Index of contents
- Your Involvement in the HOLiFOOD Project
- Processing Your Personal Data
- Your Consent
1. Your Involvement in the HOLiFOOD Project
Thank you for your willingness to participate in EU funded project, HOLiFOOD. This document provides information about your participation. Only after you give your consent will we involve you in the project and process your personal data.
Additionally, we ask you not to share or further process any of the personal data or business sensitive information disclosed to you with any third parties (i.e., with any individual or entity that is not a participant in the project related call or activity).
In order to align with stakeholder priorities, preferences and user requirements, the HOLiFOOD innovations will be designed and tested through a multi actor approach involving stakeholders. Several online and offline workshops, interviews and consultations will be organised, where external stakeholders like you will be invited.
1.1 Your Participation
Your involvement is voluntary and you can discontinue your involvement at any time.
1.2 Your Main Contact point
Stichting Wageningen Research (WR) – HOLiFOOD Project Coordinator
2. Processing Your Personal Data
2.1 Contact Details of the Joint Controllers
Several partners of the HOLiFOOD project concluded a Joint Controllership Arrangement pursuant to Article 26 GDPR outlining the rights and obligations of the Joint Controllers. The essence of the arrangement is made available to you via this document. If you have any specific questions, please feel free to contact any of the Joint Controllers:
|Acronym||Institution||Country||Contact Point||Contact Details|
|WR||STICHTING WAGENINGEN RESEARCH||NL||Ine van der Fels-Klerxfirstname.lastname@example.org|
|APRE||AGENZIA PER LA PROMOZIONE DELLA|
|CREME||CREME SOFTWARE LTD||IE||William O’Sullivanemail@example.com|
|DIA||DIALOGIK GEMEINNUTZIGE GESELLSCHAFT|
FUR KOMMUNIKATIONS UND
|EUFIC||EUROPEAN FOOD INFORMATION COUNCIL||BE||Maria|
|UVMB||ALLATORVOSTUDOMANYI EGYETEM||HU||Ákos Józwiakfirstname.lastname@example.org|
|INRAE||INSTITUT NATIONAL DE RECHERCHE POUR|
L’AGRICULTURE, L’ALIMENTATION ET
|CNR||CONSIGLIO NAZIONALE DELLE RICERCHE||IT||Vincenzina Fuscoemail@example.com|
|UNEW||UNIVERSITY OF NEWCASTLE UPON TYNE||UK||Lynn Frewer||Lynn.Frewer@newcastle.ac.uk|
2.2 Category of Personal Data and Purpose of the Processing
|Data||Purpose(s) of Processing|
– e-mail address(es)
– Video and audio recording(s)
|– Communication and execution of the workshops, interviews and consultations (including follow-ups after the workshop).|
– Analysing stakeholders’ preferences and perspectives
– Review of the HOLiFOOD project by the Commission
The overarching purpose of the processing your personal data is scientific research in the field of food safety risk analysis, in particular for the HOLiFOOD project.
Information gathered from your involvement will be also anonymised and used in project activities, such as publications, conferences, disseminations on the project website and social media channels. In case we would like to name you in a deliverable or scientific publication, you will be contacted separately for this purpose.
2.3 Legal Basis
The legal basis for processing your personal data is informed consent in accordance with Article 6(1)(a) GDPR.
2.4 Recipients of the Personal Data
Microsoft acts as Data Processor and is governed by the following data processing agreement (DPA): https://www.microsoft.com/licensing/docs/view/Microsoft-Products-and-Services-Data-Protection-Addendum-DPA.
Data may be shared with Data Processors in order to achieve the purposes outlined above. In this case we will inform you separately about the Data Processor.
2.5 Transfer of Data to Third Countries
One of the Joint Controllers is based in the UK. Your data will therefore be transferred there. The transfer is based on the adequacy decision issued for the United Kingdom by the European Commission in accordance with Art. 45 of the GDPR.
