This Privacy Policy describes how and when Privacy Flag (PF) -a project funded by the European Commission under the Horizon2020 program- collects, uses, and shares your information when you use the tools developed therein, including the PF’s mobile application, the browser add-on and the www.privacyflag.eu website (the “Services”). The services are provided by the Privacy Flag Consortium, coordinated by the Hellenic Telecommunications Organization S.A. (O.T.E.) located at 99, Kifissias, Avenue, 15124 Maroussi-Athens, Greece which is the legal representative of the PF Consortium and the data controller for the project related activities (the “data controller”). PF receives your information through our mobile applications, websites, email notifications, and other interactions with our Services. When using any of our Services you consent to the collection, transfer, storage, organization, interrogation, elaboration, modification, selection, retrieval, comparison, utilization, interconnection, blocking, communication, dissemination, erasure and other use of your information as described in this Privacy Policy, so please read it carefully.

Information Collection And Use

Information You Provide. You may provide personally identifiable information (“personal data”) about yourself when you use our Services, by providing your name and other identifying information.

When you share information or content via the Services, you should think carefully about what you are making public.

Personal data provided by you are pseudonymized; this means that a code is attributed to each user when using the Services for the project’s purposes, and that the re-identification of users takes place only if strictly necessary to prevent frauds, misuse of the Services, damages to PF and any third parties, any other breach of relevant law and to defend a legal claim.
Information Collected Automatically. We collect data automatically when you use the Services. This may include your IP address, software configurations, mobile device identification numbers, the address of the sites you visited before the Services, and other similar data.

Information Use. We process personal data for the sole purposes of the project, namely:

  1. to enable the users to carry out the “Privacy Risk Area Assessment” on websites, apps and other digital targets by means of the dedicated PF’s tool;
  2. to enable the users to report the results of the activity under a) to PF;
  3. to carry out background checks through the PF’s monitoring agent (MA) embedded in the smart phone application and the web browser add-on. The agent will monitor the local activity in order to identify suspicious activities related to personal data protection. It will use different parameters, including configuration settings monitoring, data traffic, network activity, etc. The Privacy monitoring agent will enable to inform the user about any identified threat as well as to feed the central knowledge database on suspicious applications and websites to be analyzed;
  4. to feed the Global Privacy Risk Knowledge Database developed by PF with data collected and filtered from the users participating to the project.

Cookies and other similar technologies

We may use “cookie” technology and/or other similar technologies in order to gain access to information stored in the terminal equipment of the user.

Cookies may be stored on your device and be transmitted again to you when you use the Services a second time. By means of cookies, the websites record user actions and preferences (such as, for example, the language chosen, the character dimensions, other settings concerning the layout of the Site, etc.) so as to avoid that the user has to enter them when returning to the Services at a later date or when the user surfs a different page in the context of the Services. Cookies are therefore used to log in users, monitor browsing sessions, store information relating to the users who access the Services and may contain a unique identification code that makes it possible to track the user’s navigation within the Services for statistical and technical purposes. Users may download cookies on their devices owned by sites and web servers different from the Site that they are actually visiting (“third-party cookies”). Some cookies are necessary for the technical functioning of the Services; if you do not accept the latter cookies, some functionalities and features of the Site may not be accessible.

Different types of cookies exist, depending on their features and functions, and they might be stored on the users’ devices for different timeframes: session cookies are cancelled at the end of each browsing session; persistent cookies may last up to a certain date that has been pre-set by their owner.

On the basis of the law applicable to cookies in the European Union, user consent to the latter is not always mandatory. The user’s consent is not necessary for “technical cookies”, such as cookies used exclusively with a view of carrying out the transmission of a communication on an electronic communications network, or insofar as this is strictly necessary to the provider of an information society service that has been explicitly requested by the contracting party or user to provide the said service. The latter cookies are indispensable for the proper functioning of the Site and to execute activities specifically requested by the users.

Amongst the technical cookies that do not require an explicit prior consent by the users to be deployed, see the following:

  • cookie analytics” insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website,
  • browsing” or “session cookies” (to log-in to the website),
  • functional cookies”, which allow users to navigate as a function of certain pre-determined criteria such as language.

For Profiling cookies, namely those aimed at creating user profiles and used to send advertising messages in line with the preferences shown by the user during navigation, the user’s prior consent is necessary.

