Privacy Policy
Index of contents
- General Information
- Collection of Your Personal Data
- Third Party Data Processing
- Cookies
- Sharing of Your Personal Data
- Storage of Personal Data
- Securing of Your Personal Data
- Your Rights under GDPR
- Changes to this Policy
1. General Information
A Privacy Policy is a legal statement in accordance with the General Data Protection Regualtion (GDPR) that specifies what a data controller does with personal data collected from users, along with how the data is processed and for what purposes. In this HOLiFOOD privacy policy, we want to provide you with information on us and the nature, scope and purposes of the data collection as well as the use. This policy aims to give you insights into the processing of your personal data.
Contact information:
Data Controller | Data Protection Officer | Data Processor |
The European Food Information Council (EUFIC) Rue Belliard 2A (3rd floor), 1040 Brussels, Belgium eufic@eufic.org | InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand; | InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand; |
2. Collection of Your Personal Data
The operation of our website requires the collection of your personal data. ‘Personal data’ is any information relating to an identified or identifiable natural person (‘data subject’). The legal basis for processing your personal data depends on the purpose of processing and may vary to the product or service you are using.
The following personal data may be collected:
Data Categories | Description of Processing | Purpose |
Usage Data | Information regarding your use of this website is processed. This includes date of website visit, the pages visited, the length of the visit and your anonymized IP address. | This information helps to improve our website and provide a better user experience. |
Device Information | Information from your device such as device type, operating system, screen resolution, language, location and web browser type. | We process this usage data for statistical purposes, to improve our site and to recognize and stop any misuse. |
Event Registration Data | When you register for an event via the website, we may ask you to provide us with information such as your name, email address, details about your organization/field of expertise and your occupation. | This information allows us to register you for the event and to contact you with event related details and updates. |
Stakeholder Participation Data | When participating in the HOLiFOOD’s research project, including Living Labs, Focus Groups or any research activities, we may ask you to provide us with information such as your informed consent, name, contact details, organization/field of expertise and occupation. You will be requested to give your informed consent, via this website, prior to the processing of your personal data. For more information regarding stakeholder participation and informed consent please use this link. | This information allows us to collect your informed consent for participation in the HOLiFOODs project related activities. |
3. Third Party Data Processing
Innocraft, is the Data processor. We use Innocraft technical tools to Data processing is governed by the following data processing agreement https://matomo.org/matomo-cloud-dpa/.
Innocraft Service | Purposes of Processing | Personal Data Processed | Privacy Policy |
To improve our website and provide you with a better user experience. | This information includes the number of visitors to our website, the pages visited, and the length of the visit. | ||
Matomo Cloud | To store data | Location data, device information, website usage data, event registration data |
4. Cookies
Matomo requires the use of cookies to track user behavior on a website. Matomo uses cookies to store information such as user preferences and session data, which are then used to analyze user interactions with the website. This information is crucial for Matomo to provide accurate and detailed web analytics. Without the use of cookies, Matomo would not be able to collect the necessary data to provide useful insights. For these cookies, we will seek for your consent. If you do not want these types of cookies to be placed on your device anymore, you can withdraw your consent at any time. You can also configure your browser settings to reject or block cookies. The process for doing this may vary depending on the browser being used, but it is usually located in the privacy or security settings. For more information on Matomo and their use of coockies – https://matomo.org/blog/2020/02/web-analytics-cookies-gdpr/.
The HOLiFOOD website also uses technical cookies, which are necessary for the proper functioning of the website and to provide a better user experience. These cookies do not collect or store any personal information and are used exclusively for the technical functioning of the website.
5. Sharing of Your Personal Data
If you agree to the use of Matomo, Matomo uses a selected number of trusted external service providers for certain technical data processing and/or service offerings. For further information, please read carefully the Privacy Policy of Matomo: https://matomo.org/privacy-policy/.
Your personal data will not be transferred outside of the European Union, nor will it be shared with any international organisations. If you use this website to register for an event hosted by HOLiFOOD or a member of the Consortium, we may share your field or occupation with the European Commission. However, this data will be aggregated and not connected to any of your personal data.
6. Storage of Personal Data
We store your data on our for 3 years after the end of the project, meaning until September 2029.
Matomo Cloud ensures that personal data is stored in secure infrastructure of servers, databases and logs hosted in Frankfurt, Germany. Offsite backups are stored in Dublin, Ireland. This service is provided by AWS New Zealand, and all data is hosted in Europe.
Personal data is stored on the Matomo Cloud for 24 months, thereafter the data is deleted. Aggregated data will be deleted in September 2029.
For more information – https://matomo.org/faq/general/configure-log-retention-in-matomo/
7. Securing of Your Personal Data
We secure your data through technical and organizational measures to ensure that it is protected from unauthorized access, alteration, or loss.
Data handled by EUFIC is securely stored by EUFIC on a password-protected server in Belgium. Only authorized people can access the information.
The Matomo platform provides the following security measures:
- Access controls ensuring only the authorized people can view report and raw user data;
- Audit logs provided to you to ensure that all your staff (and your users and customers) activities are recorded and can be accounted for;
- Matomo staff does not access data unless required to assist;
- All sessions at matomo.cloud are encrypted with SSL;
- User confidential information (user passwords) is encrypted using best practices encryption algorithm;
- Two-factor authentication 2FA available in Matomo and can be enforced;
- Software development best practises are in place such as systematic code reviews, automated testing, and internal security reviews.
Matomo Cloud service is hosted by Innocraft of Amazon Web Services (AWS). Innocraf is working with a team of very experienced and certified AWS engineers, and the official AWS enterprise support team to ensure all privacy and security best practices are met.
The Matomo Cloud infrastructure is hosted within a private network, which ensures none of your data or network traffic can be accessed by third parties.
For more information – https://matomo.org/faq/does-matomo-have-a-secure-infrastructure/.
8. Your Rights under GDPR
The right to be informed | This means we must inform you of how we are going to use your personal data. We do this through this form and by informing you of how your data will be used each time we collect it (Article 13). |
The right of access | You have the right to access your personal data that we store. To request access to your data, please email the Data Controllers identified above. We will respond to your request within one month (Article 15). |
The right to rectification | If you think the data we store about you is incorrect, please let us know so we can correct it. You can do this by emailing the Data Controllers identified above (Article 16). |
The right to erasure | You have the right to request that we delete your data and we will do so. You can do this by emailing the Data Controllers identified above (Article 17). |
The right to restrict processing
| Article 18 of the GDPR gives you the right to obtain from any Data Controller restriction of processing in certain contexts (Article 18). |
The right to data portability | You have the right to receive the personal data concerning you which you have provided to the Data Controller(s) in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hinderance from the controller to which the personal data have been provided pursuant to Article 20 of the GDPR. |
The right not to be subject to a decision based solely on automated processing | There will be no automated decision-making and profiling (Article 22). |
The right to withdraw consent at any time | The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7). |
The right to lodge a complaint with a supervisory authority | If you are a data subject in the EU, please find the supervisory authority of your country here. |
To exercise any of the above-mentioned rights please contact Maria Scherbov (EUFIC) at maria.scherbov@eufic.org.
9. Changes to this Policy
We will notify you before we make material changes to this policy and give you an opportunity to review the revised policy before deciding if you would like to continue to use our services. This privacy was updated on 1 March 2023. If you have any questions about our service, please contact us: maria.scherbov@eufic.org.
