Privacy Policy – 5G Mobile Network Architecture

This privacy policy provides information about the type, scope and reason of the processing of personalized data within the 5G-MoNArch website, its functions and content. Please refer to the corresponding paragraph below regarding the terminology used in this privacy policy. Furthermore, please refer to Art. 4 of the General Data Protection Regulation (GDPR) issued by the European Union in Regularion 2016/679 used terminology, e.g., regarding “processing” and “responsible”.

Who we are

5G-MoNArch is a research project funded by the European Commission under contract number 761445 within the Horizon 2020 Framework Programme. 5G-MoNArch is part of the Phase 2 of the 5th Generation Public Private Partnership (5G-PPP)

Our website address is: https://5g-monarch.eu.

The responsible project coordinator is: Lars Christoph Schmelz, c/o Nokia Solutions and Networks GmbH & Co. KG, Werinherstrasse 91, 81541 Munich, Germany

Contact: info [AT] 5G-monarch . eu

Terminology

“Personalized data” denominates all information, which refers to an identified or identifiable individual person. An individual person is regarded as identifiable if it can be directly or indirectly identified, in particular through correlation to a login name, a numerical identifier, location data, to a user name (e.g., through a cookie), or through one or multiple other characteristics or attributes that express the physical, physiological, mental, economical, cultural or social identity of this individual person.

“Processing” are all, with or without using automated techniques, performed procedures or procedure chains in the context, or using, personalized data. The term “processing” is a broad claim including actually all data handling.

“Pseudonymization” is the processing of personalized data in such way, that the personalized data cannot be correlated to an individual person without having additional information, given that this additional information is stored separately in a technical or organizational way ensuring that the personalized data cannot be correlated to an identified or identifiable individual person.

“Profiling” denominates any type of the automated processing of personalized data that has the goal to use this personalized data to analyze or predict personal aspects related to an individual person, including aspects related to job performance, economic situation, health, personal preferences and interests, reliability, behavior, and its current or past location or change of location.

“Responsible” denominates the individual person or corporate body, office, or institution that solely, or together with others, decides upon the means and purpose of the processing of personalized data.

“Appointee” denominates the individual person or corporate body, office, or institution that processes personalized data by order of the responsible.

“Users” denominate all users accessing the website, including visitors (watching content of the website or downloading files from the website), users (i.e., individual persons leaving comments on the website) and contributors (i.e., individual persons adding information such as posts, blog entries or pages to the website).

What personal data is collected and why it is collected

Types of processed data

Inventory data (e.g., names, addresses).
Contact data (e.g., e-mail addresses, phone numbers, addresses).
Content data (e.g., entered text, pictures, photographs, downloaded files).
Usage data (e.g., visited websites, interest in content, access time, access duration).
Meta-/ communication data (e.g., equipment type, IP address).

Reason for data processing

Provisioning of the website, its functions and content
Answering to contact requests and communication with users
Security measures and spam detection
Website access and usage analysis

Comments

When users leave comments on the website, all data shown in the comments form (including name, e-mail address, or website information) is collected and stored, furthermore the user’s IP address and browser user agent string. This data is collected to identify the user’s comment on the website and to support the spam detection. This data is deleted if is not required anymore, i.e., when the comment is removed from the website. The corresponding check of the requirements is performed at least every two years. The legal obligations for archiving such data for legal, security or administrative purposes apply.

Contact information

When contacting the website responsible, e.g., via e-mail or in written form, the data of the user will be processed for handling the contact request according to Art 6(1)(b) GDPR. This contact request and the related stored data will be deleted if they are not required anymore. The corresponding check of the requirements is performed at least every two years. The legal obligations for archiving such data for legal, security or administrative purposes apply.

Registered users

For a user that registers on our website (if any), all personal information the user stores in its user profile (e.g., name, address, e-mail addres, phone number, age) is retained indefinitely until the user deletes its profile. Each user can see, edit, or delete its personal information at any time (except the user name). Website administrators, i.e., the responsible and appointees, can also see and edit that information. The legal obligations for archiving such data for legal, security or administrative purposes apply.

Media

If the user uploads images to the website, it is recommended to avoid uploading images that include embedded location data (such as EXIF GPS data), as this location data is personalized data. Other users visiting the website may download these pictures and extract the corresponding embedded location data, which allows to retrieve information about the person that took the picture, and be used for profiling.

