H2020 InnoRate – PRIVACY POLICY

LAST UPDATE: 21/12/2020

1. Who we are:

InnoRate (hereafter “we,” “us,” “our,” and “InnoRate”) is a project funded under the H2020 Research and Innovation Programme that deploys a trusted service platform across the EU to support and improve the decision-making processes of private investors, innovation intermediaries, and technology transfer offices (TTOs) for identifying and vetting innovative ventures with high growth potential. The InnoRate Technology Rating System (ITRS) of digital decision support tools provided through this service platform facilitates the commercialisation and scale-up of tech-driven innovations as well as supports the access-to-finance of tech-driven entrepreneurs, projects, start-ups, and SMEs.

In fact, the ITRS is underpinned by a well-customised innovation assessment and rating methodology, taking advantage of the KOTEC Technology Rating System (KTRS) that has a track record of assessing over 200,000 cases and helping SMEs acquire more than EUR 75 billion in the Republic of Korea. Therefore, the project leaps forward in evaluating the technological and business potential and risks of high-potential innovations, going beyond the traditional credit-focused approaches. At the same time, InnoRate blends ICT with human expertise through deep-assessment services, where experts bring in the market and technology expertise required to evaluate more hard-to-grasp business aspects. In a nutshell, InnoRate can help:

• Entrepreneurs, projects, start-ups and SMEs to: (i) commercialise and internationalise their innovations in EU markets through increased visibility and collaboration opportunities, (ii) quantify their innovation potential and their strengths, weaknesses and risks; (iii) benchmark their performance.
• Private investors, innovation intermediaries and TTOs to: (i) assess hundreds of innovators using a novel, fast and reliable assessment rating methodology; (ii) identify promising tech-driven ventures, (iii) gain insights about innovators’ ecosystem, (iv) monitor existing portfolios, (v) access to data for further analysis and (vi) reduce the costs and time of assessments.

To learn more about the concept of ITRS, click here.

ITRS, along with its rating methodology and digital decision-support tools, is piloted in the context of investment readiness and matchmaking services offered by the project to interested stakeholders, covering a diverse set of use cases, ranging from investors scouting for and prioritising tech-driven SMEs with high-growth potential for financing, to innovation intermediaries assessing promising ventures for commercialising their innovations. After the piloting phase, the project will elaborate policy recommendations that can help stakeholders adopt the InnoRate’s results.

Ultimately, InnoRate’s vision is to disrupt the largely risk-averse financial sector of the EU, enhancing the innovation capacity of high growth technology sectors and paving the way for disruptive innovations to flourish. To put it simply, InnoRate wants to bring innovation to finance and finance to innovation.

The partners of the InnoRate consortium, listed below, are joint controllers of the personal data processed by the project. Each partner is responsible for the personal data they collect and process during their activities under the framework of the project:

• Q-PLAN INTERNATIONAL ADVISORS PC, Thessaloniki, Greece (InnoRate Coordinator). More information at: https://qplan-intl.gr/
• TECH TOUR GLOBAL, Sofia, Bulgaria (InnoRate Partner). More information at: https://www.techtour.com/
• EY ADVISORY SPA, Rome, Italy (InnoRate Partner). More information at: ey.com
• EUROPEAN BUSINESS AND INNOVATION CENTRE NETWORK AISBL, Brussels, Belgium (InnoRate Partner). More information at: https://ebn.eu/
• JOLT CAPITAL SAS, Paris, France (InnoRate Partner). More information at: https://jolt-capital.com
• WHITE RESEARCH SRL, Brussels, Belgium (InnoRate Partner). More information at: white-research.eu
• UNISMART – FONDAZIONE UNIVERSITÀ DEGLI STUDI DI PADOVA, Padova, Italy (InnoRate Partner). More information at: http://www.unismart.it/en/
• KOREA TECHNOLOGY FINANCE CORPORATION (KOTEC), Busan, Republic of Korea (InnoRate Partner). For more information: http://www.kibo.or.kr/src/english/
• SIRMA AI EAD (trading as ONTOTEXT), Sofia, Bulgaria (InnoRate Partner). For more information please visit: https://ontotext.com/

For further information, we can be contacted at: info@innorate-project.eu

2. How we collect your personal data

We collect personal data both directly and indirectly:

Directly. We obtain personal data directly from individuals in a variety of ways, including but not limited to the following cases:

• an individual subscribes to our newsletter/s;
• an individual registers to attend in meetings and events we host and during attendance at such events;
• an individual visits the InnoRate website;
• an individual registers on and uses the InnoRate platform to receive its services (please, see also the privacy policy of the InnoRate platform);
• an individual participates in the InnoRate pilot operation phase and provides feedback on the pilot use cases;
• we establish cooperative relationships with an individual;
• we provide professional services pursuant to our contract with the European Commission;
• an individual participates in an interview or survey organized by us.

Indirectly. We obtain personal data indirectly about individuals from a variety of sources, including:

• our research partners;
• our networks and contacts;
• public and open data sources such as public registers, news articles and internet searches;
• social and professional networking sites (e.g. LinkedIn).

3. What types of data we collect?

We only collect the data that are necessary for the smooth implementation of our project. These data fall into the following categories:

• contact details (name/ surname, e-mail address, street address, mobile phone number, land line phone number);
• professional information (job title, academic background, organization, field of expertise, period working for the organisation, organisation’s headquarter location);
• demographics (e.g. age, gender, nationality);
• use of the InnoRate platform (for more information, see also the privacy policy of the InnoRate platform);
• information about what a person knows, prefers, or believes;
• videos and photos (from people that attend our events).

4. Bases of lawful processing

We process personal data on the following legal bases:

Legal obligations – for processing activities required for compliance both with applicable national and European legislation as well as with the specific legal and regulatory framework of the Horizon 2020 Framework Programme for Research and Innovation of the European Union.

Consent – for processing activities such as organization of surveys and interviews, completing of questionnaires and dissemination of project’s results.

Contractual obligations – for processing activities such as reporting to the European Commission and complying with project’s publicity obligations.

5. What we do with your personal data

We process your personal data with the purpose of:

• Providing you with services that you request from us,
• Conducting research (e.g., interviews, surveys);
• Disseminating our project’s results and activities to different types of stakeholder;
• Sending invitations and providing access to guests attending our events and webinars;
• Administering, maintaining, and ensuring the security of our information systems, applications, and websites;
• Processing online requests or queries, including responding to communications from individuals and sending the project’s newsletter to subscribers;
• Complying with contractual, legal, and regulatory obligations.

6. How we secure your personal data when we process it

We continuously apply a personal data risk assessment process to identify, analyse, and evaluate the security risks that may threat your personal data. Based on the results of this risk assessment, we define and apply a set of both technical and organizational measures to mitigate the above security risks, including but not limited to:

• Data Protection Policies to guide our personnel when processing your data;
• Written contracts with organizations that process personal data on our behalf;
• Non-Disclosure Agreements with our personnel;
• Back up process, antimalware protection, access control mechanisms, etc.
• Some of our  partners, namely Q-PLAN INTERNATIONAL ADVISORS PC, UNISMART – FONDAZIONE UNIVERSITÀ DEGLI STUDI DI PADOVA, KOREA TECHNOLOGY FINANCE CORPORATION (according to the Law of the Republic of Korea –  Personal Information Protection Act), SIRMA AI EAD  have appointed a Data Protection Officer.

7. Do we share personal data with third parties?

We may occasionally share personal data with trusted third parties to help us deliver efficient and quality services. When we do so, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we share the data. We may engage with several or all the following categories of recipients:

• Parties that support us as we provide our services (e.g., cloud-based software services such as Dropbox, Microsoft SharePoint, Google Drive);
• Our professional advisers, including lawyers, auditors, and insurers;
• Dissemination services providers (e.g., WordPress, MailChimp). The InnoRate website is created with WordPress, which only collects non-personally-identifying information (according to the WordPress Privacy Policy) except for the information users choose to share (e.g. through a contact form or newsletter sign up form). In this case, the InnoRate website provides a copy of its contact list to MailChimp server (http://mailchimp.com), which is used for e-mail campaigns and newsletters distribution. All personal information included in this contact list is used and protected according to the MailChimp Privacy Policy;
• Law enforcement or other government and regulatory agencies or other third parties as required by, and in accordance with applicable law or regulation;
• The European Commission according to our relevant contractual obligations.

8. Do we transfer your personal data outside the European Economic Area?

Some partners may use cloud and/ or marketing services from reputable providers such as SharePoint, DropBox, MailChimp, Google Drive, etc., situated both inside and outside the EEA. We always check that such providers comply with the relevant GDPR requirements before start using their services.

9. Do we use cookies?

Our websites use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. Cookies are small text files which are saved on your computer, mobile phone or tablet. They allow the website to remember your actions and preferences (such as login, language, font size and other display preferences) so you don’t have to keep re-entering them whenever you come back to the site. You can control and/ or delete cookies as you wish. If you do this, however, you may need to manually adjust your preferences every time you visit a site. For more information on how to manage cookies, please visit: http://www.aboutcookies.org/

We use tools like Google Analytics to better understand how visitors interact with our website. This provides us with important information to enable the site to work better. The information collected is not linked to your personal data. For more information on the cookies set by Google Analytics, please visit: http://code.google.com/apis/analytics/docs/concepts/gaConceptsCookies.html

The following cookies are used by Google Analytics:

10. Your rights

You have the following rights regarding our processing of your personal data:

• Right to withdraw consent – You can withdraw consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.
• Right of access – You can ask us to verify whether we are processing personal data about you and, if so, to have access to a copy of such data.
• Right to rectification and erasure – You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
• Right to restriction of processing – You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
• Right to data portability – In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another entity.
• Right to object – You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision-making. However, we may need to keep some minimal information (e.g., e-mail address) to comply with your request to cease marketing to you.
• Right to make a complaint to your local Data Protection Authority (DPA) (see https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm) regarding any concerns you may have about our data handling practices.

To ask us to do anything of the above, you can contact us by email: info@innorate-project.eu. We will promptly examine your request against the relevant requirements of the laws and regulations governing privacy and personal data protection and we will answer the latest within 30 days after receiving your request. We will ask from you some kind of identification (e.g. photocopy of your identity card or passport) to avoid non-authorized reveal of your personal data. If, for reasons of complexity of the request or a multitude of requests, we are unable to respond promptly, we will notify you within 30 days of any delay, which in no case may exceed two months from the expiration of the 30-day deadline.

11. How long do we retain personal data?

We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations, and contractual obligations to which we are subject. Please note that we have an obligation to retain data concerning projects funded by the Horizon 2020 Framework Programme for Research and Innovation of the European Union  for up to five years after the end of the project (unless further retention is requested by auditors). After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.

12. Disclaimer of liability for third party websites

Although our site may contain links to third-party sites, including the sites of the consortium partners, we are not responsible for the privacy practices or content of these sites and we expressly disclaim any liability for any loss or damage that may be caused by the use of these links. We do not monitor the privacy practices or the content of these sites. If you have any questions about the privacy practices of another site, you should contact the site’s responsible personnel. We suggest you read the privacy policy of each website you interact with, before allowing the collection and use of your personal data.

We may also provide social media features that allow you to share information on your social networks and interact with our project on various social media sites. The use of these social media features may result in the collection or sharing of information about you. We recommend that you check the privacy policies and regulations of the social networking sites you interact with, so that you can be sure that you understand what information may be collected, used and disclosed by these sites.

13. Children’s privacy

InnoRate does not knowingly collects, uses, or discloses information from children under the age of 16. If we identify that we have collected the personal information of a child under 16 years we will take steps to delete the information as soon as possible. Please immediately contact us if you become aware that a child under 16 years has provided us with personal information.

14. Revisions of this Privacy Policy

This Privacy Policy is valid from 21/12/2020 and replaces any other previous notifications that we had issued in the past regarding our personal data management practices. We reserve the right to revise this Policy at any time. The current version will be always uploaded to our website indicating the date of entry into force, so you know when the most recent revision took place. If there are critical changes in this policy or our personal data practices change significantly in the future, we will notify you by posting the changes on our website.

15. Contact Us

If you have any questions about the InnoRate Privacy Policy, please contact us at info@innorate-project.eu.