PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679

The information is given in compliance with article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation or GDPR) to individuals interested in supporting the implementation of B-THENET (G.A. 101059812), funded by Horizon Europe Programme and coordinated by IZSLT (mail to info@bthenet.eu).  
Joint Controllers  
As of June 16, 2023, the Joint Controller Agreement is in effect among B-THENET Partners link. On a joint controllership basis and subject to the provisions of Article 26 of GDPR, the Parties shall jointly process personal data, for which they shall jointly determine the purposes and means. More information about the B-THENET Joint Controller Agreement is made available to interested Parties upon request.  
Data Processor  
IZSLT has signed up for a Cloud service with Aruba to store all personal data collected in the Platform, except those processed in the ChatBot. More information about the B-THENET Data Processor Agreement is made available to IZSLT upon request (info@bthenet.eu).  
APRE has signed a Data Processor Agreement with MYVISTO SRL (Italy). More information about the B-THENET Data Processor Agreement is made available to APRE upon request (info@bthenet.eu).  
Type of data processed  
As part of our activities, the Controllers collect and processes personal data provided by you, the data subject, when you register, in particular: First Name, Last Name, Username, Email address, Password, Role, Age (optional), Gender (optional), Zip code, Country, Institute, Stakeholder category, Spatial level of interaction, Stakeholder type, Years of experience, Main language spoken, Second language spoken and Images of Users (optional) and Beekeeping Practices (optional), to the extent that is needed and helpful to attain the purposes set out below.   
Concerning the Chatbot, the APRE Data Processor only processes technical and session data, technical cookies on behalf of the Controller.  
Purpose of processing for registered users  
We may collect and use personal data for the following purposes:  
Applications, registrations, and administrative management of Users;  
Storing the subject’s personal data in B-THENET Platform Database  
to be re-contacted for further project surveys  
Require consent to processing data as Advisory Board Member or Collaborating Partner;  
Registering for B-THENET events  
Receiving news, information, invitations to events and workshops, publications, announcements, and newsletters relating to the activities conducted by B-THENET;   
Dissemination on the B-THENET Platform, website, and social media channels of images, audio and videos;  
Communicate data subject’s name, surname and working organisation to the European Commission to comply with specific requests.   
Recording image, audio, name, and surname of a persona (if any);  
Purpose of processing for users used Chatbot  
The purpose of the processing, which will vary based on the specific instructions issued by the Controller to both the Processor and Sub-processors, in line with the operational needs of the Chatbot (such as real-time session handling with immediate forwarding to sub-contractors, bot detection and anti-scraping services without user identification). More information about purpose of processing for users used Chatbot is made available to APRE upon request (info@bthenet.eu).  
For any information about B-THENET’s Copyright statement, please visit copyright notice on the Platform.  
Personal data collected in B-THENET Platform Database and its ChatBot are not subject to automated decision-making or profiling. Some online services and tasks can be automated, such as registrations of responses to surveys and registrations to our events, but they are not based on analysing the personal profile of the data subject.  
As for the processing of personal data that is carried out by the social media platforms used by B-THENET, please consider the information provided by those platforms through their privacy policies. The personal data made available by users through the social media pages B-THENET manages, as part of its research purposes, are processed exclusively in order to implement the project and handle user interactions (comments, public posts, etc) in full compliance with the applicable legislation.  
Legal basis for processing personal data  
For the purposes set out above, the legal basis of processing is the consent you, the data subject, give to the processing of your personal data, [article 6.1.a of the GDPR]. Should you deny your consent, we will be unable to process your data.  
Moreover, the Joint Controllers will process the data for the legitimate interest of the B-THENET Platform, namely the use of technical cookies [article 6.1.f of the GDPR].  
Data Subject Rights  
In relation to your personal data, you can exercise your rights as data subject under the GDPR (art.15 -21), including the right to withdraw your consent at any time. In case data subjects revoke their consent, the published information (if any) will be removed from the Platform.  
The rights set out above can be exercised in writing by sending an email to info@bthenet.eu.  
You as data subject have also the right to lodge a complaint with the competent Supervisory Authorities according to Art. 77 of GDPR.  