With respect to the use of Microsoft Teams all transfer of personal data out of the EU is governed by the 2021 Standard Contractual Clauses implemented by Microsoft and by Article 46 of the GDPR. Microsoft will abide by the requirements of European Economic Area and United Kingdom, data protection law regarding the collection, use, transfer, retention, and other processing of Personal Data. All transfers of Personal Data will be subject to appropriate safeguards as described in Article 46 of the GDPR and the 2021 Standard Contractual Clauses.
2.6 Period of Data Storage
Once you are enrolled as a participant in the project, your data will be stored within the EU on the Stichting Wageningen Research Repository (project coordinator) using Microsoft Teams. Stichting Wageningen Research (WR), the project coordinator, will keep the joint repository (Microsoft Teams) updated and control data access.
Personal data will be stored until the end of the HOLiFOOD project including the period of the review of the project by the Commission. Joint Controllers will process and store your personal data only for the purposes outlined above.
2.7 Data Security
Microsoft secures all personal data through technical and organisational measures to ensure that it is protected from unauthorised access, alteration, or loss.
Core elements are:
- Azure Active Directory (Azure AD), which provides a single trusted back-end repository for user accounts. User profile information is stored in Azure AD through the actions of Microsoft Graph.
- There may be multiple tokens issued which you may see if tracing your network traffic, including Skype tokens you might see in traces while looking at chat and audio traffic.
- Transport Layer Security (TLS) encrypts the channel in motion. Authentication takes place using either mutual TLS (MTLS), based on certificates, or using Service-to-Service authentication based on Azure AD.
- Point-to-point audio, video, and application sharing streams are encrypted and integrity checked using Secure Real-Time Transport Protocol (SRTP).
- You will see OAuth traffic in your trace, particularly around token exchanges and negotiating permissions while switching between tabs in Teams, for example to move from Posts to Files. For an example of the OAuth flow for tabs, see this document.
- Teams uses industry-standard protocols for user authentication, wherever possible.
More information may be found in the security guide: https://learn.microsoft.com/en-gb/microsoftteams/teams-security-guide.
Each Data Controller may also store the personal data on local repositories. Each Data Controller ensures that technical and organisational measures are in place to ensure unauthorised access, alteration, or loss.
2.8 Your Rights under GDPR
The General Data Protection Regulation (GDPR) grants you the following rights:
|The right to be informed||This means we must inform you of how we are going to use your personal data. We do this through this form and by informing you of how your data will be used each time we collect it (Article 13).|
|The right of access||You have the right to access your personal data that we store. To request access to your data, please email the Data Controllers identified above. We will respond to your request within one month (Article 15).|
|The right to rectification||If you think the data we store about you is incorrect, please let us know so we can correct it. You can do this by emailing the Data Controllers identified above (Article 16).|
|The right to erasure||You have the right to request that we delete your data and we will do so. You can do this by emailing the Data Controllers identified above (Article 17).|
|The right to restrict processing||Article 18 of the GDPR gives you the right to obtain from any Data Controller restriction of processing in certain contexts (Article 18).|
|The right to data portability||You have the right to receive the personal data concerning you, which you have provided to the Data Controller(s) in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided pursuant to Article 20 of the GDPR.|
|The right not to be subject to a decision based solely on automated processing||There will be no automated decision-making and profiling (Article 22).|
|The right to withdraw consent at any time||If you withdraw your consent, Joint Controllers will no further process your data. However, the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal (Article 7).|
|The right to lodge a complaint with a supervisory authority||If you are a data subject in the EU, please find the supervisory authority of your country here.|
If you want to exercise your data subject rights or have questions regarding your involvement in the project, please contact the project coordinator (your main contact)
3. Your Consent
By clicking the button down below you provide your consent for the following:
- Ethical Consent: I consent to participate in the EU funded research project HOLiFOOD (Project number: 101059813).
- Data Protection Law Consent: I consent to the processing of my personal data as outlined in the form.
- Non-Disclosure Declaration. I declare that I will not record, process or the personal data or business sensitive information disclosed to me with any third parties (i.e., with any individual or entity that is not a participant to the call or the project activity).