Privacy Policy

INTRODUCTION

RISEnergy is an EU-funded project (Grant Agreement no: 101131793) that started in March 2024 and will end in August 2028. Its consortium is made of 17 full participants and 36 Affiliated entities, under the coordination of KIT (DE) (see details here). For further information, please contact risenergy@for.kit.edu.

The project consortium (hereafter “RISEnergy”) is committed to processing personal data responsibly, securely, and proportionally throughout our activities in compliance with the General Data Protection Regulation (GDPR) 2016/679 [1]

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights and the Data Protection Officer.

WHY AND HOW DO WE PROCESS YOUR PERSONAL DATA?

Purpose of the processing operation

We collect and use your personal data to:

  • allow you to participate in project activities as defined in the RISEnergy Grant Agreement (e.g. Research & innovation activities, Transnational and Virtual Access provision to Research Infrastructures, review and selection of User projects, Provision of recommendations to the project, etc.)

  • allow you to subscribe to our newsletter

  • allow you to participate in surveys

  • promote our project activities and results as well as events amongst different types of stakeholders

  • send invitations and provide access to guests attending our events and online seminars

  • process online requests or queries, including responding to communications from individuals

  • comply with legal and regularity obligations.

The processing operation consists in storing the personal data you provide us with in order to deliver the requested / agreed services.

How we collect your personal data

We collect personal data both directly and indirectly.

Directly
We obtain personal data directly from you in a variety of ways, e.g.

  • when you:

    • subscribe to our newsletter,

    • register to attend meetings and events we host/(co-)organise and during the attendance at such events,

    • complete any online form related to project activities (e.g. RI description form, transnational and virtual access application forms, surveys and feedbacks forms, etc.)

    • contact us via completion of the online contact form or contact us directly via Email

    • send us invoices (e.g. reimbursement of travel costs)

    • visit the offices of one of the project partners when

  • we are establishing a research relationship

  • we are performing professional services pursuant to our contract with the European Commission

  • you participate in our research activities that we perform either independently or in collaboration with you.

Indirectly
We obtain personal data indirectly about individuals from sources, including:

  • our networks and professional contacts

  • public and open data sources such as public registers, news articles and Internet searches social and professional networking sites (e.g., LinkedIn).

WHICH PERSONAL DATA DO WE COLLECT AND FURTHER PROCESS?

We collect the following types of personal data, including:

  • General contact details (e.g. first and last names, gender, job title, affiliation and email address)

  • Special categories of personal data, which we may collect with explicit consent for project administrative and legal purposes, including:

    • Dietary restrictions, birth date and place, nationality, when registering for in-person events such as project meetings and workshops

    • Personal address, invoices and bank account details for internal reimbursement of travel costs for attendance at such events or execution of TA/VA activities of RISEnergy

    • Nationality of potential Users of RISEnergy TA/VA

ON WHAT LEGAL GROUND(S) DO WE PROCESS YOUR PERSONAL DATA?
There are different bases on which the consortium processes personal data.

  • Consent – When you provide us with your personal data directly, for example, when you subscribe to our newsletter, register to an event or apply for TA/VA.

  • Legal obligations– We may process personal data in order to meet a legal obligation, e.g., reporting to the European Commission and promoting project results to multiple audiences, including the media and the public.

  • Legitimate interests – We process personal data when it is necessary for us to achieve the following legitimate interests:

    • Enhancing our research delivery

    • Implementing project tasks, including dissemination activities

HOW DO WE PROTECT AND SAFEGUARD YOUR PERSONAL DATA?
We have put technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data are password protected. We encrypt EU classified data and data are restricted only to a limited number of individuals who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software in use on all of our systems, nevertheless the security of data transmitted over the internet cannot be completely guaranteed. In addition, the consortium is conducting a privacy and ethics impact assessment (in line with GDPR Art. 35) over the duration of the project, wherein the consortium will identify and assess any ethical or data protection risks and find solutions to overcome any such risks.

Please be aware that transmissions over the Internet are never completely private or secure.

DO WE SHARE PERSONAL DATA WITH THIRD PARTIES?
The RISEnergy consortium will generally not share personal information with anyone except the European Commission, if it so requests. All partners will treat information received from other partners as confidential and will not disclose it to third parties, unless it is obvious that the information is already publicly available or there is a legal obligation to do so. The partners will impose the same obligations on their employees and suppliers.

We may occasionally share personal data with trusted third parties, such as those listed below, to help us deliver efficient and quality services. When we do so, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we actually share the data. We may engage with several or all of the following categories of recipients:

  • Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google Analytics)

  • Our professional advisers, including lawyers, auditors and insurers

  • Payment services providers

  • Marketing services providers (e.g., MailChimp)

  • Law enforcement or other government and regulatory agencies (e.g., tax authorities) or to other third parties as required by, and in accordance with applicable law or regulation

  • The European Commission when we are required by them to do so in relation to our work with them on EC funded projects.

