This Privacy Policy is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export, and delete your information.

• Families_Share Privacy Policy

Welcome to the website (the “Site”) of Families_Share. This Site was developed to provide information about the Families_Share services. The Families_Share application, along with the website, are the “Services” for visitors and users (“you” and/or “your”).

This Privacy Policy sets out Families_Share’s policy with respect to your information, including information which identifies or could identify you personally (known as ‘personally identifiable information’ in the USA or ‘personal data’ in the European Union, which we’ll call “Personal Data”) and other information that is collected from visitors and users of the Services.
Please read this privacy policy carefully so that you understand how we will treat your data.  By using any of our Services, you confirm that you have read, understood and agree to this privacy policy.  If you do not agree to this policy, please do not use any of the Services. If you have any queries, please email us at info@families-Share.eu

• Who we are

We are: ViLabs, the Families_Share EU Project’s Responsible Partner for the development and maintenance of the website and of the Families_Share Applications and corresponding services as well as the project’s Data processor and Data Controller.

The applications include:

• Families_Share Thessaloniki
• Families_Share Smart Venice
• Families_Share Pescara
• Families_Share Cokido
• Families_Share FBK
• Families_Share Budapest
• Families_Share Bologna

 ViLabs CY (“Versatile Innovations”), ECASTICA Business centre 6, Vasili Vryonides str. Gala Court Chambers, Limassol, Cyprus t. +30 2310 365 188, +35 725 760 967, info@vilabs.eu. 

We refer to this team as “ViLabs”, “we”, “us” and/or “our”.

• Our legal status and applicable data privacy laws

ViLabs holds the role of data processor and data controller under the EU legislation. All personal data are collected, used, stored and processed in full compliance with General Data Protection Regulation (Regulation (UE) 679/2016 also known as “GDPR”) and European Parliament Directive 2002/58/EC (Directive on privacy and electronic communications). Only the Vilabs researchers and system administrators will have access to the data folder. The Families_Share services are hosted on servers located in the European Union and provided by contabo (https://contabo.com/).

• Information We Collect

When you interact with us through the Services, we collect Personal Data and other information from you, as further described below:

We collect Personal Data from you when you voluntarily provide such information, such as when you contact us with inquiries, register for access to the Services or use certain Services.

In particular, in Families_Share platform will be collecting information about parents, children, and childcare groups. 

1. About parents: name, family name, phone number, address, email and picture/avatar.
2. About children: The Information is collected only by the ones who exercise parental responsibility, and there are entitled to provide the relevant information, according to the relevant legislation. The information is: name, birth date, gender, picture/avatar and other information directly specified by parents (allergies, diseases, specific diet, special need, etc.). 
3. About childcare groups: the group name, group bio, childcare location, childcare periods and the messages in the group feed (text & picture). 
4. Technical or other details about any device which you use to access the Services, including device Unique Device Identifier (UDID) or equivalent; your operating system, browser type or other software; your hardware or mobile device details (including your mobile device type and number and mobile carrier details), if applicable; or other technical details.
5. Details of your use of our Services: metrics information about when and how you use the Services.
   
   By voluntarily providing us with Personal Data, you are consenting to us using them in the context of the Services and in accordance with this Privacy Policy (art. 6, par. 1, lett. a, GDPR). By the way, processing personal data should also be lawful when it is necessary for the performance of the Services (art. 6, par. 1, lett. b, GDPR). Regarding special categories of personal data, you give explicit consent to the processing of those data as soon as providing them for the purposes of the Services.

• Our Use of Your Personal Data and Other Information

Each information collected is immediately separated in (i) a part which contains personal (not sensitive) information (such as name, email, phone number, etc.) about the participants involved and (ii) a part which is fully anonymized (non-personally identifiable) and then made available to the whole consortium for research purposes. 

Personal data of participants to each CityLab will be shared through the app to the other members of the group for the Families_Share activity management, under the control of the group administrator. Any abuse by a member will result in the cancellation of her/his account. Notice that any request to be part of a group is subject to approval by the group administrator.

Additional personal data of participants will be collected when necessary only for scientific purposes (for example, to further contacts for longitudinal studies) and will be deleted immediately after the completion of the project. Anonymized data are stored in a shared repository and will be maintained after the completion of the project as evidence for the studies and the publications. 

In particular, the Services may use such information and pool it with other information on an anonymized and generalized basis to track, for example, the total number of users of our Services, the number of visitors to each page of our Site and the domain names of our visitors’ Internet service providers (no personal data are involved in such case).

• Our Disclosure of Your Personal Data and Other Information

Anyways, Families_Share (and thus the responsible partner ViLabs) may disclose your Personal Data only if required to do so by law or in the good faith belief that such action is necessary to:

(i) Comply with a legal obligation

(ii) Act in urgent circumstances to protect the personal safety of users of the Services or the public

(iii) Protect against legal liability

• Your Choices

You can visit the Services without providing any Personal Data. If you choose not to provide any Personal Data, you may not be able to use certain Families_Share Services.

