts, newsletter subscribers, event registrations, surveys of any kind, target audience mapping is in strict compliance with the new Regulation (EU) 2016/679, General Data Protection Regulation.
The partnership appointed the Conference of Peripheral Maritime Regions of Europe (CPMR), to act as SHERPA's Data Protection Officer (DPO).
To contact the DPO: gdpr@. crpm.org
Who is concerned by this notice?
This notice is addressed to the following public:
- All partners participating in the SHERPA project;
- respondents to surveys;
- registered participants in events;
- account owners in the exchange areas of the project website;
- newsletter subscribers of any outsourced database application;
- All people interested in the project's results and having registered to become observers of SHERPA.
For what purposes does the SHERPA project store your data?
Project partners collect data to perform their legal obligations as an EU co-funded project.
The scope of the data collected is the minimum necessary for each purpose, avoiding as much as possible personal information. However, no personal information is collected without the knowledge and consent of the target audience.
No data will be shared with third parties outside the project and the Interreg MED Programme, other than the external providers or used for unintended purposes without the express consent and prior notification to the interested individuals. When personal data is collected, the purpose will be clearly expressed.
The data collected within the framework of the SHERPA project will be retained by the project partners and the Interreg MED Programme until 31/12/2028 to comply with the regulatory obligations. Once the retention period has passed, the SHERPA project's partners, potential sub-contractors / external providers and the Interreg MED Programme will take adequate measures to delete all personal data collected within the project.
The SHERPA project may use external providers to process your personal data. You will be informed and your express consent required whenever this is the case.
The SHERPA project's partners make sure to demand their external providers to provide them with adequate safeguards regarding personal data protection.
External providers of the SHERPA project will have a limited access to personal data strictly necessary for the completion of the services rendered. They will also be contractually bound to use the personal data in compliance with the current regulation regarding personal data.
What about cookies and tracking technologies?
The Programme web platform collects and stores information using cookies and similar tracking technologies to track web behaviors. We use this information to provide analytics of only statistical nature.
What are your legal rights as data subject?
According to the GDPR Regulation (EU) 2016/679, “Every person may, on simple request addressed to the DPO of SHERPA, have free access to all the information concerning them in clear language (any codes must be explained) and obtain a copy against payment of a fee, fixed by the State, of 3 € for the public sector and 4,6 € for the private sector.
Every person may directly require from an organisation holding information about them the data to be corrected (if they are wrong), completed or clarified (if they are incomplete or equivocal), or erased (if this information could not legally be collected).
Anyone may oppose that information about them is used for advertising purposes or for commercial purposes;
They may also oppose to information concerning them being disclosed to a third party for such purposes. The persons concerned should have the possibility of exercising their right to oppose the disclosure of their data to a third party at the moment the data is collected. The use of automatic calling machines or faxes for advertising purposes is prohibited unless the person has given their prior consent.”*
If you believe that the processing of your personal data constitutes a violation of the legislation in force, you have the possibility to lodge a complaint with the supervisory authority concerned. (check here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
List of the data subject rights as stated in the Chapter 3 of the GPDR:
- Transparency and modalities
- Information and access to personal data
- Rectification and erasure
- Right to object and automated individual decision-making
** For detailed information on each specific right, please check Chapter 3 of the GDPR Regulation (CE) no 2016/679.
What type of data is collected and how?
The project partners store data of different types and in several ways:
- E-mail, postal and telephone contacts;
- Newsletters subscription;
- Event registrations;
- Contact forms;
- Data collected through SHERPA's web site and other outsourced applications: newsletter, target audience mapping.
Who can you contact for questions regarding data protection?
For questions or concerns regarding the collection of your personal data within the SHERPA project, please contact the Data Protection Officer: gdpr@. crpm.org