If you see any problems please report them to us at info@futures4europe.eu
Posts
Projects
Project Results
Events
Organisations
People

Login

Privacy Policy

The Executive Agency for Higher Education, Research, Development and Innovation Funding - UEFISCDI (hereafter “UEFISCDI” or the “Data Controller”) is committed to protecting your personal data and respecting your privacy. UEFISCDI collects and processes personal data in accordance with the following legal frameworks:

  • EU Directive 2002/58/EC concerning personal data processing and privacy in electronic communications (Directive on privacy and electronic communications);
  • Law no. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector (“Law no. 506/2004”);
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“General Data Protection Regulation” or “GDPR”), as well as other applicable regulations at the European or local level, adopted in the context of GDPR.
  • The Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation (GDPR);
  • Federal Act on Data Protection (Data Protection Act, FADP) of 25 September 2020 (Status as of 1 September 2023) of the Swiss Confederation, which governs the processing of personal data.

    • This legal framework, commonly known as the General Data Protection Regulation, establishes the principles and rules that guide UEFISCDI in handling your personal information responsibly and transparently.

    The data controller of the processing operation is UEFISCDI, and the data processor is Wix.com Ltd. (together with its affiliated companies and subsidiaries worldwide (“WIX” or the “Data Processor”).

    UEFISCDI shall take all reasonable measures to maintain the security of all personal data disclosed by its users. UEFISCDI shall not share or sell to third parties, for any purpose, any data collected either through tracking or registration without the customer’s express consent, except as provided in this Policy or in an agreement concluded with the customer.

    This Privacy Policy explains the terminology employed hereunder, the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. Additionally, it provides the contact information of the responsible Data Controller, whom you can reach out to in order to exercise your rights.

    Users of Futures4Europe are strongly encouraged to read this Policy carefully.

    1. Definitions

    This Privacy Policy is based on the terminology established by European legislation, particularly the GDPR, to ensure clarity and accessibility for the general public, as well as our members and users. To ensure this, kindly refer to the terminology used hereunder, as per below:

    a) Personal data

    Personal data means any information relating to an identified or identifiable natural person (“Data Subject”). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

    b) Data Subject

    Data Subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

    c) Processing

    Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

    d) Restriction of processing

    Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.

    e) Profiling

    Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

    f) Pseudonymisation

    Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.

    g) Controller or controller responsible for the processing

    Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by European Union or Member State law, the controller or the specific criteria for its nomination may be provided for by European Union or Member State law.

    h) Processor

    Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

    i) Recipient

    Recipient is any natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the context of a particular inquiry in accordance with European Union or Member State law shall not be regarded as recipients; the processing of these data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

    j) Third party

    Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

    k) Consent

    Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

    l) Cross-border processing

    Cross-border processing means either: (i) processing of personal data which takes place in the context of the activities of establishments in more than one Member State of a controller or processor in the Union where the controller or processor is established in more than one Member State; or (ii) processing of personal data which takes place in the context of the activities of a single establishment of a controller or processor in the Union but which substantially affects or is likely to substantially affect data subjects in more than one Member State.

    m) International organisation

    International organisation is an organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

    2. Why and how do we process your personal data?

    UEFISCDI collects and uses your personal data for the purposes of the visibility and promotion of “Eye of Europe - The Research and Innovation foresight community”, directly linked with the “Futures4Europe” digital platform, where most of the content comes from.

    The purpose of collecting personal data is to establish (i) a common repository of foresight projects and results, foresight methods and training materials; (ii) a social network of organizations and experts engaged in R&I foresight, which constitutes a continually updating database of actors who could be involved in future foresight methods; as well as (iii) a bridge of communication regarding current foresight activities and events. We shall also collect personal data for specific, explicit, and legitimate purposes, including: (i) facilitating membership registration and management; (ii) providing access to and use of website features and services; (iii) personalizing the user experience and tailoring content based on member preferences; (iv) conducting analysis and research to improve website functionality and services; (v) communicating with members regarding their account, services, or updates and (vi) complying with legal and regulatory obligations.

    We collect personal data through the use of our websites in two ways: (i) data you directly provide to us and (ii) data generated by your activity on the website.

