Information to be provided

(art. 13 and 14 GDPR)

You are currently visiting the ECHO Web Privacy Policy.

This website (the “Site”) is hosted and managed by ECHO Partner WP9 Leader: SEMMELWEIS EGYETEM , an Hungarian university having its registered office at 26 Üllői str. (Hungary). The content of the site is generated by the ECHO project.

This privacy policy informs you of our policies regarding the collection, use and disclosure of personal information/data we receive from users of the Site. The security of your personal data is very important to us. In the following sections, we will explain how we collect, use and protect your personal data.

We will also explain what rights you have with regards to your personal data and how you can exercise those rights.

This Privacy Policy was last updated on 01 February 2019 and may be amended from time to time. We invite you to consult this page regularly.

Who are we?

European network of Cybersecurity centres and competence Hub for innovation and Operations.

ECHO delivers an organized and coordinated approach to improve proactive cyber defense of the European Union, through effective and efficient multi-sector collaboration. The Partners will execute on a 48-month work plan to develop, model and demonstrate a network of cyber research and competence centers, with a centre of competence at the hub.


Who is the Data controller and Data Protection Officer?

RHEA SYSTEM SA (RHEA), established in AVENUE EINSTEIN 8, WAVRE 1300 (Belgium) is the Data Controller for the ECHO project and will manage personal data in compliance with the provisions of European Regulation 2016/679 (“GDPR”), thanks also the establishment of a Privacy Team and the nomination of an ECHO DPO (Data Protection Officer).

Data subject can contact the Data Controller and DPO to the following email – address:

Data Controller Contact:

Data Protection Officer Contact:

What is personal data?

Personal data may be any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, and an online identifier.

How do we collect your personal data?

Your personal data on this website can be collected either directly or indirectly.

It can be collected directly when, for instance, you voluntarily submit it when completing the consent form. When accessing to these pages, you will be provided information about the collection of your personal data and will be able to give – or not – your consent.

Your personal data can be collected indirectly when using cookies and other technologies. ECHO intends to collect information such as the number of visitors, as well as user’s last visit date and consulted page. Please refer to the Cookies Policy.

What kind of personal data do we collect?

The following types of personal information may be collected, stored, and used:

  • information about browsing data, including your IP address, geographical location, browser type and version, operating system, length of visit, page views and website navigation paths;
  • information about point of contact, namely name, surname and email address that you enter in order to set up subscriptions to our newsletters, interviews, pilots, workshop, application to be a partner;

What are the legal grounds to collect and handle your personal data?

RHEA will collect, use and share your personal information only when this is legally justified.

We can summarize our relevant legal basis for processing your personal data as follows:

  • Your consent. The data subject has given consent to the processing of his or her personal data for the specific purpose here-below;
  • Legitimate Interests. RHEA also processes your data when it is in our legitimate interests to do this and when these interests are not overridden by your data protection rights.

Our legitimate interests include:

  • Promoting and disseminating the ECHO Project;
  • Promoting and advertising our exploitable assets;
  • Promoting European Cybersecurity;
  • Sending promotional communications which are relevant and tailored to individual stakeholders;
  • Improving efficacy of the ECHO website;
  • Handling stakeholders contacts, queries, complaints or disputes;
  • Fulfilling privacy duties;


Which is the scope and purpose of the collection, processing and utilization of personal data?

All use of your collected personal data is confined to the purposes stated below and is only undertaken to the extent necessary for these purposes.

When you visit ECHO website

Information about browsing data: We collect some data to help us find out things like how many people visit our site, how they navigate around our site, the pages that are most visited.

We use Google Analytics to track user interaction with our website. See the Cookies Policy detailed explanation.

The Website’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Website’s users as part of their routine operation. While the Data Controller does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.

This information includes several parameters related to your operating system and IT environment: your IP address; location (country); the domain names of your device; the type of device; the URI (Uniform Resource Identifier) addresses of resources you request on the Website; the time of requests made; the method used to submit requests to the server; the dimensions of the file obtained in response to a request; the numerical code indicating the status of the response sent by the server (successful, error, etc.).

These data are used to compile statistical information on the use of the Website, to ensure its correct operation, as well as restore backup from possible failures of the Website and identify any faults and/or abuse of the Website.

When you subscribe for: newsletters, interviews, pilots, workshop and to apply to be a new partner.

Information about point of contact: if you subscribe in our site, we will ask you to provide us with certain personal identifiable information that will be used to contact you that may become part of the website database. Personal identifiable information may include your name, surname and your professional/personal email when you register at the time of subscription.

What about storage, access and transfer of personal data?

Personal Information which you supply to us is generally stored and kept in servers located in Budapest, Hungary.

