Privacy Policy
1. General Information
A Privacy Policy is a legal statement under the General Data Protection Regulation (GDPR)[1] that explains how personal data is processed, and for what purposes.
In this HOLiFOOD privacy policy, we provide information about who we are, what data we process within the HOLiFOOD project, and why.
The entity who decides why and how your data is processed is called data controller, and the entity that processes data on behalf of the data controller is called data processor. A Data Protection Officer is a person who helps the data controller to ensure that personal data is handled in line with GDPR rules.
[1] REGULATION (EU) 2016/679 relating to the protection of the physical persons regarding personal data processing and the free circulation of these data (‘GDPR’).
Contact information:
| Data Controller | Data Protection Officer | Data Processor |
The European Food Information Council (EUFIC) Rue Belliard 2A (3rd floor), 1040 Brussels, Belgium eufic@eufic.org | InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand; | InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand; |
The European Food Information Council (EUFIC) Rue Belliard 2A (3rd floor), 1040 Brussels, Belgium eufic@eufic.org | Data subjects can contact the data protection officer by filling out the webform at https://aka.ms/privacyresponse, or by post at: Microsoft EU Data Protection Officer One Microsoft Place South County Business Park Leopardstown Dublin 18 D18 P521 Ireland Telephone: +353 (1) 706-3117 | Microsoft EU Data Protection Officer One Microsoft Place South County Business Park Leopardstown Dublin 18 D18 P521 Ireland Telephone: +353 (1) 706-3117 |
The European Food Information Council (EUFIC) Rue Belliard 2A (3rd floor), 1040 Brussels, Belgium eufic@eufic.org | Eventbrite: For data protection inquiries, to exercise your privacy rights, or to contact Eventbrite’s privacy team directly, you can email them at privacy@eventbrite.com | For data protection inquiries, to exercise your privacy rights, or to contact Eventbrite’s privacy team directly, you can email them at privacy@eventbrite.com |
2. Processing Your Personal Data
The operation of our website requires the processing of your personal data. ‘Personal data’ is any information relating to an identified or identifiable natural person (‘data subject’) [2]. The legal basis for processing your personal data depends on the purpose of processing and may vary to the product or service you are using.
The following personal data may be processed:
| Data Categories | Description of Processing | Purpose | Legal Basis |
| Usage Data | Information regarding your use of this website is processed. This includes date of website visit, the pages visited, the length of the visit and your anonymized IP address. | This information helps to improve our website and provide a better user experience. | With regards to strictly necessary cookies, we rely on our legitimate interest (Article 6(1)(f) of the GDPR). For any other type of cookies we rely on your consent (Article 6(1)(a) of the GDPR). |
| Device Information | Information from your device such as device type, operating system, screen resolution, language, location and web browser type. | We process this usage data for statistical purposes, to improve our website and to recognize and stop any misuse. | With regards to strictly necessary cookies, we rely here on our legitimate interest (Article 6(1)(f) of the GDPR). For any other type of cookies we rely on your consent (Article 6(1)(a) of the GDPR). |
| Event Registration Data | When you register for an event via the website, we may ask you to provide us with information such as your name, email address, details about your organization/field of expertise and your occupation. | This information allows us to register you for the event and to contact you with event related details and updates. | Legitimate Interest (Article 6(1)(f) GDPR). |
| Stakeholder Participation Data | When participating in the HOLiFOOD’s research project, including Living Labs, Focus Groups or any research activities, we may ask you to provide us with information such as your name, contact details, organization/field of expertise and occupation. You will be requested to give your informed consent, via this website, prior to the processing of your personal data. For more information regarding stakeholder participation and informed consent please use this link. | This information allows us to collect your informed consent for participation in the HOLiFOODs project related activities. | Informed Consent (Article 6(1)(a) GDPR) |
| Photos, audio, video recordings | We may take pictures and record videos (incl. audio) of the HOLiFOOD activities. | To disseminate the project (e.g. to show images of the activity on the HOLiFOOD website or social media channels) | Informed Consent (Article 6(1)(a) GDPR) for targeted use, such as portraits, iterviews; Legitimate Interest (Article 6(1)(f) GDPR) for general event documentation, audience shots; Necessary for the performance of a contract for consortium members (Article 6(1)(b) GDPR). |
3. Third Party Data Processing
Innocraft, is the Data processor. Data processing is governed by the following data processing agreement https://matomo.org/matomo-cloud-dpa/.