  • Data you directly provide to us: you can choose to voluntarily provide us personal data in the context of registering an account and subscribing to online newsletters. This data enables us to provide the services you have requested and may include your name and e-mail address. In addition, each registered member may create an Info Page, where they can provide supplementary information, such as: picture, tag line (e.g., slogan, motto, profession, niche, social media links, county of residence, personal description, external and internal links, affiliations, files, list of projects, etc);
  • Data generated by your activity. In order to ensure the effective functioning and security of our websites and to better understand visitor behavioural patterns, as you browse our websites we automatically collect: log information such as the pages you visit, the time/date of your visit as well as your internet protocol (IP) address, device and software information such as your browser specifications and operating system. This information is collected through the use of various technologies, including cookies which are small text files stored in your browser. If you have registered and are logged-in, your browsing activity is linked to your user credentials so that we can personalise your experience on our websites, including for future visits.

    • All data processing is transparent and abides by the principle of users opting-in/out, and allowing the data they provide to be used for specific purposes.

    Your personal data will not be used for an automated decision-making including profiling.

    You must provide explicit consent for the collection and processing of your personal data when registering on the website or using its services. Consent must be informed, freely given, and documented.

    UEFISCDI does not request or knowingly accept data from persons under the age of 18 (eighteen).

    3. Which personal data do we collect?

  • Identity Data: Full name
  • Contact Data: Email address
  • Demographic Data: Location, and other statistical data that may help in service provision.
  • Technical Data: Internet Protocol (IP) address, browser type, operating system, and other similar data related to the device used to access the website.
  • Usage Data: Information regarding how members use the website, such as pages visited, features used, and interactions with content.
  • Communications Data: None

    • 4. Legal grounds for data processing

    We process your personal date pursuant relevant legal disposition of GDPR, according to which personal data shall be:

  • Art. 5(1)(a): Personal data shall be “processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);”
  • Art. 5(1)(b): Personal data shall be “collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);”
  • Art. 6(1)(a): Processing shall be lawful only if and to the extent that at least one of the following applies: “the data subject has given consent to the processing of his or her personal data for one or more specific purposes;”

    • 5. Access and Storage

    The Data Controller only keeps your personal data for the time necessary to fulfil the purpose of collection.

    During the project implementation, data will be stored on third-party cloud services. For Futures4europe platform, the technical process of protecting confidential and no confidential information is facilitated by WIX, through the WIX data API for communicating between the decoupled app and the WIX CMS.

    The Data Controller will only disclose information to third parties if that is necessary for the fulfilment of the purposes identified above. The Data Controller will not divulge your personal data for direct-marketing purposes.

    6. Security

    UEFISCDI places a great importance on the security of all information associated with our users. We have security measures in place to attempt to protect against the loss, misuse and alteration of customer data under our control. For example, our security and privacy policies are periodically reviewed and enhanced as necessary and only authorized personnel have access to user information.

    As per the Data Processing Addendum (“DPA”), the data processor has implemented and will maintain industry-standard technical and organizational security measures as required to appropriately ensure the protection of Users-of-Users Information against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Users-of-Users Information, and the confidentiality and integrity of Users-of-Users Information, including those measures set forth in the Wix Security Documentation.

    These measures shall be appropriate to the harm which might result from any accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Users-of-Users Information, and the nature and scope of the Users-of-Users Information which is to be protected.

    The Data Processor will, to the extent permitted by applicable law, notify the Data Controller without undue delay, after becoming aware of any personal data breach that affects the users` personal data, as required under GDPR. The Data Processor shall use reasonable efforts to include in such notifications relevant information concerning: the nature of the related breach, the scope and type of affected records and affected data subjects, anticipated consequences and details about any remediation and other measures that the Data Processor has taken and/or intends to take to mitigate any potential negative effects of such breach.

    UEFISCDI stresses the fact that members must maintain the confidentiality of their account password. UEFISCDI has designed internal security processes that encrypt member’s passwords to protect them against unauthorized disclosure or access. Neither UEFISCDI employees nor any of its contractors can obtain or access members passwords. Neither UEFISCDI nor its contractors shall ever ask members for passwords via mail, email, telephone or in any other unsolicited manner. It is the member’s responsibility to maintaining the secrecy of their password and user account information at all times.

    7. What are your rights and how can you exercise them?

    As a 'data subject' under Chapter III (Articles 12-23) of the GDPR, you are granted several important rights concerning your personal data. These include, but are not limited to, the right to access the personal data held about you, and the right to request rectification if your data is inaccurate or incomplete. To fully understand the range of your entitlements under the GDPR, please review the following detailed list of rights, which ensures your personal data is processed transparently and securely in accordance with the regulations.

    a) Right of confirmation

    Each Data Subject shall have the right to obtain from the Data Controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data subject wishes to exercise this right of confirmation, he or she may, at any time, contact any employee of the controller.

    b) Right of Access

    Each Data Subject shall have the right to obtain from the Data Controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the European directives and regulations grant the data subject access to the following information:

  • the purposes of the processing;
  • the categories of personal data concerned;
  • the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
  • where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
  • the existence of the right to request from the controller rectification or erasure of personal data, or restriction of processing of personal data concerning the data subject, or to object to such processing;
  • the existence of the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, referred to in Art. 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

    • Furthermore, the Data Subject shall have a right to obtain information as to whether personal data are transferred to a third country or to an international organisation. Where this is the case, the data subject shall have the right to be informed of the appropriate safeguards relating to the transfer.

    c) Right to rectification

    Each Data Subject shall have the right to obtain from the Data Controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the Data Subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.

    d) Right to erasure (Right to be forgotten)

    Each Data Subject shall have the right to obtain from the Data Controller the erasure of personal data concerning him or her without undue delay, and the Data Controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies, as long as the processing is not necessary:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
  • the Data Subject withdraws consent to which the processing is based.
  • the Data Subject objects to the processing and there are no overriding legitimate grounds for the processing.
  • the personal data have been unlawfully processed.
  • the personal data must be erased for compliance with a legal obligation in European Union or Member State law to which the Data Controller is subject.
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.


    • e) Right of restriction of processing

    Each Data Subject shall have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the Data Subject, for a period enabling the Data Controller to verify the accuracy of the personal data.
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of their use instead.
  • the Data Controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims.


    • f) Right to data portability

    Each Data Subject shall have the right to receive the personal data concerning him or her, which was provided to a controller, in a structured, commonly used and machine-readable format. He or she shall have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, as long as the processing is based on consent pursuant to point (a) of Art. 6(1) of the GDPR or point (a) of Art. 9(2) of the GDPR, or on a contract pursuant to point (b) of Article 6(1) of the GDPR, and the processing is carried out by automated means, as long as the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

    Furthermore, in exercising his or her right to data portability pursuant to Article 20(1) of the GDPR, the Data Subject shall have the right to have personal data transmitted directly from one controller to another, where technically feasible and when doing so does not adversely affect the rights and freedoms of others.

    g) Right to object

    Each Data Subject shall have the right to object, on grounds relating to his or her particular situation, at any time, to processing of personal. This also applies to profiling based on these provisions.

    The Data Controller shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject, or for the establishment, exercise or defence of legal claims.

    In addition, the Data Subject has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her for scientific or historical research purposes, or for statistical purposes pursuant to Article 89(1) of the GDPR, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

    h) Automated individual decision-making, including profiling

    Each Data Subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her, or similarly significantly affects him or her, as long as the decision (1) is not necessary for entering into, or the performance of, a contract between the data subject and a data controller, or (2) is not authorised by European Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, or (3) is not based on the data subject’s explicit consent.

    If the decision (1) is necessary for entering into, or the performance of, a contract between the Data Subject and a Data Controller, or (2) it is based on the data subject’s explicit consent, the Data Controller shall implement suitable measures to safeguard the data subject’s rights and freedoms and legitimate interests, at least the right to obtain human intervention on the part of the controller, to express his or her point of view and contest the decision.

    i) Right to withdraw data protection consent

    Each Data Subject shall have the right to withdraw his or her consent to processing of his or her personal data at any time.

    8. Data transfers

    UEFISCDI reserves the right to disclose personal data collected from data subject’s in the scope and in situations as required by the law, as well as in situations when such disclosure is necessary to protect the institution’s rights, to report suspected illegal activity, comply with judicial proceedings, court orders or decisions, or any other legal process.

    9. Amendments to the policy

    UEFISCDI may amend this Policy at any time, in particular as needed to comply with the applicable laws and regulations related to protection of personal data, provision of payment services and money laundering. The amended Policy shall be posted on the “Futures4Europe” digital platform, as well as notified to existing members.

    The amended Policy shall be posted on the “Futures4Europe” digital platform, as well as notified to existing members.

    Contact

    In order to exercise your rights to access and rectify your personal data, as well as to object to its processing or request erasure in certain circumstances, please contact info@futures4europe.eu.

    If you contact us via contact info@futures4europe.eu, the data you provide will be used for the purpose of processing your request. We must have this data in order to process and answer your inquiry, otherwise, we will not be able to answer it in full or at all. The legal basis for this data processing is Art. 6 Para. 1 lit. b) GDPR.

    Your data will be deleted once we have fully answered your inquiry and there is no further legal obligation to store your data, such as if an order or contract resulted therefrom.