The present Privacy Policy describes the means and purposes of the processing of Personal Data through the website https://www.ihi-greg.eu/ (hereinafter called the “Website”). All content of the Website is owned or controlled by the Consortium of the GREG Project (hereinafter referred to as the “GREG Consortium” or the “Consortium”) and the terms and condition of use of the Website are set out in this Privacy Policy. This Privacy Policy is applicable to anyone who accesses the Website or otherwise interacts with the web services offered on the Website (i.e., the “User”). By providing personal information to us or by using the Website, the User acknowledges to have read and understand this Privacy Policy.

All Personal Data gathered by this website will be exclusively used for the purposes expressed below and will be processed in accordance with the General Data Protection Regulation (GDPR) Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.

1. The website

The aim of this Website is to provide information regarding GREG, a project supported by the Innovative Health Initiative Joint Undertaking (IHI JU) under Grant Agreement number 101191967.The GREG Consortium strives to keep the information and materials provided on the website up-to-date and accurate. In case of errors, the Consortium will do their best to correct them.

2. Types of Personal Data collected

2.1 Personal data provided by the User

The information that the User provides – such as their name and e-mail address – when certain areas of the Website request it (the “Personal Data”) is collected to enable access and benefit from some specified features, such as newsletter subscriptions and the “Contact Us” option. Where appropriate, a separate consent will be requested.

Unless specifically requested by the Consortium, we ask that the User does not send us or disclose any sensitive personal information on or through the Website, or otherwise to the Consortium. This includes, but is not limited to, Social Security numbers, information related to racial or ethnic origin, political opinions, religion or philosophical beliefs, health, sex life or sexual orientation, criminal background, trade union membership, or biometric or genetic data used to uniquely identify an individual.

2.2 Traffic and Internet data

The Website and our service providers may also automatically collect and use information in the following ways:

  • Through the User’s browser: Certain information is collected by most browsers, such as Media Access Control (MAC) address, computer type (Windows or Mac), screen resolution, operating system name and version, and internet browser type and version. Similar information may be collected, such as the User’s device type and identifier, if the Website is accessed through a mobile device. This information is used to ensure that the Service functions properly.
  • IP address: The User’s IP address is a number that is automatically assigned to their computer by the Internet Service Provider. An IP address is identified and logged automatically in the server log files whenever a User visits the Website, along with the time of the visit and the pages visited. Collecting IP addresses is standard practice and is done automatically by many online services. IP addresses are used for purposes such as calculating Website usage levels, diagnosing server problems, and administering the Website. The User’s approximate location may also be derived from their IP address.
  • Device Information: Information may be collected about the User’s mobile device, such as a unique device identifier, to understand how the Website is being used.

Certain information may be collected automatically as the User navigates around the Website. Please refer to the Cookies Policy for detailed information about the cookies and other tracking technologies used on the Website.

3. Purpose of processing Personal Data

Personal data from or about the User may be used for the following purposes:

  • For IT purposes, such as enhancing the Website and identifying Website usage trends.
  • To fulfil any request made by the User through the contact form available on the Website. This processing is needed to provide the Users with the information they have directly requested.
  • To provide the User with newsletters or e-mail alerts.
  • To send important information regarding our relationship with the User or regarding the Website, changes to our terms, conditions, and policies and/or other administrative information.

The collected data will only be processed for the purposes as described above and will not be processed further in a manner that is incompatible with those purposes.

4. Methods of the processing, data retention and data security

The Personal Data will be processed fairly, lawfully and in a transparent manner, meaning that at least one of the following legal bases applies:

  • Explicit consent from the User was received for the processing of their Personal Data.
  • There is an obligation to process the User’s Personal Data according to applicable law or court order.
  • The Personal Data are processed in view of the legitimate interests of the GREG Consortium partners.

A variety of measures are used to keep the Personal Data confidential and secure, including restricting access to Personal Data on a need-to-know basis and following appropriate security standards to protect the User’s data.

In case of a Personal Data breach, the competent supervisory authority and User will be notified:

  • The competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the Personal Data breach is unlikely to result in a risk to the rights and freedoms of natural persons.
  • The User without undue delay if the Personal Data breach is likely to result in a high risk to the rights and freedoms of natural persons.

5. Communications to third parties

The Personal Data will not be transferred to other third parties unless required or allowed by applicable law.

Some non-European Economic Area (EEA) countries are recognised by the European Commission as providing an adequate level of data protection according to EEA standards (list of countries) . If the processing of the User’s Personal Data would take place in a third country (e.g. a country outside the European Economic Area) which does not offer an adequate level of protection, such processing shall be conducted in accordance with applicable data protection legislation and appropriate safeguards, such as entering into EU standard contractual clauses.

