CONSOLE privacy policy.

The CONSOLE project develops the CONSOLE automated platform, which aims to enhance cybersecurity in the software development industry for European organisations, particularly SMEs. By integrating interconnected modules and training services, CONSOLE aims to lower acquisition costs while ensuring robust cybersecurity for software applications, systems, and users. The platform will enable automated, real-time testing in a realistic environment, leveraging cutting-edge technologies such as machine learning algorithms and edge computing. 

CONSOLE [Project name: Cybersecurity for Resilient Software Development] brings together 11 organisations from 6 EU member states. It is co-funded by the Digital Europe Programme of the European Union (Agreement Number: 101128070) for a period of three years (November 1, 2023, to October 31, 2026). 

BITDEFENDER SRL (BD) is the project coordinator and organisation authorised to communicate on behalf of the consortium in matters related to this website. The relevant Project Manager is Ovidiu Mihăilă, who can be reached at omihaila@bitdefender.com. 

The postal address of the BITDEFENDER SRL (BD) is: SOSEAUA ORHIDEELOR 15A, CLADIREA ORHIDEEA TOWERS, ETAJELE 9,10,11 SI 12, BUCURESTI 060071, Romania.

Personal data processed by the CONSOLE project 

The CONSOLE project must effectively fulfil its objectives and comply with the requirements imposed by the legal, regulatory, and contractual environment, which involves processing personal data. 

The following categories of personal data are processed within the CONSOLE project: 

• Contact information 

• Participation information 

• Photos - Videos (from events, meetings and other activities) 

• User information and activity 

• Employment information 

• Communication information 

• Identification information 

• Publication information.

The role of the CONSOLE project in relation to personal data processing.

The personal data belonging to the categories mentioned above are collected directly from the data subjects during their interaction with the various partners as part of the CONSOLE project activities. 

Depending on the task and on the purposes of processing, each partner (including the Coordinator) could act as a Controller. The controller's identity will be clearly stated in the relevant notification provided to the data subject before the personal data is collected in each case. 

Personal data sharing.

The information provided to the CONSOLE project by the data subjects will be stored in the central information system of the partners and the project (if needed) on a need-to-know basis. 

Access to the data may be provided to authorised personnel of each CONSOLE project partner, to the European Union (staff relevant to the European Projects DIGITAL), to the national authorities of each country (should the need arise), to the platform support company, and to the platform and infrastructure host. 

If personal information needs to be shared with others, the data subjects will be duly notified, and relevant consent will be requested.

Lawfulness, fairness and transparency.

Personal data processed as part of the CONSOLE project will be collected and processed in a lawful, fair, and transparent manner regarding the data subject. For each processing, the legal basis will be identified, and the relevant actions will be implemented by the controller (project partner leading the relevant activity). Where consent is utilised as the legal basis, this will follow the relevant requirements stated in GDPR and the applicable national laws and guidelines. 

Personal data that has not been lawfully collected is prohibited, as is processing that does not fulfil the requirements of the GDPR, the relevant national laws and guidelines, and the relevant contractual requirements. Information about the processing of personal data is provided on the CONSOLE website, on the websites of the project partners, and in any communication requesting personal data. 

Purpose limitation.

The personal data collected by the CONSOLE project will be used for specified, explicit, and legitimate purposes. Processing personal data in a manner that is incompatible with those purposes is prohibited. 

Data minimisation. 

The CONSOLE project will only collect personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed. 

The project partners will examine every case of personal data processing under this specific principle and will minimise the data requested to the minimum possible. 

The relevant information will be sent to APIROPLUS SOLUTIONS LTD17, so that it can update the relevant record of processing facilities and implement further actions if needed. 

Accuracy. 

At this point, the personal information processed by the CONSOLE project is collected directly from the data subjects. 

Due to the project's limited lifetime, it would not be feasible to implement complex processes for keeping the relevant information up to date. 

Every reasonable step will be taken to ensure that inaccurate personal data, regarding the purposes for which they are processed, are erased or rectified without delay. 

Storage limitation. 

Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. 

Personal data shall be processed only for defined, specific, and relevant purposes related to the CONSOLE project. The duration of the processing will depend on the particular purpose, but it will not exceed eight (8) years (the duration of the project + 5 years as noted in the project Grant Agreement). 

Integrity and confidentiality.

Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures. 

Throughout the project lifecycle, the project partners will store the project-related personal data in a secure, password-protected repository. The project coordinator has selected, implemented, and administered this repository. 

Each project partner has access through designated staff members to the extent necessary for the project. Access control mechanisms govern access to the repository. 

