Website Privacy Policy

Version: 1.0.0

Adoption Date: 10/03/2026

Last Updated: 10/03/2026

Start date of project: 01/10/2024

Duration in months: 36

Consortium of partners

Document control sheet

Disclaimer

This Website Privacy Policy was prepared as an account of work funded by the European Commission. The contents of this document are provided “AS IS”, and no guarantee or warranty is provided that the information is fit for particular purposes.

The information, analyses and views set out in this Website Privacy Policy are those of the author(s) and do not necessarily reflect the official opinion of the European Union. Neither the Community institutions and bodies, nor any person acting on their behalf may be held responsible for the use which may be made of the information contained therein. The user, thereof, uses the information at its sole risk and liability.

Copyright notice

© 2026 EMBRACE – BRSH Consortium

Abbreviations and acronyms

Executive summary

A website Privacy Policy is a legal document that explains how a website collects, uses, stores, and protects the personal data of individuals who interact with it. It informs users about what types of information may be processed—such as identification details, contact information, and browsing data—the purposes of processing, the legal basis relied upon, any data sharing with third parties, and the period of retention. It also outlines users’ rights and the safeguards adopted to ensure data security, in line with applicable data protection laws such as the GDPR.

Closely connected to the Privacy Policy is the Cookie Policy, which specifically addresses the use of cookies and similar tracking technologies. It explains what cookies are, which types are used (for example, technical, analytical, or marketing cookies), their purpose, their duration, and how users can manage or withdraw their consent. Together, the Privacy Policy and the Cookie Policy ensure transparency in data processing and support informed user choice in the online environment.

Table of Contents

Executive summary 5

1. Introduction 7

1.1. Document purpose & scope 7

1.2. Relation to project work 7

2. Website Privacy Policy 8

2.1. Data Controller 8

2.2. Which kind of Personal Data are collected 8

2.2.1. Traffic and Internet Data 8

2.2.2. Personal Data provided by the User 9

2.3. Why Personal Data are processed and the Lawful Basis 9

2.4. Cookies 9

2.5. For how long Personal Data are kept 9

2.6. How Personal Data are secured 10

2.7. Who may access Personal Data 10

2.8. Redirections to other Websites 11

2.9. User’s Rights and how to exercise them 11

2.10. Contact Information 12

2.11. Changes 13

2.12. Entry into Force 13

Introduction

Document purpose & scope

The purpose of a website Privacy Policy is to ensure transparency and legal compliance in the processing of personal data. Its primary aim is to inform users in a clear and accessible manner about how their data are collected, used, shared, and protected when they interact with a website. By providing this information, the website operator fulfils legal obligations under data protection laws, such as the GDPR, and enables individuals to understand and exercise their rights. At the same time, these policies serve a broader function of accountability and trust-building. They demonstrate that the organization processes data responsibly, respects user autonomy, and adopts appropriate safeguards. In this sense, the Privacy and Cookie Policies are not merely formal requirements, but essential tools for responsible digital governance and informed user consent.

Relation to project work

In relation specifically to the EMBRACE - BRSH project website, the Privacy Policy regulates how Personal Data are processed through the online platform that presents and disseminates the project’s activities. The project website may collect personal data when users submit contact requests, register for events, subscribe to newsletters, or interact with communication tools. The Privacy Policy explains how these data are handled by the project consortium, for what purposes they are processed, on what legal basis, how long they are retained, and what rights individuals can exercise. It ensures that all data processing carried out through the website complies with the GDPR and with the data protection obligations stemming from the Horizon Europe framework. In this sense, the Privacy and Cookie Policies are directly linked to the governance of the project’s digital presence. They ensure transparency toward visitors, stakeholders, and consortium partners, and demonstrate that the EMBRACE - BRSH project’s website operates in accordance with European standards of data protection, accountability, and responsible research communication.

Website Privacy Policy

This Privacy Policy is aimed at illustrating the means and purposes of the processing of personal data carried out by IANUS Technologies Ltd having its registered office in Spyrou Kyprianou 85, Eleneion Building, 4^th Floor, Flat/Office 401, 6051, Larnaca, Cyprus, in its quality of data controller (hereinafter “IANUS” or the “Controller”), through the website https://ianus-technologies.com (hereinafter the “Website”).