• Data collection    

All the data come from users in signing up to the Families_Share platform. Most of the time, parents have to give their consent to the treatment of private and “sensible” information about their children. In particular, children information is provided by parents and data are collected according to the GDRP (article 8):

“1. Where point (a) of Article 6(1) applies, in relation to the offer of information society services directly to a child, the processing of the personal data of a child shall be lawful where the child is at least 16 years old. Where the child is below the age of 16 years, such processing shall be lawful only if and to the extent that consent is given or authorized by the holder of parental responsibility over the child. 

2. The controller shall make reasonable efforts to verify in such cases that consent is given or authorized by the holder of parental responsibility for the child, taking into consideration available technology.
3. Paragraph 1 shall not affect the general contract law of the Member States such as the rules on the validity, formation or effect of a contract in relation to a child.” 

Remember also GDPR’s point 32: “Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject’s acceptance of the proposed processing of his or her personal data […] If the data subject’s consent is to be given following a request by electronic means, the request must be clear, concise and not unnecessarily disruptive to the use of the service for which it is provided”.

• Children

Families_Share does not knowingly collect Personal Data provided by the very children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through the Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce our Privacy Policy by instructing their children never to provide Personal Data on the Services without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to Families_Share through the Services, please contact us, and we will endeavour to delete that information from our databases.

• Data storage and preservation strategy

The overall Families_Share services are offered through the cloud, and both the back and front end of the platform and the data is stored on secure and protected dedicated servers through a certified cloud provider, which has all the needed infrastructures and certifications required by the GDPR.

The cloud service provider is administered by a responsible person from VILABS and a dedicated data protection officer – (Project Coordinator Prof.  Agostino Cortesi, Universita Ca’Foscari Venezia, cortesi@unive.it), following the best practices and standards available.

Personal data will be stored throughout the official lifecycle of the Families_Share EU Funded Horizon 2020 Project (until the 31/10/2020). After the end of the official period of the project, the personal data of users that have not logged in their account for one year (365 days) will be fully deleted. 

The Cloud service provider protected storage facility will be based on redundant systems and located in the EU. Data are backed up daily, and a backup copy is stored again in data centres in the EU

Access to data on the storage is subject to authentication using username and password managed in compliance with European Parliament Directive 2002/58/EC.

Only the ViLabs researchers (for research purpose) and system administrators (for maintenance purposes) will have access to the data folder.

• Transmission of data to third parties

None of the collected personal information will be shared with third parties. The collected information will only be used within the platform itself, as described above (V.)

The app does not make use of the use of implicit “intents”. This prevents the data to be unproperly accessed by other apps installed on the same device.

• Security

ViLabs takes reasonable steps to protect the Personal Data provided via the Services from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. The data communication from/to the user will be managed through the https SSL-based protocol. 

It is your responsibility to properly protect the access to the device where the app is installed against unauthorized usage.

Registered Families_Share users will have a username and a unique identifier, which enables you to access certain parts of our Services.  You are responsible for keeping them confidential. Be sure do not share them with anyone else.

• Your rights – Closing your account 

EU data protection legislation gives EU citizens the right to access information held about them. This information is mentioned above and can be edited by you via the services, according to GDPR (art. 15-22). In addition, you have the right to rectification, the right to withdraw the consent given (when the consent is the lawful basis for personal data processing), the right to erasure (‘right to be forgotten’), the right to restrict processing, the right to data portability, the right to object to processing, the right not to be subject to a decision based on automated processing (including profiling), the right to lodge a complaint with a supervisory authority, the right to an effective judicial remedy. 

You may email us at info@families-share.eu 

All users can alter their personal information as they wish, have access and can download a copy of their information and their participation to activities via the Families_Share application, while they also have the right to fully delete their account and all information relevant to their account.

Following the cancellation of the account by the user, except in the case of anonymous data, there is an obligation to remove personal data as soon as possible, since the legal basis for further processing should have disappeared.

You may also email us at info@families-share.eu to request that we delete your personal information from our database. 

• Changes to the Privacy Policy

This Privacy Policy may change from time to time. When changes are made, the effective date listed below will also change accordingly, and the new Privacy Policy will be published online, while all the involved parties will receive a dedicated notification.

• Communication

For any other information about us, please visit our website: https://www.families-share.eu/

info@families-share.eu   

Please also feel free to contact us if you have any questions about Families_Share’s Privacy Policy or the information practices of the Services. You may contact us as follows: 

• Data Management

DPO: Project Coordinator Prof.Agostino Cortesi, Universita Ca’Foscari Venezia,cortesi@unive.it

Platform Data Manager: Apostolos Vontas, ViLabs Director, avontas@vilabs.eu

Data Controller: Apostolos Vontas, ViLabs Director, avontas@vilabs.eu

August 30, 2019