ARRIVAL Privacy Statement
1. Contact details
Carolina Salas from PNO is the assigned ENTRANCE project Data Protection Officer (DPO) and thereby the data controller. She is located at C/ París 45-47, 08029 Barcelona, Spain and she can be contacted by e-mail at firstname.lastname@example.org.
Anne Häner from Cluster Mobility & Logistics is the assigned RECIPROCITY project Data Protection Office (DPO) and thereby the data controller. She is located at Franz-Mayer Str. 1, 93053 Regensburg, Germany and she can be contact by email at email@example.com.
2. Who is this Privacy Statement applicable to?
This Privacy Statement applies to all persons whose personal data is processed by the ARRIVAL platform. Personal data means any data that contains information about persons through which those persons are identifiable.
This Privacy Statement applies to:
- Users of the ARRIVAL Matchmaking Platform
- Recipients of newsletters from ENTRANCE
- Recipients of newsletters from RECIPROCITY
- Registered attendees of the events and webinars organized by ENTRANCE and RECIPROCITY
- Potential users of the ARRIVAL Matchmaking Platform that established contact with the ENTRANCE Secretariat
- Applicants to the ENTRANCE and RECIPROCITY Open Data Competitions
- Potential collaborators with whom ENTRANCE and RECIPROCITY have made or wants to make contact
- Any other person who contacts ENTRANCE or RECIPROCITY or whose personal data is processed by ENTRANCE or RECIPROCITY.
3. Which data do we process?
By processing (personal) data, we mean collecting, recording, organising, storing, updating, modifying, retrieving, consulting, using, providing by means of forwarding, distribution, or any other form of posting, bringing together, linking together, and to protect, erase or destroy your data.
We process data that you have provided to us, personal data generated during your visit to our website and Platform and reading newsletters, and personal data that we have derived from other sources, such as business social media platforms and business cards.
The data sets that will be generated and collected are foreseen to belong to the following categories:
- Personal data:
- Contact details and other personal data needed to handle your interest in the ARRIVAL platform,
- Contact details (e.g. email address, first name and last name) and other optional personal data (e.g. telephone number, profile picture, position, address, links to social media channels, etc.) entered on contact forms or other web forms, and
- Contact information provided during introductory talks, events, webinars (attendance lists), etc., such as information on e-mail signatures and business cards.
- Potential audios and videos. In the case of embedding videos and other content to the Platform, if you provide us with access to any site with video content, then you agree that we may share your video with, or obtain information about your video from third-party social media sites for at least two years of until you withdraw consent. You control the personal information to which you allow us to have access through the privacy settings on the applicable social media site and the permissions you give us when you grant us access to your personal information retained by the respective social media site about you.
- Interest data:
- Business data and information on strategic business investments may be exchanged during the execution of ARRIVAL services (e.g. the innovation finance support services offered, purchase aggregation support, etc.). This data will be provided voluntarily by you to ARRIVAL only in case these services are of your interest.
- Data on interest in innovative transport and mobility solutions such as the type of solution.
- Data obtained from other sources:
- personal data available on public business social media platforms such as LinkedIn,
- personal data obtained from the Trade Register of the Chamber of Commerce, and
- personal data available on public business websites.
- Innovation and funding data available on public sources.
- Usage data: personal data collected automatically when using the website, Platform, electronic newsletter, and other services. This includes:
- Usage Data such as your devices Internet Protocol address (e.g. IP address), browser type and browser version. Similarly, your surfing behaviour on the website and Platform, such as date and time of your visit, the pages viewed and time spent on those pages, unique device identifiers, device type, ID for listing, geo-location information and other diagnostic data.
- Mobile Device data collected automatically when you access the website and Platform by or through a mobile device. This includes, but is not limited to the type of mobile device you use, your mobile operating system, the type of mobile internet browser you use, unique device identifiers and other diagnostic data.
- Browser data collected also as your browser sends data whenever you visit and/or access our website and Platform by or through a personal computer device. This includes computer and connection information such as statistics on your page views, traffic to and from the sites, referral URL, ad data, and your IP address.