Cookies

“Cookies” are small files which are stored on the devices (e.g., computers, tables, or mobile phones) of users. These cookies may contain different data. Cookies are primarily used to store information about a user, or the device the cookie is stored on, during, but also after its visit to the website. Temporary cookies (or session cookies) are deleted after leaving the website and closing the web browser. These cookies may contain information about the user’s login status. Permanent cookies (or persistent cookies) remain stored on the device up to one year after closing the browser before they become invalid and are removed by the web browser. These cookies may include the login status, which is retrieved at the next login to the website. Furthermore, permanent cookies may contain information about the user’s interests, which are used for the website access analysis. Third-party-cookies denominate cookies provided by providers other than the responsible.

This website uses temporary as well as permanent cookies as explained above.

In case the user does not want cookies to be stored on its device, the user is requested to deactivate the corresponding options in the system settings of its web browser. Stored cookies can be deleted from the system settings of the web browser. The exclusion of cookies may lead to a limited functionality of the website.

Cookies used for comments

If the users leaves a comment on the website, the user may opt-in to saving name, e-mail address and website in cookies. This personalized data will be stored in a permanent cookie on the device for the user’s convenience, such that this data does not need to be filled in again at the next login, or for posting another comment.

Cookies used for logins to the website

If the user has an account and logs in to the website, a temporary cookie will be stored on the device in order to determine if the web browser accepts cookies. This cookie contains no personalized data and is deleted when closing the web browser.

When the user logs in to the website, several permanent cookies containing personalized data will be stored on the device. These cookies contain data on the login information and the screen display choices. The cookies containing the login information remain valid for two days. If “remember me” is selected during the login procedure, these cookies remain valid for two weeks. If the user explicitly logs out of the website, the cookies containing the login information will be removed after closing the web browser. The cookies containing screen display choices remain valid for one year. After the expiration of the respective validity period, these cookies are removed by the web browser.

If the users edits or publishes an article or blog entry on the website, an additional permanent cookie will be stored on the device. This cookie includes only the post identifier of the article or blog entry. This cookie remains valid for one day and is removed by the web browser thereafter.

Access data and log files

The website, or the website’s hosting provider, respectively, collects based on our legitimate interests (according to Art. 6(1)(f) GDPR) data on each access to the website and the hosting web server (i.e., server log files). These server log files include the name and address of the accessed websites, the accessed file names, date and time of the access, the submitted amount of data, the notice of the successful or unsuccessful access, the web browser type and version, the operating system of the user’s device, the referrer URL (i.e., the previously visited website), and the user’s IP address and hostname.

These server log files are stored by the website hosting provider for a maximum of 6 weeks for security reasons (e.g., to be able to support the clearing of defraudation or abuse of the website) and deleted afterwards. The website hosting provider performs a pseudonymization of the server log files such that the responsible and appointees, and other responsibles that get access granted to the server log files, cannot perform a profiling of the users by processing the the server log files. In particular, the user’s IP address and host name are anonymized.

The other data contained in the server log files are processed in order to perform a statistical analysis of the access and use of the website.

Presence in social media

The 5G-MoNArch project is represented at multiple social media channels, in particular, at Twitter, LinkedIn and Youtube, in order to allow the users being active there to get additional information about the project and to communicate with the project beyond the means of this website.

When approaching these social media channels and visiting and calling their respective websites, apps or other presence, the terms and conditions of the corresponding operators, companies and platforms apply, and the respective privacy policies and data handling and processing policies and guidelines of the corresponding operators, companies and platforms apply.

If not stated otherwise within the framework of our privacy policy, we use and process the data of the users that communicate with us through the social media channels, for example, by posts and comments provided through the means of the social media channels, or by messages and e-mails submitted through the social media channels.

Data protection

In compliance with Art. 32 GDPR, appropriate technical and organisational measures are employed in order to ensure an appropriate protection level of personalized data. These technical and organisational measures reflect the technology state of the art, implementation efforts and cost, the type, degree, circumstances and purpose of the processing of personalized data, and the occurrence probability and risk severity to the rights and freedom of individual persons. These measures include the protection of confidentiality, integrity and availability of data by carefully selecting the hosting organization of the website, the software used by the website, and the application of appropriate processes and procedures for the website development and modification, access and availability. Furthermore

Processes and procedures are employed that allow users to exercise their rights, in particular with respect to the protection of personalized data, the deletion of personalized data, and the reaction on data being compromised. The website presetting as well as the corresponding presetting of the website hosting provider services follow data protection friendly principles according to Art. 25 GDPR.