Data storage and retention  
All personal data collected will be stored in Aruba (Cloud), ChatBot Servers and/or the Controllers’ digital and physical facility for the training activities.   
The information collected about you through the registration will be kept strictly confidential, except username, pictures and videos (this is not valid if you have given your data through the ChatBot). Only B-THENET Joint Controllers will have access to this information and the sole purpose of storing your data is for project activities. Please note that the contents, once published and disseminated, may be subject to acquisition and republication by third parties, even without B-THENET’s consent.  
The Controllers, Aruba and ChatBot Servers secure all personal data through technical and organisational measures to ensure that it is protected from unauthorized access, alteration, or loss.  
If the Data subject who registered doesn’t exercise the withdrawn right, data shall be stored for no longer than 5 years after the final payment as Grant Agreement Data Sheet.  
However, once said period of conservation prior to blocking has expired, Joint Controllers shall agree whether to store the data object of the processing, prior pseudonymization of the same, for its use for research purposes and applying the appropriate technical and organizational measures in accordance with the provisions of the GDPR and other data protection regulations.  
If the Data subject who used the Chatbot doesn’t exercise the withdrawn right, the Processor and Sub-processors are obliged to delete all personal data processed on behalf of the Controller or return such data and erase any existing copies, unless Union or Member State law mandates data retention after the termination of the Data Processor Agreement (31 August 2026).  
Any longer storage periods remain unaffected, in the event that they are required due to legal, accounting and/or fiscal obligations based on the laws and regulations in force.  
Disclosure of data outside of B-THENET  
Your personal data may be disclosed outside of the project for specific reasons. In particular, your personal data may be made available to entities providing IT system management on behalf of controllers, competent authorities and/or public bodies, the European Commission, and supervisory authorities to comply with statutory requirements or specific EC requirements. Requests by data subjects to exercise their data protection rights shall be handled in a coordinated manner through the e-mail address info@bthenet.eu which shall be identified as a contact point for data subjects in the data protection information provided to them by each Party.  
How data is processed  
For the above-mentioned purposes, your data will be processed by controllers’ employees and other authorized individuals. Said employees, and other authorized individuals may consult, use, process, compare the data as well as carry out any other appropriate action, including using automated means, always in compliance with statutory requirements that ensure, inter alia, protection of the confidentiality and security of the personal data, as well as data accuracy, update and appropriateness to the purposes for which the data is collected and used, as stated above.  
Data re-use  
Except for images and the data processed by the Chatbot, the data stored will be used for the activities related to the B-THENET project. Moreover, the data could be shared and re-used for other EU projects that may benefit from them after pseudonymization and in accordance with the purpose of the consent given (Art. 25 and 89 of GDPR).  
Transfer of data outside of the EU  
Controllers shall not carry out international transfers of the personal data processed during and after the lifecycle of the project and during the implementation of the project’s aims, according to the CHAPTER V “Transfers of personal data to third countries or international organisations” of GDPR.  
Changes and updates  
The Controllers may make changes and/or additions to this privacy notice including due to regulatory changes. As consequence, the Controllers suggest controlling frequently the privacy policy in power on the Platform.  
Data Breach  
In case of a data breach, the event will be handled as per Art. 33-34 of the EU 2016/679 GDPR. The Controllers will undertake all steps necessary to minimize any possible negative consequences.  
CONSENT REQUEST PURSUANT TO ARTICLE 6 OF THE GDPR  
By clicking on the “Register” button in the subscription form you give your consent to our processing of your personal data in accordance with the purposes described above.  
August 2025 
The binding text of the PRIVACY NOTICE PURSUANT TO ARTICLE 13 OF REGULATION (EU) 2016/679 shall be in the English language. It shall be the principal text for all evaluations, discussions and interpretations.  
The privacy policies are automatically translated with the aid of Google Translate (https://translate.google.com/). As described in Google LLC’s Data Privacy Framework certification, the Company complies with the EU-U.S. and Swiss-U.S. Data Privacy Frameworks (DPF) and the UK Extension to the EU-U.S. Find out more details here (https://policies.google.com/privacy/frameworks?hl=en-US).”