ARTTIC collects and processes your data legally, honestly and transparently, in accordance with the General Data Protection Regulation (GDPR).
ARTTIC limits collection of personal data to what is strictly necessary, in accordance with the principle of data minimisation. By means of this Policy, ARTTIC hereby gives an undertaking to data subjects to maintain a written register of the categories of processing activities performed as data processing manager or subcontractor in respect to CARAMBA.
ARTTIC: The legal entity that publishes online communication services and that is responsible for collecting data. ARTTIC is a simplified joint-stock company, registered with the Trades and Companies Register with number 344 112 396 and with registered office located at 58A rue du Dessous des Berges, 75013 Paris, France, represented by its ex officio legal representative located at the aforesaid registered office.
+33 (0)1 53 94 54 60
+33 (0)1 53 94 54 70
For more information about the contact details for the ARTTIC’s different offices: http://www.arttic.eu/pages/fr/contact.php
Project: Research and innovation project taken as part of the European Union Horizon 2020 programme, entitled CARAMBA, in which ARTTIC is involved.
Consortium: Agreement of understanding between several persons, associations or companies for the purpose of cooperating to carry out one or more economic, financial, scientific or cultural operations intended to fulfil the Project. It endures as long as the activity for which it was established by its founders.
Partner(s): Persons making up the Consortium, other than ARTTIC.
Site: All the content of the different pages and services of the site, accessible using the following URL address: https://www.caramba-cart.eu
User: The person using the Site and services to which the site may give access.
Data subject: Any person whose personal data are processed by ARTTIC as part of the project, whether it is a Partner, a Partner’s employee, a User or another party.
Information and rights of data subjects
ARTTIC hereby informs you clearly about how it processes personal data as part of its business activity, how data are collected, used and protected. ARTTIC is available to provide data subjects any information about processing carried out as part of the Project.
For any request or complaint about processing of personal data, it is possible to contact ARTTIC at this e-mail address: firstname.lastname@example.org
In particular, any data subject has the right to ask ARTTIC:
- For access to the personal data supplied;
- To correct the data;
- To object to the processing, when such processing is based on ARTTIC’s legitimate interest and given the particular situation of the data subject;
- To exercise their right to portability of their information.
On the right to portability, ARTTIC offers you the option to return all the personal data about a subject, at their express request. The data subject is thus guaranteed better control of their data, and retains the possibility of reusing them. These data will be supplied in an open and easily reusable format, directly into the hands of the other data controller when desired and when technically possible.
For it to be accepted, the request message must be accompanied by proof of identity. The data subject may authorise a person of their choice to exercise their rights, provided that this person proves their identity, that of the applicant and the extent of their authority in the form of explicit written evidence.
Any person receiving the newsletter has the option to unsubscribe, unless this person is bound to receive the aforesaid newsletter under its obligations to a Partner. ARTTIC ensures an effective unsubscribe link is provided in the Project newsletter.
Data collected and purposes of processin
As part of carrying out the Project, the Partners transfer personal data to ARTTIC making it possible to identify and contact (first & last name, business e-mail address, photograph) their employees due to their job titles or third-parties involved in the Project, such as experts (hereafter designated the ‘Partners Data‘).In this case, the Partner remains responsible for supplying the legal information to the people involved in the processing operations prior to or when the data are collected.The purpose of processing Partners Data is:
- To compile files on members of the Consortium and people likely to contribute to the Project due to their job titles or expertise;
- ARTTIC manages, monitors and guides the Project in fulfilment of its obligations to the Consortium;
- Communication on the Project;
- Sending a newsletter and information about events related to the Project;
- Compiling statistics related to the Project.
Further, as part of using the Site, ARTTIC may collect the following data categories about Users of the Site directly from data subjects (hereafter designated the ‘Users Data‘):1/ Identification data (first & last name, telephone number, e-mail address), relating to professional life (organisation, job title), the purpose of which is:
- Sending newsletters, as long as the User ticks the box provided to express their acceptance.
Any data collection form states the objectives of gathering these data (purposes) and if these data are compulsory or optional to administer the request. This Confidentiality Policy is freely accessible to the User, who should read it before sending their data to ARTTIC.2/ ARTTIC follows a standard procedure of using log files. These files log visitors when they visit websites. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks.The information is used for analysing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.
