Privacy Policy

Introduction

Thank you for visiting the NIGHTINGALE website. This privacy policy is part of the NIGHTINGALE website and solely concerns processing of personal data with the NIGHTINGALE project due to the operation of the website. This privacy policy will explain how our project uses the personal data that we collect from you when you use our website, and the personal data that you see on our website. We are committed to processing personal data responsibly, securely, and proportionally throughout our activities in compliance with the EU General Data Protection Regulation (GDPR) 2016/679 (this link directs to a third-party website – an official website of the European Union)

Who are we?

The NIGHTINGALE project is a Horizon 2020 funded Research and Innovation Action.

NIGHTINGALE aims to upgrade pre-hospital life support and triage by creating innovative technological tools for emergency medical response. The tools will optimise current procedures and methods and enhance the operational capacities of emergency medical services and civil protection agencies in mass casualty incidents. NIGHTINGALE will develop a novel integrated toolkit for emergency medical response. These technologies will be designed for emergency medical services and non-medical civil protection agencies, including fire brigades, police, search and rescue personnel, volunteers, and citizens.

Led by the Institute of Communications and Computer Systems in Greece, the NIGHTINGALE consortium includes 23 partners from 11 EU member states and associated countries. It brings together experts in technology, research, medical practitioners, and leading organisations in Europe specialising in emergency medicine and handling mass casualty incidents. It is a three-year research project, which began on the 1st of October 2021.

For the purposes of this website, the data controller is Carr Communications, under registered number 42175, with a registered office at 24 Fitzwilliam Place, Dublin 2, D02 T296, Ireland. You can contact the data controller by e-mailing info@carrcommunications.ie.

What data do we collect?

Should you contact us through the website, we are going to collect your contact details, such as your name and your email, and the message you submitted. We are not going to collect metadata that you did not expressly provide us with. The content we upload or otherwise make available through the website might contain personal data, such as the names of our researchers and their work.

Legal bases of processing

For the personal data received through the contact form, we hold the following lawful bases for processing personal data:

Consent (Art.6.1.a of the GDPR) – When you consent directly to the processing of your personal data, for example, when you subscribe to our newsletter. If you provide us with sensitive personal data, falling within Art. 9 of the GDPR (such as dietary requirements for an event), we will process it under Art. 9.2.a of the GDPR.

Legitimate interests (Art.6.1.f) – We process personal data when it is necessary for us to achieve the legitimate interests, such as enhancing our research delivery by providing information about NIGHTINGALE to the individuals we deem as likely to be interested in our project. This may include:
– Sending invitations and providing access to guests attending our events and webinars
– Monitoring the activity on this project website.

Should the recipient of the information communicate to us that they are not interested in further communications from us, we will cease processing their personal data.

For the personal data we communicate through the website, the following lawful bases of our processing are held:

Consent (Art.6.1.a of the GDPR) – When we have received consent to publish personal data – e.g., a blog post from one of our researchers.

Legal obligations (Art.6.1.c of the GDPR) – We may process personal data in order to meet a legal obligation, e.g., promoting project results to multiple audiences, including the media and the public.

Legitimate interests (Art.6.1.f) – We process personal data when it is necessary for us to achieve the following legitimate interests (as long as they are not overridden by the data subject’s interests): enhancing our research delivery, by providing information about NIGHTINGALE activities on the website, and undertaking dissemination activities.

How do we protect your data?

We have put technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration, or destruction. Wherever possible, we ensure that access to your personal data is password-protected. We encrypt EU-classified data, and such data are restricted only to a limited number of individuals who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software in use on all of our systems. Nevertheless, the security of data transmitted over the Internet cannot be completely guaranteed. In addition, the consortium will be conducting a data protection impact assessment (in line with Art. 35 of the GDPR) over the duration of the project, wherein the consortium will identify and assess any ethical or data protection risks and find solutions to overcome any such risks. Please be aware that transmissions over the Internet are never completely private or secure.

How long do we keep your data?

We retain personal data only as long as it is necessary for the purposes described above. Please note that we have an obligation to retain data concerning European Union Horizon 2020 research projects for up to five years after the European Commission’s last payment to the consortium (unless further retention is requested by the EU auditors).

As the records and documentation containing personal data have been collected within the delivery of the European Commission project, we expect that the Commission will process it in compliance with Regulation No 2018/1725 on the protection of natural persons with regard to the processing of personal data by Union institutions, bodies, offices and agencies. After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.

Do we share personal data with third parties?

The NIGHTINGALE consortium will generally not share personal information with anyone except the European Commission, if it so requests, except where it is shared with trusted third parties for the delivery of efficient and quality services (see below). All partners will treat information received from other partners as confidential and will not disclose it to third parties, unless it is obvious that the information is already publicly available or there is a legal obligation to do so. The partners will impose the same obligations on their employees and suppliers.

