IoT Lab project is deeply committed to respect and embed privacy and personal data protection, according to European data protection law and to IoT Lab “Privacy and personal data protection rules and guidelines” which are integral part of this policy and bind all the IoT Lab users and technical team.
The main “Data controller” which determines the purposes and means of the processing of personal data through this website and its possible related apps, is the IoT Lab Consortium (from now on also named “Iot Lab”, http://www.iotlab.eu/IOTLabProject/Consortium), without prejudice of the role and obligations arising for single project managers and partners. Mandat International provides the servers where the personal data are stored and is the main “Data processor” on behalf of IoT Lab project.
Personal data (such as your name, email address and mobile phone IDs) are usually electronically processed, by way of employees working in the areas of administration, system administration and webmaster, legal, or communications departments, to enable the management of personal accounts on the IoT Lab website and/or to reply to users’ requests. The duration of the processing respects the data minimization principle, with reference to the purposes of the service and any related obligations. IoT Lab intends to limit the collection and/or storage of personal data to the extent that it is necessary. Personal data are kept as long as the related user wants to be registered in the platform and can be updated and cancelled at any time by the user himself.
As for navigation data, during their normal operations computer systems and software procedures for the operation of IoT Lab web site and/or apps acquire some data whose transmission is implicit in Internet communication protocols. This information is not collected to be associated with identified data subjects, but by their very nature could identify users through processing and association with data held by third parties. This category of data includes IP addresses or domain names of the computers used by users who connect to the website and/or to the app, the URI (Uniform Resource Identifier) of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc.) and other parameters regarding the operating system and User’s computer environment. These data are used only to obtain anonymous statistical information about the website and/or the related apps and to check its correct functioning. The data could be used to ascertain responsibility in case of computer crimes against the site and/or the app server.
The cookies used by websites and apps are divided into two types:
“Technical cookies”, which are strictly necessary for the operation of the site/app and/or the provision of the service explicitly requested by the user. This category includes analytic cookies used by the owner of the site to gather information in aggregate form concerning the number of users and how they visit the site. For the use of this type of cookies consent is not requested except when to expressly deny it for one or all technical cookies (listed below);
“Profiling cookies” our own and/or third-party cookies that are potentially aimed at creating/enriching user profiles and used in order to target messages in line with the preferences expressed by the same during navigation. For the use of this type of cookies, (optional) user consent is always needed. The user can choose which cookies he/she wishes to consent to. When it comes to so-called “third-party” cookies that are installed on the site by third parties with respect to each Data Controller, the user grants or denies consent directly to the owner of the cookie in question, to which each Data Controller makes mere reference and links.
Below is the list of cookies active on the site/s.
It is also possible to manage/disable cookies directly from your browser: please, look in your browser setting to learn how to manage cookies. The use of other persistent and session cookies (which are not permanently stored on the user’s computer and disappear when the browser is closed) is strictly limited to the transmission of session identifiers (consisting of random numbers generated by the server) necessary to enable the safe and efficient exploration of the site. The so-called session cookies used by the website avoid the use of other technologies that could compromise the privacy of the users and do not allow the acquisition of data that could identify the user.
Data collected through this website (www.iotlab.eu) and related apps are stored in a server managed by Mandat International and located in Switzerland. Your data may be transferred to European Union countries or to other countries deemed as secure by the European Commission, or even to countries outside the European Union which are not included in the list of secure countries: in the latter case, we will select US Safe Harbor certified providers and/or stipulate in advance, with the subjects who would process the data outside the EU, the standard contractual clauses given by the European Commission decision of 5 February 2010.
IoT Lab Privacy officer is Anna Ståhlbröst at Luleå University of Technology in Sweden, who can be contacted by email to Anna.Stahlbrost@ltu.se. The Privacy Officer will act as official contact-point for any third party request on privacy and personal data protection issues. You may also directly contact the IoT Lab Consortium, through the IoT Lab website contact page, in order to assert your rights, namely: the confirmation of the existence of data concerning yourself and their origin and processing and the purposes thereof; the cancellation, transformation into anonymous form or the blocking of data processed in violation of the applicable law; the updating, rectification or integration of data; certification that the operations have been brought to the attention of those to whom the data were communicated or disseminated. We remind you that, in the same way, you may object at any time to any processing for sending unsolicited information, even selecting between processing modalities (e.g. allowing only to be contacted by email or telephone operator and excluding SMS, MMS, social messages or paper mail) and the reasons for which you may be contacted (e.g. for the conducting of surveys or invitations to events and sweepstakes). You may also object at any time to the possible geolocation of your device and/or to the possible profiling of your personal data, through cookies or other technology. In case of opposition, the Data Controller may enter your name in a “Robinson list” to ensure that it complies with your will in the future.