FRAMEWORK AGREEMENT ON PRIVACY BETWEEN THE PARTNERS OF THE NEWMIRACLE PROJECT
Declaration of commitment to comply with the provisions of EU Regulation 2016/679 regarding the processing of personal data
As part of the project entitled: Women – new leader’s empowerment in sport and physical education industry / NewMiracle, Grant Agreement No.: 622391-EPP-1-2020-1-LT-SPO-SCP, the following data will be processed:
these processing activities will comply with the provisions of the European Regulation 679/2016 and the current legislation on personal data protection.
The Data Controller of such data is LNOC, National Olympic Committee of Lithuania, project leader, with headquarters in Olimpieciu street 15, Vilnius (Lithuania).
- has created a specific NewMiracle project database for the collection and management of personal data;
- ensures that the data will be processed in compliance with the provisions in force for the entire period of validity of the stipulated agreement, by electronic and paper support and will be kept and controlled by adopting suitable preventive security measures, aimed at minimizing loss and destruction risks, unauthorized access, unauthorized processing and deviation from the purposes for which the processing is carried out;
- has appointed a DPO (Data Protection Officer) to be contacted at the following email address Nausede@squalio.com
- manages the personal data acquired as the data controller and takes care of any data deletion procedures at the request of those directly involved, via communication to the e-mail address Nausede@squalio.com
- authorises the circulation of data amongst partners, that can use them only within NewMiracle project, for dissemination of professional communications, newsletters, events or promotions organised directly by any of the NewMiracle project’s partners or by carefully selected third parties.
All project partners:
- As data processors in their geographical area, will be responsible for the management of personal data they manage, either in another European country within the framework of the NewMiracle project and in their country, in accordance with their own legislation and, in any case, applying the European data protection regulation.
- mutually acknowledge that the provision of services, referred to in the partnership agreement, involves the processing of personal data, common and/or particular, with the sole purposes of the agreement, and therefore undertake to formally sign the appointment deed as Data Processors referred to in Annex I.A to this declaration;
- undertake to communicate the data collected to LNOC in a timely manner and on a continuous basis, so that they are included in the LNOC project’s database, by LNOC, managed and protected as the Data Controller;
- authorize the circulation of data among the partners, who can use them exclusively within the NewMiracle.
- project, for dissemination of professional communications, newsletters, events or promotions related to dance practice in Europe, organized directly by NewMiracle project’s partners or by carefully selected third parties.
The data will be shared between the partners and may be communicated, as far as their respective and specific competence is concerned, to Entities and in general to every public or private subject with respect to which there is an obligation (or faculty recognised by law or secondary legislation or community) or communication needs, as well as to consultants, within the limits necessary to carry out their duties, subject to a letter of appointment imposing the duty of confidentiality and security.
The NewMiracle project’s database will be cancelled by LNOC after 5 years from the end of the project, and beyond that date the data cannot be used in any way for further purposes, unless prior authorization of the interested party, by any of the partners.
By signing this, all the participating subjects undertake to comply with the provisions of current legislation on the protection of personal data, as well as to protect all personal data of which they become aware, with adequate protection measures.
ANNEX I .A
Deed of appointment as Data Processor
According to the art . 28 of the EU Regulation 2016/679 (GDPR)
LNOC, in the name of the legal representative Vaida Macianskiene, can propose a natural person, a legal person, a public administration and any other body, association or body as Data Processor, who is appointed between subjects who, due to experience, ability and reliability, provide a suitable guarantee of full compliance with the current provisions on the processing of personal data, including the security profile; the Data Processor must also present sufficient guarantees to implement adequate technical and organisational measures so that the processing meets the requirements of the legislation required by the pro tempore provisions in force on the subject, and guarantees the protection of the rights of the data subject;
- the Data Processor must proceed with the treatment according to the instructions given by the Data Controller in writing with this contract and with any subsequent agreements;
- it is the Data Controller’s intention to allow access both to the Data Processor and to the persons authorized for processing, for personal data only, the knowledge of which is necessary to fulfil the tasks assigned to them.
With reference to the activities developed within the project entitled
Women – new leader’s empowerment in sport and physical education industry / NewMiracle,
Grant Agreement No.: 622391-EPP-1-2020-1-LT-SPO-SCP
you are authorized to process personal data within the scope of the project that LNOC is Data Controller of
- The Data Controller responsible for the decisions regarding the purposes and methods of processing personal data designates the partners as Data Processors, with specific limitation to the processing carried out in relation to the assigned service, pursuant to art. 28 of the General Data Protection Regulation 679/16 (GDPR).
- The purposes of the processing are directly connected and instrumental to the management of the activities of the NewMiracle project.
- The duration of the treatment coincides, unless otherwise specified, with the duration of the project and for the following 5 years from the end of the project.
- The personal data involved in the processing are those that compose and will compose the NewMiracle project database of which LNOC is the owner.