However, due to the nature of our global business and the technologies required (some cloud-based tools), your Personal Information may be transferred to internal or external third party located outside the EEA, in countries where there may be a lower legal level of data protection.

In such situations, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

  • We include the standard contractual clauses approved by the European Commission for transferring personal information outside the EEA into our contracts with those third parties;
  • We ensure that the country in which your personal information will be handled has been deemed “adequate” by the European Commission;
  • We carefully validate any requests for information from law enforcement or regulators before disclosing the information;
  • Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EUUS Privacy Shield.

RHEA shall give access to your personal information only to trusted partners or services providers who require the use of such information for business purposes.  These third parties are entities for whom we have established they have adequate and sufficient data protection and security controls in place and with whom we have also implemented contractual obligations to ensure they can only use your data to provide services to RHEA limited to the purposes listed above. Moreover, these third parties shall not use or process your Personal Data for any purpose other than to provide the Service to RHEA.

Your Personal Data is shared with the following list of entities (“Data Processors”).

  1. Entities engaged in order to provide or support the Website and Services (e.g., hosting providers, e-mail platform providers, technical maintenance providers):
  • SEMMELWEIS EGYETEM, for maintenance and statistical purposes.
    1. Third part entities engaged for success factors demonstration:
  • Third party analytics, namely Google analytics. Please take vision of the Cookies Policy.

Personal data will not be transferred to government bodies or public authorities except in order to comply with mandatory national legislation or if the transfer of such data should be necessary in order to take legal action in cases of fraudulent access to our network infrastructure.

Personal data will not be transferred for any other purposes.

RHEA will not pass on or sell your personal data to third parties for their own marketing purposes.

Which period the personal data will be stored for?

Personal data will be retained for a limited period of time as long as we need it to fulfill the purposes for which we have initially collected it, unless otherwise require by law.

We will not retain your Personally Identifiable Information (PII) for longer than required. This means that we will keep your PII for any or a combination of time periods described as follows: (i) for as long as required by law, (ii) until we no longer have a valid reason for keeping it, (iii) until you request us to stop using it. When we delete your PII from our databases, it will remain in our backup system until it cycles out.

Please note that by law certain kinds of data must be kept for a certain period of time. Such data must be stored by us until these periods run out. We block this data in our system and use it only in order to fulfil statutory requirements. In any case all personal data will be removed 5 years after the conclusion of the project (as agreed with the EC in the Grant Agreements of the four projects).

What about the consent requested in this web site?

Your consent is optional but if you don’t provide the requested information, please mind that the Data Controller can’t contact you.

By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.

You may withdraw consent at any time by sending an email to:

You may cancel your subscription to the newsletter at any time, by sending us an e-mail via

What are the security measures applied to handle personal data?

The security of your Personal Information is important to us.

Any personal data processed by SEMMELWEIS EGYETEM is kept on secure servers. SEMMELWEIS EGYETEM uses reasonable administrative, technical, personnel, and physical measures to safeguard personal data against loss, unauthorized access, use, disclosure, or modification and to ensure the integrity of the personal data. Additionally, SEMMELWEIS EGYETEM ensures to process your personal data only for the purposes mentioned in this privacy notice and to keep data no longer than necessary.

This website is subject to the SEMMELWEIS EGYETEM Information Security Policy, aiming at safeguarding the confidentiality, integrity, availability, authenticity and non-repudiation of information and information systems. SEMMELWEIS EGYETEM implements technical and organizational security measures to safeguard stored personal data against inadvertent or deliberate manipulation, loss or destruction and against access by unauthorized persons.

What are my rights as a data subject?

While we are in possession of, or processing your personal data, you, the data subject, have the following rights:

  • Right of access – you have the right to request a copy of the information that we hold about you.
  • Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
  • Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
  • Right to processing restriction– where certain conditions apply to have a right to restrict the processing.
  • Right of portability – you have the right to have the data we hold about you transferred to another organisation.
  • Right to object – you have the right to object to processing activities not described in this policy.
  • Right to object to automated processing, including profiling – you also have the right to object to be subject to the legal effects of automated processing or profiling.
  • Right to judicial review: in the event that RHEA refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

You may do this by sending an e-mail with the relevant request to

We draw your attention to the fact that if your data is deleted it will no longer be possible to use some or all of our services.

You may retract your consent to certain kinds of data processing at any time with effect for the future.

What are the conditions for acceptance, validity and modification of data protection policy?

This Privacy Policy is effective as of 01/02/2019 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website, collecting appropriate user’s consent when so required.

How is it possible contact us?

If you have any questions about this Privacy Policy, please contact us: