The COBRA project is committed to protecting your privacy and is developing technology that gives you the most powerful and safe online experience. This Statement of Privacy applies to the website of the EU funded COBRA project (Grant Agreement No. 861789) and governs data collection and usage. The website falls under the responsibility of the COBRA Consortium and is concerned with the dissemination and exchange of information about the research conducted in the course of the project and the outcome of this work. By using the website of the COBRA project, you consent to the data practices described in this statement.
The data controller of this website is:
INSTITUTE OF INFORMATION AND COMMUNICATION TECHNOLOGIES (IICT-BAS) established in UL. ACAD G BONCHEV BL 2, Sofia 1113, Bulgaria that is the Communication Leader of the COBRA project responsible for the development and for the running of the project’s website.
PERSONAL DATA THAT THIS WEBSITE COLLECTS
Unless stated otherwise in detail in the relevant sections of the website, Personal Data generated from the use of our website is processed as follows:
(i) Contact via electronic mail (e-mail)
Should you choose to communicate with us using the contact form embedded in our website, we ask you to provide your name, as well your mailing address. The contact form generates an email to email@example.com. Please note that your name and mailing address is the only data we collect required for the specified purpose. Without this information we are unable to answer to your message and address it to you personally.
(ii) Photos and/or videos
For the project’s dissemination purposes, photos and/or videos from meetings, conferences, training and field exercises or workshops might be uploaded.
(iii) Social Media
Our webpages use social plug-ins from other organizations (Facebook, Twitter, LinkedIn, Reddit, Whatsapp, Pinterest, Gmail etc.). These other organizations may receive and use personal data about your visit to our sites or apps. If you browse our website or view content on our apps, information they collect may be connected to your account on their site. For more information on how these organizations use personal data, please read their privacy policies.
(iv) Site visitation tracking
We use Google Analytics (GA) to track user interaction and for statistical reasons. We use this data to determine the number of people using our site, to better understand how they find and use our web pages and to see their journey through the website.
Although GA records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us. Your computer’s IP address is anonymized by GA services and cannot be used to personally identify you. We consider Google to be a third party.
PURPOSES OF THE PROCESSING
Your personal data is processed for the following purposes:
• communication for responding to any requests/questions submitted by the user/visitor,
• dissemination of the BorderUAS project and its results,
• compliance with legal or administrative obligations.
The data processing takes place according to article 6(1)(a) GDPR, your informed consent. You may withdraw your consent at any time without any consequences. The withdrawal has future effect.
We may also process personal data based on art. 6(1)(c), when the processing is necessary for our compliance with a legal obligation.
DATA STORAGE AND DATA SECURITY
If you submit your contact details via the preferred email message, the only personal data that will be stored is your name and email address we receive from you. We will not share your contact details with no one and will be securely stored with access only by authorized personnel. This is currently the only occasion where personal data will be stored by this website.
We utilize suitable technical and organizational measures, which are being continuously enhanced, to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorized processing:
Access to personal data is restricted to a limited number of authorized persons for the stated purposes.
The IT systems used for processing data are technically isolated from other systems to prevent unauthorized access and hacking.
Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.
All your personal data are transferred in an encoded manner using the widely used and secure TLS (Transport Layer Security) encryption standard. You will recognise a secure TLS connection by the additional “s” after “http” (i.e., https://..) in the address bar of your browser or from the lock icon.
Your personal data is retained only for as long as it is necessary to fulfil the purposes described above, and no more than 5 years after the end of the project, unless a longer retention period is required by legal obligations or regulations.
Personal information available on the website such as photos or videos is publicly available meaning that it is accessible worldwide.
Other personal information such as the information on the contact form is accessible only by the data controller. Third parties may be notified when a legal obligation exists.
We will report any unlawful data breach of your data within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
YOUR RIGHTS AS DATA SUBJECT
Under the General Data Protection Regulation [Articles 15-21, 77], you have several important rights free of charge. Those include:
Right of access:
You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.
Right to rectification:
You have the right to study, correct, update or modify your personal data by contacting the data controller (see contact details below).
Right to erasure (Right to be forgotten):
You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.
Right to restriction of processing:
You have the right to request a restriction of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until the accuracy is verified (b) when you oppose the deletion of your personal data and request the restriction of their use instead, c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and (d) when you object to the processing and the decision on your objection to processing is pending.
Right to object to processing:
You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.
Right to data portability:
You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another controller. Your right to do so exists for the data you have provided to us and is processed by automated means based on your consent or for the execution of a relevant contract.
Right to lodge a complaint with a national supervisory authority:
You have the right to contact the supervisory authority of your habitual residence or workplace or our company headquarters. In the latter case, you can file a complaint with the Commission of Personal Data Protection of the Republic of Bulgaria https://www.cpdp.bg/en/.
Right to withdraw your consent:
In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal.
If you would like to exercise any of those rights, please:
contact us using our contact details below
let us have enough information to identify you,
let us have proof of your identity and address, and
let us know the information to which your request relates.
We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request.
The data controller can be contacted at firstname.lastname@example.org and email@example.com.