Personal Data Protection
In the Interreg MED Programme, we carefully treat all data collected as confidential and use it only under the legal compliance with EU regulations.
All data collected and managed under the activities of the Programme, namely accounts, databases of project partners, beneficiaries lists and public subscribers, registration in events, and others detailed ahead, is in strict compliance with the new Regulation (EU) 2016/679, General Data Protection Regulation.
To perform its duties as data controller, the Provence-Alpes-Côte d’Azur Region, Managing Authority of the Interreg MED Programme, has appointed a Data Protection Officer (DPO).
Who is concerned by this notice?
This notice is addressed to the following publics:
- project partners mentioned in the list of beneficiaries;
- roject website webmasters;
- respondents to surveys of the Programme
- registered participants in events;
- account owners in the exchange areas;
- all publics registered through the projects websites for surveys and events;
- newsletters subscribers.
Who collects data: roles and responsibilities?
In the Interreg MED web platform, there are two sources of data collection: the Joint Secretariat, as webmaster of the Programme website, and project partners that manage projects’ websites. In this regard, there is a shared responsibility of both sources.
The Programme Managing Authority is responsible (in the role of Data Controller) for the data collected and stored exclusively by the Joint Secretariat, in order to perform its legal public contractual duties. This data is under the supervision of PACA Region DPO.
The data collected and stored in the web platform by the project partners, is the sole responsibility of the institutional partners in charge of this task (not forcibly the lead partner), and these data are under the responsibility of the DPO of their institutions.
The data collected by project partners, using cloud-based services is also their responsibility, such as accounts and other types of registration and newsletter service providers.
For what purposes do we store your data?
We collect data to perform our legal obligations as co-funded European cooperation programme, in order to fund projects and the activities of the partner institutions regarding such partnerships.
The Interreg MED Programme is legally bound by EU Regulation to publicly disclose part of this information, namely:
- The list of co-financed operations that includes information on the partners,
- Any information regarding the projects that usually includes references of institutions behind the project partners,
The scope of the data collected is the strictly necessary for each purpose, avoiding as much as possible personal information. However, no personal information is collected without the knowledge of the target publics.
Except for the sharing of information among Programme authorities (Member States, Certification Authority, Audit Authority), in order to perform their legal functions, no data will be shared with third parties, including other beneficiaries, or used for unintended purposes without the express consent and prior notification of the interested people. When personal data is collected, the purpose will be clearly expressed.
Furthermore, all data stored by the Joint Secretariat will be kept after the Programme lifetime for a period superior to 5 years, for European Union audit obligations purposes. However, after the Programme closure the data will be archived and not be put to use or disclosed publicly.
We also recommend that, to avoid intercepted messages, do not disclose unnecessary or sensitive personal information. To send us such information, contact us through the postal service.
What about cookies and tracking technologies?
The Programme web platform collects and stores information using cookies and similar tracking technologies to track web behaviors. We use this information to provide analytics of only statistical nature.
How can you control your data with us?
According to GDPR and the article 27 of the French Law N° 78-17, of 6 January, 1978, relating to computers, files and freedoms, all interested and concerned people have a right to information concerning their own personal data, as well as a right to rectification or erasure, restriction of processing, or to lodge a complaint, by contacting the publication manager.
In compliance with the legal requirement of Regulation (EU) No. 1303/2013 (Common Provision Regulation), your personal data relating to EU-funded projects in the structural fund period 2014-2020 are erased after the statutory retention period.
Moreover, we draw your attention to the fact that – should you revoke your consent to the processing of your personal data until the end of the statutory retention period for the purpose of expenditure control – you will be, not only denied the related funding, but also you will have to refund the Programme on any amounts already perceived.
If you believe that your rights are not fully or partially observed, you may lodge a complaint with the data protection authority (please check contacts in the related section).
These limits affect specifically the data stored in the applications system, list of operations and the participation and presence in funded events. All other data related to accounts, newsletters, can be erased upon your express request, sending an e-mail to the IT support (please check contacts in the related section).
How is the data collected?
The Interreg MED Programme stores different types of personal data, in several ways:
- E-mail, postal and telephone contacts;
- Newsletters subscriptions;
- Registration to events and trainings;
- Contact forms;
- Data collected through the Interreg MED Web platform, Synergie applications’ system, Lime Survey and WordPress partner search forum;
- Data shared with the Interact platform KEEP.eu and other European Union platforms.