Privacy Policy 2021

PROTECTION OF YOUR PERSONAL DATA
[Updated July 2021]

This privacy statement provides information about the processing and the protection of your personal data.

Processing operation: European Social Innovation Competition (“EUSIC”)
Data Controller: The European Commission
Record reference:  DPR-EC-00737.1

Table of Contents

• Introduction
• Why and how do we process your personal data?
• On what legal ground(s) do we process your personal data?
• Which personal data do we collect and further process?
• How long do we keep your personal data?
• How do we protect and safeguard your personal data?
• Who has access to your personal data and to whom is it disclosed?
• What are your rights and how can you exercise them? 
• Contact information
• Where to find more detailed information? 

Introduction

The European Commission (hereafter ‘the Commission’) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).

This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller and Data Processor with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.

This website is operated by Nesta as part of a consortium (the “Consortium”/“We”) set up to administer and manage the European Social Innovation Competition (the “Competition”) being run by the Commission. The Consortium members are: Nesta 58 Victoria Embankment London EC4Y 0DS, Euclid Network Saturnusstraat 14 2516 AH The Hague (The Netherlands), GOPA.COM Boulevard de la Woluwe 2 1150 Brussels (Belgium) and Ashoka Calle Alameda 22 28014 Madrid statutory registration number G83698084.

The Commission is the Data Controller of all personal data relating to the Competition which is being processed by the Consortium in accordance with the Commission’s instructions and in compliance with Regulation (EU) 2016/679. Nesta is the Data Processor.

This privacy policy explains how your personal information collected via this website will be used by the Commission and the Consortium. 

Why and how do we process your personal data?

Purpose of the processing operation: The Commission and Nesta collect and use your personal information as follows:

• Sign-up details: If you sign-up for us to send you newsletters, publications and other information about Nesta, our partners and activities, we will use your personal information to send these to you. Our legal basis for doing this is your consent. You have the right to withdraw this consent at any time, as explained below.
• Event registrations: If you register to attend one of our events, we will use your personal information to process your application to attend the event, take payment, if any, for our administration and management of the event and to send you any updates or information regarding the event. Our legal basis for doing so is to fulfil the agreement with you for your attendance. For more information, please see Record DPR-EC-01063 by following this link: https://ec.europa.eu/dpo-register/detail/DPR-EC-01063 
• Competition applications: your personal information will only be used by the Consortium for the purpose of processing your application for the European Social Innovation Competition, and providing you with updates and information about the Competition and its progress. We undertake this processing because it is necessary to progress your application and to take steps to enter into a contract with you.
• Competition panel judges: if you have agreed to join the Competition’s judging panel we will use personal information you have provided to communicate with you and to advise the general public which individuals form part of the Competition’s judging panel.
• Alumni: if you have agreed to join our group of alumni we will use the personal information provided to publish your profile on the Competition website and to send you information about the European Social Innovation Competition events, opportunities and Annual Alumni Census, and to feature your social innovation work in Competition channels including events, newsletters and social media platforms. Our legal basis for doing this is your consent. You have the right to withdraw this consent at any time, as explained below.
• Feedback: if you agree to give us feedback or complete a survey, we will use the information to improve our work and activities. If you agree to participate in any survey that will form part of any research project, we will tell you at the time you take part how your information will be used for the particular research project or programme, and how long it will be kept for.
• Online activity and cookies: we obtain information about your device which helps us to monitor the website and keep it secure. This website contains cookies. Cookies are small text files that are placed on your computer by websites you visit. They are widely used to make websites work, or work more efficiently, as well as to provide information to site owners. Most web browsers allow some control of most cookies through browser settings. The cookies on this website are strictly necessary to enable you to move around the website or to provide certain basic features, such as logging into secure areas. This website also uses performance cookies which collect information about how you use the website, such as how you are referred to it, what pages you have visited and how long you stay on certain pages. This information is aggregated and therefore anonymous and is used to improve the performance of this website. We also use third party tracking cookies for remarketing which helps us to send you tailored advertisements about Nesta that we think may be of interest to you, based on what parts of Nesta’s websites you have viewed. The advertisements will be shown to you on other search results pages, or on sites within or any third-party display network. We do not collect any identifiable information through the use of these third-party remarketing services. To find out more about cookies, see our Cookie Policy.
• Posts and Communications: if you post any comments on this website, any personal information you agree to provide will be displayed publicly on this website along with your comments.

For all kinds of information collected:

• Please make sure that any personal details you provide are accurate and up to date, and let us know about any changes. Please get consent first before giving us anyone else’s information.
• Upon your consent, we may also use your information to carry out analysis and research to improve our publications, events and activities; customise our website and its content to your particular preferences; notify you of any changes to our website or to our activities that may affect you; prevent and detect fraud and abuse; and protect other users.
• Upon your consent, we may retain all or some of your information for our own legitimate business interests for statistical analysis purposes, in order to review, develop and improve our business activities.  In this situation, we will only keep any personal information if it is necessary to do so, and will always put in place appropriate safeguards, including where possible anonymising or minimising the data retained.
• Your personal data will not be used for any automated decision-making including profiling. 