ARTTIC uses the Google Analytics solution, which uses internal cookies to generate reports on Users’ interactions with the Site. The cookie records information about browsing on the service (pages, date and time viewed).
If the User doesn’t want cookies to be used on their computer, most browsers allow cookies to be disabled through settings options and it is possible to refuse to have cookies saved on their computer. However, in this case, the User is informed that certain services may no longer work correctly.
Recipients of data
ARTTIC complies with the legal rules that could prevent, limit or govern the distribution of information or data, and particularly French law 78-17 of 6 January 1978 relating to data processing, files and freedoms and the GDPR.
Personal data are collected by ARTTIC for internal use only. Under no circumstances will these data be sold, transferred or communicated to third parties under conditions not specified herein.
Based on legal obligations, the personal data of data subjects may be disclosed pursuant to a law, a regulation or in accordance with a decision by a competent regulatory or legal authority. The personal data collected may be added to ARTTIC’s database. It may be passed to third parties after being anonymised, solely for statistical purposes.
If your personal data are communicated to a third party, ARTTIC will ensure that the third party is bound to apply conditions of confidentiality at least identical to those herein.
The Website uses Social Plugins (Plugins) of different social networks like Twitter/LinkedIn/YouTube/Google+, which are marked by their logos. When you open a site with these plugins, browser data are transferred to the owners of those social networks. Thus, they are informed that you have opened the respective site. If the User is logged in to one or several of these social networks, these data can be linked to his/her account. The IP address may be logged without being a member of a social network or logging into a network.
Please note that data processing takes place outside the European Union. We have no influence over and take no responsibility for the volume of data transferred through social plugins.
For more information, please look up the data security policies of the respective network:
By logging out of networks before surfing or using privacy protecting software, you can limit the amount of data transferred.
Storage of data
Personal data processed are not stored longer than necessary to fulfil the obligations defined by the Consortium. Beyond this period, the data will be anonymised and stored solely for statistical purposes and will not be used in any other way whatsoever.
More generally, data purging procedures are implemented to plan their effective deletion as soon as the storage or archiving duration necessary to fulfilling the predetermined or required purposes is reached.
Any person not actively involved in relation to the processing purposes described over a three year period will have their data deleted.
Cookies are stored for a maximum period of 13 months after they are first saved on the User’s computer, corresponding to the validity period of User consent to use these Cookies. The lifetime of cookies is not extended by each visit. The User’s consent must therefore be renewed at the end of this period.
In the context of its involvement in the Project, ARTTIC may bring in one or more subcontractor(s) to undertake specific processing activities; these subcontractors are subject to the conditions of this Policy.
ARTTIC ensures that any subcontractor or subsequent subcontractor provides adequate contractual guarantees regarding the use of appropriate technical and organisational measures to protect the data of data subjects.
Procedures in case of security breach detected by ARTTIC
ARTTIC undertakes to implement all appropriate technical and organisational measures using physical and logistical security resources to guarantee an adequate security level to meet risks of accidental unauthorised or illegal access, disclosure, alteration, loss or destruction of the personal data collected.
However, ARTTIC cannot guarantee that all risks of data misuse are eliminated.
In the event that ARTTIC were to become aware of illegal access to personal data stored on its servers or those of its contractors, or unauthorised access resulting in the risks identified above being realised, ARTTIC undertakes to:
- Notify the person affected by the incident as quickly as possible, if this meets a legal requirement;
- Investigate the causes of the incident;
- Take the necessary reasonable measures to reduce the negative effects and harm that could arise from the aforesaid incident.
Under no circumstances may the commitments defined above relating to notification in the event of a security breach be considered as any form of acknowledgement by ARTTIC of fault or liability for occurrence of the incident in question.
Cross-border and non-EU processing, control authority
ARTTIC performs cross-border processing of personal data. ARTTIC has offices located in different countries of the European Union and has its head office, its main site, located in France. Also, the lead supervisory authority in the meaning of article 56 of the GDPR is the French Commission nationale de l’informatique et des libertés (CNIL), the French data processing control authority (https://www.cnil.fr).
In addition, ARTTIC may perform data transfers outside the European Union, particularly to Israel, where a secondary office is located and that has an adequate level of protection. In such cases, ARTTIC undertakes to apply the GDPR transfer rules.