top of page

Project data protection

InfraStress Data Protection Policy 


InfraStress project values the respect for privacy and data protection as both a legal requirement and an ethical standard. For this reason, we indicate below the main periodical actions and initiatives we undertake in order to frequently review the way the project observes and respects privacy standards.

Why personal data might be involved and processed by InfraStress?

During the research activities and the rollout of the project, personal information will be inevitably processed. Hereby we sum up the four main areas where personal data processing operations may take place.

  1. Testing and integration of InfraStress technologies. Amongst the technologies that this project will test, there will be applications like intrusion detection sensors, network analysis, physical-security information systems, crowd-sensing. In such circumstances, personal data processed might include social media posts (in an aggregated and paraphrased way), sensor-generated data, IP addresses.

  2. Complementary surveys. In order to test and evaluate the technology on end-users and plants, questionnaires or surveys might be conducted. In such case, no details will be retained and any residual personal information gathered (f.e., country of residence) will be aggregated and pseudonymized.

  3. Business-related personal data – this is the case in which you are a project partner. Name, surname, e-mail address, organization are often processed amongst partners to undertake ordinary project activities, like emailing, assemblies planning and attendance lists, decision-making processes and legal compliance duties. Cookies might be installed to enable access to the shared private online working platform of InfraStress.

  4. Visiting the project website or InfraStress social media accounts. Our project website is openly available for consultation. In the case you end up navigating our webpages, our cookie policy applies (see mettre le lien hypertexte ). We also have a Twitter profile and a LinkedIn profile. Your account names will solely be processed by the partner in charge of the communication and nobody else from the InraStress project will see it.

How personal data are processed

However, processing personal information pursuing research interests implies that a number of safeguards and proactive initiatives are taken in order to protect the rights of the data subjects at stake. In order to do so, InfraStress project partners begin all processing of personal data by following these principles:


  • Fairness and lawfulness. Personal data are processed fairly and for the purposes for which they were collected initially. Any re-purposing is done by an assessment of the compatibility test (the initial purpose and the research purpose for which partners process personal data must be compatible one another). Moreover, personal data processing operations are assessed against their legality by the project coordinator.

  • Security of processing. Personal data processing operations are conducted following the available security measures, both technical and organizational. As an example, access control and authentication-based environments are applied to the access to data-sets containing personal data, and the need-to-know principle is implemented in the vetting of any researcher involved in InfraStress personal data processing operation.

  • Minimization. Collection and processing of personal data, including during the technology testing and the data storage, follow the principle of data minimization. This means, for example, collecting data (and tuning InfraStress technologies) in a way that only the strictly necessary amount of personal data is processed. Furthermore, the testing of InfraStress technologies will be conducted only in circumscribed perimeters, and whenever personal details will be needed, pseudonymization will be sought.

  • Third-party non-disclosure. No personal data will be disclosed to any third-party (i.e. non-consortium entities) unless there is an explicit authorization to do so by the interested individual or a contractual obligation to be fulfilled.

  • Use-case-based access. Personal data will remain within the consortium domain. Furthermore, personal data will only be accessed by the partners with an involvement in a given use-case. If the partner does not have any interest or involvement in a use case, personal data processed therein will not be disclosed to them, in accordance to the need-to-know principle.

  • Long-term identification is not an aim. It is not in the purposes of this project to retain personal data for long periods and to aggregate such data so to identify an individual. When personal data are processed for research finalities, such sets will mostly be operated for the duration of the testing and immediately deleted afterwards, unless otherwise indicated.

  • Accuracy. InfraStress project regularly reviews datasets where personal data are stored in order to ensure the accuracy and reliability of the information therein. Systems to update the information are in place so to ensure both security and controlled access to datasets.

How long we will retain the information?

If immediate deletion will not occur, that means we have a legal obligation and/or a research purpose to archive the data either for contractual reasons or for scientific research finalities. In such case, InfraStress partners will retain the personal data in question for a maximum of one year from the termination of the project, unless otherwise indicated or requested by a supervisory authority or for auditing purposes.

​ For further details, please contact the project’s coordinator.  

Release date : 31/07/2019

bottom of page