Privacy Policy

Index of contents

  1. General Information
  2. Collection of Your Personal Data
  3. Third Party Data Processing
  4. Cookies
  5. Sharing of Your Personal Data
  6. Storage of Personal Data
  7. Securing of Your Personal Data
  8. Your Rights under GDPR
  9. Changes to this Policy

 

1.          General Information

A Privacy Policy is a legal statement in accordance with the General Data Protection Regualtion (GDPR) that specifies what a data controller does with personal data collected from users, along with how the data is processed and for what purposes. In this HOLiFOOD privacy policy, we want to provide you with information on us and the nature, scope and purposes of the data collection as well as the use. This policy aims to give you insights into the processing of your personal data.

Contact information:

Data Controller

Data Protection Officer

Data Processor

The European Food Information Council (EUFIC)

Rue Belliard 2A (3rd floor), 1040 Brussels, Belgium

eufic@eufic.org

InnoCraft Ltd,

7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand;

InnoCraft Ltd,

7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand;

 

2.          Collection of Your Personal Data

The operation of our website requires the collection of your personal data. ‘Personal data’ is any information relating to an identified or identifiable natural person (‘data subject’). The legal basis for processing your personal data depends on the purpose of processing and may vary to the product or service you are using.

The following personal data may be collected:

Data Categories

Description of Processing

Purpose

Legal Basis

Usage Data

Information regarding your use of this website is processed. This includes date of website visit, the pages visited, the length of the visit and your anonymized IP address.

This information helps to improve our website and provide a better user experience.

With regards to strictly necessary cookies, we rely here on our legitimate interest (Article 6(1)(f) of the GDPR). For any other type of cookies we rely on your consent (Article 6(1)(a) of the GDPR).

Device Information

Information from your device such as device type, operating system, screen resolution, language, location and web browser type.

We process this usage data for statistical purposes, to improve our site and to recognize and stop any misuse.

With regards to strictly necessary cookies, we rely here on our legitimate interest (Article 6(1)(f) of the GDPR). For any other type of cookies we rely on your consent (Article 6(1)(a) of the GDPR).

Event Registration Data

When you register for an event via the website, we may ask you to provide us with information such as your name, email address, details about your organization/field of expertise and your occupation.

This information allows us to register you for the event and to contact you with event related details and updates.

Legitimate Interest (Article 6(1)(f) GDPR).

Stakeholder Participation Data

When participating in the HOLiFOOD’s research project, including Living Labs, Focus Groups or any research activities, we may ask you to provide us with information such as your informed consent, name, contact details, organization/field of expertise and occupation.

You will be requested to give your informed consent, via this website, prior to the processing of your personal data. For more information regarding stakeholder participation and informed consent please use this link

This information allows us to collect your informed consent for participation in the HOLiFOODs project related activities.

Informed Consent (Article 6(1)(a) GDPR)

 

3.          Third Party Data Processing

Innocraft, is the Data processor. We use Innocraft technical tools to Data processing is governed by the following data processing agreement https://matomo.org/matomo-cloud-dpa/.

Innocraft Service

Purposes of Processing

Personal Data Processed

Privacy Policy

 

To improve our website and provide you with a better user experience.

This information includes the number of visitors to our website, the pages visited, and the length of the visit.

 

Matomo Cloud

To store data

Location data, device information, website usage data, event registration data

https://matomo.org/matomo-cloud-privacy-policy/.

 

4.          Cookies

Matomo requires the use of cookies to track user behavior on a website. Matomo uses cookies to store information such as user preferences and session data, which are then used to analyze user interactions with the website. This information is crucial for Matomo to provide accurate and detailed web analytics. Without the use of cookies, Matomo would not be able to collect the necessary data to provide useful insights. For these cookies, we will seek for your consent. If you do not want these types of cookies to be placed on your device anymore, you can withdraw your consent at any time. You can also configure your browser settings to reject or block cookies. The process for doing this may vary depending on the browser being used, but it is usually located in the privacy or security settings. For more information on Matomo and their use of coockies – https://matomo.org/blog/2020/02/web-analytics-cookies-gdpr/.

