Privacy Policy

The processing of personal data, such as the name, address, e-mail address, or telephone number of a data subject shall always be in line with the General Data Protection Regulation (GDPR), and in accordance with the country-specific data protection regulations applicable to the Stemy. By means of this data protection declaration, our enterprise would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, Stemy has implemented numerous technical and organizational measures to ensure the most complete protection of personal data processed through this website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means, e.g. by telephone.

Definitions

The data protection declaration of STEMY is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:Personal data: Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Data subject: Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.
Processing: Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Restriction of processing: Restriction of processing is the marking of stored personal data with the aim of limiting their processing in the future.
Profiling: Profiling means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
Pseudonymisation: Pseudonymisation is the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Controller or controller responsible for the processing: Controller or controller responsible for the processing is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
Processor: Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Recipient: Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Third party: Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
Consent: Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Data sharing

In principle, your data will only be used within the ReDREAM consortium. Any data sharing will occur under strict confidentiality duties.Furthermore, governmental or judicial authorities may require us to share certain data. Finally, we may share your data with our service providers, as needed. Whenever a data transfer outside of the EU takes place, we will adopt the necessary safeguards to ensure an adequate protection of your personal data (such as, for instance, by adopting the standard contractual clauses proposed by the European Commission).

Data retention

Your personal data are only processed for as long as needed to achieve the purposes which are described above or, when we asked for your consent, up until such time where you withdraw your consent. When the personal data is no longer necessary for the purposes for which they have been collected, they will be anonymized unless a legal or regulatory obligation prevents such anonymization. Personal data collected as part of our communications with you through the website will be stored for as long as needed to communicate with you and to keep an archive of our communications to revert back to when needed.

Data protection provisions about the application and use of Google Analytics (with anonymization function) or Matomo

On this website, the controller has integrated the component of Google Analytics (with the anonymizer function). Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behaviour of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising. On this website, the controller has included Matomo. Matomo is an open source project brought to you by the Matomo team members as well as many other contributors around the globe. Matthieu Aubry is the legal representative of the Matomo project. If you have any questions about this privacy policy, please contact our privacy team at privacy@matomo.org We will never sell your personal data to anyone. In order for us to provide you the best possible experience on our websites, we need to collect and process certain information. Depending on your use of the Services, that may include among others: Contact us via email or Usage data (the website from which you visited us from, the parts of our site you visit, the date and duration of your visit, your anonymised IP address, information from the device).