DO WE TRANSFER YOUR PERSONAL DATA OUTSIDE THE EU?

We store personal data on servers located in the EU, however, we transfer personal data to reputable third-party service providers, notably SharePoint, Dropbox, Google, who may be located outside of the EU. All project partners are required to safeguard personal data in accordance with our contractual obligations and data protection legislation.

HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations to which we are subject. Please note that as research project funded by the European Union we have an obligation to retain data for up to five years after the end of the project (unless further retention is requested by auditors).

As the records and documentation containing personal data have been collected within the delivery of an EC project, we expect that the Commission will process it in compliance with Regulation No 2018/1725. After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.

DO WE USE COOKIES?
Cookies are small text files that are placed on your computer in order to make websites work better and to provide information to the owners of the website about its use by visitors. We only use third-party cookies on our website.

Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our cookie policy. We give visitors the option of not having cookies from our website.

USE OF INFORMATION APPEARING ON THIS SITE
The content of the RISEnergy website, including texts, images, photographs, audio, video, graphics, logos, domain names, user interfaces, user “look and feel”, is protected by the provisions of national and international intellectual property laws.

Unless otherwise indicated, you are authorised to view, copy, print and distribute (but not modify) the content of this website, provided that such use is for solely personal and non-commercial purposes. Please acknowledge the source. All logos and trademarks are excluded from the abovementioned general authorisation. In cases of doubt as to the conditions of use or reproduction of a particular item, please contact us at: risenergy@for.kit.edu.

DO WE LINK TO OTHER WEBSITES?
Our website may contain links to other sites, including the sites of the consortium partners, which are not governed by this privacy policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security or privacy practices employed by other sites.

DISCLAIMER AND LIMITATIONS OF LIABILITY
We aim to keep the information that appears on the RISEnergy website as complete and up to date as possible. If errors are brought to our attention, we will take all reasonable steps to make any necessary corrections within a reasonable time. Please be aware that the information published on our website is for informational purposes only. None of the information contained on the website constitutes legal or professional advice, nor can we accept responsibility for how it might be used, and we are not responsible or liable for any errors or omissions in any of the information provided on the website might be used. We cannot be held liable for any direct or indirect damage which may result from use of this site. Links to other websites are provided in good faith and for information only. A link to another website does not mean that we endorse or accept any responsibility for the content or use of such website.

While we take all possible steps to minimise disruption caused by technical errors, we cannot guarantee that our website will not be interrupted or otherwise affected by such problems. Please note that access may be suspended temporarily and without notice in the case of system failure, website maintenance or repair or for reasons beyond our control.

WHAT ARE YOUR RIGHTS AND HOW CAN YOU EXERCISE THEM?
You have the following rights regarding our processing of your personal data. You can exercise your rights by emailing us (see below) including:

  • Right to withdraw consent – You can withdraw consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

  • Right of access – You can ask us to verify whether we are processing personal data about you and, if so, to have access to a copy of such data.

  • Right to rectification and erasure – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.

  • Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.

  • Right to data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company.

  • Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision-making. However, we may need to keep some minimal information (e.g., e-mail address) to comply with your request to cease marketing to you.

  • Right to make a complaint to your local Data Protection Authority (DPA) (see https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) regarding any concerns you may have about our data handling practices.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make an initial request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

CONTACT INFORMATION

Contact us: If you have any concerns as to how your data is processed or if you have some issues or queries concerning the RISEnergy website, you can contact us at risenergy@for.kit.edu

Data Controller
Responsible for data processing in the sense of the GDPR as well as other data protection regulations are:

European Distributed Energy Resources Laboratories (DERlab) e.V.
Wilhelmsstraße 5
34117 Kassel, Germany
Phone: + 49 (0) 561 7880830
E-mail: office@der-lab.net

Karlsruhe Institute of Technology (KIT)
Kaiserstraße 12
76131 Karlsruhe, Germany
Phone: +49 721 608-0
Fax: +49 721 608-44290
E-mail: info@kit.edu

Data Protection Officer

The DERlab data protection officer is:
Dr. Philipp Strauß
European Distributed Energy Resources Laboratories (DERlab) e.V.
Wilhelmsstraße 5
34117 Kassel, Germany
Phone: +49 (0) 561 7880830
Fax: +49 561 78808320
E-mail: office@der-lab.net

The KIT data protection officer is:
Ass. jur. Marina Bitmann
Kaiserstr. 12
Building 10.11 Room 233
76131 Karlsruhe
Postal address: Mailbox 6980
76049 Karlsruhe, Germany
Phone: +49 721 608 41057
Fax: +49 721 608 41059
E-mail: dsb@kit.edu

LAST UPDATE
This privacy policy was last updated on the 28/06/2024

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

To download this information in a PDF format, please click here.

Scroll to Top