Privacy Policy

    1. Overview

    In line with the EU General Data Protection Regulation (Regulation (EU) 2018/1725, hereinafter “GDPR”), your privacy is important to us, and we attach great importance to ensuring the security and confidentiality of your personal data. That is why we offer this privacy policy to serve as a user-friendly overview of what personal data we process, how we process it, and for what purposes. We process your data when you 1) visit our website, 2) contact us via the contact form, or 3) register for our newsletter, 4) interact with us on LinkedIn.

    In that respect, “personal data” is understood as any information through which you could be directly or indirectly identified, pursuant Article 4(1) of the GDPR. The term “processing” means the transformation of raw data into meaningful and usable information by collecting, recording, storing, organising, and using data. This process could also include further actions, which are specified under Article 4(2) of the GDPR.

    1. Who processes your data?

    In the context of this privacy policy and for the purposes of the operation of this website, contact form and newsletter, the controller of your data is as follows:


    Megalou Konstantinou 41,

    71307 Heraklion, Crete. 

    To contact us regarding our privacy policy and to exercise one of your data protection rights (See section 8 below), please write us at the above-mentioned address or reach us out online via our email: 

    However, please note that third parties can process your data on certain occasions, for example, when you click on a link that is available on our website but directs you to an external website. For this, we highly advise that you check the privacy policies of these third parties.

    1. To whom does this privacy policy apply?

    This privacy policy applies to visitors of this website and those who subscribe to our newsletter, contact us for information via our contact form or to exercise one of their data protection rights (see section 8 below).

    1. What personal data do we process?

    Below, we explain what personal data we process based on your interaction with us.

    • Website: The data we process when your visit our website is mostly technical data, which is generated during your visit to our website, such as the browser, operating system, and internet service provider you used to access our website, your IP address, the date and time of your first, current, and last visit to our website, and the pages of our website you surfed.
    • Contact Form: The data we process when you contact us via the contact form is your contact details (name and email), your message, the relevant communication thread, and the data and time of your communication.
    • Newsletter: The data we process when you subscribe to our newsletter is your name, email address, [Affiliation! or Sector: (Health, Legal, Public Policy, etc.) or (Academia, Research, Policy, Government, Practice, etc.)!], and the date and time of your subscription. Please note that XX manages our newsletter with which we have signed a Data Processing Agreement (DPA) to ensure that it adopts adequate privacy measures that would provide adequate protection to your personal data.
    • LinkedIn: The data we may process is: your name and surname or affiliation in case you contact us via LinkedIn, information about your interactions with the content we post. Further information about LinkedIn and data processing can be found in section 11.


    1. Why do we process your personal data?

    We use your personal data for different purposes as elaborated below:

    • Regarding the data we process when you visit our website, the main purpose is to maintain the proper functioning of our website, improve its performance, enhance your navigation experience, and understand how you use our website. Another purpose of processing your data when you visit our website is to build a statistical analysis of the visits to our website, which is an option you can opt out of when you enter our website by managing cookies settings (see section 8 below).

    With regards to strictly necessary cookies, we rely here on our legitimate interest to maintain our online presence safe and in line with visitors’ expectations (Article 6(1)(f) of the GDPR). For any other type of cookies we rely on your consent (Article 6(1)(a) of the GDPR).

    • Regarding the data we process via the contact form available on our website, it is solely used for the ease of communication between you and us, representing TRUSTEE project, by actively answering your queries, replying to your comments, and handling your requests to exercise one of your data protection rights (see section 8 below).

    We rely here on our legitimate interest to be able to reply to questions, comments or requests which may arise from your side (Article 6(1)(f) of the GDPR).

    • Regarding the data we process through your subscription to our newsletter, we only use it to send you the subscription confirmation and our newsletter. We could also process your personal data that result from your interaction with our newsletter, such as whether you opened the newsletter or clicked on a link in the newsletter and to improve future newsletters, for the purpose of improving our future newsletters.

