PolicyCLOUD is the controller of the Data of the end users of the Platform. PolicyCLOUD can be reached by sending a written communication to info@policycloud.eu, or via the contact forms available on the website policycloud.eu.

The Data of the end users of the Platform processed by PolicyCLOUD are the following:

– Name and surname 

– Title (e.g. Prof., Doc., etc. – optional).

– E-mail address.

– Phone number (optional).

– Gender (optional).

– Summary of your personal/professional profile (optional).

– Username and password.

– IP address.

– Event logs related to the use of the Platform.

PolicyCLOUD uses the Data for the following purposes:

– Creation and management of the end user account and operation of the Platform. The use of the Data is necessary to allow the creation and management of the account of the end user and to allow their use of the Platform. The legal basis of the processing is the provision of the services related to the Platform, according with art. 6, par. 1, let. b) GDPR.

– Ensuring the security and the proper use of the Platform. PolicyCLOUD processes the Data of the end user to the extent necessary to guarantee the security of the Platform, as required also by relevant legal provisions on information security. The legal basis of this processing is both compliance with legal requirements, according with art. 6, par. 1, let. c) GDPR, and the legitimate interest of PolicyCLOUD and the organization using the Platform to protect the Platform and the information included in the same Platform, according with art. 6, par. 1, let. f) GDPR.

– Perform analysis (also based on aggregated statistics) on the use of the Platform. The legal basis of this processing is the legitimate interest of PolicyCLOUD to better understand how and by whom the Platform is used and to continuously improve it, according with art. 6, par. 1, let. f) GDPR.-

-To defend PolicyCLOUD from legal and/or regulatory risks. The legal basis of processing is therefore the establishment, exercise, or defence of legal claims, according with art. 6, par. 1, let. f) GDPR.

Should the end user fail to provide the Data, PolicyCLOUD will not be able to create and/or manage the account of the end user and/or to operate the Platform.

The Data may be communicated to the following recipients:

–  PolicyCLOUD members and third-party providers, when the communication of the Data is necessary for the operation of the Platform.

–  Public entities when the communication of the Data is necessary to fulfil legal requirements.

Regarding the possible transfer of data to countries not belonging to the European Economic Area, the related processing will take place according to one of the methods permitted by relevant laws, such as the consent of the data subject, the adoption of Standard Clauses approved by the European Commission, the selection of subjects adhering to international programs for the free circulation of data or operating in countries considered safe by the European Commission.

The Data will be stored for only the time necessary for the purposes for which it was collected, respecting the principles of limitation of conservation and minimization.

The Data will be kept to comply with regulatory obligations and to pursue the above-mentioned purposes, in compliance with the principles of necessity, minimization and adequacy.

PolicyCLOUD may retain Data to fulfil regulatory and/or contractual and tax obligations or in case of legal claims.

Subsequently, when the reasons for the processing will cease, the Data will be anonymized, deleted, or destroyed.

Each data subject can exercise the following rights by sending a request in writing to PolicyCLOUD at the abovementioned contact details, to the extent permitted by applicable law:

– To access. You can obtain information relating to the processing of your Data and a copy of such Data.

– To erase. You can require the deletion of your Data, to the extent permitted by law.

– To object. You can object to the processing of your Data, on grounds relating to your situation. In cases of opposition to the processing of data, the Company reserves the right to assess the request, which will not be accepted if there are legitimate reasons to proceed with the processing that prevail over your freedoms, interests, and rights.

– To rectify. Where you consider that your Data is inaccurate or incomplete, you can require that such Data be modified accordingly.

– To restrict. You can request the restriction of the processing of your Data.

– To portability. You have the right to receive your Data, in a structured, commonly used and machine-readable format, and you have the right to transmit those data to another controller.

Furthermore, should you believe that the processing of your Data is contrary to the legislation in force, you have the right to lodge a complaint to the competent data protection supervisory authority.