PRIVACY POLICY

INTRODUCTION

This page outlines the Privacy Policy for the website of the CARAMEL Project (CArdiovascular Risk Assessment in MEnopausaL women via multimodal data analysis enabling personalized prevention strategies). CARAMEL is a research project funded by the European Union under the Horizon Europe Programme, Grant Agreement No. 101156210. This website serves as an informational platform for the project’s activities, results, and public engagement. This privacy policy solely concerns the processing of personal data that occurs in connection with the operation of this website and explains how the administrator of this website uses personal data collected from you through the CARAMEL website, when you use the website and when you provide your details to us via the contact form available on the website. 

In particular, in this privacy policy you will find information on:

  • who is legally responsible for the data processing (data controller)
  • the data collection and logging that we carry out automatically when you visit our website
  • the data that we collect and process when you contact us via the contact form or when you sign up for our newsletter or when you request to be part of our networking database
  • Your rights as a data subject

WHO WE ARE 

In accordance with Article 13 of the EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter “GDPR”), we would like to inform you that the responsible data controller of the data you provide for the purpose of this website is Social IT Software & Consulting srl, the CARAMEL partner responsible for the dissemination and communication efforts of the project  (hereinafter the “Data Controller”), with registered office in Via Kufstein 5, 38121, Trento, Italy. Tax Code and VAT No. 02992720926.  For any inquiries concerning the processing of personal data or to exercise your rights under the GDPR, you can contact the Data Controller at Email comunicazione@socialit.it. Please, explicitly mention “CARAMEL” in the subject line of your communication.

WHAT DATA WE COLLECT

Navigation/usage data

The computer systems and programs used for the operation of the site automatically collect some personal data the transmission of which is inherent to the use of Internet communication protocols. This data may include: 

  • IP addresses or domain names of computers used by users connecting to the site, 
  • the URI – Uniform Resource Identifier – addresses of the requested resources
  • date and time of the request, 
  • method used in submitting the request to the server, 
  • size of the file obtained in response, 
  • numerical code about the status of the response rendered by the server – good end, error, etc.
  • and other parameters relating to the user’s operating system and computer environment. 

 

Although this information is not collected in order to be associated with identified data subjects, by its nature it could, through processing and association with data held by third parties, allow users to be identified.

 

Such data are used solely to obtain statistical information unrelated to any user identification  and to ensure  proper functioning of the site. They  are deleted immediately after processing. However, the data may be used to determine responsibility in the event of hypothetical computer crimes against the website.

 

Data provided by you

By contacting us through the website contact form, you will provide us with (and we will collect) your contact details, such as:

  • your name
  • your email address, and
  • the message you submitted.

 

We are not going to collect any metadata that you did not expressly provide us with.

PURPOSES OF AND LEGAL BASIS FOR DATA PROCESSING 

No provision of personal data by the user is required to browse the site. The Data Controller process your personal data for the following purposes:

  • Newsletter subscription: If you subscribe to CARAMEL newsletter, your personal data (such as your email address) will be used to send updates on the progress of the CARAMEL project, its research findings, upcoming events, and awareness-raising content on cardiovascular disease prevention in women. This will be done based on your consent (Art. 6(1)(a) of the GDPR) which you will explicitly express by subscribing to our CARAMEL newsletter. You can withdraw your consent by unsubscribing from the newsletter  at any time by clicking the link included in every newsletter.

 

  • Request to be added to the CARAMEL Networking Database: Personal data (such as your name, surname and email address) will be collected and stored to facilitate networking and collaboration opportunities within the CARAMEL project. Your data may be used to inform you about project-related initiatives, research partnerships, or stakeholder events. This will also take place based on your consent, expressed by actively requesting to be added to our networking databse (Art. 6(1)(a) of the GDPR). You can request the removal of your data from this database at any time.

 

  • Completion of the contact form: Personal data (such as your name, surname, email address, and any other information included in your message to us) will be processed solely to respond to your inquiry and provide the requested information.

DO WE SHARE YOUR DATA WITH THIRD PARTIES?

The data shared with the Data Controller will be used solely for the purposes stated above and may be disclosed to third parties only if necessary for those purposes. 

