Privacy Policy of the EDTSML app

Version: April 2022

The Educational Toolkit for the Development of Social Media Literacy (ETDSML) platform is operated and managed by the Center for Independent Journalism Foundation in its quality as the. You can contact us in writing at the address: Boulevard Elisabeta no.32, 1st floor, Sector 5, Bucharest, Romania (jointly "The Platform", "we" or "us"). The Platform collects data when you ("User" or "you") register as a user, use the Platform and contact us. We collect personal data, namely any information relating to an identified or identifiable natural person ("Personal Data"); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier (IP address) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

The Platform understands the importance of privacy and strives to protect it. All your Personal Data collected by The Platform shall therefore be processed in accordance with the applicable data protection legislations, including the European Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “General Data protection Regulation” or “GDPR”), together with codes of practice, regulatory guidance and standard clauses and other related legislation resulting from the GDPR, as amended from time to time. 

This privacy policy (the “Privacy Policy”) describes the Personal Data that we collect from you and process, the purposes of such processing, the legal basis for processing your Personal Data, the retention period of these Personal Data, whether third parties may access your Personal Data and your rights regarding your Personal Data we process.

Please read this Privacy Policy carefully. You can also consult this Privacy Policy on our website: https://app.socialmedialiteracy.eu 

1. Data Controller 

If you have any questions regarding this privacy policy or our processing of your personal data or if you want to exercise your rights with regards to your personal data, you may contact us at:

Center for Independent Journalism

Boulevard Elisabeta no.32, 1st floor, Sector 5, Bucharest, Romania

dataprotection@cji.ro 

2. the purposes of the processing

We collect your Personal Data for the following purposes: 

1. to allow you to access and use the Platform; 

2. to set up your user account and your access to your account;

3. to display content from external platforms;

4. to communicate with you and provide you with the appropriate support;

5. to improve, effectively present and personalise our services by using the analytical services of third parties to evaluate your use of the website, create reports on the activity, collect demographic data, analyse performance data, and collect other data on our website. These third parties use cookies and other technology to help analyse the data and to provide the data to us;

We are committed to safeguarding and protecting your personal data and using it lawfully, fairly and in a transparent way, in compliance with the GDPR, and we will only collect and process your personal data for the specified and explicit purposes listed above.

3. Types of Data collected 

   1. When you use the Platform, we collect the following categories of data: 

      1. identification data such as your user account data (if any);

      2. technical data such as your IP address, your operating system, the devices on which you use the Platform;

      3. behavioural data such as the manner in which you use the Platform or the type of content you access. 

This collection can take place through the cookies that we or third parties have installed on your device, to the extent that you have accepted the placing of these cookies. For more information, please read our cookie policy [URL].

2. When you register for a User account, we collect the following categories of data: 

   1. identification data such as your email address, your name and surname, your school name, your city, your preferred language;

   2. technical data such as your IP address, your operating system, your devices you use the Platform on.

3. When you contact us, we collect the following categories of data:

   1. identification data such as your user account (if any), your name, your email address;

   2. the timings of your correspondence with us;

   3. the content of your correspondence with us.

4. Legal basis For the processing of your personal data

We are allowed to process your personal data in strict accordance with the applicable privacy legislation and on the basis of the following legal grounds:

1. Performance of the agreement: we are allowed to process most of your Personal Data to deliver our services, to comply with our obligations, to communicate with you prior to entering into a contract with you. For example, we need your contact details to be able to create a user account.

2. Legitimate interest: we may process your Personal Data when it is in our legitimate interest to do so. For instance, we collect your behaviour data to improve our services and the Platform. 

3. Consent: we may also process your data if we have your express consent, e.g. when you register for a newsletter or when you agree to the use of specific cookies.

5. retention and deletion 

The Platform may retain your personal data as necessary for internal analytical purposes, or to provide you with services that you have requested, comply with its legal obligations, resolve disputes and enforce agreements (e.g. settlement). The criteria used to determine the retention periods include: 

1. how long the personal data is needed to provide the services and operate the business; 

2. the type of personal data collected; and 

3. whether The Platform is subject to a legal, contractual or similar obligation to retain the data (e.g., mandatory data retention laws, government orders to preserve data relevant to an investigation, or data that must be retained for the purposes of litigation or disputes). 

If you would like more information about applicable data retention policies, please contact us at dataprotection@cji.ro. 

2. Your rights as data subject 

Under the GDPR, you are entitled to exercise your rights mentioned below. To exercise rights, please contact us by using the contact details provided in Article 1 of this Privacy Policy. 

