Privacy and Cookies Policy
This Privacy and Cookies Policy describes how and when FAnTASIA collects, uses, and shares your information when you use FAnTASIA website. Pursuant to article no. 13 of the Regulation EU n. 2016/679 (GDPR), and in general in observance of the principle of transparency set forth in the above Regulation, personal data will be processed with automated tools for the management of web services connected with the FAnTASIA website, within the framework of the institutional objectives of scientific research and administrative activities.
Data controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data;
School-based Implementation Data Controller information is:
UCD: University College Dublin (UCD), Dublin 4, Ireland
CLB: CleverBooks, Dublin, Ireland
UAegean: University of the Aegean, 1 Dimokratias Str, Rhodes 85100, Greece
CNR: Consiglio Nazionale delle Ricerche Roma, Piazzale Aldo Moro 7, 00185 Roma, Italy
Data Protection Officer: ensures, in an independent manner, that an organization applies the laws protecting individuals’ personal data. In particular, the DPO must:
- inform and advise the controller or processor, as well as their employees, of their obligations under data protection law;
- monitor compliance of the organisation with all legislation in relation to data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations;
- provide advice where a DPIA has been carried out and monitor its performance;
- act as a contact point for requests from individuals regarding the processing of their personal data and the exercise of their rights;
- cooperate with DPAs and act as a contact point for DPAs on issues relating to processing;
School-based Implementation Data Protection Officers information is:
UCD: Office of the DPO
Address: Roebuck Castle, University College Dublin, Belfield, Dublin 4, Ireland
CLB: Darya Yegorina, Principal Investigator,
Address: CleverBooks, Dublin, Ireland
UAegean: Data Protection Officer (DPO) at the University of the Aegean, Greece
Address: University Hill, Administration Bldg. 811 00, Mytilene, Lesvos, GREECE
CNR: Data Protection Officer Consiglio Nazionale delle Ricerche, Istituto per le Tecnologie Didattiche, Dott. Giuliano Salberini
Place of Data Processing and Data Sharing: The personal data that appear on the website and the relevant web services are mainly processed in the offices located in Dublin, Ireland. Physical location of the server, where the website is hosted, is Dublin. In case of need, website and newsletter related data may be processed by the staff of the website technological maintenance provider, at the provider’s headquarters. No data deriving from the web service is shared or disseminated, except in cases expressly provided for by the law. Personal data provided by users are used only to perform the service or work required and are disclosed to third parties only if this is necessary for that purpose.
Security: We use physical, technical, and administrative measures to safeguard information in our possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.
Types of processed data and purpose of the processing
Browsing data: When users browse the website, it acquires some navigation data, whose transmission is implicit in the internet communication protocols. Data are not collected to be associated to the identified people concerned. Data may be used to obtain aggregated and anonymous statistical information on website usage and to check its correct operation. Data are stored only for as long as it is necessary. Data may be used to ascertain the responsibility of users in case of potential digital crimes affecting the website. Data provided voluntarily by users – The optional, voluntary and explicit transmission of personal data, including email address, required in the website related web services (e.g. subscribing to newsletters) entails the subsequent acquisition of such data for the sole purpose of replying/responding to the users’ requests and managing the web services. Specific policies will be progressively posted or displayed on the website pages designed for special on-demand services.
Cookies: Cookies active on this website do not record personal data. FAnTASIA website usually use Google Analytics, a data analysis service provided by Google, Inc. (“Google”) to improve the usability of web services and the communications with users, to assess user internationalization levels, to promote institutional activities according to the various communication target groups. Google may disclose the data collected to third parties, if required by law. Data are collected for institutional purposes only and shall never be transferred for commercial purposes. For further information see Google terms. The website uses the following cookies:
Technical Cookies & Cookies that allow:
- Website navigation and usability;
- Aggregated collection of information on number of users and how users visit the website (“Google analytics”);
- Browsing in function of selected criteria (e.g. language, “functionalities cookies”) to improve user experience.
These cookies are not used for purposes other than those described above and therefore their installation does not require your consent.
Third-party profiling cookies: These cookies are installed by parties other than FAnTASIA and need your consent to be installed. If you refuse consent, they will not be installed. We may allow third-parties from other providers that need your consent; if not given they will not be installed. Please follow the links below to view the privacy policies of the above third parties where you will be allowed to consent to the installation of such cookies. Please note that if you do not express your preference and continue your navigation in the website, you will consent to the use of such cookies.
- Google Analytics & Aggregated collection of information on number of users and how users visit the website
- Google Fonts & Application online archive for the integration of free fonts for web interfaces
- Google Maps & Web mapping service
To disable, remove or block cookies you can use your browser’s settings or the DNT option (Do Not Track), if applicable. FAnTASIA does not guarantee the full operation of the website when cookies have been disabled. How to disable cookies from browsers:
Method and length of data processing: Personal data shall be processed:
- with automatic tools;
- by individuals authorized to perform such tasks by the Law;
- by using proper measures to ensure confidentiality and avoid access by non-authorized third parties;
- only for the time necessary to achieve the purposes for which they were collected.
