Effective date: April 25, 2018
1.1 Domain Definition
The DESIGNSCAPES website is the core component of the Project’s dissemination and communication strategy, which includes the following actions and objectives taken from the contractual workplan:
a) On the official portal, regularly updated information about the project is to be found: new tools, training opportunities, public progress reports/newsfeeds about the activities, calendar of future events, partner profiles etc. In order to assure fast access to relevant information, contents will be grouped according to the DESIGNSCAPES’s target groups of WP1 (e.g. local urban stakeholders from the 12 DESIGNSCAPES Cities), WP3 (Beneficiaries of the Technical and Financial Support Instrument), WP4 (e.g. policy makers on local, national and EU level) and WP5 (e.g. project facilitators, local innovators etc.) [WP6];
b) The main objective of the website … is to inform the active stakeholders and policy makers about the background of the project, its scientific and training outputs, as well as policy recommendations, but also to mobilize them to actively participate in the project’s conferences and training sessions and in the Technical and Financial Support Instrument [WP6];
c) During the project, the DESIGNSCAPES website will be transformed into a virtual centre of operations for the Technical and Financial Support Instrument [WP3].
For a more detailed description of the privacy implications of point c) the reader is referred to the following Section 7 that is dedicated to the Open Call for Pilots. In this Section, we will mostly describe the way personal data of registered visitors will be collected, stored and their integrity protected. We will also deal with the issue of so-called ‘Cookies’, which, albeit legal, expose even the unregistered visitors to possibly unwanted consequences.
1.2 Description of Personal Data Processing
1.2.1 Nature, scope, context and purposes of the processing
Given the non-legally-binding nature of user data collection activities, the provisions of the (currently in force) Directive EC/95/46 automatically apply, requiring that the individual concerned by those activities has unambiguously given his or her consent, after being adequately informed of the related rights, freedoms and risks.
1.2.2 Personal data, recipients and period for which the personal data will be stored
The main purpose of data collection being Project communication and dissemination, we will mostly be interested in the email addresses of registered visitors (who will be nevertheless entitled to fill in a more extended personal profile in a dedicated section of the website if they so wish). Additionally, as far as the technical cookies are concerned, the computer systems and software procedures necessary for our website to operate correctly will collect and store some personal data that is implicitly transmitted by the Internet communication protocols and will be used to improve the quality of the services offered. This information will not be gathered in order to be associated with any specific user, however in virtue of its nature it may lead to the identification of a user through data processing and association.
This data is stored for six (6) months, during which it will be exploited to infer anonymous statistical information on the use of the website and check that the computer systems are working correctly. The data could also be used to ascertain responsibility in the event of hypothetical computer crimes or in the case of damage caused to the Consortium or other parties. In that case only, it may be notified to the Police or Judicial Authorities in the event of investigations, inspections, etc.
1.2.3 A functional description of the processing operation
An online form will be put on display in a dedicated area of the website, which the site visitors intending to register themselves will use to provide their email addresses or contact details on a voluntary basis. Before submitting that information, users will have to put a “tick” on a statement confirming their knowledge and acceptance of the contents of the privacy statement presented in Annex B to this document. Another “tick” will have to be put to “sign” the informed consent form (see the “companion” Deliverable 8.1 “H - Requirement No. 1”, alsodue at month 6) allowing the use of personal data to send invitations, newsletters and other communications in relation to the Project.
Data processed automatically by the system includes IP addresses or domain names of the computers used by the visitors to connect to the Project website, the Uniform Resource Identifier (URI) of required resources, the method used to send a request to the server, the size of the file obtained in reply, the numeric code that indicates the state of the reply given by the server (sent, error, etc.) and other parameters relating to the user’s operating system and data processing environment. The provision of the requested information is obligatory to ensure service continuity, however the website’s privacy statement will include specific advice to users on how to deactivate cookies (see Annex B).
1.2.4 Assets on which personal data rely (hardware, software, networks, people, paper or paper transmission channels)
The website infrastructure is run by Worldcrunch on third party cloud servers located in Karlsruhe, Germany and hosted at www.designscapes.eudomain address.
1.2.5 Compliance with approved codes of conduct
To our knowledge, no specific codes of conduct exist in the state of the art for web developers or site managers. However the DESIGNSCAPES consortium and particularly Worldcrunch, holding the responsibility of Project communication and dissemination, will commit to a few simple rules such as:
- Promptly responding to user inquiries and without charging any fee – unless the assistance of a third party is required for some dedicated work, the price of which will be shared in advance with the client;
- Avoiding jargon in giving explanations, both written and verbal, preferring the use of everyday language;
- Being sincere and tolerant in every sort of communication on any topic and with any user;
- Not spreading personal data and information uselessly – even if in possession of an explicit permit from the user;
- Making only – and all – the promises we can keep and showing reliance and trustworthiness at all stages of the interaction with website users.
In accordance with extant legislation, the person whom the data refers to has the right to: obtain confirmation of the existence or non-existence of data concerning him/her, and receive an intelligible communication of said data, even if they have not yet registered in the website.
Such information would cover: the source of the data; the purpose, method and logic of its (electronic) treatment; details of the data processor(s); details of the recipients or categories of recipients (if any) which personal data may be shared with or that may become acquainted with the data in virtue of their capacity (for instance, as appointed representatives or managers or persons responsible for technical tasks).
At any time, if and when interested, data subjects can get an update, modification, completion or deletion of the data, its conversion into an anonymous form, or stop its handling if unauthorised or unlawful, such as when some data does not need to be stored for the purposes for which it was collected or subsequently treated, such as for sending advertising material or doing market research or other commercial purposes.
1.3 Necessity and Proportionality
1.3.1 Measures envisaged to comply with the Regulation and contributing to the proportionality and the necessity of the processing
- specified, explicit and legitimate purpose(s)
- lawfulness of processing
- adequate, relevant and limited to what is necessary data
- limited storage duration, typically no longer than necessary for the purposes it is obtain for.
Collection is lawful if the provisions of Directive EC/95/46 are fulfilled. No extra data or evidence will be gathered than those needed for the Project’s communication and dissemination purposes. No data will ever be divulged or shared with any third party, for whatever reason or purpose. No treatment of personal data will ever take place to send advertising material or procure direct sales or do market research or for similar commercial purposes.
1.3.2 Measures contributing to the rights of the data subjects:
- information provided to the data subject
- right of access and portability
- right to rectify, erase, object, restriction of processing
- safeguards surrounding international transfer(s)
- prior consultation
1.4 Management of Risks to the Rights and Freedoms of Data Subjects
1.4.1 Origin, nature, particularity and severity of each risk (illegitimate access, undesired modification, and disappearance of data) from the perspective of the data subjects
- risks sources are taken into account
- potential impacts to the rights and freedoms of data subjects are identified in case of illegitimate access, undesired modification and disappearance of data
- threats that could lead to illegitimate access, undesired modification and disappearance of data are identified
- likelihood and severity are estimated
Worldcrunch, in their quality of responsible partner for the DESIGNSCAPES website’s technical infrastructure, will commit to pursue the most appropriate strategies to make any personal data and information stored in the website as guarded and secure as possible, in dependence of available technologies.
1.4.2 Measures envisaged to treat those risks
Regular (daily) back-ups of the whole project website will be done by the WP6 team.
1.5 Involvement of Interested Parties
1.5.1 Advice of the Data Protection Officer
See his statement in Annex A to this Deliverable.
1.5.2 Views of data subjects or their representatives