Privacy Policy

1) Who we are (Controller)

This website is operated by the European Alliance for Personalised Medicine (EAPM), which acts as the data controller for website operations (hosting, logs, contact forms, newsletters, cookies).

Registered address: Ulica heroja Tomšića 11, 2000 Maribor, Slovenia

Brussels office: Avenue de l'Armée / Legerlaan 10, 1041 Brussels, Belgium

Email: Denis Horgan, denishorgan@euapm.eu

For SPARC project activities such as event registrations, mailing lists specific to SPARC, and project communications, EAPM and the Universidad Politécnica de Madrid (UPM) act as joint controllers.

UPM address: Calle Ramiro de Maeztu 7 (Edificio Rectorado), 28040 Madrid, Spain

UPM contact: Manuel Ottaviano, manuel.ottaviano@upm.es

A single contact point for data-subject rights is EAPM: denishorgan@euapm.eu.

2) What data we collect

• Technical data & logs: IP address, device/browser info, pages viewed, timestamps (via hosting logs and security tools).
• Cookies & similar tech: See our Cookie Policy for details (analytics, preference, strictly necessary).
• Contact & newsletter forms: Name, email, organisation, role, country; your message or interests.
• Event registrations (SPARC): Identification and professional details, dietary/access needs, session selections; optional consent for being photographed/recorded.
• Media at events: Photos, video, and audio captured during SPARC events.
• Social media embeds/links: Interaction with third-party platforms (their privacy terms apply).
• Supplier/partner contacts: Names, emails, role, billing references (if applicable).

3) Purposes & legal bases

• Operate and secure the website (legitimate interests: running a secure, functional site).
• Audience measurement (analytics cookies) (consent via cookie banner).
• Respond to enquiries / send project updates (legitimate interests; or consent where required for newsletters).
• Event administration (contract/steps prior to contract when you register; legitimate interests to manage attendance and safety; consent for optional media use where required by local law).
• Compliance & record keeping (legal obligations, e.g., finance/audit; and legitimate interests to document EU-funded activities).
• Reputational communication & dissemination of project results (legitimate interests; consent when the law requires it for identifiable media).

4) When we need your consent

We request consent (and let you withdraw it anytime) for:

• Non-essential cookies/analytics.
• Receiving SPARC newsletters or similar direct email marketing (where applicable).
• Using identifiable photos/video of you from events where consent is the appropriate legal basis.

5) Who receives your data (recipients)

• Processors under contract with EAPM/UPM (hosting, maintenance, analytics, event platforms, email tools, virtual meeting tools, audiovisual providers).
• Consortium partners strictly for SPARC implementation and dissemination tasks.
• Public authorities if legally required (e.g., audits by EU bodies).

All recipients are bound by confidentiality and data-protection obligations.

6) International transfers

If tools or processors are located outside the EEA, we use an EU adequacy decision or Standard Contractual Clauses (SCCs) and implement supplementary measures where appropriate.

7) Retention

• Web logs/security: up to 12 months unless needed longer for investigations.
• Event records: generally 5 years after the end of the project (aligned with EU grant record-keeping rules) unless a shorter period applies.
• Newsletters/communications: until you unsubscribe or we delete inactive lists.
• Media assets: retained for the project lifetime and archiving of results, unless you exercise your rights or withdraw consent (where consent was the basis).

8) Your rights

You can access, rectify, erase, restrict, object, and port your data, and withdraw consent at any time (without affecting prior processing). You can also complain to your local supervisory authority (e.g., the Slovenian or Belgian DPA, or your home authority).

9) Security

We apply technical and organisational measures (access controls, encryption in transit, least-privilege access, backups, policies, and supplier vetting). No method is 100% secure, but we strive to protect your data.

10) Media captured at events

We may photograph or record events to evidence and disseminate SPARC activities. We will clearly signpost recording, provide opt-out mechanisms where feasible (e.g., opt-out badges/zones), and obtain consent when required. If you want a specific image/video of you removed (where feasible), contact chiara.de.tomasso@euapm.eu with the link or details.

11) Children

SPARC is not directed to children. Event participation by minors (if any) follows specific parental/guardian consent procedures and separate notices.

12) Contact

Questions or rights requests: denishorgan@euapm.eu We may update this policy and will indicate the "Last updated" date above.