The Coordinator will manage access to the repository and administer or revoke access to specific individuals and partners as needed. Moreover, the Coordinator will ensure that additional security measures are respected (e.g., regular back-ups). 

For the information retained by individual partners, repositories, or other mechanisms, adequate security measures shall be implemented to ensure the security of the retained data (e.g., access control mechanisms, regular backups). The main responsibility for the security of data collected and processed during the project's realisation and after its completion lies with the owners/managers/ project partners of the repositories where these data are stored. 

Personal data is classified as confidential information. As mentioned in the Grant Agreement (ARTICLE II.6 — CONFIDENTIALITY), “During implementation of the action and for five years after the payment of the balance, the parties must treat any confidential information and documents with confidentiality.” 

Accountability. 

Each project partner shall retain supporting information needed to provide evidence of accountability regarding the processing of personal data. 

The rights of the data subjects.

The project partners of the CONSOLE project shall accommodate the rights of the data subjects. 

Specifically, the data subjects have the following rights: 

Right of access by the data subject. The data subject has the right to determine if the partners of the CONSOLE project are using or storing personal data related to her/him. 

The data subject can submit a data subject access request, receive relevant information, and, if desired, a copy of the related data. 

Right to rectification. The data subject has the right to request that the partners of the CONSOLE project correct any personal data used or stored at any time to reflect reality. 

Right to erasure (‘right to be forgotten’). The data subject has the right to request that the partners of the CONSOLE project delete their personal data. The relevant partner is obligated to examine the request and delete the personal data if it is not relevant to legal or contractual requirements. The partner shall notify the data subject accordingly and proceed with the erasure when allowed. 

Right to restriction of processing. The data subject has the right to request that the partners of the CONSOLE project cease using their personal data. In contrast to the previous data rights, personal data does not need to be deleted; rather, it must either be wholly or temporarily stopped from processing. 

Right to data portability*. The data subject has the right to receive her/his personal data from the partners of the CONSOLE project, to transfer it to another service provider or request that the data be sent directly to such other service provider in a machine-readable way. (*Only processing operations based on the individual’s consent or on a contract to which the individual is a party fall under the scope of the right to data portability). 

Right to object and automated individual decision-making**. The data subject has the right to object, on grounds relating to their particular situation, at any time to the processing of personal data concerning them, including profiling. (**Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to the processing of personal data concerning him or her for such marketing, which includes profiling to the extent that it is related to such direct marketing). The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them. 

Right to withdraw consent***. The data subject has the right to withdraw consent for the processing of their/personal data. The existence of the right to withdraw consent at any time does not affect the lawfulness of processing based on consent before its withdrawal. (*** This right only applies when explicit consent is used as the legal basis for the processing). 

Exercising the rights of the data subjects.

At any time, a data subject may submit a relevant request to the following: 

1. Ms Chatzopoulou Argyro, ac@apiroplus.solutions (APIROPLUS Solutions Ltd.) Postal address: APIROPLUS Solutions Ltd., Costa Ourani 5, Petoussi Court, Floor 5, CY – 3085, Limassol, Cyprus. 

2. The Coordinator of the CONSOLE project –BITDEFENDER, Contact details: Ovidiu Mihăilă, omihaila@bitdefender.com. Postal address: Soseaua Orhideelor 15A, Cladirea Orhideea Towers, Etajele 9,10,11 Si 12, Bucuresti 060071, Romania 

3. The DPO of each partner of the CONSOLE project shall act as appropriate to the task and purpose of the processing. The contact details of the various partners are provided by their respective websites. 

Personal data breaches. 

All project partners must implement adequate measures to protect the confidentiality of the personal data being processed. 

In the case of a personal data breach, the controller (the relevant project partner) shall, without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to 

the rights and freedoms of natural persons. When a personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall notify the data subject of the breach without undue delay. 

The controller shall document any personal data breaches, comprising the facts relating to the personal data breach, its effects and the remedial action taken. That documentation shall enable the supervisory authority to verify compliance with Article 33 of the GDPR. 

The competent authorities have published forms for reporting personal data breaches. Each partner is encouraged to access the relevant location to identify the minimum information needed to be documented in such a case. 

All project partners should implement an appropriate continuity plan to ensure the safe and uninterrupted continuation of project activities. In the case of a personal data breach, the incident's impact shall be assessed to mitigate adverse effects and prevent any further occurrences. When assessing the significance of the impact of a personal data breach, parameters such as the number of affected subjects, the extent of the impact on the rights and freedoms of the data subjects, as well as on project activities, and the duration of the incident shall be considered.