1. Right for information and access

You are always entitled to know what Personal Data we hold on you, how, where and for how long such Personal Data are processed. You therefore have the right to request information regarding the Personal Data that we hold and process in your respect and to access these Personal Data. We will then provide you with information and/or access to the Personal Data that is being processed and on the source of such Personal Data.

Please note that we may request you to provide us with satisfactory proof of your identity before complying with your request for information or access. 

2. Right of rectification and right of erasure 

You have the right to request us, free of charge, to rectify any inaccuracies, or to complete in your Personal Data if such Personal Data would be incomplete or inaccurate.

You have the right to request us, free of charge, to erase all your Personal Data collected, stored and processed by us, without unreasonable delay. 

3. Right to object to data processing 

You may, at any time, withdraw the consent that you have given to The Platform to the processing of your Personal Data. 

We may solely use your Personal Data for direct e-mailing purposes (such as notifications) subject to your explicit consent. If you have provided such explicit consent, and you no longer wish to receive natifications, you may at any time require us to stop processing your Personal Data for direct e-mailing purposes.

4. Right to restriction

You have the right to "restrict" our use of your Personal Data where: (i) you contest the accuracy of the Personal Data, (ii) the processing is unlawful and you request us to "restrict" our use of your Personal Data rather than to erase it; (iii) we no longer need the Personal Data for the original purpose of the processing but they are required by you for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing and there is a verification of whether our legitimate grounds can override yours.

5. Right to Data Portability

Within the limits set forth in the GDPR, you may request the portability of your Personal Data, i.e. obtain that the Personal Data you have provided to The Platform be returned to you or transferred to someone else of your choice, in a structured, commonly used and machine-readable format.

6. Right to lodge a complaint with the competent authority  

If you are not satisfied with the way we process your Personal Data, please contact our privacy team at dataprotection@cji.ro and we will investigate your concern using the above communication means. You also have the right to lodge a complaint with a supervisory authority. 

In Belgium, the supervisory authority is the Gegevensbeschermingsautoriteit / autorité de protection des données: https://www.dataprotectionauthority.be/citizen. 

In Portugal, the supervisory authority is the Comissão Nacional de Proteção de Dados: https://www.cnpd.pt/ 

In Italy, the supervisory authority is Garante per la protezione dei dati personali: https://www.garanteprivacy.it/ 

You may also consult the Romanian legislation on the page of The National Supervisory Authority For Personal Data Processing, at this link: https://www.dataprotection.ro/index.jsp?page=home&lang=en.

3. Disclosure to third parties and transfer to third countries

   1. Disclosure to third parties 

Other than as set out in this Privacy Policy, The Platform will not sell or otherwise disclose your Personal Data to third parties without obtaining your prior explicit consent, unless this is necessary for the purpose set out in this Privacy Policy or unless we are required to do so by law.

We may also share Personal Data with third-party cloud providers and service providers who help us to provide, commercialise and improve the Platform and our services. We do not authorise these third-party service providers to use or disclose your Personal Data except as strictly necessary to perform any services under our supervision or to comply with applicable legislation. We seek to provide any such third-party service provider with only the Personal Data they need to perform their specific function.

The Platform puts in place contractual (including data protection, confidentiality and security provisions) and other organisational safeguards with third-party service provides who have access to your personal data to ensure an adequate level of protection of your personal data. 

2. Transfer to third countries

If recipient of your Personal Data is located in a non-EEA country and this country is not recognised by the European Commission as offering an adequate level of data protection, we will put in place appropriate safeguards to protect your Personal Data in accordance with the GDPR, such as the Standard Contractual Clauses adopted by the European Commission, if necessary with additional measures.

4. Changes to this privacy policy 

The Platform reserves the right to change this privacy policy at any time and from time to time in order to reflect changes in the services provided on the Platform or the applicable laws. If The Platform decides to change this privacy policy in the future, The Platform will post an appropriate notice at the top of this privacy policy page and/or give you reasonable advance notice through the Platform. Any non-material change (such as clarifications) to this privacy policy will become effective on the date the change is posted and any material changes will become effective thirty (30) days from their posting on the Platform. The date this privacy policy was last revised appears at the top of this document. Your continued use of the Platform after the changes to this privacy policy become effective signifies that you accept of any such changes. 

Finally, we assure you that the security of your data is a very important issue for us and we take all the necessary measures to this end. Should there be a security breach that could affect your data, we shall inform you of it as soon as possible.