    We rely here on your consent to process your data expressed in the form of your proactive subscription to our newsletter (Article 6(1)(a) of the GDPR). You can always unsubscribe from our newsletter and in this case, your email address will be removed from our mailing list, and you will no longer receive our newsletter.

    • Regarding the data we process when you interact with our LinkedIn profile or message us on LinkedIn: we only use it to reply to your message and to observe and assess the engagement rate of our profile with LinkedIn users. We rely here on our legitimate interest questions, comments or requests which may arise from your side as well as to maintain and improve our presence on this social media platform (Article 6(1)(f) of the GDPR).


    1. How do we store your data?

    We securely store your data under strict organisational measures and technical measures, such as antivirus programmes, firewalls, data encryption tools, and security certificates that encrypt your connection to our website. These measures support us in protecting our infrastructure and are regularly reviewed and updated in accordance with technological advances. We are also following the data minimization and storage limitation approach by processing and storing only the data necessary to fulfil the purposes mentioned above (see section 5).

    We will keep your data solely for 1) the duration necessary to fulfill the above-mentionedprocessing purposes, 2) the retention period legally required, when applicable, or 3) until you revoke your consent. Once we no longer need your personal data for the previously mentioned purposes, we will delete them unless there is a legal obligation to continue to retain them.

    • Regarding the personal data we process and store when you visit our website, we retain will them for [XX] after which they will be deleted.
    • Regarding the personal data we process and store when you contact us via the contact form, we will retain them for as long as there is an open communication with you and to keep a record of our communications, but not more than [XXX] and we delete the data afterwards..
    • Regarding the personal data we process and store when you subscribe to our newsletter, we will delete them when you unsubscribe from our newsletter without undue delay.
    • Regarding the data we process when you interact with our LinkedIn profile or message us on LinkedIn, we do not store your data that would allow for your identification outside if LinkedIn. The access to the data which are present in the messages we exchanged with you via LinkedIn will be available there as long as TRUSTEE profile exists.


    1. With whom do we share your personal data?

    In principle, only members of the TRUSTEE and the suppliers who help us process your personal data can have access to your data for the purposes explained above on a “need-to-know” basis. For legal purposes, we could share your data with competent public and judicial authorities, as specified by the law.

    Under certain circumstances, we could share your data with third parties either to fulfil a legal obligation or to meet the functioning of our website. Sharing your data with third parties will always be in line with the safeguards specified under the law.

    Transferring your personal data to parties outside the European Economic Area (EEA) could only take place if the country outside the EEA, where the party resides, has an adequate level of data protection set in place as provided by the GDPR. In the absence of an adequacy decision as requested by Article 45 of the GDPR, we will ensure that all appropriate safeguards through organisational and technical measures are in place.  

    1. What are your data protection rights?

    According to the GDPR, you are entitled to the following set of rights in the context of personal data processing:

    • The right to information: this right allows you to obtain information about whether we hold personal information about you, and, if so, what that information is and why we are holding it.
    • The right to withdraw consent: This right allows you to revoke your consent, which you have given us to process your personal data. Please consider that the withdrawal of your consent should not affect the lawfulness of processing based on your consent before its withdrawal.
    • The right to access: This right allows you to request a copy of your personal data which we retain and process and to check that we lawfully process it.
    • The right to rectification: This right allows you to request the correction of inaccurate personal data we hold on you or complete them if they are incomplete.
    • The right to erasure: This right allows you to request that we delete your personal data, under specific grounds.
    • The right to restrict processing: This right allows you to request that we limit the processing of your personal data, under specific grounds.
    • The right to object: This right allows you to protest the processing of your personal data by us, under specific grounds.
    • The right to data portability: This right allows you to request the transfer of your personal data which we retain to you or another organisation, under specific grounds.
    • The right not to be subject to automated decision-making including profiling: This right shall not apply if the automated decision-making, and profiling is based on your explicit consent.
    • The right to lodge a complaint regarding data protection issues with a data protection authority: In case you are not satisfied with our response to the exercise of your rights, you may turn to your national data protection authority:


    Should you wish to exercise one or several of your rights, please submit a written request, stating the right(s) you are willing to exercise, to [email address specific to personal data matters].