Please note that this Privacy Policy applies to anyone who accesses and visits the Website or otherwise interacts with the web services offered on the Website (the “User”).

Pursuant to article 5 of the General Data Protection Regulation (EU) 2016/279 (“GDPR”), the Processing of Personal Data carried out by IANUS for the development and the management of the Website will be based on the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity and accountability. Any term indicated in capital letters shall have the meaning attributed to it within the GDPR, or otherwise provided hereto.

Data Controller

The Data Controller will be IANUS.

Which kind of Personal Data are collected

Traffic and Internet Data

The computer systems and software procedures used to operate the Website acquire, during their normal operation, some Personal Data whose transmission is implicit in the use of internet communication protocols. This category of data includes, among others, IP addresses, browser type, operating system, the domain name and website addresses from which the User logs in or out, the information on pages visited by the User within the Website, the time of access, the time period of the User’s staying on a single page, the internal path analysis and other parameters regarding the User’s OS and computer environment.

These technical/IT data are collected and used only in an aggregated and not immediately identifiable manner. They could be used to ascertain responsibilities in case of crimes against the Website, or upon public authorities’ request.

In order to consent the collection of this category of data, the Website uses cookies. Please, read the Cookies Policy of this Website for any further information about them.

Personal Data provided by the User

When you register, create an account, or use the platform, we may collect the following Personal Data:

• Account & Profile Information: first name, surname, email address, password (stored in hashed form), profession, biography, organisation, country, phone number, LinkedIn profile URL, and profile photo (avatar image).
• Authentication via LinkedIn: if you sign in with LinkedIn, we receive your email address and a unique identifier through the OpenID Connect protocol. No other LinkedIn profile data is extracted.
• Access Request Form: first name, surname, email address, profession, and a free-text message explaining your reason for requesting access.
• Content Submissions: any content you submit to the platform, including text fields (title, description, keywords, etc.), uploaded files (PDF, Word, Excel, PowerPoint, images, CSV, or ZIP up to 50 MB), and associated metadata such as author name and timestamps.
• Feedback & Reports: feedback type (error report, suggestion, or question), message text, and optionally a related content item reference.
• Notification Preferences: your choices for receiving in-app and email notifications.
• Usage Metadata: timestamps of account creation, profile updates, content submissions, and sign-in activity. Your platform role (assigned by an administrator) is also recorded.

Why Personal Data are processed and the Lawful Basis

The user’s Personal Data will be processed exclusively for the following purposes, and exclusively in the framework of the research Project’s activities (further information on the Project may be found at following URL: www.hub.embracebrsh.com

• To create and manage User accounts, authenticate Users (including via LinkedIn OAuth), and provide access to platform features such as content submission, review, and feedback. This processing is based on the User’s freely given and informed consent, according to Art. 6.1, a) GDPR, and on the necessity to perform the service requested by the User, according to Art. 6.1, b) GDPR;
• To comply with the obligations set both by applicable laws and regulations and to ascertain responsibilities in case of any computer crimes against the Website. As this processing is mandatory by law, User’s consent is not required according to Art. 6.1, c).

In any case, please be aware that User’s Personal Data will not be used for any automated decision-making including profiling, nor will they be further processed without the previous consent of the User.

Cookies

The Website has implemented the use of Cookies. Further information on the use of cookies may be found at the following URL https://hub.embracebrsh.com/cookie-policy.

For how long Personal Data are kept

The Controller only keeps your Personal Data for the time necessary to fulfil the purposes for which the data have been originally collected and/or the purpose of the Project. In any case the said data will be destroyed after 5 years from the completion of the Project.

How Personal Data are secured

Personal Data may be processed through information technology tools either manually or electronically, but always under technical and organisational measures that enable ensuring their security and confidentiality, especially for the purposes of preventing any risk arising from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access to personal data. All the processing operation, and according to the “need to know” principle. Such staff abide by statutory, and when required additional, confidentiality agreements.

Who may access Personal Data

The Personal Data collected by the Controller might be shared with:

• Members of the EMBRACE - BRSH Consortium (list available here: hub.embracebrsh.com, only to fulfil User’s requests regarding the Project’s activities and objectives,
• Controller’s service providers: (i) Hetzner Online GmbH, located in Germany (within the EEA), for website hosting and infrastructure; and (ii) Supabase Inc., whose servers for this project are located in the EU (AWS eu-west-1, Ireland), for database, authentication, and file storage services. Both providers process data exclusively within the European Economic Area.

