Personal Data Protection
Partners / partnership: In the following text, “partner” / “partnership” designate partner institutions / organisations participating in projects co-financed by the Programme and likely to collect data within the framework of their project.
Supervisory Authority: independent public authority established by a member State under article 51 of the GDPR. In France, the Supervisory Authority is the CNIL. The list of Supervisory Authorities is available here: ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
The Interreg MED Programme carefully treats all data collected as confidential and use it only under the legal compliance with EU regulations.
All data collected and managed by the Programme, namely accounts, databases of project partners, beneficiaries list and newsletter subscribers, event participants, is in strict compliance with the new Regulation (EU) 2016/679, General Data Protection Regulation.
The "Région SUD Provence-Alpes-Côte d’Azur", Managing Authority of the Interreg Programme, has appointed a Data Protection Officer (DPO).
To contact the DPO: email@example.com
Who is concerned by this notice?
This notice is addressed to the following public:
- project partners included in the list of beneficiaries;
- project website webmasters;
- respondents to surveys of the Programme
- event participants;
- account owners in the exchange areas;
- newsletter subscribers.
Who collects data: roles and responsibilities?
In the Interreg MED web platform, there are two types of data processors: the Joint Secretariat, as webmaster of the Programme website, and project partners that manage projects’ websites.
The Programme Managing Authority is responsible for the data collected and stored exclusively by the Joint Secretariat, in order to perform its legal public contractual duties. This data is under the supervision of PACA Region DPO.
The data collected and stored in the web platform by the project partners, is the sole responsibility of the institutional partners in charge of this task (not forcibly the Lead Partner), and these data are under the responsibility of the organisation’s DPO that has been appointed by the partnership.
The data collected by project partners, using cloud-based services is also their responsibility, such as accounts and other types of registration and newsletter service providers.
For what purposes does the Interreg MED Programme store your data?
The Interreg MED Programme collects data to perform its legal obligations as a co-funded European cooperation programme, i.e. providing funds for projects developed and managed by public or private organisations.
The Interreg MED Programme is legally bound by EU Regulation to publicly disclose some information about its projects and partner organisations, namely:
- The list of co-financed operations that includes information on the partners,
- Any information regarding the projects that usually includes references of institutions behind the project partners,
The scope of the data collected is limited to what is strictly necessary for each purpose, avoiding as much as possible personal information. However, no personal information is collected without the knowledge of the target public.
No data will be shared with third parties outside the Interreg MED Programme, other than the external providers or used for unintended purposes without the express consent and prior notification to the interested individuals. When personal data is collected, the purpose will be clearly expressed.
The data collected within the framework of the Interreg MED Programme will be retained by the project partners and the Programme until 31/12/2028 to comply with the regulatory obligations. Once the retention period has passed, the Interreg MED Programme, the project partners and the potential sub-contractors / external providers Programme will take adequate measures to delete all personal data collected within the project.
The Interreg MED Programme may use external providers to process your personal data. You will be informed and your express consent required whenever this is the case.
The Interreg MED Programme makes sure to demand its external providers to provide it with adequate safeguards regarding personal data protection.
External providers of the Interreg MED Programme will have a limited access to personal data strictly necessary for the completion of the services rendered. They will also be contractually bound to use the personal data in compliance with the current regulation regarding personal data.
What about cookies and tracking technologies?
The Programme web platform collects and stores information using cookies and similar tracking technologies to track web behaviors. We use this information to provide analytics of only statistical nature.
What are your rights as a data subject?
According to the GDPR Regulation (EU) 2016/679, “Every person may, on simple request addressed to the DPO of [ACRONYM], have free access to all the information concerning them in clear language (any codes must be explained) and obtain a copy against payment of a fee, fixed by the State, of 3 € for the public sector and 4,6 € for the private sector.
Every person may directly require from an organisation holding information about them the data to be corrected (if they are wrong), completed or clarified (if they are incomplete or equivocal), or erased (if this information could not legally be collected).
Anyone may oppose that information about them is used for advertising purposes or for commercial purposes;
They may also oppose to information concerning them being disclosed to a third party for such purposes. The persons concerned should have the possibility of exercising their right to oppose the disclosure of their data to a third party at the moment the data is collected. The use of automatic calling machines or faxes for advertising purposes is prohibited unless the person has given their prior consent.”*
If you believe that the processing of your personal data constitutes a violation of the legislation in force, you have the possibility to lodge a complaint with the supervisory authority concerned. (check here: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm)
List of the data subject rights as stated in the Chapter 3 of the GPDR:
- Transparency and modalities
- Information and access to personal data
- Rectification and erasure
- Right to object and automated individual decision-making**
** For detailed information on each specific right, please check Chapter 3 of the GDPR Regulation (UE) no 2016/679.
How is the data collected?
The Interreg MED Programme stores different types of personal data, in several ways:
- E-mail, postal and telephone contacts;
- Newsletters subscriptions;
- Costumer relationship and contact management software: Augure
- Registration for events and trainings;
- Contact forms;
- Data collected through the Interreg MED Web platform, Synergie applications’ system, Lime Survey;
- Data shared with the Interact platform KEEP.eu and other European Union platforms.
Who can you contact for questions regarding data protection?
For questions or concerns regarding the collection of your personal data within the the Interreg MED Programme, please contact the Data Protection Officer: firstname.lastname@example.org