Last updated September 2023
Who we are
PRECRISIS is an EU-funded project (Grant Agreement No: ISFP-2022-TFI-AG-PROTECT-02-101100539) that began May 2023 and ends in April 2025. For further information, we can be contacted at firstname.lastname@example.org
The aim of the project is to enhance security in public spaces through development of innovative, AI-based solutions and practical toolkits to be used by a range of agencies and security stakeholders. All activities carried out within the project that concern personal data processing are for the purpose of scientific research.
The PRECRISIS project partner organisations, as separate and joint data controllers, are committed to protecting your personal data to the highest standards and in full compliance with Regulation (EU) 2016/679 (General Data Protection Regulation), also known as the GDPR, throughout all activities related to the project.
This policy relates to any personal data processed through the project website but also refers to data processing in the project more generally. Further information on these data processing activities will be provided before the processing is carried out.
This policy sets out the following (click on any of the headings below to go directly to that section):
Lawful bases for data processing
All of the activities that involve processing personal data within the PRECRISIS project are for the purpose of scientific research. Each consortium member is a data controller in their own right, and are joint controllers for some purposes, and each organisation is committed to a high level of compliance with Regulation (EU) 2016/679 (GDPR).
We will not process any personal data unless it is necessary for a specific purpose and then only the minimum needed. When we do process personal data, there are three main legal bases that will be used, depending on the purpose of the processing and the nature of organisation:
- Consent (Art. 6(a) GDPR) – for in-person research-related events, contact about research-related activities and news, for example.
- Tasks in the public interest (Art. 6(e) GDPR) – research activities carried out by a project partner subject to legal provisions related to this, for example a university.
- Legitimate interests (Art. 6(f) GDPR)– open-source data, pilot events, and other research-related activities where the legitimate interests of the data controller are not outweighed by those of the data subject.
- Special categories (Art. 9(1) GDPR) The project will only process special categories of personal data where it is absolutely necessary and the highest level of protection will be implemented. Depending on the nature and context of the processing, the appropriate legal basis under Art. 9 will be used.
Wherever possible, separate information about specific research events will be provided to data subjects before any processing takes place.
What data do we collect?
- Personal Data – depending on the nature and context of the activity, personal data can be collected but only the minimum amount necessary for the specific purpose in question. Wherever possible, the processing of personal data will be avoided. The type of information will vary according to the nature of research activity and may include the following:
- E-mail address
- IP address
- Images and video recording
- Descriptions that may identify individuals
- Well-known pseudonyms or online identifiers
- Other information capable of identifying individuals
- Special Categories of Personal Data – these are listed in the GDPR, Article 9. These relate to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or a natural person’s sex life for sexual orientation.
Generally, the processing of these types of personal data is prohibited and the project will only carry out such processing where a separate legal basis exists and it is absolutely necessary for the purpose.
How do we collect your data?
- When you fill out a form on the website (option to delete after query)
- When you e-mail an organisation within the project – in order to respond
- When you engage in research activities
- From open sources, where the information has been made public
- From third parties, where appropriate agreements and legal bases exist
In each case, you will be notified appropriately by those carrying out the data processing.
How will we use your data?
PRECRISIS data processing will be carried out for the purposes of scientific research and related activities. We never sell your personal data or share it for any purpose other than those associated with the research. Where results and activities are reported, every effort is made to fully anonymise and aggregate information so that it is no longer capable of identifying any individual and is not capable of being reversed.
How do we store your data?
We take the security of your personal data very seriously and take appropriate technical and organizational measures to minimise any accidental access, loss or destruction. We take the below measures:
- All project partner organisations have local or cloud-based secure servers with restricted access to project-related personal data.
- Comprehensive central records are maintained, to keep track of all personal data being processed. These records are kept in encrypted form, on servers within the EU that are fully GDPR compliant.
- Use of SSL/ TLS communication protocol.
- Use of secure backup systems.
- Strict adherence to a project data protection policy that aims to achieve the highest levels of compliance.
The project will adhere to data retention policies and personal data will only be stored where a legal basis exists and where it is absolutely necessary. Data retention is regularly reviewed and personal data anonymised where further storage is necessary for scientific research purposes.
Will we share your data?
Only between project partners, the European Commission if necessary, though this is not foreseeable. Wherever possible, data will be anonymised before sharing unless strictly necessary. You also have the right to complain, as set out below.
If sharing personal data is necessary in any research activity you will be notified of this, as appropriate.
Your data protection rights
Your data protection rights are set out in Articles 12 – 23 of the GDPR. These include the right to access, the right to rectification, the right to erasure, the right to restrict processing, and the right to object to processing.
You will be informed in more detail about your rights in relation to individual processing activities, as appropriate.
Privacy Policies of other websites
Where this website contains links to other websites or platforms that are not controlled by us. We cannot be responsible for any data processing from other websites, therefore you are advised to read the privacy policies of those sites.
How to contact us
How to complain
If you wish to complain about any aspect of data processing activities or your associated rights, please contact the PRECRISIS Project Coordinator:
Address: SAHER (Europe) OÜ
Harju maakond, Kuusalu vald,
Pudisoo küla, Männimäe/1,
If you wish to complain to your national Data Protection Supervisory Authority, these are listed via the hyperlink below: