(version1.0 -30th September 2020)
1. The LexMeet project: Your privacy matters
2. Data controller: our contact person for the processing of your personal data
Controller for the data processing on the website www.LexMeet.eu is:
Name: Jožef Stefan Institute
Address: Jamova 39, 1000 Ljubljana, Slovenia
Tel: +386 1 477 39 00
You can contact the data controller at any time if you have any questions about data protection of your personal data in LexMeet project.
3. Personal data we collect and how we use it
General principles and web host:
We will only retain and process your personal data where we have lawful bases. According to EU data protection law lawful bases include consent , contract (where processing is necessary for the performance of a contract with you or prior to entering into a contract (e.g. to deliver the services you have requested)) and legitimate interests. Personal data means any information relating to an identified or identifiable natural person. Our website is hosted by the consortium member of Jožef Stefan Institute. A contract was concluded with it, by which it ensures that it processes the data on our behalf in accordance with the GDPR and guarantees the protection of the rights of the persons concerned. When using this website, personal data will be processed and stored by us for the duration necessary for the fulfilment of the purposes and legal obligations as specified in sections b. – d. hereunder. Our website offers you a variety of services. For each of these services different data is collected, which is listed below in §b. to §d., including the purpose of its collection and the legal basis for its collection. These services are the following:
- Visit of the (public) website
- Registration on the LeMeet Platform (hereunder “Platform”), creation and use of a user profile and use of the platform services.
Data we automatically collect when you visit our website:
When you visit our web pages – be it the public website or the Platform – you consent that the web servers temporarily record each access of your terminal in a log file. The following data is recorded:
- IP- Address of the requesting computer
- Date and time of access
- Transferred data volume
- Name and URL of the retrieved data
- Browser and operating system used
- Notification as to whether the retrieval was successful
- Name of the internet access provider
- Web page from which access is made
This data is needed to enable you to use the website, in particular to establish a connection, and to improve the user experience. Furthermore, it enables us to take appropriate technical and organisational measures for IT system and information security. The legal basis for the above processing is Art. 6 Para. 1 S.1 lit. b GDPR, in that it is necessary for the fulfilment of the user relationship or for pre-contractual measures, as well as Art. 6 Para. 1 S.1 lit. c DSGVO, insofar as we are obliged to guarantee secure data processing in accordance with Art. 32 DSGVO. Subject to any legal storage obligations, we delete or anonymise your IP address after you leave our website. Data we collect when you register for the LexMeet Platform:
- First name
- Last name
- Job title/profession
This data is used to authenticate you when you log into the platform and thereby is required so that you can use the services of the Platform. The collection of this data is therefore based on Art. 6 Para. 1 S.1 lit. b GDPR. This data is stored for the duration for which you have an account with the Platform. After the deletion of your account, your e-mail address and name will be stored for a reasonable period of time in order to fulfil potential legal issues. Data to be provided by you when creating a profile:
- Phone number
- Organisation name
- Organisation type
- Profile type
- Profile picture
This data is required so you can use the collaborative services of the Platform. Because the main purpose of the platform is to favor collaboration, if you do not wish to provide all or part of this information, your access to various other services provided by the platform may also be restricted.
In addition, you can voluntarily provide further information when registering – but also later. This could be, for example, information on interests, experiences or events. While you are having an account with the Platform, you can change or delete your voluntary information at any time.
You consent that upon completion of your registration a profile page will be created for you under your full name, on which any information you may have provided will also be listed and the profile picture you have uploaded will be displayed. You also consent that you may be found under your full name via the search function of the Platform and that your profile page may be viewed by other persons registered into the platform.The initial default setting after completion of your profile data in your profile page, you will be visible by all the users of the platform. However, you can make changes in your settings so that your profile page can be viewed only by users belonging to your personal network. However, your e-mail address and your phone number will never be displayed to others.
If you do not provide the required data when creating a profile, you will not be searchable and your profile page will not be viewed by other users of the platform. The legal basis for the collection and processing of your personal data in connection with the profile page is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. It will be used as long as you are a registered user of the Platform. You can always see, modify or erase your profile data stored by us. Suppressing some of these data may limit your usage of the Platform services while totally suppressing your profile will take you off the Platform and make you an unregistered user.
Your content, comments and activities on the Platform After registering on the Platform, you can take part in activities offered there. For example, you can start or participate in discussions, join groups in which certain topics are discussed or participate in web cafes in which a speaker presents a topic in real time with the possibility that the participating users can also react to this in real time. The other participants of a group or a webcafe will be able to see that you are also participating and which contributions you are publishing / have published.You can upload resources to the Platform and make them available for download by other users under the licence terms you have provided. Other users will then be able to see which resources have been uploaded by you. You consent that your participation and contributions in discussions, groups, web cafes and similar group formats as well as resources uploaded by you may be viewed by other users under your full name.