The Controller might be required to disclose Users’ Information to comply with the law, a judicial proceeding, court order, subpoena, or other legal processes, or where it is necessary to investigate, prevent or take action regarding unlawful activities, suspected fraud, situations involving potential threats to the safety of any person or as evidence in litigation in which we are involved.

Without prejudice to the above, unless upon specific consent of the data subject or as otherwise required by applicable laws, the User’s Personal data shall not he shared with any other organizations.

We confirm that all Personal Data collected through this Website is stored and processed exclusively within the European Economic Area (hereinafter, the “EEA”). The website is hosted by Hetzner Online GmbH in Germany, and the database, authentication, and file storage services are provided by Supabase Inc. on servers located in Ireland (AWS eu-west-1). No Personal Data is transferred to countries outside the EEA. Should a transfer outside the EEA become necessary in the future, it will be carried out in accordance with the provisions of the GDPR and the User will be timely and properly informed about this processing.

Redirections to other Websites

The Website incorporates links which allow the User to connect to other Websites run by third parties. The Controller assumes no responsibility regarding the Processing of Personal Data which may take through and/or in connection with third Parties’ Websites.

Therefore, each User who accesses such web pages and/or Social Media Platform through the Website must carefully read the relevant privacy policies in order to better understand how their Personal Data will be processed by the third parties which, as Autonomous Controllers, will provide and manage such Websites.

User’s Rights and how to exercise them

Pursuant to the GDPR, Users have a number of rights concerning the Personal Data that the Controller hold about them, If Users wish to exercise any of these rights, please use the contact details set out above.

• The right to be informed. Users have the right to be provided with clear, transparent and easily understandable information about how the Controller use their information in this Privacy Policy.
• The right of Access. Users have the right to obtain access to their Personal Data, subject matter of the data Processing. This will enable Users, for example, to check that the Controller is using Users’ Personal Data in accordance with the relevant data protection law. If Users wish to access the information, the Controller holds about them in this way: “Please get in touch” (Please see section Contact Information here below).
• The right to Rectification. Users are entitled to have their Personal Data corrected if it is inaccurate or incomplete. Users can request that the Controller rectifies any errors in information that the Controller hold by contacting it (Please see section Contact Information here below).
• The right to Erasure. This is also known as the “right to be forgotten”, and, in simple terms, enables Users to request the deletion or removal of certain of the Personal Data that the Controller hold about Users by contacting the Controller (Please see the section Contact information here below). Please remember that it is possible that pursuant any applicable law the Controller may not have all Users’ Personal Data erased
• The right to restrict Processing. Users have rights to “block” or “suppress” certain further use of their Personal Data. When processing is restricted, the Controller can still store Users’ Personal Data, but will not use it further.
• The right to Data Portability. Users have the right to obtain their personal information in an accessible and transferrable format, so that they can re-use it for their own purposes across different service providers. This is not a general right however, and there are exceptions. To learn more, please get in touch (Please see section Contact information here below).
• The right to lodge a Complaint. Users have the right to lodge a complaint about the way the Controller handles or processes their Personal Data, with the relevant national Data Protection Authority.
• The right to withdraw Consent. If Users have given their consent to anything the Controller do with their Personal Data (i.e., the Controller relies on consent as a legal basis for processing your information), Users have the right to withdraw that consent at any time. Users can do this by contacting the Controller (please see section Contact Information here below). Withdrawing the Consent will not however make unlawful our use of User’s information while consent had been apparent.
• The right to object to Processing. Users have the right to object to certain types of Processing. Users can, for example, object to the publication of pictures taken of you within the context of a Conference.

Where Users wish to exercise their rights in the context of one or several specific processing operations, please provide the description in the requests.

Users’ request will be handled within a maximum of 30 (thirty) working days.

Contact Information

If Users would like to exercise their rights under the GDPR, or if they have comments, questions or concerns, or if they would like to submit a complaint regarding the collection and use of their Personal Data, they might contact the following email address: info@ianus-technologies.com

Changes

Where appropriate, we will notify you of any changes to this privacy policy, for example by email.

Entry into Force

The present Privacy Policy entered into force on the following date: 10/03/2026, Version 1.0.0.