Sometimes, the data collected may, when necessary, be shared with the CARAMEL consortium, and, potentially, with the European Commission when reporting CARAMEL results. In such cases, the legal basis for processing is our legitimate interest – under Article 6(1)(f) of the GDPR – in complying with our obligations under the CARAMEL grant agreement. Additionally, we may be required by law to share your personal data with authorities such as the police or other law enforcement agencies, in compliance with legal obligations (Article 6(1)(c) of the GDPR) or in accordance with applicable law related to criminal investigations or public safety.  The Data Controller may also process your personal data to comply with legal obligations, including those arising from EU regulations, financial audits, and reporting requirements related to the Horizon Europe Programme, or to respond to requests from judicial or administrative authorities (i.e. Article 6(1)(c) and Article 6(1)(e) of the GDPR).

The processing of your personal data will be carried out, by personnel appointed by the Data Controller in accordance with our internal procedures, appropriate technical and organisational measures necessary to protect the confidentiality and security of your data. 

HOW LONG WE KEEP YOUR DATA?

Your data will be kept for the time strictly necessary to provide you – the website visitor – with the requested service and are deleted immediately afterwards, unless longer retention periods are provided for by law. Your data will not be disseminated. As part of its activities and for the purposes indicated above, Data Controller may use services rendered by third parties acting on Data Controller’s behalf and according to its instructions, as data processors. These are entities that provide Data Controller with processing or instrumental services (e.g., computer services for the operation of the site), pursuant to legal contracts. You may request a complete and updated list of the individuals appointed as data processors by contacting the Data Controller at  comunicazione@socialit.it.

 

DO WE TRANSFER YOUR DATA OUTSIDE THE EEA?

Your personal data may be transferred within the European Union, where the Data Controller or its suppliers are based, or where their servers are located. In some cases (i.e. when you requested to be part of our Networking Database), your data may also be transferred to non-EU countries, i.e. to Colombia, where one of the partners to the CARAMEL consortium is based. Our Colombian partner will have access to our Networking Database, which you have explicitly requested to be part of.  Please be informed, that such transfer will be conducted in compliance with the GDPR. Specifically, we will ensure that adequate safeguards, such as Standard Contractual Clauses (SCC) adopted by the European Commission, are in place.

WHAT ARE YOUR DATA PROTECTION RIGHTS?

As a data subject, you are entitled to exercise a series of rights under applicable data protection laws. You may exercise these rights by contacting us using the details provided in this policy. Specifically, you have the right:

  • To ask us whether we process your personal data, and if so, to obtain access thereto. You may also request a copy of your data (The right of access)
  • To correct or update your personal data. Where possible, we kindly ask you to specify the context in which your personal data is being used (e.g., for sending newsletters or responding to a request), to help us address your request swiftly and accurately (The right to rectification).
    • To request the deletion of your data, where applicable. This right may apply, for instance, when your personal data is no longer necessary for the purposes for which it was collected, when you withdraw your consent, or if the processing is unlawful (The right to erasure)
    • To request the restriction of the processing of your personal data, where applicable. This may include, for example, a temporary suspension of processing while we verify the accuracy of your data or assess an objection you have raised (The right to restriction of processing)
    • To receive the personal data, you have provided through this website, in a structured, commonly used, and machine-readable format, and to transmit those data to another controller without hindrance (data portability). This right applies exclusively to data you have provided to us and only if the processing is based on your consent. (The right to data portability).
    • To object to the processing of your personal data. You may exercise this right if we process your data based on our legitimate interests, rather than on your consent or legal obligations. If your objection concerns direct marketing, we will immediately comply with your request. In other cases, such as processing for security purposes, we may ask you to specify the reasons for your objection, so that we can assess whether your individual rights and freedoms outweigh our legitimate interests (The right to object).
  • To withdraw your consent for the processing of personal data, when processing is based on consent. The withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal (The right to withdraw consent).
  • To lodge a complaint with a data protection supervisory authority in the Member State of your habitual residence, place of work or place of the alleged infringement if you believe that the processing of your personal data infringes the GDPR. A list of national supervisory authorities can be found here (this links to a third-party website – official website of the European Commission) (The right to complain).

 

We regularly review this privacy policy and will post any updates to it on this webpage.