The present Privacy Policy describes the means and purposes of the processing of personal data through the website (hereinafter the ‘Website’) carried out by the CORE-MD consortium, particularly the European Society of Cardiology, Coordinator of the CORE-MD project, in its quality of Data Controller (hereinafter ‘ESC’ or the ‘Controller’) together with RIVM as Risk and Data Manager. This Privacy Policy is applicable to anyone who accesses the Website or otherwise interacts with the web services offered on the Website (i.e., the ‘User’).

The processing of the User’s personal data will take place in compliance with the applicable data protection legislation, with particular regard to the Regulation (EU) 2016/679 (the ‘GDPR’) concerning the protection of natural person with regard to the processing of personal data, as well as free movement of such data.

Data controller

Data management and compliance with the agreements made are the responsibility of the Project Coordinator and Risk and Data Manager (RIVM).

The website

This Website aims to provide information regarding CORE-MD, a project funded by the European Union’s Horizon 2020 Research and Innovation Programme under grant agreement No. 965246.

It has been designed to minimize the collection and the processing of Users’ personal data, as well as to exclude the processing of such data in all cases when the purposes described below can be achieved with different and more privacy-preserving means.

Categories of personal data collected

Traffic and Internet data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols.

This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by User within the Website, the time of access, time period of User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.

These technical / IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.

In order to consent the collection of this category of data, the Website uses cookies.

Personal data provided by the User

The User’s personal data will be processed by the Controller solely for the following purposes:

  • allowing the User to easily and correctly navigate the Website. This processing is necessary to run the Website and to allow the User to access its contents, according to Art. 6.1, b) of the GDPR;
  • fulfil any request made by the User through the contact form available on the Website. This processing is needed to provide the Users with the information they have directly requested, according to Art. 6.1, b) of the GDPR;
  • complying with the obligations set forth by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c);
  • delivering the CORE-MD newsletter, consultations, events and/or updates to the User. As this processing is optional, User’s consent must be acquired before processing the User’s personal data for this purpose.

Methods of the processing, data retention and data security

The personal data are collected and processed lawfully and fairly, solely for the purposes described above and in accordance with the fundamental principles established by the applicable legislation.

Personal data may be processed either manually, through information technology tools or electronically, but always under technical and organizational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to personal data.

The processing operations will be carried out only by persons who have been duly authorized and instructed by the Controller.

Communication to third parties

The personal data collected by the ESC will not be shared or communicated to third parties, unless upon specific consent of the data subject or as otherwise required by applicable laws.

Should the communication to third-party suppliers or partners of the ESC (e.g., service providers, hosting providers, IT companies, communication agencies) be necessary for organizational, administrative or support needs, it will be the Controller’s responsibility to appoint such parties as additional data processors by virtue of the capacity, experience and reliability demonstrated.

It remains understood that the Users’ personal data can be made available to third parties, such as competent and police authorities, whenever this is required by applicable law or by an order issued by them.

Data retention

The personal data will be kept in a format that allows User’s identification only for the time strictly necessary to fulfil the purposes for which the data have been originally collected and, in any case, within the limits set forth by applicable laws and regulations, as well as to enforce or protect the rights of the Controller, where necessary.

In particular, the data provided by the User in relation to the CORE-MD newsletter, consultations events and/or updates will be retained for a maximum of 36 months.

When no longer necessary, the data will be immediately cancelled or made anonymous.

Transfer of data abroad

The User’s personal data will not be transferred outside the European Economic Area (hereinafter, the ‘EEA’).

In any case, should a transfer of the data outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely informed about this processing.

Redirect to other websites

The Website incorporates links which allow the User to connect to other websites run by third parties. The Controller assumes no responsibility regarding the processing of personal data which may take place through and/or in connection with third-parties’ websites.