We may occasionally share personal data with trusted third parties, such as those listed below, to help us deliver efficient and quality services. When we do so, we will ensure that recipients are contractually bound to safeguard the data we entrust to them before we share the data. We may engage with several or all of the following categories of recipients:

Parties that support us as we provide our services (e.g., cloud-based software services such as NextCloud, online meeting services GoToMeeting, Microsoft SharePoint and Google Analytics);
Our professional advisers, including lawyers, auditors and insurers;
Payment service providers;
Law enforcement or other government and regulatory agencies (e.g., tax authorities) or other third parties as required by, and in accordance with, applicable law or regulation;
The European Commission when we are required to do so in relation to our work on the Horizon 2020 project.

NIGHTINGALE Newsletter and the Mailchimp Platform

The NIGHTINGALE consortium utilises Mailchimp as an email management platform to facilitate distribution of the NIGHTINGALE newsletter and other relevant communications. Parties interested in receiving regular communications can manually and voluntarily sign-up to our newsletter using the Mailchimp service on the NIGHTINGALE website’s homepage. Mailchimp is part of the Intuit Inc. group companies. Users of our website are asked to study the Intuit Global Privacy Statement (this link directs to a third-party website – Intuit) and Mailchimp’s Privacy FAQs (this link directs to a third-party website – Mailchimp) before signing-up to our newsletter.

Personal data processed by Mailchimp stemming from sign-up include your name and email address. After sign-up, when you interact with a NIGHTINGALE email campaign, Mailchimp may collect information about your device and interaction with an email. Other information that may be collected by Mailchimp, as stated in its policy, includes:

Online behavioural data: We may automatically collect certain information about your use and interactions with our websites, customers’ websites or e-commerce stores, Platform, social media websites, and marketing campaigns that we or our customers organise, including device information (such as your IP address and unique device IDs), page view information and search results, links and if you are a customer contact, whether or not a campaign presented or sent to you using our offerings has been viewed, delivered, opened, clicked on, whether it has bounced or was treated as spam.

Device information: We may collect information about your device such as Internet Protocol (“IP”) addresses, log information, error messages, device type, and unique device identifiers. For example, we may collect IP addresses from you as part of our sign in and security features.

Usage information: We may collect information about your usage of the Platform, such as the pages you viewed, the services and features you used or interacted with, your browser type and details about any links or communications with which you interacted.

Information from cookie and other technologies: Intuit and our service providers may use commonly used tools such as cookies, web beacons, pixels, local shared objects and similar technologies (collectively “cookies”) to collect information about you (“Cookie Information”) so we can provide the experiences you request, recognise your visit, track your interactions, and improve your and other customers’ experience. You have control over some of the information we collect from Cookies and how we use it. For full details on how we use cookies and similar technologies when you use or interact with Mailchimp, please see Mailchimp Cookie Statement (this link directs to a third-party website—Mailchimp).

Additionally, Mailchimp may collect information about you from third party sources including social media.

Mailchimp is based in the United States of America, therefore your personal data will be transferred outside of the European Union where it may be subject to queries and requests from US legal authorities and security agencies. Utilisation of the Mailchimp platform is bound by Standard Contractual Clauses (this link directs to a third-party website — Mailchimp).

Only personal data available to the NIGHTINGALE consortium in relation to newsletter subscription and engagement are the details you provide yourself at sign-up. You are free to unsubscribe from the NIGHTINGALE newsletter at any time.

Do we transfer your personal data outside the EU?

By default, we store personal data on servers located in the European Union. However, we may also transfer personal data to reputable third-party service providers, notably Microsoft SharePoint and Google, who may be located outside of the EU. Our use of Mailchimp is outlined above. Wherever such personal data transfers are based on Standard Contractual Clauses within the meaning of Commission Decision 2010/87, we are keeping track of their validity, especially in the light of any national Data Protection Authority decisions on the matter and in line with the European Court of Justice decision in Case C-311/18 DPC v Facebook Ireland and Maximillian Schrems.

What are your data protection rights?

As a data subject, you can exercise the rights outlined in this section of the privacy policy. We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make an initial request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

Right to access (GDPR Art. 15)

The data subject has the right to obtain confirmation as to whether processing of personal data concerning them takes place in the NIGHTINGALE project. If this is the case, the data subject can request access to their data. Granting the right to access only occurs where the identification of the data subject is possible.

Right to rectification (Art. 16)

The data subject has the right to obtain the rectification of inaccurate personal data concerning them. The exercise of this right is only possible where the data subject can be identified and the inaccuracy of data is verified.

Restriction of processing (Art. 18)

The data subject has the right to obtain the restriction of processing, where:
– the accuracy of the personal data is contested;
– the processing is unlawful, the data subject opposes the erasure of personal data and requests the restriction of processing instead;
– the controller no longer needs the personal data, but they are required by the data subject for the establishment, exercise or defence of legal claims;
– the data subject has objected to processing pursuant to GDPR Art. 21.1 pending the verification of whether the legitimate grounds of the controller override those of the data subject.

The exertion of this right may require provision of further information to allow identification of the data subject as described in the right to access.

Right to object (Art. 21)

A legal basis for the processing of personal data in the NIGHTINGALE project is Art. 6.1.f of the GDPR. The data subject has the right to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them unless the NIGHTINGALE consortium demonstrates compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.

