INCISIVE project

logo-white
Data Sharing Portal

Privacy Policy

Privacy policy for the users of the Platform

  1. General information
    1. This policy applies to individual users of INCISIVE Platform (“Platform”) (including individuals in the role of Data Users and Data Providers). For explanation of capitalized terms (for example: “Data”, “Data User”, “Data Provider”, “Platform” etc.), please refer to the General ToU.
    2. MAGGIOLI S.P.A., established in VIA DEL CARPINO 8, 47822 SANTARCANGELO DI ROMAGNA, Italy, as data controller, will collect and process personal data for the purposes of managing the Platform.
  2. What personal data is collected and when:
    1. When you create an account in the Platform, we collect your name, your affiliation and contact details (e-mail address). Additional personal data (for instance research history and biography) may be collected for specific roles, for example if you submit Data as a Data Provider or use it as Data User.
    2. The Platform tracks the usage of Data by the users. When you use the Data in the Platform we collect your name in the platform (username), the organization you belong to and your role inside the INCISIVE platform, the name of the action you performed and the date and time this action took place.
  3. Controller of the data
    1. MAGGIOLI S.P.A., established in VIA DEL CARPINO 8, 47822 SANTARCANGELO DI ROMAGNA, Italy, as data controller will collect and process personal data for the purposes of managing the Platform.
    2. Should you have further questions regarding the processing of your personal data, do not hesitate to contact: Ernesto Belisario at dpo.privacy@maggioli.it
  4. Purpose of use of User Data
    We will use the user’s data:
    1. To provide the services of the Platform,
    2. To administer your account, including ensuring the security of the Platform, and communicating with you as required;
    3. Managing your requests submitted through the Platform, including for instance reviewing your applications and communicating with you throughout the process;
    4. To evaluate and improve services of the Platform,
    5. To document use of the Data provided in the Platform,
    6. To comply with legal obligations or to comply, insofar we are legally allowed, with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities.
  5. Legal basis for collecting and using User Data
    1. When you create an account on the Platform, we will be processing your data to provide you with the requested services of the Platform. Legal basis provided in Article 6 (1) (b) GDPR i.e. processing is necessary for the performance of a contract to which the Data Subject is party or in order to take steps at the request of the Data Subject prior to entering into a contract.
    2. When you use the Data in the Platform, we will be processing your data for our legitimate interests, Article 6 (1) (f) GDPR i.e. to monitor the use of the Data in the Platform, to detect misuse or report use of the Data to the Data Provider in accordance with the General ToU and the Data User Terms.
  6. Are we sharing your data?
    1. Your personal data is accessed only on a need-to-know basis, mainly by authorized personnel of the controller.
    2. Depending on how you use the Platform, your personal data may need to be shared also by staff members of other INCISIVE Beneficiaries, Data Users or Data Providers. In particular, if you use the Data on the Platform your actions in the Platform will be tracked and can be shared with the Data Providers of the used Data.
    3. The information collected from the Platform may, when necessary, be shared with the European Commission when reporting INCISIVE results or governmental or judicial authorities insofar we are required to do so by law (e.g. police or law enforcement).
  7. Transfers outside of EEA/EU
    1. Some of the INCISIVE Beneficiaries are based in Serbia and in the UK. Depending on your use of the Platform, your data may be shared with those Beneficiaries. In case any transfer of personal data outside the European Economic Area (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland) would occur, we assure you that we will only do so in accordance with either Art. 45 GDPR (on the basis of an adequacy decision) or Art 46 GDPR (appropriate safeguards in place).
    2. INCISIVE Beneficiaries based in the UK may receive your data if necessary to perform the requested services. Data flows between the EU and the UK are permitted based on UK adequacy decision without additional safeguards. Should this situation change and the UK become a third country, we will ensure to maintain any necessary transfers in accordance with either Art. 45 GDPR (on the basis of an adequacy decision) or Art 46 GDPR (appropriate safeguards in place).
  8. Retention of data
    1. We process and store personal data as long as it is necessary for the fulfilment of our contractual obligations under the Grant Agreement of the INCISIVE project. When this data is no longer necessary for the above purposes, it will be regularly deleted.
    2. For the data which are stored on your user account, they will be kept for as long as this account remains active and for 10 years after its deactivation. User actions registered on blockchain may be kept beyond this term.
  9. Data Subject rights
    1. To access. To ask us whether we process personal data on you, and if so, to obtain access to your personal data processed by us. You can also obtain a copy of your data.
    2. To correct/ update your personal data. If possible, please specify the context in which we use your personal data (e.g. to respond to a request), so that we may assess your request swiftly and accurately.
    3. To request deletion of your data, where applicable. For example, this right could be exercised in cases where the personal data is no longer necessary, the personal data processing in unlawful, or you withdraw your consent.
    4. To request restriction of the processing of your personal data, where applicable. This could for example be a temporary measure in the case where you contest the accuracy of the personal data of you object to the processing, pending our review of your request.
    5. To receive the personal data, which you have provided on the website, in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the us (data portability). However, this right only applies to personal data you have provided to us and if they were provided on the basis of your consent or because they were necessary for the execution or the performance of an agreement with you.
    6. To object to processing of your data. You can exercise this right when we process your personal data on the basis of our legitimate interests, i.e. you have not given us your consent and we do not need them for the execution or performance of an agreement nor to comply with legal obligations. For other interests, e.g. our security interests, we will ask you to describe your specific circumstances giving rise to request. We then need to balance our interests against your circumstances. If this balancing exercise results in your circumstances outweighing our interests, we will cease processing your personal data.
    7. To withdraw your consent for the processing of personal data when we have collected your personal data on the basis of your consent. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
    8. You can exercise these rights by sending an email to contact indicated above. In case you remain unsatisfied with our response you have the right to contact the competent supervisory authority of the Member State. The list of the European data protection authorities is available on the website of European Data Protection Board (https://edpb.europa.eu/about-edpb/board/members_en ).
Scroll to Top