The legal basis for the collection and processing of your personal data in connection with content and comments is your consent in accordance with Art. 6 Para. 1 S. 1 lit. a GDPR. You cannot delete the content already published by you on the Platform, such as status messages or documents and your comments on profile pages or on the content of other users. You can withdraw your consent for the future however this may limit your usage of the Platform services. The contents already published by you will continue to be stored and displayed for a reasonable period of time on the basis of Art. 6 Para. 1 S. 1 lit. f GDPR in this case unless you can rely on an overriding interest. Our legitimate interest lies in that the deletion of individual posts or contributions could seriously affect group discussions and other communication flows so that deletion could significantly affect the purpose of the Platform.
Data we collect when you use the search function
The search function is used when entering a search query in the Platform search bars. When using the search function, the following data may be recorded, in an encrypted form, to provide you with enhanced search results. Data collected are:
- The keywords extracted from your most recent queries
- The keywords extracted from the URL you selected within a results page in relation to the corresponding query
- The position in the results list of the URL you selected
This data is never shared and only used to provide you personalised services in accordance with Art. 6 Para. 1 S. 1 lit. b GDPR. You are always able to erase the stored search data and to modify the search option to prevent storing search data (in the user setting/preferences page). It will be deleted when the user closes his account. In an anomymised form the information is used to better understand the vocabulary searched and to enhance the user experience.
Cookies Policy: Cookies types used and disabling through your browser settings
The Lex4Meet website uses two different types of cookies: session cookies and persistent cookies.
Most browsers allow you to manage cookies via the settings. You can configure your browser so that only certain cookies or no cookies at all are stored on your computer or that a message appears each time a new cookie is created. However, completely disabling cookies may prevent you from using all the features of our website or worsen your user experience, which is no longer personal to you.
4. Disclosure of personal data to third parties in exceptional cases
We only share your personal data with third parties in the following cases:
- Sharing your personal data is required by law in individual cases by order of a competent authority if and to the extent necessary for the purposes of criminal prosecution, danger prevention or enforcement of intellectual property rights in accordance with Art. 6 Para. 1 sentence 1 lit. c GDPR. This can be in particular finance and prosecution authorities.
- Sharing your personal data is necessary for the establishment, exercise or defence of legal claims and there is no reason to the acceptance that you have a predominant protection-worthy interest in the not passing on of your data according to Art. 6 Para. 1 S. 1 lit. f GDPR. Such disclosure may occur, for example, in the event of attacks on our IT systems to government institutions and prosecution authorities.
5. Your rights: withdrawal of consent, information, rectification, erasure, restriction, transmission, complaint, objection
You have the following rights:
- You can withdraw your consent to us at any time. As a result, we will no longer continue the data processing based on this consent in the future. The consequence of such a withdrawal can be that you cannot use the Platform any longer or tat can only use the LexMeet platform to a limited extent.
- You can request information from us as to whether we process personal data relating to you. If this is the case, you can request further information about your personal data processed by us. In particular, you may request information about the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right of rectification, deletion, limitation of processing or objection, the existence of a right of appeal, the origin of your data if not collected from us, and the existence of automated decision-making including profiling and, where appropriate, meaningful information about its details.
- You can immediately request the rectification of inaccurate or incomplete personal data stored by us.
- You may request the erasure of your personal data stored by us, unless processing is necessary to exercise the right to freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims.
- You can demand the restriction of the processing of your personal data insofar as the accuracy of the data is disputed by you, insofar as the processing is unlawful, but you oppose its erasure, insofar as we no longer need the data, but you need it to establish, exercise or defend legal claims or insofar as you have objected the processing pending the verification whether our legitimate grounds for processing your data override yours not to process your data.
- You may request that the personal information you have provided to us be provided in a structured, commonly used and machine-readable format or that it be transmitted to another data controller.
- You can complain to a regulatory agency. As a rule, you can contact the supervisory authority at your habitual residence or workplace or at our company headquarters.
- You may object to the processing of personal data which you have not consented to and which is carried out in the public interest or in the overriding interest of the data controller or of a third party. If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.
If you wish to exercise any of your rights and/or receive further information, please contact us at: firstname.lastname@example.org.
6. Websites of third parties: consult their privacy policies
7. Social plugins for Twitter, Facebook, LinkedIn – consult their privacy policies
We use so-called Social-Media-Buttons (also Social-Media-Plugins) on our website. These are small buttons by means of which you can publish the contents of our website in social networks under your profile on that network.
If you activate such a button, a connection will be established between our website and the social network. In addition to the relevant content, the operator of the social network also receives other data, some of which is personal. This includes, for example, the fact that you are currently visiting our site.
- Twitter: Data transmission to Twitter International Company
In some cases, information is transmitted to the parent company Twitter Inc. based in the USA. This company complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.
- LinkedIn: Data transmission to LinkedIn Ireland Unlimited Company
- Facebook: Data transmission to Facebook International Company
This company complies with the data protection regulations of the “US Privacy Shield” and is registered with the “US Privacy Shield” program of the US Department of Commerce.
8. Protection of your data: Data security
We use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction or against unauthorized access by third parties. We implement security safeguards designed to protect your data, such as HTTPS. Our security measures are continuously improved in line with technological developments. We regularly monitor our systems for possible vulnerabilities and attacks. However, we cannot guarantee the security of any information sent to us.
This data protection information is currently valid and as of 30 September 2020.
10. How to contact us