1. Description of the processing operation
The main purpose of the Lights on Women website is to look for women in energy, climate, and sustainability (Talents) who have created a user profile in the database. By registering to the Energybase, the Talents agree that the administrators of the website collect their personal data for the purposes of creating the profile, subject to the provisions detailed hereafter.
The European University Institute (EUI) in Florence is the owner of the website lightsonwomen.eu. The EUI aims to provide correct information at the time of publishing, however does not guarantee completeness and accuracy as regards content, nor actuality or reliability of the information. Personal data will be collected and further processed for the purposes detailed below. The relevant data processing operations are under the responsibility of the Director of the Robert Schuman Centre for Advanced Studies acting as the Data Controller. The EUI’s Data Protection Policy (available at the link https://www.eui.eu/About/DataProtection) applies to those operations.
2. What personal information do we collect, for what purpose, and through which technical means?
Lightsonwomen.eu will only process your personal data for the following purposes: (i) for research and statistical purposes, (ii) to create profile pages, (iii) should the registered users consent to it, to be contacted by third parties for Academic/research opportunities, Corporate-Organizational opportunities (job openings), Media opportunities/interviews, Deliver a lecture (online and in-person), Online or in-person event, (IV) should the users consent to it, receive communications with commercial purposes.
During the user session on the website lightsonwomen.eu, the webserver will automatically store information of the user session, including the browser type used, the operating system, and date and time and duration of the user session. Further information on the storage of internet log information can be found at: https://www.eui.eu/AboutTheWebsite/Cookies
The data will not be accessible to anyone outside the EUI and we will not release the data to third parties unless we are required to do so by law in accordance with Article 13 (2) of the President’s Decision No 40/2013 regarding data protection at the EUI. In this case, data may be transmitted to bodies responsible for monitoring, inspection or regulatory tasks under EU or national law; to teams performing administrative investigations or upon request to a judicial or law enforcement authority.
3. Who has access to your information and to whom is it disclosed?
Personal data may be collected only by the EUI services and units involved in the activity.
User information will be stored in the databases of our AWS cloud infrastructure. The databases will be accessible exclusively from our Virtual Private Cloud (VPC, logically isolated virtual network) via password-protected access and behind an SSH tunnel which can only be accessed via an encrypted public key.
Incremental backups of the entire application are performed daily and stored in the aforementioned infrastructure and accessible only by authorized personnel via authentication. Backups are kept for a period of 30 days.
4. How do we protect and safeguard your information?
All personal data collected are internally processed only by designated EUI staff members or agents and stored on servers, which abide by the EUI’s security rules and standards. In case an external contractor assists in the activity, the collected personal data and all information related to the event is stored on a computer of the external processor, who has to abide by the same rules as the others designated EUI staff members and agents.
5. How long do we keep personal data?
We keep most of the user ‘s personal data for as long as the user account is open.
This includes data that users or others provided to us and data generated or inferred from the use of our Services. Even if the users only use our Services when looking for a new opportunity every few years, we will retain their information and keep their profile open, unless they close their account. In some cases we choose to retain certain information (e.g., insights about Services use) in a depersonalized or aggregated form.
The users can access or delete their personal data. They have many choices about how their data are collected and used.
We provide many choices about the collection and use of their data, from deleting or correcting data they include in their profile. We offer them settings to control and manage the personal data we have about them.
For personal data that we have about the users, they can:
- Delete Data: they can ask us to erase or delete all or some of their personal data (e.g., if it is no longer necessary to provide Services to them).
- Change or Correct Data: They can edit some of their personal data through their account. They can also ask us to change, update or fix their data in certain cases, particularly if it’s inaccurate.
- Object to, or Limit or Restrict, Use of Data: They can ask us to stop using all or some of their personal data (e.g., if we have no legal right to keep using it) or to limit our use of it (e.g., if their personal data is inaccurate or unlawfully held).
- Right to Access and/or Take Their Data: They can ask us for a copy of their personal data and can ask for a copy of personal data they provided in machine readable form.
6. Email recipients
To manage our email newsletter we use a distributed email system called Mailchimp, only accessible by our staff.
Users can unsubscribe from the newsletter at any time, from their personal profile on the website or from the appropriate link at the bottom of all emails they receive.
User data collected via the website, or data from any surveys, is made available for analysis only to project analysts and will only be disclosed to them via a password-protected Excel file. No response data should be disseminated outside the EUI and only the final result of the data analysis will be disseminated for further analysis.
7. Right of recourse
If you consider that your rights under EUI President’s Decision 10/2019 have been infringed as a result of the processing of your personal data by the EUI, you have the right to request a review according to Article 27 of the aforementioned decision. Such requests should be addressed to the Data Controller:
Director of the Robert Schuman Centre for Advanced Studies
European University Institute
Prof. Erik Jones
Via Boccaccio 121
I – 50133 Firenze, Italy
These should be notified simultaneously to firstname.lastname@example.org as well.