Privacy policy

Introduction

Thank you for visiting the VERITY project website. This Privacy Policy addresses processing of personal data for the operation of the website. This covers personal data that visitors provide through the website and the personal data included as part of our website content. We are committed to processing personal data responsibly, securely, and proportionally throughout our activities in compliance with the General Data Protection Regulation (GDPR) 2016/679.

Who we are

VERITY is a European Union (EU)-funded Horizon Europe project (Grant agreement ID: 101058623) that aims to ensure science is transparent, responsible and accountable. It will identify the different actors responsible for upholding trust and develop tools and methods for improving trust. The project will combine interdisciplinary expertise from social sciences and engineering to synthesise existing knowledge and produce a Protocol of Recommendations.
The consortium is composed of 6 partners, including experts and academics from private for-profit entities, research and innovation organisations and Universities. The consortium brings together essential and interdisciplinary skills and will collaborate to deliver a protocol of recommendations for enhancing public trust in science. 
For the purposes of this website, the data controller is Trilateral Research IE Ltd, registered in Ireland under company number 616396, with a registered office at Marine Point, 2nd Floor, Belview Port, Waterford, X91 W0XW, Ireland. 
You can contact the data controller via email at DPO@trilateralresearch.com. 

Why we process personal information?

We process personal data to fulfil the aims of the VERITY project, including enhancing research delivery, disseminating project results and information, and engaging with individuals likely to be interested in our work. Personal data is processed to facilitate communication, manage event participation, and monitor website activity. Additionally, processing helps us meet legal obligations, such as promoting project results and ensuring compliance with applicable laws and regulations.

Personal data processed through the website

We collect and process the following types of personal data through our website:

  • Contact information: When you contact us, we collect your contact details and the message you provided.
  • Website content: Personal data included in the content we upload, such as names and places of work of researchers.
  • Technical data: We may collect technical data such as IP addresses, browser type, and operating system through cookies and similar technologies (see our Cookie Policy for details, which requires explicit consent for non-essential cookies). In some cases, these technical data can contain personal information.

Legal bases of processing

We use the following legal bases for processing personal data received through the website:

  • Consent (Art. 6(1)(a) of the GDPR): When users consent directly to the processing of their personal data, such as by subscribing to the project newsletter. If they provide us with sensitive personal data falling under Art. 9 of the GDPR (such as dietary requirements for an event), we will process it under 9(2)(a) of the GDPR.
  • Legitimate Interests (Art. 6(1)(f) of the GDPR): We process personal data when it is necessary for us to achieve the following legitimate interests:
            • Enhancing our research delivery by providing information about VERITY to the individuals we consider likely to be interested in our project. This may include:
                         • Sending invitations and providing access to guests attending our events and webinars;
                         • Monitoring the activity on this project website.
             • Should the recipient of the information indicate that they would not like to receive further communications from the project, we will cease processing their personal data.

We process the personal data we communicate through the website according to the following lawful bases:

  • Consent (Art. 6(1)(a) of the GDPR) – when we have received consent to publish personal data – e.g., a blog post from one of our researchers.
  • Legal obligations (Art. 6(1)(c) of the GDPR) – we may process personal data to meet a legal obligation, e.g., promoting project results to multiple audiences, including the media and the public
  • Legitimate interests (Art. 6(1)(f) of the GDPR) – we process personal data when it is necessary for us to achieve the following legitimate interests (if they are not overridden by the data subject’s interests):
               • Enhancing our research delivery by providing information about VERITY activities on the website;
               • Undertaking dissemination activities.

How we secure your personal data

We have technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration, or destruction. 
        • Password protection and restricted access.
When possible, we ensure that access to personal data is password-protected and restricted to a limited number of individuals with a justified purpose to access it. Data is encrypted in storage and communication using industry-standard encryption protocols.
        • Regular updates of security and antivirus software.
Those individuals with access to the data are required to maintain confidentiality about the data. To mitigate risk, we install and regularly update all security and anti-virus software on our systems. Nevertheless, users should be aware that the security of data transmitted over the Internet cannot be completely guaranteed, and some risk remains.
        • Confidentiality agreements with individuals accessing the data.
Data breaches will be reported to the relevant supervisory authority within 72 hours and affected data subjects will be informed without undue delay following Art 33 GDPR.

How long do we retain personal data?

We retain personal data only as long as is necessary for the purposes described above. We are obligated to retain data concerning EU Horizon Europe research projects for up to five years after the EC’s last payment to the consortium (further retention may be requested by EU auditors).
As the records and documentation containing personal data have been collected within the delivery of a European Commission (EC) project, we expect that the EC will process it in compliance with Regulation No 2018/1725, on the protection of natural persons regarding the processing of personal data by Union institutions, bodies, offices, and agencies. After the retention period expires, and unless further grounds for retention arise and implementing the principle of data minimisation (Art 5 GDPR), we will dispose of personal data securely.

Do we share personal data with third parties?