The exertion of this right may require provision of further information to allow identification of the data subject.

Right to erasure (‘Right to be forgotten’) (Art. 17)

The data subject has the right to obtain erasure of personal data concerning them, if
– the data subject objects to the processing pursuant to Art. 21.1 and there are no overriding legitimate grounds;
– the personal data have been unlawfully processed;
– the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

Right to data portability (Art. 20)

In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used and machine-readable format) directly to another company.

Right to lodge a complaint with a supervisory authority (Art. 77)

The data subject has the right to lodge a complaint with a data protection supervisory authority in the Member State of their habitual residence, place of work or place of the alleged infringement if the data subject considers that the processing of personal data relating to them infringes the GDPR.

A list of national supervisory authorities can be found here (this links to a third-party website – official website of the European Commission).

Disclaimer and limitations of liability

We aim to keep the information that appears on the NIGHTINGALE website as complete and up to date as possible. If errors are brought to our attention, we will take all reasonable steps to make any necessary corrections within a reasonable time. Please be aware that the information published on our website is for informational purposes only. None of the information contained on the website constitutes legal or professional advice, nor can we accept responsibility for how it might be used, and we are not responsible or liable for any errors or omissions in any of the information provided on the website. We cannot be held liable for any direct or indirect damage that may result from use of this site. Links to other websites are provided in good faith and for information only. A link to another website does not mean that we endorse or accept any responsibility for the content or use of such website.

While we take all possible steps to minimise disruption caused by technical errors, we cannot guarantee that our website will not be interrupted or otherwise affected by such problems. Please note that access may be suspended temporarily and without notice in the case of system failure, website maintenance or repair or for reasons beyond our control. The use of our website is governed by the law of the Republic of Ireland. Any dispute arising from or related to the use of this website shall be subject to the non-exclusive jurisdiction of the Irish courts.

Do we link to other websites?

Our websites may contain links to other sites, including the sites of the consortium partners, which are not governed by this privacy policy. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our standards and respect for privacy, we are not responsible for the content, security or privacy practices employed by other sites.

Do we change this privacy policy?

We regularly review this privacy policy and will post any updates to it on this webpage. This privacy policy was last updated on 12 January 2022.

Contact us

If you have any concerns as to how your data is processed, you can contact us by e-mail at info@carrcommunications.ie or by post: 24 Fitzwilliam Place, Dublin 2, D02 T296, Ireland. We will respond to your queries within 30 days from when we receive them.

Cookie policy

Core policy

A cookie is a small text file that is downloaded onto ‘terminal equipment’ (e.g., a computer or smartphone) when you access a website. It allows the website to recognise the user’s device and store some information about the user’s preferences or past actions. Most browsers support Cookies, but you can set your preferences to decline them and delete them whenever you like. Cookies allow our site to remember your preferences and play an important role in making the site work better for you. To some extent, cookies can be seen as providing a “memory” for the website, enabling it to recognise a user and respond appropriately.

We use Cookies to manage functionality on our website and to provide usage insights to help us improve our service for our users. Our site uses session cookies that are stored temporarily on a user’s computer and are not retained when the user ends the session and persistent cookies that are stored on a user’s computer until they expire or until the user deletes the cookie. Persistent cookies collect identifying information about the user, such as internet surfing behaviour or user preferences for the site. Users are prompted that continued use of our site acknowledges that cookies will be used.

We do not use cookies to track your behaviour once you have left our website. The data from cookies will not be passed on to or used by any commercial enterprise that are not operating under our instruction and only process data as laid out in this policy.

How do we use cookies?

A visit to our website may generate first-party cookies and third-party cookies. In continuing to use our site, the user agrees to the use of both first-party and third-party cookies. We use third-party cookies to provide enhanced site functionality such as embedded video content.

We use the following cookies and similar technologies:

Essential Cookies

These cookies enable core functionality such as security, verification of identity and network management. These cookies cannot be disabled.

Marketing Cookies

These cookies are normally used to track advertising effectiveness to provide a more relevant service and deliver better advertisements to suit your interests. However, NIGHTINGALE is a research project, and we do not use marketing cookies.

Functional Cookies

These cookies collect data to remember choices users make to improve and give a more personalised experience. This enables us to personalise our content for you and remember your preferences, for example your username, language or text size. The information these cookies collect may be anonymised, and they cannot track your browsing activity on other websites.

Analytics Cookies

These cookies help us to understand how visitors interact with our website or to discover errors.

This website uses Google Analytics, a web analytics service provided by Google, Inc. (‘Google’). Google Analytics uses cookies (text files placed on your computer) to help the website operators analyse how users use the site. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using this website, you consent to the processing of data about you by Google in the manner and for the purposes set out above (update on possibility to refuse Google Analytics cookies pending).
Google’s privacy policy can be found here (this links to a third-party website – Google). Google provides an opt-out browser add-on that prevents your data from being used by Google Analytics. This add-on can be downloaded here (this links to a third-party website – Google).

How do I change my cookie settings?

Our cookie management tool will allow you to specify your preferences for those cookies that are placed for by this website which are not strictly necessary for its delivery.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.