Privacy Policy of Scaleupcycling Platform

effective from October 1st, 2022

This privacy policy provides an overview about how we process personal data as joint controllers and describes how your personal information is collected, used, and shared when you visit www.ScaleUPcycling.eu

1. Who collects your data?

The consortium of the project ScaleUPcycling - Youth competence development on reuse and upcycling, is responsible of collecting your data, pursuant to Article 13 of EU Regulation 2016/679 (GDPR). We would like to inform you that our organisation is legally bound to process the data you have provided us with under the aforementioned regulation. Your data will be processed lawfully and fairly, under the provision of article 5 of EU Regulation 2016/679.

Project’s consortium

Anaptyxiaki Etaireia Lefkosias (Anel) Ltd (7 Megalou Alexandrou, 2233, PO Box: 12852, 2253, Latsia, Nicosia, Cyprus);

Drustvo AIA, Mladinski center Menges (Slovenska cesta 28, 1234 Mengeš, Slovenia);

Formacion Para El Desarrollo E Insercion, Sociedad Limitada (Formacion Para El Desarrollo E Insercion, Sociedad Limitada);

KDRIÜ Közép-dunántúli Regionális Innovációs Ügynökség Nonprofit Kft (Székesfehérvár, Seregélyesi út 113, 8000 Hungary);

NGPI Tryavna school (Bulgaria, District of Gabrovo, 150 Angel Kanchev Str., 5350 Tryavna);

Vyara Foundation (Bulgaria, District of Gabrovo, 81 Angel Kanchev Str., 5350 Tryavna)

(hereinafter referred to as “us” or “we”), institutions that developed and maintain the ScaleUPcycling interactive online community platform for youth and youth supporting organizations.

We value all the young people (15-29 years old), teachers, entrepreneurs, and youth workers/institutions who will join our still growing ScaleUpCycling family and who start creating amazing ideas regarding upcycling!

Our users are usually students and young entrepreneurs but for this Privacy Policy, we use the term “users” only.

If you have any questions concerning how we process your personal data, you can contact our Joint Contact Point. All privacy enquiries sent to us are received and reviewed by our Joint Contact Point, which serve as a contact point for you and supervisory authorities.

 Contact to Joint Contact Point:

Country

Organisation

Contact

Cyprus

 

 

Anaptyxiaki Etaireia Lefkosias (Anel)

info@anel. com.cy

Slovenia

 

Drustvo AIA, Mladinski center Menges

drustvo.aia@gmail.com

Hungary

KDRIÜ Közép-dunántúli Regionális Innovációs Ügynökség Nonprofit Kft

kdriu@kdriu.hu

Bulgaria

 

Vyara Foundation

NGPI Tryavna school

vyara_foundation@abv.bg

account@artschooltryavna.com

Spain

Formacion Para El Desarrollo E Insercion, Sociedad Limitada

info@defoin.es

 

This Privacy Policy is primarily designed to ensure compliance with our informational obligations pursuant to Articles 13 and 14 GDPR towards data subjects about whom we process personal data as a controller. Typical data subjects are users of the ScaleUpcycling online platform. Being an EU-based subjects, we must comply with the EU general data protection regulation (the “GDPR“) provisioning your individual rights[1]  when processing the personal data, applicable sections of the national data protection legislation (the “Data Protection Act”) and other legislation. In case that you do not understand any information provide in this Privacy Policy, do not hesitate to contact our Joint Contact Point.

Data subjects’ requests delivered at the Joint Contact Point shall be handled individually and on behalf of us by the controller from the country from which data subject request was sent.

2. Why we process personal data?

Generally, we need to process personal data to:

  • - provide our services on ScaleUPcycling platform;
  • - communicate with you
  • - in line with the preferences you have shared with us, provide you with information or advertising relating to our services and/or practices.
  • - meet our legal and contractual obligations; and
  • - pursue our own legitimate interests.

3. For what purposes and under which legal bases do we process personal data?

We process personal data for the following purposes and legal grounds:

  • Performance of Contract : Provide our services - operating the ScaleUpcycling platform
  • Legitimate interest: Establishment, exercise, or defence of legal claims and protection of property & security
  • Consent

4. What are our legitimate interests that we pursue?

We rely on a legal ground of legitimate interest pursuant to Article 6 (1) f) of GDPR for the following purposes. We provide description of these purposes and legitimate interests below:

Establishment, exercise or defense of legal claims (legal agenda)

From time to time, we might need to pursue a legal claim, ask for compensation or off-court settlement, or report certain facts to public authorities and aforementioned processing operations shall be considered as our legitimate interest.

Protection of property and security 

We consider our legitimate interest protecting the property and security of us including our employees or users of ScaleUpcycling platform. We rely on this legal ground to ensure the security of our information assets and IT systems.

5. What personal data we process?

In most cases we process standard contact and identification types of personal data such as name, surname, and email for the persons. Secondly, we process standard identification types of personal data such as r Name, Family name, Nickname and email address.