- The Data Controller entrusts the Data Processor with all the personal data processing operations necessary to fully implement the project. In the event of damage deriving from the processing, the Data Processor will be responsible if he/she has not fulfilled the obligations of the legislation currently in force concerning the processing of personal data or has acted in a different way or against the legitimate instructions of the Data Controller. The Data Controller undertakes to officially notify the Data Processor of any changes that may be necessary in data processing operations. In any case, the Data Processor will not be able to perform any data processing operations other than those mentioned above. If the need arises for processing of different and exceptional personal data with respect to that normally performed, the Data Processor must inform the Data Controller in advance.
- The Data Processor, within his/her own company structure, will identify the authorised natural persons for the treatment. Concurrently with the designation, the Data Processor is responsible for providing adequate instructions to the persons authorised to process the data concerning the processing methods, in compliance with the provisions of the law and of this contract. It will be the responsibility of the Data Processor to bind the authorised persons to the treatment of confidentiality or to an adequate legal obligation of confidentiality, also for the period following the termination of the collaboration with the Data Processor, in relation to the processing operations performed by them.
- The Data Processor may use another Data Processor (“Sub-Data Processor”) to manage specific processing activities. In this case, he/she informs the Data Controller in advance and in writing of any change he/she has identified regarding the addition or replacement of other Data Processors. This information must clearly indicate the delegated processing activities, the identity, and the addresses of the additional Data Processor. It is the responsibility of the Initial Data Processor to ensure that the data processing sub-manager presents the same sufficient guarantees to implement appropriate technical and organisational measures so that the processing meets the requirements of the GDPR. If the Sub-Data Processor does not fulfil his/her obligations regarding data protection, the Initial Data Processor is entirely responsible before the Data Controller for the processing of his/her obligations by the Sub-Manager.
- The Data Processor, within the scope of his/her competence, is bound by law and by the signed agreement, for him/herself and for the persons authorised to process that collaborate with his/her organisation, to implement the security measures provided for by the current legislation in this regard, assisting the Data Controller in ensuring compliance with the same. The Data Processor will apply these measures in order to guarantee: – where appropriate, pseudonymisation and encryption of personal data; – the ability to ensure the confidentiality, integrity, availability and resilience of processing systems and services on a permanent basis; – the ability to promptly restore the availability and access of personal data in the event of a physical or technical accident.
- The Data Processor, upon request of the Data Controller, assists the latter in the procedures before the competent Privacy Guarantor and the Judicial Authority in relation to the activities falling within his competence.
- The Data Processor, within the terms and according to the modalities provided for by current legislation, undertakes to inform the Data Controller after becoming aware of violations of personal data and to provide the widest possible collaboration to the Data Controller himself/herself and to the competent Privacy Guarantor involved in the purpose to satisfy every applicable obligation imposed by the applicable temporary legislation (e.g. notification of the violation of personal data to the Privacy Guarantor; possible communication of a violation of personal data to the interested parties).
- The Data Processor also assists the Data Controller in ensuring compliance with the obligations relating to any impact assessment on data protection and to any prior consultation with the Privacy Guarantor.
- In the event that the Data Processor receives requests from the parties concerned for the exercise of the rights recognized by the applicable legislation on the protection of personal data, he/she must:- promptly notify the Data Controller in writing by attaching a copy of the request;- taking into account the nature of the processing, assist the Data Controller with adequate technical and organizational measures in order to satisfy the Data Controller’s obligation to respond to requests for the exercise of data subjects’ rights.
- In particular, where applicable and in consideration of the processing activities assigned to him/her, the Data Processor must: – allow the Data Controller to provide interested parties with their personal data in a structured format, commonly used and readable by an automatic device, and to transmit the data to another Data Controller; – allow the Data Controller to guarantee all or part of the rights to oppose and limit the processing.
- The Data Controller remains responsible for processing the information implemented through application procedures developed according to his/her specifications and/or through his own IT or telecommunications tools.
- The Data Processor makes available to the Data Controller all the information necessary to demonstrate compliance with the obligations to which he/she is subject, allowing and contributing to the auditing activities carried out by the Data Controller or by another person appointed by him/her. For this purpose, the Data Processor acknowledges to the Data Controller, and to those authorized by the same, the right to obtain information about the performance of the processing operations or of the place where the data or documentation relating to this agreement are kept. In any case, the Data Controller undertakes for him/herself and for the third parties appointed by the latter, that the information provided to the Data Controller for verification purposes is used only for these purposes.
- The Data Processor and Data Controller agree in using the following templates (I.B / I.D) for informing data providers about the GDPR policy agreed upon.
We inform you that access to our websites and/or any requests for information or services require the provision of personal data that will be processed in full compliance with European Regulation 2016/679 (GDPR).
Therefore, below, you are given all the information, complete and detailed, regarding the methods and the purposes of the processing of your personal data.
The Data Controller is LNOC National Olympic Committee of Lithuania, with headquarters in Olimpieciu str. 15, Vilnius, Lithuania, which can be contacted at the following email address: Agne.Nausede@squalio.com
The Organisation has appointed a DPO (Data Protection Officer) which can be contacted at the following email address Agne.Nausede@squalio.com
CATEGORIES OF DATA PROCESSED, PURPOSE OF TREATMENTS AND LEGAL BASIS
LNOC such as Data Controller will be processing the following data
Through the website, different categories of personal data are collected and processed for different purposes and in different ways. Personal data is information about a defined or definable natural person.
