Information on the processing of personal data in regards to the SMEDATA II project
This policy has been prepared in accordance with the requirements of Art. 13 and Art. 14 of the Regulation (EU) 2016/679 – General data protection regulation (GDPR) and aims to inform you about the activities on processing of personal data, the purposes for which the data are processed, the measures and guarantees for the protection of the data processed, your rights and the way you can exercise them in accordance with the requirements of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (referred to as “Regulation 2016/679” or “GDPR”) and other applicable European Union and national laws of all the parties involved in the project.
In details the project ‘Ensuring the Highest Degree of Privacy and Personal Data Protection through Innovative Tools for SMEs and Citizens — SMEDATA II’ is a project co-funded by the European Commission under the Rights, Equality and Citizenship 2014-2020 Programme of the European Union that has the overall objective to ensure the effective application of the General Data Protection Regulation through awareness, multiplying training and sustainable capacity building for SMEs and legal professionals.
The information below describes the processing of personal data of participants in SMEDATA II events and users visiting the project website (https://smedata.eu) in compliance with the Regulation (EC) 2016/679.
The information here provided does not concern other online websites, pages or services that can be accessed via hyperlinks on the above websites but relate to resources outside the SMEDATA domain.
- 1. DATA CONTROLLER
The Project Partners within the SMEDATA II Consortium:
- The Commission for Personal Data Protection of the Republic of Bulgaria (CPDP);
- APIS Europe JSC (APIS EUROPE) ;
- The Union of Bulgarian Jurists (SUB);
- The European Women Lawyers Association – Bulgaria (EWLA);
- Ernst and Young Law Partnership (EY LP);
- The Law Department of the “Roma Tre” University (UNIROMA 3),
jointly determine the purposes and means of the processing as well as allocate the responsibilities under Regulation (EU) 2016/679 (including where a processing operation is carried out by a controller together with other controllers or on behalf of another controller in order to ensure the protection of the rights and freedoms of data subjects, the responsibility and liability of controllers and processors, also in relation to the monitoring by supervisory authorities), as follows:
|WP No||Deliverable||Collection||Recording||Access||Storage||Transmission to the EC||Erasure||Retention period|
Project coordinator contact details:
Commission for Personal Data Protection
Address: Sofia 1592, 2 Prof. Tsvetan Lazarov Blvd.
Mobile: +359 876 563 690
E-mail: [email protected]
- We collect and process personal data under contractual obligation (101005747-SMEDATA II-REC-AG-2020/REC-RDAT-TRAI-AG-2020) with the European commission, and on legal basis under the Financial regulation applicable to the general budget of the Union in compliance with Article 6, par. 1, letters b) and c) of GDPR,
- The SMEDATA II project is co-funded by the European Commission under Regulation (EU) no 1381/2013 of the European parliament and of the Council of 17 December 2013 establishing a Rights, Equality and Citizenship Programme for the period 2014 to 2020 (REC Programme) and is subject to the obligations set within the REC Programme, so is thereby processing personal data under legal obligation in compliance with Article 6, par. 1, letter c) of GDPR.
- We collect personal data from the users of the SMEDATA II website on the basis of the user consent under Article 6 of Regulation (EU) 2016/679 – (GDPR) in order to provide entry to content and services provided from the website for the purpose of meeting the goals laid within the SMEDATA II project in order to raise awareness and ensure the effective application of GDPR.
Consent from the users of the website as well as the participants in the activities set in the project is also required for the dissemination of the project newsletters.
- The personal data collected shall be provided to all partners in the project Consortium and the European institutions concerned under contractual obligation in compliance with Article 6, par. 1, letter b) of GDPR.
Personal data collected under the SMEDATA II project will be stored for a period no longer than is needed for the completion of the project as well as for audit purposes provided in the Financial Regulation applicable to the general budget of the Union, European or national legislation and the European institutions. Data will be stored for up to 5 years after the end of the project (until the end of 2027).