6. Who are recipients of your personal data?

We take the confidentiality of your personal data very seriously to ensure that your data is only shared with authorized personnel or a verified third party. Our staff might have access to your personal data on a strictly need-to-know basis typically governed and limited by function, role and department of the particular employee. Personal data of users or other natural persons are provided to the extent necessary to following categories of recipients:

  • - our verified and properly mandated processors.
  • - our professional advisors (e.g., attorneys or auditors);
  • - providers of standard software and cloud services.
  • - providers of technical (IT) and organizational (events agency) support of us;

We also use sub-contractors to support us in providing services who might process personal data for us. We ensure that selection of our sub-contractors and any processing of personal data by them is compliant with the GDPR in terms of technical and organizational security of processing operations. If we use our own recipients to process personal data (our internal staff), your personal data are always processed based on authorizations and instructions that inform our recipients about not only our internal privacy policies but also about their legal responsibility for their violations. If we are requested by the public authorities to provide your personal data, we examine the conditions laid down in the legislation to accept the request and to ensure that if conditions are not met, we do not adhere to the request. In case that you have a question about our current processors, do not hesitate to contact our Joint Contact Point for further information.

7. What countries do we transfer your personal data to?

By default, we seek not to transfer your personal data outside the EU and/or European Economic Area where not necessary.

8. How long do we store your personal data?

Retention periods are either provisioned in respective laws or are set out by us in our internal policies. We will keep your personal data as long as we need so as to provide you with the services offered by our organisation and for up to 10 (ten) years. Your data will be deleted once we no longer need them. Personal data collected for management and financial purposes will be stored for up to 10 years, considering relevant legal regulations. You can withdraw your consent at any time.

9. How we collect your personal data?

Generally, we collect your personal data directly from you. You can provide your personal data to us by different means e.g.:

  • - by registration on our website;
  • - completing and submitting a contact form with your comments, queries, or questions.

10. What rights do you have?

You can exercise your rights any time, as set out by Article 7, par. 3, and articles 15 and following of EU regulation 2016/679:

  1. right to access personal data
  2. right to rectification and erasure of personal data;
  3. right to restriction of processing;
  4. right to data portability;
  5. right to object to processing of personal data;
  6. right to lodge a complaint with a supervisory authority, in particular in the Member State of his or her habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to him or her infringes this Regulation.
  7. You have a right to lodge a complaint related to personal data to the relevant data protection supervisory authority or apply for judicial remedy. Please note that because of leading controller is from Bulgaria our competent data protection authority is the Bulgarian Data Protection Authority (https://www.cpdp.bg). In any case we advise to primarily consult us with your questions or requests.

You can exercise your rights by sending us an email at ScaleUPcycling@scaleupcycling.eu

11. Do we process your personal data via automated means which produces legal effects concerning you?

We do not currently conduct processing operations that would lead to the decision which produces legal effects or similarly significantly affects concerning you based solely on automated processing of your personal data in light of Article 22 GDPR.

12. How we protect your personal data

We have implemented generally accepted technical and organizational standards to preserve the security of the processed personal data, especially considering the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed. Your personal data are stored on secure servers of our web hosting provider Superhosting.BG located in data centers in Bulgaria. If third-party analytics tools are used data are stored on third-party servers (see cookies).

13. What is a cookie

A cookie is a small text file that is placed on a computer or other device and is used to identify the user or device and to collect information. Cookies are typically assigned to one of four categories, depending on their function and intended purpose: strictly necessary cookies, performance cookies, functional cookies, and cookies for targeting and advertising purposes.

14. Strictly necessary cookies

These cookies are necessary for the website to function and cannot be switched off in our systems. Without these cookies, services you have asked for, like logging in or filling in forms cannot be provided. You can set your browser to block or alert you about these cookies, but some parts of our website will not then work. These cookies do not store any personally identifiable information.

15. Performance cookies

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular, see how visitors move around the site, and whether they clicked on a link. This lets us know where we are doing well, and where we can improve, as well as making sure the pages load quickly and display properly. Information collected includes, for example, the Internet browsers and operating systems used, the domain name of the website previously visited, the number of visits, average duration of visit, and pages viewed. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our website, and will not be able to monitor its performance and enhance your experience. We use services from Google to perform these functions.

16. Data Breaches

We will report any unlawful data breaches to any and all relevant persons and authorities within 72 hours of the breach when such breach is likely to result in a high risk to the rights and freedoms of data subjects. Should you have any complaint about a breach, or the way in which we will handle a breach, please contact us.

17. Changes to this privacy policy

The information we give you with regard processing of personal data may change or cease to be up to date. From these reasons we may change this privacy policy from time to time by posting the most current privacy policy and its effective date on our website. In case we change this privacy policy substantially, we may bring such changes to your attention by explicit notice, on our website or by email.

 

[1] See Articles. 12 - 22 GDPR: http://eur-lex.europa.eu/legal-content/SK/TXT/HTML/?uri=CELEX:32016R0679&from=EN