This privacy statement solely concerns the data processing within the OPTIMAI project. The privacy statement regarding processing of personal data due to the operation of the website can be found at https://optimai.eu/privacy-policy-2/.
Data Privacy Statement – (Version April 2022)
OPTIMAI Project Overview – We (The OPTIMAI Consortium) process personal data to research, develop, and validate a decision support framework for industrial manufacturing with zero-defect manufacturing through intelligent monitoring and control of production; smart, secure and traceable data collection based on a distributed ledger; advanced interaction mechanisms for rapid and efficient reconfiguration of equipment; and optimal production planning via virtualization and AI. General Data Protection Regulation (GDPR) – The OPTIMAI project will only collect personal data insofar as it is necessary for the completion of research, validation, dissemination, and exploitation of the project results. The OPTIMAI project is a research project and to this end, Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, known as the ‘General Data Protection Regulation’, hereafter ‘GDPR’, is the primary basis for the data processing for technology, university, SME and industry partners. The GDPR protects the rights of persons whose personal data is processed, called data subjects’ rights. These are set out below in section 8. Contact Details – The contact details of the project coordinator and the Data Protection Officer of the project coordinator are included in section 9 below. You can use these details to exercise your rights.
1. Consortium and Controllership
The OPTIMAI project consists of sixteen partners (16) including technical, academic, ethics, legal and industry from eight (8) different European countries. There is a broad spectrum of activities within the project. These activities include: research and development on the technological ways to meet the requirements of the industrial end users; and research on the ethical and legal implications of the project itself, both internally (research on the ethics and legal compliance of project activities) and externally (ethical, legal, and societal assessments of risk and impact of the project’s tools). Each partner will individually decide on the means and purposes of personal data collection and processing and therefore each partner will be the Data Controller whereby the determination of the means and purposes of personal data collection and processing is made by them. The specific tasks involved in the research are defined in an agreement between the European Union and the partners. To achieve in practice the technical or other objective of individual OPTIMAI tasks, each task leader must further specify the remit and means of data processing. Typically, the data controller undertakes data processing activities. Each partner is responsible on an individual basis for adhering to the applicable national and international data protection framework for the data processing activities carried out. This responsibility is exercised with an expectation of support from other project partners.
2. Purposes of Processing
We (the OPTIMAI Consortium) process personal data in order to effectively participate in the scientific research project which aims to integrate a range of high-tech approaches for an industrial, zero defect decision support framework; smart instrumentation; metrology; artificial intelligence; virtualisation and augmented reality; and blockchain smart contract technology. These technologies will be integrated in a decision support framework for:
- zero-defect manufacturing through intelligent monitoring and control of production
- smart, secure and traceable data collection based on a distributed ledger
- advanced interaction mechanisms for rapid and efficient reconfiguration of equipment
- optimal production planning via virtualization and AI
With this overarching purpose in mind, we process personal data to: a) develop, train, test and evaluate machine learning models as part of this research activity; b) organise and administer the project, including its events and contributions from third parties; and, c) disseminate and communicate the outputs from the project.
3. Personal Data and Data Minimisation
Personal data is that which concerns an individual and can be used to identify them. Where actions in OPTIMAI process personal data, OPTIMAI Consortium partners engage in data minimisation. Data minimisation in OPTIMAI will ensure that data is:
- Adequate – Meaning it is sufficient to fulfil the stated purpose.
- Relevant – Meaning the processing has a rational link to the purpose.
- Limited – Meaning that only the necessary data to fulfil the stated purpose is processed.
Partners will follow good governance ensuring that they will only process personal data that is adequate, relevant, and limited to what is needed for their task. OPTIMAI will process pseudonymous data. Pseudonymous data, if linked to another data set, has the potential to identify individuals. However, the project consortium is not interested in detecting these matches and any steps required to identify individuals in this manner will be avoided.
4. Categories of Personal Data
Across these project use cases, OPTIMAI Consortium partners process the following categories of personal data:
- Defect Detection data: a set of files pertaining to the products’ inspection to detect defects. It is planned to be collected in the production line of end user partners via suitable sensors (e.g. RGB & Depth camera etc.). The dataset may include personal data of the operators.
- Activity Recognition data: a set of files pertaining the operators’ activity during the execution of a task at the production line. Data is planned to be collected via suitable sensors (e.g. RGB & Depth camera), installed on the operators’ AR glasses, or/and at specific positions on the production line of end user partners. The dataset may include personal data of the operators.
- Sensor Data: The data will be used mainly for quality inspection and early defect detection. The dataset will also assist the (re)configuration of the hydraulic units’ parameters and the production planning and may contain personal data.
- Contact Details: Contact details are collected directly on persons with whom the project engages in order to facilitate research and communication, dissemination and exploitation activities as well as project ethical and legal monitoring, therefore contact details on a range of parties will be collected including but not limited to (subject to consent or legitimate interest) project partners, research participants, ethics and legal professionals, European Commission employees, and OPTIMAI newsletter subscribers.
- Dietary or accessibility requirements: dietary or accessibility requirements may be collected for human research participants of in-person workshops. This data is collected only to accommodate specific needs but could include special categories of personal data such as health data.
5.Recipients or Categories of Recipients of the Personal Data
Personal data processed for research purposes is not shared with third parties outside the project unless there is a legal obligation to do so. Personal data may be shared between research partners/institutions involved in the project, strictly for the purposes of the project.
6. Lawful Basis for Processing Personal Data
The legal basis for the processing of personal data required for research, validation, dissemination and exploitation activities in OPTIMAI varies depending on the type of personal data and the nature of the data controller and processor. This is the case across both the GDPR and relevant national law. The following table presents the legal basis relied on by partners processing the six categories of personal data described in section 4 above.