- Data of participants in project events
- Data communicated by users
- Cookies and other tracking devices
Registration for the events organised under the SMEDATA II project, and the forwarding of the newsletters, requires the collection of a set amount of data from the participants, that may include, names, place of employment, position within the organisation and contacts (e-mail and/or phone number).
Sending messages, on the basis of the user’s free, voluntary, explicit choice, to the CPDP contact addresses, filling in and sending the forms made available on this website entail the acquisition of the sender’s contact information – which is necessary to provide a reply – as well as of any and all the personal data communicated in that manner.
The SMEDATA II website uses technically necessary cookies only. The total or partial disabling of these cookies can compromise the use of the site. The SMEDATA II website uses the following cookies:
- a cookie to store the language version of your choice by subsequent visits;
- a test cookie to test the ability to create and store cookies, which is used by WordPress – the platform on which our site is built.
You can control and manage the cookies in different ways by using your web browser. Please note that if you delete all cookies, the preferences that you have stored shall be deleted also. For more information how to change the settings of your browser in order to block or filter cookies, please visit: https://www.pcmag.com/how-to/how-to-control-and-delete-cookies-on-your-browser.
The Mobile application (“the App”) collects the following information:
- The chosen language for the App
- List of the bookmarked content
- List of saved documents
- Text of saved documents.
This information is stored on your device and there is no option for it to be transferred to the App creators. Therefore, your data connected to the App usage is not processed by any of the partners in the SMEDATA II Project.
Please note that you need to provide permission for the App to access:
- Your device’s Photos/Media/Files and Storage:
- read the contents of your USB storage
- modify or delete the contents of your USB storage.
- Network information:
- view network status and connections
- have full network access.
Please note that this Privacy statement does not cover hyperlinks in the App that re-direct you to external sources (e.g. the hyperlinks in section Useful links).
On the basis of legal requirements and under contractual obligation regarding SMEDATA II project the personal data collected by the Consortium may be provided to the following entities:
- European Commission (DG Justice and Consumers)
- European anti-fraud officer (OLAF)
- European Court of Auditors
Data subjects have the right to obtain from the project Consortium, where appropriate, access to their personal data as well as rectification or erasure of such data or the restriction of the processing concerning them, and to object to the processing (pursuant to Articles 15 to 22 of the Regulation). Please contact one of the partners to lodge all requests to exercise these rights.
a) Right of access – Article 15 GDPR
The right of access grants the data subject comprehensive insight into the data concerning them and into other important criteria, such as the purposes of the processing or the period for which the data shall be stored.
b) Right to rectification – Article 16 GDPR
The right to rectification implies the possibility for the data subject to have inaccurate personal data concerning the subject rectified.
c) Right to erasure – Article 17 GDPR
The right to erasure entails the possibility for the data subjects to have data erased at the controller. This is, however, only possible if the data concerning them are no longer necessary, if they have been unlawfully processed, or a corresponding consent has been withdrawn.
d) Right to restriction of processing – Article 18 GDPR
The right to restriction of processing includes the possibility for the data subject to prevent for the time being any further processing of personal data concerning them. A restriction mainly occurs at the stage of examining other exercises of rights by the data subject.
e) Right to data portability – Article 20 GDPR
The right to data portability implies the right for the data subject to receive from the controller the personal data concerning them in a commonly used, machine-readable format in order to have them, if necessary, transferred to another controller. In accordance with Art. 20 para. 3 sentence 2 of the GDPR, that right is not available if the data processing serves the purpose of performing public tasks.
f) Right to object – Article 21 GDPR
The right to object includes the possibility for data subjects to object, in a particular situation, to the further processing of their personal data as far as this processing is justified by the performance of public tasks or of public and private interests.
If a data subject considers that the processing of personal data relating to them infringes the Regulation, they have the right to lodge a complaint with the each of the partners (CPDP, APIS Europe, SUB, EWLA, EY, “ROMA TRE” University) pursuant to Article 77 of the Regulation.
Last update: 21.04.2021