Rights of the person concerned: Pursuant to Section III of the GDPR, the person concerned shall be entitled to exercise their right to:
- access personal data (you will therefore have the right to have free information about the personal data held by the Data Controller, as well as to obtain a copy thereof in an accessible format);
- amend incorrect, inaccurate or old data (upon your request, where the data do not express evaluation elements);
- withdraw consent (if you had consented to the processing, you may withdraw your consent at any time and upon such revocation of consent your data shall no longer be processed);
- cancel their personal data – right to be forgotten (for example, in case of withdrawal of consent, if there is no other legal basis for data processing);
- restrict data processing (in certain cases – dispute the accuracy of the data, within the timeframe necessary for verification; dispute the lawfulness of the processing with refusal to the cancellation; your need to use the data to exercise your defense rights, while they are no longer useful for the purposes of the processing; in the event that the processing has been denied, while the necessary checks are being carried out – the data will be stored in such a manner that they may be restored if need be, but, in the meantime, cannot be consulted by the Controller if not in relation to the validity of your request for restriction);
- deny consent to the processing due to legitimate reasons (under certain circumstances, you may in any case object to the processing of data, and in any case you may refuse processing for direct marketing purposes);
- data portability (upon your request, the data shall be transmitted to the subject indicated by you in such a format that they can be easily consulted and used);
- advance a dispute to the Supervisory Authority (Privacy Authority).
Exercise of users’ data protection rights: You may contact us via email at firstname.lastname@example.org, in order to assert your rights, namely: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the cancellation, transformation into anonymous form or the blocking of data processed in violation of the law; the updating, rectification or integration of data; certification that the operations have been brought to the attention of those to whom the data were communicated or disseminated. You may also object at any time to the possible profiling of your personal data.
Questions: If you have any questions about this policy or your privacy on the Services, please contact us at email@example.com.
GDPR Responsibilities: The EU General Data Protection Regulation (GDPR) introduces more robust requirements for collecting and using people’s data with their consent. Under the GDPR there must be an ‘affirmative act establishing a freely given, informed, and unambiguous indication’ of the person’s wishes. As such the FAnTASIA website reflects the project-specific policies and those of the hosting provider, University College Dublin. Following the Data Protection guidelines the FAnTASIA project has been set up and implemented a cookie consent policy on the website. With implementation of the cookie consent policy, the user can choose to accept all cookies or change the cookie settings when they browse the FAnTASIA website.
HyperText Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). Project coordinator has organised the HTTPS certificate for the FAnTASIA website from the beginning of the project. The principal motivations for HTTPS are authentication of the accessed website, protection of the privacy and integrity of the exchanged data while in transit. It protects against man-in-the-middle attacks. The bidirectional encryption of communications between a client and server protects against eavesdropping and tampering of the communication. In practice, this provides a reasonable assurance that one is communicating without interference by attackers with the website that one intended to communicate with, as opposed to an impostor.
The authentication aspect of HTTPS requires a trusted third party to sign server side digital certificates. HTTPS is now used more often by web users than the original non-secure HTTP, primarily to protect page authenticity on all types of websites; secure accounts; and to keep private user communications, identity, and web browsing.
FAnTASIA utilises the service of Let Encrypt to create the SSL certificate. FAnTASIA plans to renew the SSL certificate until the end of the project and 5 years beyond the duration of the project.
GDPR Responsibilities: The EU General Data Protection Regulation (GDPR) introduces more robust requirements for collecting and using people’s data with their consent. Under the GDPR there must be an ‘affirmative act establishing a freely given, informed, and unambiguous indication’ of the person’s wishes. As such the FAnTASIA website reflects the project-specific policies and those of the hosting provider, University College Dublin. Following the Data Protection guidelines the FAnTASIA project website has been set up and implemented a cookie consent policy on the website. With implementation of the cookie consent policy, the user can choose to accept all cookies or change the cookie settings when they browse the FAnTASIA website. The FAnTASIA mobile applications purchased through Google Play or Apple Store do not collect, use and disclose any personal information and CleverBooks DPO is responsible for the GDPR compliance of the FAnTASIA mobile applications.
FAnTASIA mobile applications Personal Information
Participants to FAnTASIA project provide consent as per the ethics evaluation of the project. FAnTASIA mobile applications will not collect any personal information of the users.
Pupils: No individual data is being processed on students, neither an individual is being recognized and/or identified when using FAnTASIA website and FAnTASIA mobile applications purchased through Google Play or Apple Store collect solutions. When using FAnTASIA mobile applications, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477). In the case of use of FAnTASIA mobile applications the principle device=user is implemented. FAnTASIA mobile applications do not identify how many students are using the same mobile device at a time.
Teacher/school staff: When using FAnTASIA mobile applications, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477).
Parent/guardian: When using FAnTASIA mobile applications, there is no data/information collected and/or stored about a user apart from standard information collected by Google Play (https://play.google.com/about/privacy-security-deception/user-data/) and iTunes (https://support.apple.com/en-ie/HT208477).
No personal data is collected during the project. The only data collected during the FAnTASIA project interventions are described in the DPIA (Data Protection Impact Assessment) document and the Data Flow diagram indicates the main Data Processors and Data Controllers..
Questions: If you have any questions about this policy or your privacy on the Services, please contact us at firstname.lastname@example.org.