- Newsletter data collected automatically when you open a newsletter you have received from ENTRANCE or RECIPROCITY, including some behaviour data such as which parts of the newsletter you click.
4. What do we use your data for?
We use the personal information we collect to:
- Deliver ARRIVAL services by our partners and upon your request, as well as to provide and maintain ARRIVAL Platform services, for instance, by monitoring your use of such services.
- Manage your account and requests, when registering as a user of the ARRIVAL Platform. The personal data you provide can grant you access to different platform functionalities and services that are available as a registered user. Similarly, such personal data can be used to manage and attend your requests to us.
- Enable the matchmaking process on the ARRIVAL Matchmaking Platform, as a fundamental service of the Platform. It provides you with personalised content available on the Platform that may be relevant to you.
- Support the outreach campaigns by promoting the events, webinars, and other activities of the ARRIVAL , including news, special offers and general information about other goods, services and activities offered on the ENTRANCE and RECIPROCITY project.
- Send you information mailings, such as the ENTRANCE and RECIPROCITY project newsletters, in the event that you have signed up for it. As further explained below, the newsletter is sent via Mailchimp, a third-party service provider, with whom we share only your first name, last name, employer and e-mail address.
- Send you ARRIVAL platform-related mailings, in the event that you have registered to and use the ARRIVAL Platform. They include and are not limited to confirmation, notification, updates and general communication mailings related to the platform functionalities, services or your personal account. These mailings are essential for the functioning of certain processes and services, for troubleshooting problems with your account, for resolving technical issues and/or customer support. Other non-essential and optional mailings may include polls, surveys, or similar mailings to help improve our services. You can change your platform-related mailing preferences at any time under your account settings.
- Manage your applications to the Open Competitions organised by ARRIVAL, in the event that you have applied to them.
- Improve overall services, marketing campaigns, and your platform experience (usability) through anonymised data analyses that will serve to identify, for instance, usage trends and determine the effectiveness and efficiency of our processes and initiatives.
5. Compliance with legal obligations.
Maintaining contact with you.
Your contact data are kept in EU located relationship management system and may be used for the purpose of sending ENTRNACE and RECIPROCITY newsletters, updates, invitations to events and webinars and sending information you requested from us in relation to the ARRIVAL platform.
Improving our service information and carrying out targeted outreach campaigns.
Part of our service is to keep you informed with ARRIVAL information that is relevant to you and your business. To make this possible, we combine and analyse the personal data available with us. On that basis we determine which information are relevant and which moments are most suitable for providing information or establishing contact. In outreach campaigns, we do not process special personal data nor confidential data. Withdraw of consent is always possible.
We analyse the following information:
- Interaction data: Obtain personal data and contact between ARRIVAL and you. For example, about your use of our website or Platform. This also applies to offline interactions, such as how often and when there is contact between ARRIVAL and you.
- Behavioural data: Personal data that ARRIVAL processes about your behaviour, such as your preferences, opinions, wishes and needs. We can derive this data from your surfing behaviour on our website and the indication of your interests in the Platform, reading our newsletters or by requesting information. But also, through contact, incoming telephone calls and e-mail contact with the ARRIVAL partners. Information obtained through tracking cookies, we collect and use only with your permission, which you can always withdraw.
- Performing and analysing research on client satisfaction: Sometimes we ask collaborators to cooperate in a client satisfaction survey. This is done through an online questionnaire. Participation is voluntary. Prior to each client satisfaction survey you will receive further information about the working method and the way we deal with the information gathered.
See our cookie statement.
Improving and securing our website and Platform.
Creating user statistics. The user statistics of the website and Platform enable us to track the number of visitors, the duration of the visit, which parts of the website and Platform are being viewed and the click-behaviour. It concerns generic reporting, without information about individuals. We use the information obtained to improve the website and Platform and support potential connections between the registered users of the Platform.