Dataset or Category |
Responsible Partners |
Lawful Bases for Personal Data Processing |
---|---|---|
Defect Detection | Centre for Research and Technology (CERTH-ITI) | Consent – Article 6(1)(a) GDPR Legitimate interest – Article 6(1)(f) GDPR |
Activity Recognition | Centre for Research and Technology (CERTH-ITI) | Consent – Article 6(1)(a) GDPR Legitimate interest – Article 6(1)(f) GDPR |
Sensor Data | Centre for Research and Technology (CERTH-ITI) | Consent – Article 6(1)(a) GDPR Legitimate interest – Article 6(1)(f) GDPR |
Contact Details | All Partners | Consent – Article 6(1)(a) GDPR Legitimate interest – Article 6(1)(f) GDPR |
Dietary and Accessibility Requirements | All Partners in Principle | Consent – Article 6(1)(a) GDPR Consent (sensitive data/special categories of data) – Article 9(2)(a) GDPR |
7. Storage and Retention
Personal data will not be stored longer than is necessary for the research and auditing purposes pursued by the OPTIMAI project and any relevant authorities with a legitimate interest in receipt of categories of personal data (e.g., project partner contact details) to facilitate audits. Over the course of the project, data will be reviewed periodically and the necessity of ongoing storage assessed. Data which is no longer necessary will be anonymised or deleted. The project ends in January 2024. At this point, each partner will individually re-assess whether further storage is necessary and lawful. The maximum duration of data retention will be five years following the completion of the project.
8. Data Subjects’ Rights and Limitations
If your personal data is processed by OPTIMAI Consortium partners, you have the following rights, subject to the described restrictions. Subject access request (Article 15 GDPR) You have the right to obtain confirmation as to whether or not OPTIMAI Consortium partners are processing personal data concerning you, and, where that is the case, have access to it. We will provide you free of charge with a copy of your personal data undergoing processing in a commonly used electronic form. Right to rectification (Articles 16 GDPR) You also have the right to obtain the rectification of any inaccurate personal data concerning you. If you have challenged the accuracy of your data and asked for rectification you have the right to request the restriction of processing while we are considering your rectification request. Right to be forgotten (Article 17 GDPR) In case you object to the processing of your data and there is no lawful basis to retain your data, we will comply with your request and erase your data. Please note that your right to be forgotten might be limited, such as where the erasure is likely to seriously impair the achievement of the research purposes of the project. Right to restriction of processing (Article 18 GDPR): You have the right to obtain from us restriction of processing where you have a particular reason for wanting the restriction, i.e. if you object to our legitimate interest, or if your personal data is incorrect, or if you think that the processing is unlawful, or if we no longer need them. Right to object (Articles 21 GDPR) You can object to the processing of your data by OPTIMAI Consortium partners. In order to do that, you must provide us with specific reasons based upon your particular situation. Please note that the right to object is not an absolute right. The project will consider your objection and determine how best to respond. If the processing is carried out for the performance of a task in the public interest (Article 6(1)(e) GDPR) or for a legitimate interest (Article 6(1)(f) GDPR), we can continue with the processing if we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights, and freedoms. If the processing is carried out for scientific research purposes (Article 9(2)(j) GDPR), we can continue with the processing if the processing is necessary for the performance of a task in the public interest. If any of these are the case, we will explain our decision to you, otherwise your data will be excluded from processing. You have the right to request the restriction of processing while we are considering your objection. Right to lodge a complaint with supervisory authority (Article 77 GDPR) If you believe that your rights have been infringed, you can lodge a complaint with any supervisory authority, including the authority where you reside, work or where the infringement on your rights is suspected. This is without prejudice to any other administrative or judicial remedy you have. A list of Data Protection Authorities can be found here. Right to withdraw consent (Article 7 GDPR) You have the right to withdraw your consent at any time. Where your consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
8.1 Limitations on Data Subject’s Rights
It is possible that national laws will exist which restrict the rights of the data subjects listed above. For example, national law, which is necessary and proportionate, may provide for such restrictions if they are intended to safeguard the prevention, investigation, detection, or prosecution of criminal offences pursuant to Article 23(1)(d) GDPR. National law can also derogate from some of the rights set out above in circumstances where the data is processed for scientific research purposes, pursuant to Article 89(2) GDPR. The project consortium is not obliged to maintain, acquire, or process additional information in order to identify the data subject for the sole purpose of complying with the GDPR pursuant to Article 11(1). However, pursuant to Article 11 (2) GDPR, where data subjects provide additional information in order to exercise their rights, the OPTIMAI Consortium partners will handle the request in a manner compliant with technical and legal requirements. In this regard, the identity of the data subject, as well as their relation to the data referred to in the request has to be sufficiently verified. Although data subjects’ rights may be restricted under the conditions described, all requests to the abovementioned points of contact will be carefully assessed on a case-by-case basis and replied to.
9. Contact Details
To contact the project about personal data processing, you should get in touch with the Co-ordinating partner, which is the Centre for Research and Technology (CERTH-ITI). The contact details for this partner and the organisation’s Data Protection Officer (DPO) are provided below. Project Coordinator Nikolaos Dimitriou CERTH-ITI nikdim@iti.gr Coordinator, Data Protection Officer (DPO) Stella Papastergiou dpo@certh.gr National Center for Research & Technological Development 6th km Charilaou – Thermi, 57001, Thermi – Thessaloniki Tel .: +30 2311 257701-3 Fax: +30 2310 474128 Email: info@iti.gr