Privacy Policy
​
Following the entry into force of the EU General Data Protection Regulation 2016/679
​
Introduction
GAATO is a not-for-profit Association of institutions and natural persons with an interest in the advancement of Assistive Technology worldwide. It is based in Geneva, Switzerland and it is subject to Swiss law.
GAATO is an active and connected organisation and, as such, it interacts with natural persons or natural persons representing organisations. During these interactions (e.g. receiving and responding to enquiries, requests for documents, welcoming visitors on our website) the Secretariat acting under the authority of GAATO and the board members of GAATO come in contact with “personal data”, namely any information relating to an identified or identifiable natural person (the so called “data subjects”).
The personal data are processed in accordance with the EU General Data Protection Regulation 2016/679.
The following information is relevant for all those that are in contact with GAATO. It explains how personal data are treated and, in case we treat your data, what are your rights as data subjects.
In case of voluntary subscriptions by the natural person to online communities initiated or endorsed by GAATO, such as LinkedIn, Twitter or other so-called social media, the responsibility of your data treatment remains with the service provider and GAATO declines any responsibility of the use of your data that they might make.
The security and privacy policies of GAATO are periodically reviewed and enhanced as necessary.
​
About the Privacy Policy
The Privacy Policy is given in compliance with article 13 of Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation - GDPR).
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation on data protection and privacy for all individuals within the European Union. It came into force across the European Union on 25 May 2018. The legislation confers more protection for users by recognising rights on individuals in relation to the privacy of their personal data as well as responsibilities on people holding and processing personal data.
Transparency is fundamental: in order to control how their personal data are managed, users must know in advance, clearly and comprehensively which personal information will be collected, who will process it, for what reasons and for how long.
Which websites are covered by this Privacy Policy?
The Privacy Policy is provided only for GAATO’s website. This Privacy Policy does not refer to websites which may be consulted by the user through the links published on GAATO’s website.
The existence of one or more links to websites not belonging to AAATE does not imply the approval or acceptance of responsibility by AAATE about its content or use.
​
​
Data Controller and Contact Information
The Data Controller of your personal data is the Global Alliance of Asssitive Technology Organizations (GAATO) , Avenue Louis-Casaï 81, 1216 Cointrin, Switzerland Email: secretary@gaato.org. For any communication or request regarding the protection of personal data, please contact us directly.
What personal data do we collect?
Browsing Data
When the users visit our website, no personal data are collected by GAATO.
However, the website’s operation involves the use of computer systems and software procedures which – by their nature - may need to store some of your browsing data. Due to the Internet communication protocols, the transmission of these data is automatic and it is necessary in order to ensure the website’s correct functioning. Although such data are not collected in order to be associated with your identity, they may - through processing and association with further data held by third parties – indirectly lead to your identification. For this reason, according to the GDPR they could be considered personal data. Examples of browsing data are IP addresses, domain name of your computer, the URI (Uniform Resource Identifier) addresses, the time of the request, the manner in which te request has been submitted to the server, the size of the file, the status of the response given by the server (successful, error, etc.) and other parameters related to the operating system and the users’ IT environment.
Cookies
GAATO’s website uses first-party technical and analytics cookies.
GAATO does not use profiling cookies. GAATO does not use cookies for the transmission of information of personal nature, nor c.d. persistent cookies of any kind or systems for the tracking of users.
The use of session cookies is strictly limited to the transmission of session identifiers necessary to allow safe and efficient exploration of the GAATO’s website. Such cookies are not stored permanently on the users’ computer and they disappear once the browser is closed. Session cookies are used by the GAATO’s website instead of other computer techniques which are potentially prejudicial to the users’ privacy. They do not allow the acquisition of personal data identifying the users.
To learn more about cookies, please visit our Cookie Policy.
Data voluntarily provided by users
The optional, voluntary and explicit sending of e-mail messages to the addresses indicated on GAATO’s website involves the acquisition of the sender’s email address as well as any other personal data included in the message, which is necessary for the sole purpose of answering to requests from users.
As Data Controller, GAATO specifies that personal data which, pursuant to art. 9 of the G.D.P.R., belong to “special categories of personal data” and which the users might voluntarily and spontaneously confer, will be processed with utmost confidentiality, for the exclusive purposes specified in this Privacy Policy and in compliance with the current legislation. These personal data will be disclosed only to the recipients indicated in the Privacy Policy and will not be used for commercial purposes.
Purposes and legal basis of processing
Browsing Data
Personal data collected automatically by the informatic system are used:
-
in order to allow users to use all the functions of GAATO’s website;
-
in order to obtain anonymous statistical information about the use of GAATO’s website and to check its correct functioning. and are destroyed immediately after being processed. These personal data are immediately destroyed after their processing;
-
in order to determine responsibility in case of computer crimes against GAATO’s website.