6. Security level
We protect personal data through technical and administrative security measures to minimise the risk of loss, misuse, unauthorised access, disclosure, and modification. You can think of security software such as a virus scanner and firewalls, a secure internet connection, encryption of data and physical and administrative access controls to data and servers. For security reasons, and to protect the transmission of confidential content, such as enquiries that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line. If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
If you believe your account has been abused, please contact us following the instructions below.
In case of a possible leak of data, our data processor and site administrator will notify us immediately after discovering or becoming aware of any such incident. Following the report of the incident, we will carry out an assessment with our contractors and partners to identify corresponding measures We will inform you about the situation, the gravity of the situation and the solution as soon as possible.
7. Storage of personal data
We store your personal data in secure and dedicated servers in the EU. In addition, your data is stored in the servers of our Service Providers including but not limited to: MailChimp, Hubspot, Google and Microsoft.
We do not store your personal data for longer than is strictly necessary for the execution of the purposes. If legal regulations apply to the storage, the personal data will not be kept longer than prescribed by law. ARRIVAL will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. Log files are stored for a period of two weeks, whereas google analytics stores usage data for a period of 14 months. After it is no longer necessary for us to retain your personal information, we dispose of it in a secure manner.
Once you make a public posting, you may not be able to change or remove. Upon your request, we will close your account and remove your personal information from view as soon as reasonably possible, based on your account activity and in accordance with applicable national laws.
8. Legal basis of the processing
We process personal data on the basis of one of the following legal grounds:
- On the basis of an agreement or in the run up to the conclusion of an agreement
- Legal obligation
- In connection with a legitimate interest.
A controller may only process personal data if this can be based on one of the limitative enumerated legal grounds in the General Data Protection Regulation. The legal bases on which ARRIVAL relies are:
- Permission: If we have requested your permission to process your personal data and you have given this permission, then you also have the right to withdraw this consent.
- Agreement or in the run up to the conclusion of an agreement: If you contact us and request information on innovation or financing consultancy services, we process personal data if and insofar as this is necessary for the execution of the support service.
Legal obligation: We only provide personal data to supervisors of investigative authorities if this is legally required. We will take measures in such cases that are reasonably necessary to ensure that your personal data is protected as well as possible.
Justified interest: We may also process personal data if we have a legitimate interest and do not therefore disproportionately infringe your privacy. For example, we use your contact information to invite you for webinars and events related to the ARRIVAL platform.
We may use service providers (processors) for the processing of your personal data that only process personal data on our order. These are parties that can be designated as (sub) processors as referred to in the General Data Protection Regulation. We conclude a processor agreement with these processors that meets the requirements set by the General Data Protection Regulation.
10. Share personal data with third parties (processors)
Sometimes it is necessary to disclose your personal data to employees of the ARRIVAL partner organisations or share your personal data with third party service providers. Depending on the circumstances of the case, this is necessary to handle your dossier or personal account, to provide you access to specific Platform services, to comply with our legal obligations, to facilitate our marketing activities, to prevent, as well as to detect, mitigate, or investigate fraudulent or illegal activities related to our services. All in all, we strive to minimise the amount of personal information we disclose to what is directly relevant and necessary to accomplish the specific purpose. We do not disclose your personal information to third parties for their marketing and/or commercial purposes without your explicit consent – there is no exception to this.
We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Statement. We will never sell your personal data to third parties and do not make automated decisions that could have significant consequences for you. No transfer of your Personal Data will take place to an organization or institution unless there are adequate controls in place including the security of your data and other personal information.
We may disclose your personal information to the following parties and for the following purposes:
10.1 Internal parties
Your information, including personal data, may be processed by the employees of the ARRIVAL partner organisations and their third parties, when requested by the designated sub-processors for the website and Platform, respectively. These individuals are located at the respective offices and/or any other place where the parties involved in the processing are located. This information may be transferred to – and maintained on- computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. Your consent to this Privacy Statement followed by your submissions of such information represents your agreement to that transfer.