The HOLiFOOD website also uses technical cookies, which are necessary for the proper functioning of the website and to provide a better user experience. These cookies do not collect or store any personal information and are used exclusively for the technical functioning of the website.

 

5.          Sharing of Your Personal Data

If you agree to the use of Matomo, Matomo uses a selected number of trusted external service providers for certain technical data processing and/or service offerings. For further information, please read carefully the Privacy Policy of Matomo: https://matomo.org/privacy-policy/.

Your personal data will not be transferred outside of the European Union, nor will it be shared with any international organisations. If you use this website to register for an event hosted by HOLiFOOD or a member of the Consortium, we may share your field or occupation with the European Commission. However, this data will be aggregated and not connected to any of your personal data.

 

6.          Storage of Personal Data

We store your data on our for 3 years after the end of the project, meaning until September 2029.

Matomo Cloud ensures that personal data is stored in secure infrastructure of servers, databases and logs hosted in Frankfurt, Germany. Offsite backups are stored in Dublin, Ireland. This service is provided by AWS New Zealand, and all data is hosted in Europe.

Personal data is stored on the Matomo Cloud for 24 months, thereafter the data is deleted. Aggregated data will be deleted in September 2029.

For more information – https://matomo.org/faq/general/configure-log-retention-in-matomo/

 

7.          Securing of Your Personal Data

We secure your data through technical and organizational measures to ensure that it is protected from unauthorized access, alteration, or loss.

Data handled by EUFIC is securely stored by EUFIC on a password-protected server in France. Only authorized people can access the information.

The Matomo platform provides the following security measures:

  • Access controls ensuring only the authorized people can view report and raw user data;
  • Audit logs provided to you to ensure that all your staff (and your users and customers) activities are recorded and can be accounted for;
  • Matomo staff does not access data unless required to assist;
  • All sessions at matomo.cloud are encrypted with SSL;
  • User confidential information (user passwords) is encrypted using best practices encryption algorithm;
  • Two-factor authentication 2FA available in Matomo and can be enforced;
  • Software development best practises are in place such as systematic code reviews, automated testing, and internal security reviews.

Matomo Cloud service is hosted by Innocraft of Amazon Web Services (AWS). Innocraf is working with a team of very experienced and certified AWS engineers, and the official AWS enterprise support team to ensure all privacy and security best practices are met.

The Matomo Cloud infrastructure is hosted within a private network, which ensures none of your data or network traffic can be accessed by third parties.

For more information – https://matomo.org/faq/does-matomo-have-a-secure-infrastructure/.

 

8.          Your Rights under GDPR

The right to be informed

This means we must inform you of how we are going to use your personal data. We do this through this form and by informing you of how your data will be used each time we collect it (Article 13).

The right of access

You have the right to access your personal data that we store. To request access to your data, please email the Data Controllers identified above. We will respond to your request within one month (Article 15).

The right to rectification

If you think the data we store about you is incorrect, please let us know so we can correct it. You can do this by emailing the Data Controllers identified above (Article 16).

The right to erasure

You have the right to request that we delete your data and we will do so. You can do this by emailing the Data Controllers identified above (Article 17).

The right to restrict processing

 

Article 18 of the GDPR gives you the right to obtain from any Data Controller restriction of processing in certain contexts (Article 18).

The right to data portability

You have the right to receive the personal data concerning you which you have provided to the Data Controller(s) in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hinderance from the controller to which the personal data have been provided pursuant to Article 20 of the GDPR.

The right not to be subject to a decision based solely on automated processing

There will be no automated decision-making and profiling (Article 22).

The right to withdraw consent at any time

The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7).

The right to lodge a complaint with a supervisory authority

If you are a data subject in the EU, please find the supervisory authority of your country here.

To exercise any of the above-mentioned rights please contact Debora Serra (EUFIC) at debora.serra@eufic.org.

 

9.          Changes to this Policy

We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use our services. This privacy was updated on 11 December 2024. If you have any questions about our service, please contact us: debora.serra@eufic.org.