Privacy Policy

This privacy policy applies to the processing of personal data collected via this website www.fluteproject.eu and its subsites.

This website is dedicated to the dissemination of the FLUTE project. The goal of FLUTE project is to advance and scale up data-driven healthcare by developing novel methods for privacy-preserving cross-border utilization of data hubs. The safety and confidentiality of the personal data we process is therefore a key concern for the members of the FLUTE consortium.

1. WHEN ARE YOUR PERSONAL DATA COLLECTED AND USED?

The data protection laws require that we provide you with information on the processing of your personal data. We collect and use your personal data whenever you:
o use our website or social media or communicate with us via e-mail, phone, or any other digital communication channel;
o subscribe to receive our newsletter.

2. WHO IS THE CONTROLLER OF YOUR DATA (“WE”)?

Whenever you see a reference to “we” in this privacy policy, it refers to Istituto Romagnolo per lo Studio dei Tumori "Dino Amadori" - IRST S.r.l. (English: Romagna Institute for the Study of Tumors), further referred to as “IRST”, that manages this website within the FLUTE consortium.
Our full legal name and contact details are as follows:
Istituto Romagnolo per lo Studio dei Tumori "Dino Amadori" - IRST S.r.l.
Via Piero Maroncelli, 40
47014 Meldola (FC)
Italy
Tel: +39 0543.739100
Registration number: 03154520401
We (IRST) are responsible for processing your personal data as explained in this privacy policy and act in capacity of controller of data collected through this website (including when subscribing to the newsletter), project’s social media channels or other digital communication channels.

3. WHAT PERSONAL DATA DO WE PROCESS, WHY AND ON WHAT LEGAL BASIS?

Below we explain the purposes and legal basis for the collection and use of your data which may occur when you use our website, social media or communicate with us via phone, e-mail or other digital communication channel.
Purpose of use and legal basis Types of data processed
To enable the communication between you and the members of the FLUTE consortium, for which we rely on our legitimate interest to be able to respond to requests, questions or remarks or to contact you proactively for inquiries of whatever kind (e.g., when you respond to a blog post, use our contact form or contact us via social media, phone, or e-mail). • the basic identity information you provide us (such as name, e-mail address, the company you work for, your function)
• the content of your communication and the technical details of the communication itself (with whom you correspond at our end, date and time, etc.)
• any other personal data you choose to provide to us.
To improve the website’s and social media pages’ content and the overall experience, for which we rely on our own legitimate interest to offer our visitors an interesting online space;
To detect and prevent malware, illegal content and behaviour and other types of misuse, for which we rely on our legitimate interest to keep our online presence safe.
• information concerning your browsing behaviour, such as how long you visit, what links you click on, what pages you visit and how many times you visit a page
• technical information associated with the device you use, such as your IP address, browser type, geographical location and operating system

When you register for our online newsletter, we use your data to be able to send you our newsletter. We will always ask for your consent for sending you our newsletter. You will can always unsubscribe from our newsletter. • your basic identity information, i.e. your name and e-mail address.
We collect certain information about you when you use this webpage via cookies. Further details on this are provided in our cookie policy.
For all of the personal data we have collected in the aforementioned circumstances, we will also process your personal data to comply with legal obligations or to comply, insofar we are legally allowed, with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities.

4. WITH WHOM DO WE SHARE YOUR PERSONAL DATA?

In principle we will not share your personal data with anyone but the members of the FLUTE consortium (on a need-to-know basis, for example if you ask a question relating to the particular partner), as well as our suppliers who help us process your personal data. drafted by the European Commission).
We will ensure that our suppliers are bound by strict contractual obligations to keep your personal data safe and confidential.

This means that only the following recipients will receive your personal data:
o FLUTE consortium members (list of partners available at https://www.fluteproject.eu/me...)
o our suppliers when necessary
o governmental or judicial authorities insofar we are required by law to send them your personal data (e.g., police or law enforcement).
We may share your personal data with FLUTE consortium partners situated outside of the European Economic Area (the European Economic Area consists of the EU, Liechtenstein, Norway and Iceland) in countries which have not been recognized as providing adequate level of data protection. If a transfer would take place, we will take adequate safeguards to protect your personal when transferred (e.g. by putting in place standard contractual clauses as
Where possible, data will be pseudonymized, anonymized and/or aggregated.

5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?
As a general rule, we will de-identify your personal data when they are no longer necessary for the purposes outlined above or when the retention period as explained in this notice has expired. However, we cannot de-identify your personal data if there is a legal or regulatory obligation or a judicial or administrative order that prevents FLUTE project partners from de-identifying them.