Through the website you have the opportunity to subscribe to our newsletter that will keep you informed about new initiatives and events. Sending the newsletter is based on your explicit consent pursuant to art. 6, paragraph 1, lett. a) in conjunction with art. 7 of the GDPR.
On the occasion of events organized as part of the LNOC project, audio-visual material can be produced, which can be disseminated on the project’s social media, sites and channels to document the activities performed.
The data processed, relate to the images and videos of the subjects materially involved in the filming and photographs taken, is based on your explicit consent pursuant to art. 6, paragraph 1, lett. a) in conjunction with art. 7 of the GDPR.
When this material is considered obsolete, it will be removed from the project’s sites. It is understood that the images once published may be saved and then processed by third parties in a completely independent manner, without any consequent responsibility of LNOC.
The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.
This information is not collected to be associated with identified interested parties, but by their very nature could, through processing and association with data held by third parties, allow users to be identified.
This category of data includes the IP addresses or domain names of the computers used by users connecting to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numeric code indicating the status of the response given by the server (success, error, etc.) and other parameters relating to the operating system and the user’s IT environment.
This data is used only to obtain anonymous statistical information on the use of the site and to check its correct functioning and is deleted immediately after processing.
We also collect such data to be able to recognize system errors and cyber-attacks and to be able to implement protective measures to prevent abuse. Conservation takes place according to the principle of necessity.
The legal basis for the processing is art. 6, paragraph 1, lett. f) of the GDPR (the processing is necessary for the pursuit of the legitimate interest of the data controller).
NATURE OF THE PROVISION OF DATA
With the exception of navigation data, data communication is free and optional; however, failure to provide such data may make it impossible to obtain a response to what has been requested.
DATA PROCESSING METHODS
The data processing is performed through paper and computer media.
No automated decision-making process is performed on the site.
CATEGORIES OF RECIPIENTS OF PERSONAL DATA
Personal data will be processed by authorized employees of LNOC as data controller and leader of the NewMiracle project. These data will be shared with the NewMiracle project partners, as Data Processors, and with selected organizations that collaborate with the NewMiracle project.
Such data may be communicated, as far as their respective and specific competence is concerned, to Entities and in general to any public or private subject with respect to which there is an obligation for us (or faculty recognized by law or secondary or community legislation) or need for communication, as well as to our consultants, to the extent necessary to carry out their duties in our organization, subject to a letter of appointment that imposes the duty of confidentiality and security.
The Data Controller may transfer personal data to third countries or international organizations. In this case, in accordance with the legal requirements, personal data is transferred only if the European Commission has taken an adequacy decision against the third country, and if adequate guarantees have been agreed. LNOC also reserves the right to use cloud services, in which case the service providers will be selected from among those who provide adequate guarantees, as required by art. 46 GDPR 679/16.
RIGHTS OF INTERESTED PARTIES
Pursuant to EU Regulation 2016/679, the interested party enjoys the rights referred to in section 2, 3 and 4 of Chapter III of Regulation (EU) 2016/679. In particular, you have the right to ask the Data Controller: access to personal data and the correction, deletion of the same, limitation of the processing that concerns them, opposition to their processing and data portability. In addition, you have the right to lodge a complaint with a supervisory authority if you consider that your data treatment violates EU Regulation 2016/679.
You may ask for additional information, and revoke the consent you have given us at any time; likewise, you may exercise your rights of access, rectification, cancellation and opposition free of charge by sending your request accompanied by the copy or data of your Personal Number to the email Agne.Nausede@squalio.com
You may revoke the consent you have given us at any time; likewise, you may exercise your rights of access, rectification, cancellation and opposition free of charge by sending your request accompanied by the copy or data of your Personal Number to the email Agne.Nausede@squalio.com
EXPRESS DECLARATION OF CONSENT
I, [NAME AND SURNAME OF THE PERSON], hereby declare to agree to:
– LNOC sending newsletters for the promotion of events organized directly by LNOC or its project partners:
– LNOC and/or its project partnership using my image and voice (photos and videos) for promoting the NewMiracle project on the official website, magazine and official social channels
PLACE, DATE SIGNATURE
In compliance with EU General Data Protection Regulation (GDPR) that came into effect on 25 May 2018, we hereby inform you that the personal data you provide to NewMiracle project is included in a file managed by LNOC, Olimpieciu str. 15, Vilnius, as Data Controller, on behalf of the –EU funded project – NewMiracle project’s partners, and used exclusively for dissemination of professional communications, newsletters, events or promotions organised directly by any of the NewMiracle project’s partners or by carefully selected third parties.
You may revoke the consent you have given us at any time; Likewise, you may exercise your rights of access, rectification, cancellation and opposition free of charge by sending your request accompanied by the copy or data of your Personal Number to the email Agne.Nausede@squalio.com
The Data Controller
The legal representative
The Data Processor
Name of the partner:
The legal representative