Zu den Maßnahmen gehören insbesondere die Sicherung der Vertraulichkeit, Integrität und Verfügbarkeit von Daten durch Kontrolle des physischen Zugangs zu den Daten, als auch des sie betreffenden Zugriffs, der Eingabe, Weitergabe, der Sicherung der Verfügbarkeit und ihrer Trennung. Des Weiteren haben wir Verfahren eingerichtet, die eine Wahrnehmung von Betroffenenrechten, Löschung von Daten und Reaktion auf Gefährdung der Daten gewährleisen. Ferner berücksichtigen wir den Schutz personenbezogener Daten bereits bei der Entwicklung, bzw. Auswahl von Hardware, Software sowie Verfahren, entsprechend dem Prinzip des Datenschutzes durch Technikgestaltung und durch datenschutzfreundliche Voreinstellungen berücksichtigt (Art. 25 DSGVO).

User’s rights on its personalized data

The user has the right to request a confirmation if respective personalized data has been processed, information about the respective personalized data, and a copy of the respective personalized data according to Art. 15 GDPR.

The user has the right to request the immediate deletion of the respective personalized data according to Art. 17 GDPR, or alternatively that the processing of the respective personalized data is restricted according to Art. 18 GDPR.

The user has the right to request a correction or completion of the respective personalized data in case this personalized data is incorrect or incomplete, according to Art. 16 GDPR.

The user has the right to request the reception of the respective personalized data, and to demand the forwarding of the respective personalized data to other responsibles according to Art. 20 GDPR.

The legal obligations for archiving respective personalized data for legal, security or administrative purposes apply.

The user has the right to file a complaint at the responsible controlling institution according to Art. 77 GDPR.

Deletion of data

As far as not explicitly stated otherwise in this privacy policy, according to Art. 17 and 18 GDPR the user’s personalized data is deleted or restricted on its processing as soon as it is no more required for the intended purpose, and there are no legal obligations for archiving this data. In case the personalized data is not deleted because it is used for other legally permitted purposes, its processing will be restricted, i.e., the data is locked to ensure that it can only be used for the legally permitted purposes.

Right of withdrawal

The user has the right to withdraw given consent. This withdrawal is valid as of the point of time of the withdrawal for the future according to Art. 7(3) GDPR.

Right of objection

The user can object the henceforth processing of the respective personalized data at any time according to Art. 21 GDPR.

Hosting

The website hosting services used by the website are necessary to render the following particular services: platform services, computing services, storage and database services, application services, security services, technical support and maintenance support services. These services are necessary to be able to operate this website.

As part of the website operation, the website itself, or our website hosting provider, respectively, collects and processes inventory data, contact data, content data, usage data, and meta- / communication data of users of the website, on the basis of our legitimate interest of providing an efficient and secure access to the website according to Art. 6(1)(f) GDPR together with Art. 28 GDPR.

Sharing of data

Only statistical analysis data, i.e., anonymized and summarized data on the access and use of the website, are shared with third parties. This statistical analysis data on the access and use of the website is within the legitimate interest of the responsible. The shared data can not be used for the profiling of users.

The legal obligations for providing personalized data or processed data, and the archiving of such personalized data or processed data to legal authorities apply, e.g., to be able to support the clearing of defraudation or abuse of the website.

Legal basis

Legal basis for this privacy policy is the General Data Protection Regulation (GDPR) 2016/679 issued by the European Union.

In compliance with Art. 13 GDPR we inform about the legal basis of our data processing. In case the legal basis is not explicitly mentioned in the privacy policy, the following applies:

The legal basis for obtaining consent is Art. 6(1)(a) and Art. 7 GDPR
The legal basis for the processing in order to fulfil our obligations, provide our services, and replying to requests is Art. 6(1)(b) GDPR
The legal basis for the processing in order to fulfil our legal obligations is Art. 6(1)(c) GDPR
The legal basis for keeping our legitimate interests is Art. 6(1)(f) GDPR.
In case vital interests of the individual person, or another individual person, require the processing of personalized data, Art. 6(1)(d) GDPR is the legal basis.