ImmuniFact

Privacy Policy

Last updated: 1 June 2026

This Privacy Policy explains how IMMUNIFACT Partnership Consortium, as the operator of the website https://immunifact.eu/, collects, uses, stores and protects personal data when visitors use this website and related online services. We are committed to protecting the privacy of all website visitors, project participants, partners, stakeholders and users of our digital tools. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR), applicable national data protection laws, and the principles of fairness, transparency, data minimisation and security.

1. Data Controller

The data controller responsible for the processing of personal data through this website is:

  • IMMUNIFACT Partnership Consortium
  • Website: https://immunifact.eu/
  • Email: info@immunifact.eu

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us at: info@immunifact.eu.

2. What Personal Data We Collect

We collect only the personal data that is necessary for the functioning of the website, communication with users, implementation of project activities and improvement of our services. Depending on how you use the website, we may collect the following types of personal data:

  • When you contact us through a contact form or by email, we may collect your name, email address, organisation, country, message content and any other information you voluntarily provide.
  • When you subscribe to a newsletter or project updates, we may collect your name, email address, organisation and communication preferences.
  • When you register for an event, workshop, webinar, training or project activity, we may collect your name, surname, email address, organisation, role, country, accessibility needs, attendance information and other information necessary for participation.
  • When you use digital tools available on the website, such as self-assessment tools, questionnaires or feedback forms, we may collect the answers you provide, technical usage data and, where applicable, contact details if you choose to submit them.
  • When you visit the website, certain technical data may be collected automatically, such as IP address, browser type, device type, operating system, pages visited, date and time of access, referring website and general usage statistics.

We do not intentionally collect special categories of personal data unless it is necessary for accessibility, inclusion or participation purposes and only where such data is voluntarily provided by the user or processed on an appropriate legal basis.

3. Why We Process Personal Data

We process personal data for the following purposes:

  • To operate, maintain and improve the website and its digital tools.
  • To respond to enquiries, messages and requests submitted through the website.
  • To manage registrations and participation in events, trainings, workshops, webinars and other project activities.
  • To send newsletters, updates and project-related communication where users have subscribed or where such communication is otherwise permitted.
  • To collect feedback, evaluate project results and improve educational or digital resources.
  • To ensure accessibility and inclusion, including reasonable adjustments for participants who communicate specific needs.
  • To document and report project activities, where required by funders, partners or applicable rules.
  • To protect the website from misuse, spam, cyberattacks or unauthorised access.
  • To comply with legal, contractual and reporting obligations.

4. Legal Basis for Processing

We process personal data only when there is a valid legal basis under GDPR. Depending on the situation, the legal basis may include:

  • Consent, for example when you subscribe to a newsletter, voluntarily complete a form, or agree to receive specific communication.
  • Performance of a contract or pre-contractual steps, for example when processing is necessary for your participation in a registered activity or service.
  • Legal obligation, where we must process or retain certain information to comply with applicable laws, accounting rules, reporting obligations or funder requirements.
  • Legitimate interest, for example to maintain website security, respond to enquiries, evaluate website performance, improve project activities and communicate with relevant stakeholders, provided that such interests do not override your rights and freedoms.

Where we rely on consent, you may withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before consent was withdrawn.

5. Cookies and Similar Technologies

This website may use cookies and similar technologies to ensure proper website functionality, improve user experience, analyse website traffic and support communication activities. Cookies may include:

  • Essential cookies, which are necessary for the website to function properly.
  • Analytics cookies, which help us understand how visitors use the website and improve its content and structure.
  • Functional cookies, which remember user preferences and improve usability.
  • Third-party cookies, which may be set by external services embedded on the website, such as video platforms, maps, social media plugins, newsletter tools or analytics services.

Where required by law, non-essential cookies will be used only after your consent. You can manage or withdraw your cookie preferences through the cookie banner or your browser settings.

6. Use of Third-Party Services

To operate the website and project activities, we may use trusted third-party service providers, such as hosting providers, email services, analytics tools, event registration tools, online survey platforms, video conferencing platforms, cloud storage services or website plugins. These providers may process personal data only to the extent necessary to provide their services and in accordance with applicable data protection rules.

Examples of third-party services may include:

  • Hostinger (website hosting provider)

If personal data is transferred outside the European Economic Area, we will ensure that appropriate safeguards are in place, such as adequacy decisions, Standard Contractual Clauses or other lawful transfer mechanisms.

7. How Long We Keep Personal Data

We keep personal data only for as long as necessary for the purposes for which it was collected, unless a longer retention period is required by law, contractual obligations or project reporting requirements.

  • Contact form enquiries are usually kept for as long as necessary to respond to the request and maintain relevant communication records.
  • Newsletter data is kept until the user unsubscribes or requests deletion.
  • Event and project participation data may be kept for the duration of the project and for the required reporting and audit period.
  • Technical and analytics data is kept for a limited period according to the settings of the relevant tools and service providers.

When personal data is no longer needed, it will be deleted, anonymised or securely archived in accordance with applicable rules.

8. Who We Share Personal Data With

We do not sell personal data. Personal data may be shared only where necessary and lawful, including with:

  • Project partners, where needed for the implementation of project activities.
  • Service providers who support website hosting, communication, analytics, event management, surveys or technical maintenance.
  • Funding bodies, auditors or public authorities, where required for reporting, monitoring, verification or legal compliance.
  • Professional advisers or competent authorities, where necessary to protect legal rights, prevent misuse or comply with legal obligations.

All sharing of personal data is limited to what is necessary and subject to appropriate safeguards.

9. Data Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include secure hosting, access controls, password protection, regular updates, limited access to personal data, secure communication tools and internal procedures for responsible data handling.

Although we take reasonable steps to protect personal data, no website or online service can guarantee complete security. Users are encouraged to use secure devices and avoid sending highly sensitive information through online forms unless necessary.

10. Your Rights

Under GDPR, you have rights regarding your personal data. These may include the right to:

  • Request access to the personal data we hold about you.
  • Request correction of inaccurate or incomplete personal data.
  • Request deletion of your personal data, where applicable.
  • Request restriction of processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time, where processing is based on consent.
  • Request data portability, where applicable.
  • Lodge a complaint with a competent data protection authority.

To exercise your rights, please contact us at info@immunifact.eu. We may need to verify your identity before responding to your request.

11. Children and Young People

This website and its resources may be intended for educational, youth work or awareness-raising purposes. Where activities involve children or young people under the age required by applicable law for valid consent, we will seek appropriate consent from a parent, guardian, school, organisation or other authorised representative where necessary. We are committed to protecting the privacy and safety of young users and to collecting only the data necessary for educational or project-related purposes.

12. Links to Other Websites

This website may contain links to external websites, platforms or resources. We are not responsible for the privacy practices, content or security of external websites. Users are encouraged to read the privacy policies of any external websites they visit.

13. Photos, Videos and Project Visibility

During project activities, photos, videos or audiovisual materials may be created for documentation, dissemination and visibility purposes. Where identifiable individuals appear in such materials, we will inform participants in advance and, where required, request consent. Participants who do not wish to appear in photos or videos should inform the organisers before or during the activity. Photos and videos may be used on the project website, social media channels, newsletters, reports, presentations and other dissemination materials, only in accordance with applicable rules and participant rights.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in the website, project activities, legal requirements or data processing practices. The updated version will be published on this page with a revised “Last updated” date. We encourage users to review this Privacy Policy periodically.

15. Contact

For any questions, requests or concerns regarding this Privacy Policy or the processing of personal data, please contact:

  • IMMUNIFACT Partnership Consortium
  • Website: https://immunifact.eu/
  • Email: info@immunifact.eu