All the personal data we collect through our interactions with you via the website, social media, phone, e-mail and other digital communication channels will be kept as long as needed to fulfil our contractual obligations under the Grant Agreement of the project, or as required to communicate with you, but also to keep an historical archive of our communications. This allows us to revert to earlier communications if you return to us with new questions, request, remarks or other input.
All personal data we collect to send you our newsletter we will keep for as long as you remain subscribed to our mailing list or as long as needed to fulfil our contractual obligations under the Grant Agreement of the FLUTE project.

6. WHAT DO WE DO TO KEEP YOUR PERSONAL DATA SAFE?
The security and confidentiality of all data we process is very important to us. Hence, we have taken steps to ensure that all personal data processed are kept safe. These steps include processing only the personal data required for achieving the purposes we have communicated to you. We have also taken technical and organizational measures to secure our infrastructure, systems, applications, premises and processes.

7. WHICH RIGHTS DO YOU HAVE WITH REGARD TO YOUR PERSONAL DATA?
When we collect and use your personal data, you enjoy a number of rights which you can exercise in the manner described below.

1 You have the right to access your personal data, which means that you can ask us to provide you information regarding the personal data we have about you. You can also ask for a copy of your personal data. If you make the same request repeatedly, clearly causing us nuisance, we are allowed to refuse granting you these subsequent requests or charge an administrative fee covering the expenses. We can also refuse granting you a right to access your personal data, or only grant it partially, if such access would risk disproportional detriment to the rights and freedoms of others, including IRST’s.

2 You have the right to ask that we correct your personal data if you can show that the personal data we process about you are incorrect, incomplete or outdated. Specifying the context in which we obtained your personal data (e.g., to send you newsletters or to respond to a request), will help us assess your request swiftly and accurately.

3 If we asked for your consent to collect and use your personal data (e.g., to send you newsletters), you have the right to withdraw that earlier given consent.

4 You can ask that we delete your personal data, if these personal data are no longer needed for the purposes for which we collected them in the first place, if our collection of them was illegitimate or if you have successfully exercised your right to withdraw your consent or your right to object to the processing of your personal data. When one of these circumstances applies, we will immediately delete your personal data unless the law, regulatory obligations or administrative or judicial orders prohibit us to delete your personal data.

5 You can ask that we restrict the processing of your personal data:
o during the time we are assessing your request for correction of your personal data or your objection to the processing of your personal data.
o if we no longer need your personal data, but you require them for the establishment, exercise or defence of a legal claim.
o when such processing was unlawful, but you prefer restriction to erasure;

6 You have the right to oppose our processing of your personal data when we process your personal data on the basis of our legitimate interests. When our interest relates to direct marketing, we will grant you your request immediately. For other interests (e.g., our security interests), we will ask you to describe your specific circumstances giving rise to request. We then need to balance our interests against your circumstances. If this balancing exercise results in your circumstances outweighing our interests, we will cease processing your personal data.

7 When we have collected your personal data on the basis of your consent or because they were necessary for the execution or the performance of an agreement with you, you have the right to obtain a copy from us in a structured, commonly used and machine-readable format and to transmit those data to another controller without hindrance from the us (data portability). However, this right only applies to personal data you have provided to us.
If you wish to exercise any of these rights, we ask that you send us an e-mail. You can reach us at privacy@irst.legalmail.it. Please be aware that whenever you wish to exercise a right, we may need to ask you for a proof of identity. We do this to avoid a data breach, e.g., because an unauthorized person may pretend to be you and exercise a right in your name.
Please clearly state which right you wish to exercise. If possible, please indicate the context in which we have obtained your personal data so that we may handle your request swiftly and diligently. We will promptly inform you of having received this request. We will also inform you about the action taken as a result of your request within one month of its receipt. Please note that this term may be prolonged by additional two months in exceptional circumstances. We will inform you of such delay.
If you have any complaint regarding the processing of your personal data by IRST, you may always contact us via the e-mail address provided in the previous paragraph. If you remain unsatisfied with our response, you may file a complaint with the competent data protection authority. The competent data protection authority for Italy is Garante per la protezione dei dati personali (www.garanteprivacy.it). The list of all European data protection authorities is available on the website of European Data Protection Board (https://edpb.europa.eu/about-e... ).

8. WHAT IF THIS PRIVACY POLICY DOES NOT ANSWER ALL OF YOUR QUESTIONS?
Should you have further questions regarding the processing of your personal data, do not hesitate to contact our Data Protection Officer - Dr. Valeria Mignatti, at privacy@irst.legalmail.it or valeria.mignatti@auslromagna.it, phone number: +39 0543.739415.