| Innocraft Service | Purposes of Processing | Personal Data Processed | Privacy Policy |
| To improve our website and provide you with a better user experience. | This information includes the number of visitors to our website, the pages visited, and the length of the visit. | ||
| Matomo Cloud | To store data | Location data, device information, website usage data, event registration data | https://matomo.org/matomo-cloud-privacy-policy/. |
4. Cookies
We use the open-source web analytics tool Matomo to collect information about the use of our website. This information includes the number of visitors to our website, the pages visited, and the length of the visit. Matomo requires the use of cookies to track user behavior on a website. Matomo uses cookies to store information such as user preferences and session data, which are then used to analyze user interactions with the website. This information is crucial for Matomo to provide accurate and detailed web analytics. Without the use of cookies, Matomo would not be able to collect the necessary data to provide useful insights. For these cookies, we will seek for your consent. If you do not want these types of cookies to be placed on your device anymore, you can withdraw your consent at any time. You can also configure your browser settings to reject or block cookies. The process for doing this may vary depending on the browser being used, but it is usually located in the privacy or security settings. For more information on Matomo and their use of coockies – https://matomo.org/blog/2020/02/web-analytics-cookies-gdpr/.
The HOLiFOOD website also uses technical cookies, which are necessary for the proper functioning of the website and to provide a better user experience. These cookies do not collect or store any personal information and are used exclusively for the technical functioning of the website.
5. Sharing of Your Personal Data
If you agree to the use of Matomo, Matomo uses a selected number of trusted external service providers for certain technical data processing and/or service offerings. For further information, please read carefully the Privacy Policy of Matomo: https://matomo.org/privacy-policy/.
Your personal data will not be transferred outside of the European Union, nor will it be shared with any international organisations. If you use this website to register for an event hosted by HOLiFOOD or a member of the Consortium, we may share your field or occupation with the European Commission. However, this data will be aggregated and not connected to any of your personal data.
6. Storage of Personal Data
We store your data on our server for 3 years after the end of the project, meaning until September 2029.
Matomo Cloud ensures that personal data is stored in secure infrastructure of servers, databases and logs hosted in Frankfurt, Germany. Offsite backups are stored in Dublin, Ireland. This service is provided by AWS New Zealand, and all data is hosted in Europe.
Personal data is stored on the Matomo Cloud for 24 months, thereafter the data is deleted. Aggregated data will be deleted in September 2029.
For more information – https://matomo.org/faq/general/configure-log-retention-in-matomo/
7. Securing of Your Personal Data
We secure your data through technical and organizational measures to ensure that it is protected from unauthorized access, alteration, or loss.
Data handled by EUFIC is securely stored by EUFIC on a password-protected server in France. Only authorized people can access the information.
The Matomo platform provides the following security measures:
- Access controls ensuring only the authorized people can view report and raw user data;
- Audit logs provided to you to ensure that all your staff (and your users and customers) activities are recorded and can be accounted for;
- Matomo staff does not access data unless required to assist;
- All sessions at matomo.cloud are encrypted with SSL;
- User confidential information (user passwords) is encrypted using best practices encryption algorithm;
- Two-factor authentication 2FA available in Matomo and can be enforced;
- Software development best practises are in place such as systematic code reviews, automated testing, and internal security reviews.
Matomo Cloud service is hosted by Innocraft of Amazon Web Services (AWS). Innocraf is working with a team of very experienced and certified AWS engineers, and the official AWS enterprise support team to ensure all privacy and security best practices are met.
The Matomo Cloud infrastructure is hosted within a private network, which ensures none of your data or network traffic can be accessed by third parties.
For more information – https://matomo.org/faq/does-matomo-have-a-secure-infrastructure/.
8. Your Rights under GDPR
| The right to be informed | This means we must inform you of how we are going to use your personal data. We do this through this form and by informing you of how your data will be used each time we collect it (Article 13). |
| The right of access | You have the right to access your personal data that we store. To request access to your data, please email the Data Controller identified above. We will respond to your request within one month (Article 15). |
| The right to rectification | If you think the data we store about you is incorrect, please let us know so we can correct it. You can do this by emailing the Data Controller identified above (Article 16). |
| The right to erasure | You have the right to request that we delete your data and we will do so. You can do this by emailing the Data Controller identified above (Article 17). |
The right to restrict processing
| You have the right to obtain from any Data Controller restriction of processing in certain contexts (Article 18). |
| The right to data portability | You have the right to receive the personal data concerning you which you have provided to the Data Controller(s) in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hinderance from the controller to which the personal data have been provided(Article 20). |
| The right not to be subject to a decision based solely on automated processing | You have the right not to be subject to automated decision-making and profiling (Article 22). Within the HOLiFOOD project, no automated decision-making or profiling within the meaning of Article 22 GDPR takes place. |
| The right to withdraw consent at any time | You have the right to withdraw your consent at any time. This shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7). |
| The right to lodge a complaint with a supervisory authority | If you are a data subject in the EU, you can find the supervisory authority of your country here. |
To exercise any of the above-mentioned rights please contact Debora Serra (EUFIC) at debora.serra@eufic.org.
9. Changes to this Policy
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use our services. This privacy was updated on May 2026. If you have any questions about our service, please contact us: debora.serra@eufic.org.