Index of contents
- General Information
- Collection of Your Personal Data
- Third Party Data Processing
- Sharing of Your Personal Data
- Storage of Personal Data
- Securing of Your Personal Data
- Your Rights under GDPR
- Changes to this Policy
1. General Information
|Data Protection Officer|
The European Food Information Council (EUFIC)
Rue Belliard 2A (3rd floor), 1040 Brussels, Belgium
7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand;
7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand;
2. Collection of Your Personal Data
The operation of our website requires the collection of your personal data. ‘Personal data’ is any information relating to an identified or identifiable natural person (‘data subject’). The legal basis for processing your personal data depends on the purpose of processing and may vary to the product or service you are using.
The following personal data may be collected:
Description of Processing
Information regarding your use of this website is processed. This includes date of website visit, the pages visited, the length of the visit and your anonymized IP address.
This information helps to improve our website and provide a better user experience.
Information from your device such as device type, operating system, screen resolution, language, location and web browser type.
We process this usage data for statistical purposes, to improve our site and to recognize and stop any misuse.
Event Registration Data
When you register for an event via the website, we may ask you to provide us with information such as your name, email address, details about your organization/field of expertise and your occupation.
This information allows us to register you for the event and to contact you with event related details and updates.
Stakeholder Participation Data
When participating in the HOLiFOOD’s research project, including Living Labs, Focus Groups or any research activities, we may ask you to provide us with information such as your informed consent, name, contact details, organization/field of expertise and occupation.
You will be requested to give your informed consent, via this website, prior to the processing of your personal data. For more information regarding stakeholder participation and informed consent please use this link.
This information allows us to collect your informed consent for participation in the HOLiFOODs project related activities.
3. Third Party Data Processing
Innocraft, is the Data processor. We use Innocraft technical tools to Data processing is governed by the following data processing agreement https://matomo.org/matomo-cloud-dpa/.
Purposes of Processing
Personal Data Processed
To improve our website and provide you with a better user experience.
This information includes the number of visitors to our website, the pages visited, and the length of the visit.
To store data
Location data, device information, website usage data, event registration data
The HOLiFOOD website also uses technical cookies, which are necessary for the proper functioning of the website and to provide a better user experience. These cookies do not collect or store any personal information and are used exclusively for the technical functioning of the website.
5. Sharing of Your Personal Data
Your personal data will not be transferred outside of the European Union, nor will it be shared with any international organisations. If you use this website to register for an event hosted by HOLiFOOD or a member of the Consortium, we may share your field or occupation with the European Commission. However, this data will be aggregated and not connected to any of your personal data.
6. Storage of Personal Data
We store your data on our for 3 years after the end of the project, meaning until September 2029.
Matomo Cloud ensures that personal data is stored in secure infrastructure of servers, databases and logs hosted in Frankfurt, Germany. Offsite backups are stored in Dublin, Ireland. This service is provided by AWS New Zealand, and all data is hosted in Europe.
Personal data is stored on the Matomo Cloud for 24 months, thereafter the data is deleted. Aggregated data will be deleted in September 2029.
For more information – https://matomo.org/faq/general/configure-log-retention-in-matomo/
7. Securing of Your Personal Data
We secure your data through technical and organizational measures to ensure that it is protected from unauthorized access, alteration, or loss.
Data handled by EUFIC is securely stored by EUFIC on a password-protected server in Belgium. Only authorized people can access the information.
The Matomo platform provides the following security measures:
- Access controls ensuring only the authorized people can view report and raw user data;
- Audit logs provided to you to ensure that all your staff (and your users and customers) activities are recorded and can be accounted for;
- Matomo staff does not access data unless required to assist;
- All sessions at matomo.cloud are encrypted with SSL;
- User confidential information (user passwords) is encrypted using best practices encryption algorithm;
- Two-factor authentication 2FA available in Matomo and can be enforced;
- Software development best practises are in place such as systematic code reviews, automated testing, and internal security reviews.
Matomo Cloud service is hosted by Innocraft of Amazon Web Services (AWS). Innocraf is working with a team of very experienced and certified AWS engineers, and the official AWS enterprise support team to ensure all privacy and security best practices are met.
The Matomo Cloud infrastructure is hosted within a private network, which ensures none of your data or network traffic can be accessed by third parties.
For more information – https://matomo.org/faq/does-matomo-have-a-secure-infrastructure/.
8. Your Rights under GDPR
The right to be informed
This means we must inform you of how we are going to use your personal data. We do this through this form and by informing you of how your data will be used each time we collect it (Article 13).
The right of access
You have the right to access your personal data that we store. To request access to your data, please email the Data Controllers identified above. We will respond to your request within one month (Article 15).
The right to rectification
If you think the data we store about you is incorrect, please let us know so we can correct it. You can do this by emailing the Data Controllers identified above (Article 16).
The right to erasure
You have the right to request that we delete your data and we will do so. You can do this by emailing the Data Controllers identified above (Article 17).
The right to restrict processing
Article 18 of the GDPR gives you the right to obtain from any Data Controller restriction of processing in certain contexts (Article 18).
The right to data portability
You have the right to receive the personal data concerning you which you have provided to the Data Controller(s) in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hinderance from the controller to which the personal data have been provided pursuant to Article 20 of the GDPR.
The right not to be subject to a decision based solely on automated processing
There will be no automated decision-making and profiling (Article 22).
The right to withdraw consent at any time
The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7).
The right to lodge a complaint with a supervisory authority
If you are a data subject in the EU, please find the supervisory authority of your country here.
To exercise any of the above-mentioned rights please contact Maria Scherbov (EUFIC) at firstname.lastname@example.org.
9. Changes to this Policy
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use our services. This privacy was updated on 1 March 2023. If you have any questions about our service, please contact us: email@example.com.