Data voluntarily provided by users
When the users voluntarily and explicitly send e-mails to the addresses indicated on GAATO’s website, personal data are collected and processed only to the extent necessary to respond to any request.
Recipients of personal data
Browsing Data
Recipients of browsing data are the service providers for the management and functioning of the GAATO’s website.
Data voluntarily provided by users
The following are the recipients of the personal data provided voluntarily by the users, listed individually or by category:
-
AAATE’s members and collaborators;
-
E-mail service providers;
-
Service providers for the management and functioning of the GAATO’s website;
-
Occasional maintenance and repair workers;
-
Cloud service providers;
-
Hosting service providers and virtual service providers;
-
Connection and phone service providers;
-
Communication service providers;
-
Mailing list service providers;
-
File transfer service providers;
-
Remote assistance service providers;
The personal data will not be communicated to other categories of subjects, nor they will be shared or made public in any way.
Transfer of personal data to third countries and international organisations
If the IT service providers and programmes used by GAATO foresee or employ cloud computing technology, your data may be transferred to servers located in non-EU countries. These technologies, by their nature, cannot localise with certainty where your data are stored.
According to the law, only a few countries outside the European Economic Area (EEA) have been approved by the European Commission as able to provide data protection laws which are essentially equivalent to EEA’s. Therefore, your data may be transferred to countries which have not had this approval.
However, we remind you that AAATE has carefully selected only service providers capable to offer a high level of security and protection of personal data.
Data Retention
Browsing Data
These data could be used to determine responsibility in case of computer crimes against GAATO’s website. Besides this specific case, browsing data are deleted immediately after processing.
Cookies are stored for 12 (twelve) months, but only in aggregate form and do not allow users to be identified.
Data voluntarily provided by users
Personal data, voluntarily provided by sending e-mail to contacts indicated on the website, will be processed only for time necessary to respond to the requests of information, after which, they will be destroyed. If users request to partner/collaborate with GAATO or to participate to activities, events, conferences organised by GAATO, a different and specific Privacy Policy will be provided according to the type of request.
Your data protection rights
Under data protection law (GDPR), you have rights of which you need to be informed:
-
Right of access (Article 15)
-
Right to rectification (Article 16)
-
Right to erasure (‘right to be forgotten’) (Article 17)
-
Right to restriction of processing (Article 18)
-
In case of rectification or erasure of personal data or restriction of processing, “the controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed” (Article 19)
-
Right to data portability (Article 20)
-
Right to object to processing (Article 21)
You may exercise your rights at any time by sending an email to privacy@aaate.net. It will be our concern to respond to you without delay and in any case within a month.
Your right to withdraw consent
You can always withdraw a consent you have granted in the past, in the same way as you have expressed it, or otherwise by sending an e-mail to secretary@gaato.org.
Once you have communicated to us your decision to withdraw your consent, every processing concerning your personal data will be immediately interrupted
We remind you that your decision to withdraw consent does not affect the lawfulness of the processing based on consent expressed before.
Your right to lodge a complaint before a Supervisory Authority
You have the right to lodge a complaint before the Austrian Data Protection Authority (https://www.data-protection-authority.gv.at/contact) in case your rights and freedoms have been violated and prejudicated.
The transmission of personal data as a statutory requirement or a necessary requirement
With the exception regarding the specifics of browsing data, users are free to voluntarily and optionally provide their personal and identification data.
However, if these personal data (e.g. first name, last name, email address) are not provided, GAATO will not be able to respond to users’ requests.
​
​
Profiling and Automated Decision-Making
Browsing Data
Your browsing data will not be used for profiling purposes, nor to activate automated decision-making processes.
Data voluntarily provided by users
Personal data, voluntarily provided by sending e-mail to contacts indicated on the website, will not be used for profiling purposes, nor to activate automated decision-making processes.
​
Security Measures
In compliance with the GDPR, GAATO implements technical and organisational security measure in order to ensure the protection of personal data against risks such as the risk of destruction (including accidental destruction), loss, unauthorised access or the risk of processing not compliant to the purposes defined in this Privacy Policy.
Processing Methods
The processing of personal data is carried out in accordance with article 32 of the GDPR. The processing takes place through both computerised, telematic systems and manual, mechanic actions.
In compliance with the principles of relevance and non-excessiveness, GAATO will periodically verify the strict relevance of the personal data which are being processed.
​
Rules of Conduct and Data Dissemination
In case of improper use of the GAATO’s website which may involve criminal activities or any illegal conducts, GAATO has the right to inform the Public Authority, in compliance with law and regulations.
Changes to Privacy Policy
This Privacy Policy may change if new features are added to GAATO’s website or in case of suggestions and comments submitted by users.
This Privacy Policy may change at any time. In such case, the updated Privacy Policy will be published on GAATO’s website and will become effective on the day of publication.
​