On what legal ground(s) do we process your personal data

We process your personal data, because:

• Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract; 
• You have given consent to the processing of your personal data for one or more specific purposes as listed in section 2 above.

Which personal data do we collect and further process? 

In order to carry out this processing operation Nesta collects the following categories of personal data:

• Sign-up details: If you register or sign up for Competition events, newsletters or publications on the site, we will ask you for personal information such as your name, email address, occupation and other contact details such as a contact phone number.
• Competition application: We may ask for more detailed information (for example: alternative contact details, postal address, country of residence. Note that these are examples only and others might be asked for if needed), which we will use to process your application. and you will be asked to agree to specific Rules of Contest (i.e. the rules applicable to the Competition) at the time of making the application. With your consent, your details may be used for ongoing Competition communications, and registration for the Social Innovation Academy. 
• Competition judging panel: if you have been selected to be part of the Competition judging panel you will be asked to provide your name, a bio and a photograph of yourself.
• Alumni: If you are invited to join the Alumni you will be asked to provide your name, organisation, project name, country of residence, details of lead individuals, areas of professional interest and photograph and email address and contact details.  
• Feedback: We may also ask you for feedback about the Competition or to complete surveys. We will only process the personal data needed for the purpose of collecting the feedback.
• Online activity: When you use our website, we obtain information about the device from which you accessed it, your visits and use of the website including your IP address, location, browser type and version, search referrer and activity. We record your activity and preferences when visiting the sites through the use of cookies.
• Your posts and communications: If you post content or communicate via the site, we may also ask for your name, occupation and the organisation you may work for. We also store and monitor your content and communications.

The provision of personal data is not mandatory except where it is necessary for us to process your entry into the Competition or your request to attend an event or to receive a publication, as relevant. If you do not provide your personal data, you will not be able to take part in the Competition, attend an event you wish to attend, or to receive the publication you wish to request (as relevant).

How long do we keep your personal data?

• General principle: We will only keep any personal information that you provide to us for as long as is necessary to fulfil the purpose for which you gave us the information and we will securely delete information when it is no longer needed for that purpose, as explained in more detail below.
• Events: If you attend one of our events, we will use your information for the purpose of the event, and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and business development purposes to help us understand our audience and reach, and to improve future events. For more information, please see Record DPR-EC-01063 by following this link: https://ec.europa.eu/dpo-register/detail/DPR-EC-01063 
• Competition applications: If you are successful, you will enter into an agreement with the Commission and they will provide further information about how they will continue to process your personal information. If you are unsuccessful, your information will be retained for a period of 6 years from the end of the agreement the Consortium has with the Commission for monitoring and evaluation purposes. If you agree to that, we will also use your data during this period and to tell you about future opportunities to apply for similar competitions. If you do not want to receive information about future opportunities to apply for similar competitions please let us know by emailing us at [email protected]
• Competition judging panel: If you have been selected to be part of the Competition judging panel, your profile will be displayed on the Competition website for the duration of the Competition and in the archived website.
• Alumni: If you have agreed to join the Alumni, your profile will be displayed on the Competition website and used in accordance with the terms and conditions of membership for as long as the Alumni continues to be in existence and you wish to remain a member. 
• Consent: We keep records of consent, and any withdrawal of consent, on our files for as long as your personal information is being used in-line with that consent and for a period of 6 years after the consent is withdrawn (unless otherwise requested by you).
• Posts and communications: Any information that you post on the website shall only be kept and displayed for such time as the subject matter to which it relates is publicly displayed.   
• Processing for statistical analysis purposes: This type of processing will only be undertaken whilst we retain your personal information in line with the principles explained above.
• Cookies: The length of time for which we keep information collected from you using cookies, varies from 1 minute to 2 years as further detailed in our Cookie Policy which can be found here. 

How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored either on the servers of the Commission or of its contractors. All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States and the United Kingdom (‘GDPR’ Regulation (EU) 2016/679)

In order to protect your personal data, the Commission has put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

Who has access to your personal data and to whom is it disclosed?

Access to your personal data is provided to the Commission and its contractors’ staff (as relevant) responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.

Where Nesta transfers your personal data to a third party based outside of the UK or the EU, it will only do so based on the adequacy decision of the Commission (for the United States (Article 47 of Regulation (EU) 2018/1725)).

Your information will be shared with the Commission, the Consortium and any assessors and other individuals who may help run the Competition. The legal basis for doing this is for the Commission to pursue its legitimate interest of being able to work collaboratively with the Consortium and any other organisations to operate and administer the Competition. You can find the European Commission Privacy policy  here.