    1. Cookies

    Cookies are small text files that are stored on your browser when you visit our website to help you navigate our website by gathering standard internet log information. Cookies for example help us verify your login credentials, understand how you use our website, and store information about your browsing activities on our website, which allows you to resume your browsing session from where you last left off.

    We also use third-party cookies that help us analyse and understand how you use this website. These cookies will be stored in your browser only with your consent and you always have the option to opt-out of these cookies.

    We only keep the essential cookies enabled to ensure the proper function of our website. All other cookies are optional and disabled by default. However, opting out of some of these cookies could impact your use of the full functionality of our website.

    Explained below are the different types of cookies our website uses:

    • Strictly necessary cookies: These are essential for the performance of our website by providing basic functionality and security features of the website.
    • Functional cookies: These are used to implement additional functionalities and enhance our website performance. For instance, they help us recognise you on our website and remember your previously selected preference (e.g. language preference). These cookies also allow us to share our website content on social media platforms and collect feedback. They combine first-party and third-party cookies.
    • Performance cookies: These help us improve the performance of our website and deliver a better user experience. They provide us with quantitative measures of our website (e.g. number of visitors, bounce rate, traffic source) and how you interact with our website.
    • Advertising cookies: These are used to provide you with customised advertisements and marketing campaigns by analysing your browsing routine and interests. These cookies track visitors across websites and collect information about their online habits to offer them personalised content.


    1. Analytics

    We use Google Analytics, a web analytics service, to track and report visitors traffic. Google Analytics collects data such as the number of website visitors, number of unique visitors. Google Analytics also collects technical data, such as the browsing software, operating system, IP address, Referrer URL “The previously visited page”, to monitor and optimise the use of our website.  

    Google Analytics further utilise the collected data to compile reports on the website activities, provide further services associated with the use of the website, and conduct market research. This data could be shared with other Google services and used to personalise the ads of Google’s advertising scheme.

    You can refuse this option by opting out of the relevant cookies, as explained above. You can also install a browser add-on called “Google Analytics Opt-out Browser Add-on” to prevent sharing information with Google Analytics about your activities on our website.

    Please visit Google’s privacy page for further details:

    Please consider that we are not responsible for processing activities conducted by Google as a standalone controller, when it processes your data for its own purposes.

    1. LinkedIn

    We use our LinkedIn account to publish updates and news about our project to keep our followers up to date with any developments around our project.

    We normally do not carry out any data processing via our LinkedIn account except when you send a message to our account or interact with any content we publish on our account. This processing is limited to the extent that we reply to your message, repost your content, and publish content that mentions you.

    On certain occasions, we could also process other types of data that are generated by LinkedIn for analytical purposes, such as the number and types of engagements with our content as well the demographics (e.g. company size, job title, city and country, and industry) of those who interact with our content. This process is performed by LinkedIn, and we cannot disable this tool for our account.

    In these cases, your data will be processed in line with our privacy policy.

    Please note that you use LinkedIn – a US social network for professionals based in Silicon Valley, Sunnyvale, California, US – on your own responsibility. We are not responsible for the collection or processing of your personal data by LinkedIn for its purposes, since we neither exercise any influence or control over the data processed by LinkedIn as well as data processing activities conducted by LinkedIn when you use it. We, therefore, advise you to check LinkedIn’s privacy policy to understand 1) the data it collects, uses, and shares, 2) your rights and how to exercise them, and 3) how to limit the processing of your data.

    Please also be mindful that if you use LinkedIn from European Economic Area (EEA), or Switzerland, LinkedIn Ireland is the controller of your personal data provided in connection to using LinkedIn services. In case you use LinkedIn from a different location, LinkedIn Corporation becomes then the controller of your personal data, which you provided in connection to using LinkedIn services.

    1. Changes to our privacy policy

    We consistently review our privacy policy and make updates as necessary. We will publish any changes on this webpage to ensure that you remain informed and up to date. This privacy policy was last updated on [13.11.2023].