  • The VERITY consortium will not share personal information with anyone except the EC, if it requests such information. All partners will treat information received from other partners as confidential and will not disclose it to anyone else, unless it is obvious that the information is already publicly available or if there is a legal obligation to do so. The partners will impose the same obligations on their employers and suppliers.
    We may occasionally share personal data with trusted third parties to help us deliver our services efficiently. We will ensure that recipients are contractually bound to safeguard the data we entrust to them before sharing information. We may engage with the following categories of recipients:
  • Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google Analytics).
  • Our professional advisors, including lawyers, auditors, and insurers;
  • Payment service providers;
  • Email management services;
  • Law enforcement and other government and regulatory agencies or other third parties as required by, and in accordance with, applicable law or regulation;
  • The European Commission when we are required to do so in relation to our work on EC Horizon Europe projects.

Before sharing personal data, we ensure the above recipients are contractually bound to safeguard it.

Do we transfer your personal data outside the EU?

By default, we store personal data on servers located in the EU. However, we may also transfer personal data to reputable third-party service providers, notably SharePoint, who may be located outside of the EU. In these cases, standard mechanisms used to ensure data protection are expected to be implemented by our service providers, including Standard Contractual Clauses, Privacy Shield, Binding Corporate Rules.

Your rights under data protection legislation

As a data subject, you can exercise your rights as outlined in this privacy policy. We may need to verify your identity to ensure your personal data is not disclosed to unauthorised individuals. Initial requests are free unless deemed unfounded or excessive. In some cases, we may not be able to fulfill your request due to other legal grounds.
Right to access (Art. 15 of the GDPR)
The data subject has the right to obtain confirmation as to whether processing of personal data concerning them takes place in the VERITY project. If this is the case, the data subject can request access to their data. Granting the right to access only occurs where the identification of the data subject is possible. 
You can exercise this right and the ones below by emailing the data controller at DPO@trilateralresearch.com and providing your identification information.    
Right to rectification (Art. 16 of the GDPR)
The data subject has the right to obtain the rectification of inaccurate personal data concerning them. The exercise of this right is only possible where the data subject can be identified, and the inaccuracy of data is verified.
Restriction of processing (Art. 18 of the GDPR)
The data subject has the right to obtain the restriction of processing where:

  • The accuracy of the personal data is contested;
  • The processing is unlawful, the data subject opposes the erasure of personal data and requests the restriction of processing instead;
  • The controller no longer needs the personal data, but they are required by the data subject for the establishment, exercise, or defence of legal claims;
  • The data subject has objected to processing pursuant to Art. 21(1) of the GDPR pending the verification of whether the legitimate grounds of the controller override those of the data subject.

The exertion of this right may require provision of further information to allow identification of the data subject.
Right to object (Art. 21 of the GDPR)
A legal basis for the processing of personal data in the VERITY project is Art. 6(1)(f) of the GDPR. The data subject has the right to object on grounds relating to their situation at any time to the processing of personal data concerning them, unless the VERITY consortium demonstrates compelling legitimate grounds for the processing that overrides the interests, rights, and freedoms of the data subject or for the establishment, exercise, or defence of legal claims.
The exertion of this right may require provision of further information to allow identification of the data subject.
Right to erasure (‘Right to be forgotten’) (Art. 17 of the GDPR)
The data subject has the right to obtain erasure of personal data concerning them, if:

  • The data subject objects to the processing pursuant to Art. 21(1) of the GDPR and there are no overriding legitimate grounds;
  • The personal data have been unlawfully processed;
  • The personal data must be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject

Right to data portability (Art. 20 of the GDPR)
In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company.
Right to lodge a complaint with a supervisory authority (Art. 77 of the GDPR)
The data subject has the right to lodge a complaint with a data protection supervisory authority in the Member State of their habitual residence, place of work, or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.

Disclaimer and limitations of liability

We aim to keep the information that appears on the VERITY website as complete and updated as possible. If errors are brought to our attention, we will take all reasonable steps to ensure corrections are made within a reasonable timeframe. Please be aware that the information published on the website is for informational purposes only. None of the information published on our website is legal or professional advice, and we cannot accept responsibility for how it may be used. 
Further, we are not responsible or liable for any errors or omissions in any of the information provided on the website. We cannot be held liable for any direct or indirect damage that may result from use of this site. Links to other websites are provided in good faith and for information only. A link to another website does not mean that we endorse or accept any responsibility for the content or use of such a website.
While we take all possible steps to minimise disruption caused by technical errors, we cannot guarantee that our website will not be interrupted or otherwise affected by such problems. Please note that access may be suspended temporarily and without notice in the case of system failure, website maintenance, or for reasons beyond our control.
The use of our website is governed by the law of Ireland. Any dispute arising from the use of this website shall be subject to the non-exclusive jurisdiction of the Irish courts.

Do we link to other websites?

Our websites may contain links to other sites, including those of the consortium partners, which are not governed by this privacy policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

Do we change this privacy policy? 

We regularly review this privacy policy and will post any updates to it on this webpage. The privacy policy was last updated on 10 June 2024.