• Newsletter – If you sign up to receive the Competition newsletter and updates about the Competition these newsletters will be sent using Rapidmail, a company based in the EEA.  We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. If you want to know more about how your information will be stored and processed, please see Rapidmail’s data protection statement.
• Website – Telescopic, the developer of this website, will have access to personal information that you provide, including your name and where you work, if provided, solely for the purpose of the administration and maintenance of this website. Nesta has an appropriate agreement in place with Telescopic to ensure the security of your personal information.
• Competition – If you apply to enter the Competition via this website, we use Submittable Holdings Inc to process that application. Submittable is based in the United States and that may involve your information being stored and processed outside the UK and the European Economic Area (EEA) in accordance with Regulation (EU) 2018/1725. Submittable complies with the EU-US Privacy Shield Agreement. Please see their privacy policy for further information.
• Social Innovation Academy – If you are successful in your application, you will be enrolled in the Social Innovation Academy. The 2021 Academy is hosted by Learnworlds. Learnworlds is based in Cyprus but the usage may involve your information being stored and processed outside the UK and the European Economic Area (EEA) in accordance with Regulation (EU) 2018/1725. Learnworlds complies with the EU-US Privacy Shield Agreement. With Learnworlds you have the right to ask them to delete or otherwise dispose of any of your personal data at any time. Once the conclusion of your participation in the Social Innovation Academy, Learnworlds will store your dta for a maximum of 2 years.
• Events – If you register to attend a Competition event, we use our partners at SCIC’s Eventworks. For more information, please see Record DPR-EC-01063 by following this link: https://ec.europa.eu/dpo-register/detail/DPR-EC-01063 
• Feedback and surveys – If you provide us with feedback or complete a survey we usually use Survey Monkey to process surveys, and they only process your information on our instructions. Survey Monkey operates in the US and complies with the EU-U.S. Privacy Shield Framework. For more information see their privacy policy.
  – As a responsible organisation, we are committed to attracting and funding a diverse group of applicants through our programme and want to improve how we do this. In order to allow us to do this better, we would like to collect some diversity monitoring information from those organisations we work with. For the avoidance of doubt, any survey relating to demographic information will be confidential and no individual will be identifiable from the responses or the reports we generate using that information. 
• Data security and back-up – Nesta uses a third party to provide cloud based data security, storage and disaster recovery service to backup data that we hold, we currently use Barracuda Networks incorporated. Barracuda is a company based in the U.S. and stores your Data outside the EEA. Barracuda complies with the EU-U.S. Privacy Shield Framework.  For more information see their privacy policy.
• Cookies – We use SendinBlue for marketing purposes, in particular relating to newsletters regarding Competition activity. SendinBlue’s privacy policy can be accessed here: https://www.sendinblue.com/legal/privacypolicy/.
  – You are offered the opportunity to accept or reject these cookies. Generally, if you wish to do so, you can block cookies by changing the settings on your browser. Some of the features on the site may not work if you choose to block cookies.

We may disclose your personal information to law enforcement agencies if required by law (in which case our legal basis for doing this is for compliance with a legal obligation), or to protect or defend ourselves or others against illegal or harmful activities (in which case, our legal basis for doing this is the pursuit of these legitimate interests).

What are your rights and how can you exercise them? 

You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.

You have consented to provide your personal data to Nesta for the present processing operation. You can withdraw your consent at any time by notifying Nesta or the Commission. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

If you no longer want to receive communications about the Competition, you can unsubscribe from the mailing list at any time by clicking the unsubscribe link at the bottom of emails or by emailing  [email protected] detailing your name and email address.

If you agree to cookies then you must deactivate the Google Adwords cookie from your account. Generally, if you wish to do so, you can block cookies by changing the settings on your browser. Please note that some of the features of the site may not work if you choose to block cookies.

You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given in the section below. 

Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified in the section below) in your request.

Contact information

Nesta

If you would like to exercise your rights under Regulation (EU) 2018/1725, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact Nesta. 

Nesta is a company limited by guarantee registered in England and Wales with company number 7706036 and charity number 1144091. Registered as a charity in Scotland number SC042833. Registered office: 58 Victoria Embankment, London, EC4Y 0DS. Email: [email protected]  

In case of disagreement with Nesta, please contact the Data Controller at: [email protected]   

The Data Protection Officer (DPO) of the Commission

In case of disagreement with the Data Controller, you may contact the Data Protection Officer ([email protected]) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.

The European Data Protection Supervisor (EDPS)

You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor ([email protected]) (or in the United Kingdom, the Information Commissioner (https://ico.org.uk/global/contact-us/) if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.

Where to find more detailed information?

The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.

This specific processing operation has been included in the DPO’s public register with the following Record reference:  DPR-EC-00737.1