In the following cases personal data will be provided to internal parties:
When processing a dossier, it may be necessary to share your personal data with third parties. For example, in probing or asking for funding to a government, or the conclusion of an agreement with further parties.
If a court decision obliges us to provide personal data to third parties, we will have to comply with this.
Your personal data will not be shared with third parties for commercial purposes. There is one exception to this. Sometimes we organise a joint activity with another organization, such as an event or webinar. In that case, only the necessary contact details are exchanged.
10.2 Service providers and financial institution partners
Your personal data may also be disclosed and/or shared to third party service providers. These are organisations who help us deliver our services and assist us in providing you with personalised information and/or content. These are also organisations who assist us with the prevention, detection, mitigation and investigation of potentially illegal acts, fraud and/or security breaches, bill collection, affiliate and rewards programs, co-branded credit cards and other business operations.
We use the following external services:
- Hubspot for customer relationship management
- MailChimp for sending and tracking our ARRIVAL project newsletter
- Microsoft Office 365 Suite for our day-to-day business activities, including Outlook for email, and SharePoint and One Drive for storage.
- Google Analytics for analyses of website and Platform usage
- Slack for our day-to day business activities including communications
10.3 Law enforcement, legal proceedings, and as authorised by law
We may release your data:
- To comply with legal requirements, respond to claims that a listing or other content violates the rights of other or protect anyone’s rights.
- To law enforcement or governmental agencies, or authorized third-parties, in response to a verified request relating to a criminal investigation or alleged or suspected illegal activity or any other activity that may expose us, you, or any other of our users to legal liability. We will only disclose information we deem relevant to the investigation or inquiry, such as name, city, state, postcode, telephone number, email address, User ID history, IP address, fraud complaints, or bidding and listing history.
To third parties involved in a legal proceeding, if they provide us with a subpoena, court order or substantially similar legal procedure, or we otherwise believe in good faith that the disclosure of information is necessary to prevent imminent physical harm or financial loss or to report suspected illegal activity.
10.4 Change of ownership
Personal data can also be provided to third parties, in the event of a reorganisation or merger of any of the companies of the ARRIVAL project or sale of (a part of) these companies. Should such an event occur, we will require that the new (combined) entity(ies) follow this Privacy Statement with respect to your personal information. If your personal information is collected, used, disclosed, or retained for any purposes not covered in this Privacy Statement, you will receive prior notification of the processing of your personal information for the new purposes.
Similarly, changes may occur in the partnership structure of the ARRIVAL consortium after the end of the EU-funded project period (December 2023), as a sub-set (if not all) of the partners will continue with the provision of ARRIVAL platform services and activities on a commercial basis. Should such an event occur, we will make the necessary changes to this privacy statement and will inform you accordingly and in a timely manner, ensuring that your data is handled and processes in the most appropriate manner at all times.
11. Transfer outside the (European Economic Area) EEA
Under the General Data Protection Regulation, personal data may only be passed on to parties outside the EEA when an appropriate level is guaranteed for the protection of the personal data or when a specific deviation applies.
We may pass on personal data to a party outside the EEA only when necessary for the execution of the ARRIVAL project.
12. If you have questions about your personal data
Every person can exercise certain rights with respect to his or her personal data on the basis of the law. This gives you the right to inspect, rectify and delete personal data. You can also object to the use of your data or request that the use is restricted. In certain cases, you can request your data and take it to another party. For all these questions contact us by email via firstname.lastname@example.org.
If you have complaints about how we handle your personal data, you can contact us by sending a mail to email@example.com. We are happy to help you find a solution within a period of four weeks after receiving your request. If that does not work, you can always contact the Spanish Data Protection Authority.
Developments go fast and as a result, there may also be changes in the personal data we request from you and the way in which we use your personal data. Regulations can also change. In that case, we will update this Privacy Statement. We therefore invite you to regularly check the Privacy Statement so that you are kept informed. In the event of major changes, we will also make you aware of this via our website.