With the User’s explicit consent (where required), information collected through the Website may be used and disclosed in other ways beyond those initially stated. In addition, information that is not considered personally identifiable and therefore not Personal Data may be used and disclosed for any purpose. If non-personally identifiable information is combined with identifiable information (e.g., combining a name with a geographical location), the combined information will be treated as Personal Data for as long as it remains combined.

6. Data retention

Every reasonable step is taken to ensure that Personal Data is only processed for the minimum period necessary in connection with:

  • The purposes set out in this Privacy Policy.
  • Any additional purposes notified to the User at or before the time of collection of the relevant Personal Data or commencement of the relevant processing;
  • As required or permitted by applicable law; and thereafter, for the duration of any applicable limitation period.

In short, once the Personal Data is no longer required, it will be securely destroyed or deleted in a secure manner.

7. Transfer of data abroad

The User’s Personal Data will not be transferred outside the EEA.

Should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely informed about this processing.

8. Redirect to other web sites

Please note that some sites may collect and use data differently. These sites will have a local Privacy Policy explaining these practices. If the User leaves the Website and visits a website operated by a third party, the GREG Consortium cannot be held responsible for the protection and privacy of any information that users provide when visiting such third-party websites. Accordingly, users should exercise caution and review the privacy statement applicable to the website in question.

9. Data subjects’ rights

9.1 The user has the right to request, review, correct, update, or delete the Personal Data provided via the Website as described below:

  • Right to inspection: If the User can prove their identity, the User obtains the right to acquire information about the processing of their data. Consequently, the User has the right to the processing objectives, the data categories, the categories of recipients to which the data are sent, the criteria that determine the period of data storage and the rights that the User can exercise with regard to their data.
  • Right to correct Personal Data: Inaccurate or incomplete data may be corrected. It is first and foremost the User’s responsibility to make the necessary modifications to their “User Profile”. The User may also contact us with a request to modify the data.
  • Right to delete Personal Data: The User also has the right to obtain the deletion of their Personal Data under the following circumstances:
    • The User’s Personal Data are no longer necessary for the intended purpose.
    • The User revokes their consent to process their data and there is no other legal basis for processing this data.
    • The User has legitimately exercised the right of objection.
    • The User’s data has been unlawfully processed.
    • The User’s data must be deleted arising from a legal obligation.
    • Deleting data is primarily related to visibility; the deleted data may remain temporarily stored.
  • Right to restrict processing: In some cases, the User has the right to request restrictions on the processing of their Personal Data. This certainly applies in the case of a dispute related to the accuracy of data, if the data are necessary in the context of a legal procedure or during the time necessary for GREG to determine that the User is validly able to exercise their right of deletion.
  • Right to object: The User has the right to object at any time to the processing of their Personal Data for “direct marketing” purposes, profiling, or purposes based on the legitimate interests of the data controller. GREG will stop processing the User’s Personal Data unless it can demonstrate compelling legal reasons for the processing that prevail over the User’s right to object.
  • Right to data portability: The User has the right to obtain the Personal Data provided to GREG in a structured, common, and machine-readable form. In addition, the User has the right to transfer such Personal Data to another data controller unless this is technically impossible.
  • Right to withdraw consent and opt-out or unsubscribe to mailing communication: The user is entitled to withdraw consent at any time for communication purposes and will receive an “unsubscribe link” in every e-mail from GREG to easily opt-out.

9.2 Where consent is requested and the User is a child below the age of 16 years, consent must be given or authorised by the User’s parent or legal guardian.

To exercise these rights, please submit a written request and proof of identity by email to info@ihi-greg.eu.

10. Intellectual property

All content of this Website is protected by worldwide copyright. The User may download content for personal use or for non-commercial purposes, but no modification or further reproduction of the content is permitted. Furthermore, it is not permitted to link this Website to any third-party website without the GREG Consortium’s prior written consent.

The GREG Consortium partner’s names and logos and all related trademarks, trade names, and other intellectual property rights are the property of the GREG Consortium partners and cannot be used, copied or distributed in any way without the express prior written permission of the GREG Consortium partner concerned.

11. Disclaimer and liability

The GREG Consortium makes no warranties or representations of any kind as to the content’s accuracy, currency or completeness. Neither the GREG Consortium, IHI, IHI’s industry partners, nor any individuals involved in creating, producing, or delivering content for this Website shall be liable for any damages resulting from the User’s access to, inability to access, or reliance on any materials or information provided on this Website.

The GREG Consortium makes no representation or warranty that use of this website, or materials downloaded from it, will not cause computer virus infection or other damage to property. The User is advised to ensure that has adequate measures to prevent any such problems.