– Types of cookies used by the Services and the possibility to de-activate them

The Site deploys the following cookies, while always offering the possibility to de-activate them, except for third-party cookies, that can be de-activated by the users directly on the owners’ websites using the links provided below:

  • Technical browsing or session cookies, strictly necessary for the Services’ functioning and to provide the users with a service that has been explicitly requested by them;
  • Technical analytics cookies, used by the Services’ manager to collect aggregate information on the number of visitors and the pattern of visits to the Services. Personal information is not collected by this type of cookie. Information is processed in an aggregated and anonymous fashion. The data controller may use such aggregate information to analyze trends, administer the Services, track user movements, and gather broad demographic information for aggregate use.
  • Technical functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language.

Please be aware that if you disable technical/functional cookies the Services might not work properly and some services or some of the PF functionalities may not be available or work properly; you could be required to modify or manually fill in some information or preferences each time you use the Services.

  • Third Party Cookies, namely cookies owned by sites and web servers different from the websites that you are actually visiting, including profiling cookies. The latter third parties are listed below with the links to their respective privacy policies; they are autonomous data controllers of the data collected through the cookies they serve; you shall refer to their privacy policies and consent forms (activation and de-activation of their respective cookies), hereby listed below:

Facebook Connect. To opt-out from this cookie, please refer to Facebook’s policy

Twitter. To opt-out from this cookie, please refer to Twitter’s policy

The details of all the cookies used by the Services is available at the Cookie Policy

However please note that PF does not deploy profiling cookies in the users’ devices.

– How to display and modify cookie settings via your browser

The users may select the cookies they want to enable, disable, or cancel cookies (wholly or partially) by referring to the page or by means of the tools offered by the browser used: however, please note that if you disable technical/functional cookies the Services might not work properly or smoothly, and you could be required to modify or manually fill in some information or preferences each time you use the Services.
To know more about how to set your cookie preferences via your browser, read the guidance provided at the following links (PF does not control these third party browser sites or their instructions on enabling and disabling cookies; these pages may be updated, modified or removed by the third party browser companies at their own discretion):

To object to the cookies, or to any other processing which entails the storage or the access to content already stored in the user’s device, send an email to privacy@privacyflag.eu.

Sharing of Information

We may share your information with the following entities:

Affiliates and Partners. We may share your information with any partner to the PF Consortium, as well as with its affiliates-companies that control, are controlled by, or are under common control with any of the PF Consortium’s Members. These entities may receive your information only to the extent necessary for the proper execution of the research activities, or for the administration of the PF project. Users’ personal data will neither be communicated nor anyhow processed for marketing related purposes.

Parties When Required by Law or as Necessary to Protect Our Services. There may be instances when we disclose your information to other parties in order to:

• protect the legal rights of the PF Consortium, its partners and the latter’s affiliates, and of the users of the Services;

• protect the safety and security of users of the Services;

• prevent fraud (or for risk management purposes); or

• comply with or respond to the law or legal process or a request for cooperation by a government entity, whether or not legally required;

• administer the project and share the results thereof with the European Commission or any other public authority to which the Consortium, or any of its Partners, has to report.

Other Parties in Aggregated Form. We may also share your information with third parties in aggregated or non-personally identifiable form.

Security. We use physical, technical, and administrative measures to safeguard information in our possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.

Our Policy Towards Children

Our Services are not directed to persons under 16 years of age. If you become aware that someone under 16 years of age has provided us with personal data, please contact us at privacy@privacyflag.eu. We do not knowingly collect personal information from children under the age of 16. If we become aware that a child under 16 years of age has provided us with personal information, we will take steps to remove such information.

 

Data processors

The Consortium has engaged DunavNET as a provider of technology, and formally bound it by means of a data processing agreement, as per article 27 of Directive 95/46/EC. The full list of data processors is available by simple request to the data controller by sending an email to privacy@privacyflag.eu.

Changes To This Policy

We may revise this Privacy Policy from time to time. The most current version of the policy will govern our use of your information and will be located at www.privacyflag.eu. We may make changes to this policy at our sole discretion. By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

 

Exercise of users’ data protection rights

You may contact us, via email at privacy@privacyflag.eu, in order to assert your rights namely: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the cancellation, transformation into anonymous form or the blocking of data processed in violation of the law; the updating, rectification or integration of data; certification that the operations have been brought to the attention of those to whom the data were communicated or disseminated. You may also object at any time to the possible profiling of your personal data.

Questions. If you have any questions about this policy or your privacy on the Services, please contact us at privacy@privacyflag.eu.