ChArGED  is a research consortium of eight partners working in H2020 EU-funded project whose profiles can be accessed from the project website: charged-project.eu. For the consortium, protecting the personal information and privacy of individuals participating in the ChArGED Mobile Application development and testing is of utmost importance. We only process the personal data resulting from the use of this platform in accordance with applicable data protection laws. In the following, we would like to explain how your personal information is being processed and which safeguards we have implemented to protect your privacy. By using our platform, you agree that your data may be collected and processed following the information provided below:

1. Scope and Party Responsible for Data Processing

The following parties are responsible for data processing as joint controllers (hereinafter “Provider”):

  • European Dynamics S.A., 209, Kifissias Av. & Arkadiou Str.,15124 Maroussi, Athens, Greece responsible for maintaining and developing the ChArGED Application and Interface, the ChArGED backend system that includes the ChArGED central databases, the ChArGED middleware (SiteWhere) and the ChArGED game-backend.
  • Wattics Ltd., The Guinness Enterprise Centre, Taylor’s Ln, Dublin 8, Ireland. This party is responsible for maintaining and developing the ChArGED Energy Analytics back-end including supporting databases.

This Privacy Policy applies to the use of the ChArGED Mobile Application and the integrated modules as listed above (hereinafter also "Platform") by private individuals (hereinafter also referred to as “User”)

2. Aims and scope of the ChArGED project

ChArGED is a research project funded by the European Union under the Horizon 2020 programme. ChArGED addresses the energy consumption in public buildings and proposes a framework that aims to facilitate achieving greater energy efficiency and reductions of wasted energy in public buildings. The project involves the use of low-cost Internet of Things (IoT) devices to measure the energy consumption, as well as the behavior of users in this regard. Wastages will be targeted by a gamified application that feeds personalized real-time recommendations to each individual user. The design of the game will help users to understand the environmental implications of their actions and to motivate them adopting a more green, active and responsible behavior to reduce energy consumption.

The application utilizes RFID tags placed at known locations within the user work environment in conjunction with a mobile application that runs on users mobile devices. Users are then able to track their activities and learn how they could reduce their overall energy consumption. These RFID tags contain only a unique identifier, but no personal data.

ChArGED user interaction consists of two stages. The first stage covers user registration that is performed through the ChArGED middleware after explicitly requesting it from their participating organization. During this stage users are informed about the deployment of the RFID tags and BLEs at their work environments. The second stage covers the actual participation in a game/challenge. The ChArGED platform is used to provide all services required.

Being a research project, the ChArGED system is still under development. The purpose of any data collection and processing on the platform is to test the proper functioning of the system and its components, as well as to improve further the technology used. Moreover, the ChArGED Platform is not sharing any data with 3rd parties.

3. Principles of data processing

  • Lawfulness, fairness and transparency: This means that there must be a legitimate ground for data processing, that is, for collecting and using personal data, and not use the data in ways that have unjustified adverse effects on the individuals concerned. Personal data must furthermore be processed in a fair and transparent manner in relation to the data subject.
  • Purpose limitation: This means that personal data shall be obtained only for specified, explicit and legitimate purposes. The purposes for processing of data with the ChArGED Platform are specified in No 2. of this privacy policy. Data shall not be further processed in any manner incompatible with those purposes.
  • Data minimization: Only personal data that is necessary for implementing the purposes shall be collected and processed. Data that is no longer processed shall be deleted or anonymized depending on the needs of the system.
  • Accuracy: Data in the ChArGED system shall be accurate, and the data subjects should have the opportunity of updating their data. All reasonable steps to ensure that personal data which are inaccurate, incomplete or no longer up to date are not transmitted or made available should be undertaken. To that end, the ChArGED system shall as far as practicable, provide means to update data where necessary.
  • Storage limitation: Data in the ChArGED Platform shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
  • Integrity and confidentiality: Data in the ChArGED Platform shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. These measures are explained further in No 4 of this privacy policy.

4. Technical protection measures

  • We protect the Platform by means of technical and organizational protection measures against loss, destruction, access, alteration or dissemination of data by unauthorized persons. Despite regular controls, however, absolute protection against is not feasible. In particular, we point out that the data transmission on the Internet may have security gaps and complete protection of data against access by third parties cannot be guaranteed.
  • The Platform is available in an unfinished software version (Beta Version) of which we cannot fully guarantee the protection of personal data.
  • To ensure that the data is processed and stored safely, the following IT-security measures are being implemented: Encryption is applied to all components whenever feasible, such as using “https” for the mobile application. Further measures implemented are in line with European Dynamics’ (ED) corporate certified security services (ISO 27001), which apply to the main server which is hosted by ED, but also all other partners being involved in the development of the ChArGED system. More specifically, data isolation techniques are being used, according to which information remains private within a system unless to be shared. A unique user identification is exchanged between sub-systems, thus concealing any personal user information from being exchanged, which is a measure to safeguard the personal data, unless it is required to be exchanged. Database encryption is assured through MySQL "embedded" Transparent Data Encryption.

5. Use of the Mobile Application

The ChArGED Mobile Application is developed within the ChArGED project, offering users the ability to select a daily challenge aiming to reduce their energy consumption. The purpose of this test pilot is to ensure the proper functioning of the test system. Users select a challenge from the list of available ones, including: a) Switch off your pc before leaving for home, b) Switch off pc if leaving your desk for more than 30min, c) Use the stairs, d) Close the windows if the A/C is on (DAEM only), e) Switch off the A/C and lights after hours, f) Solar Challenges. Users are then instructed on the required actions in order to play the challenge. Once a challenge is selected users should activate their mobile devices and place them in close proximity to the RFID tags (<5cm). Once an RFID tag is scanned the user is informed. However, if mobile device is de-activate scanning of RFID tags is not performed. In order to use the Platform, the user agrees to the collection, processing and use of the following personal data: Location data (within a building), energy consumption measurements, user-resettable unique phone ID (provided by Google Play services).

6. Data transfer to third parties

  • The Provider does not transfer user data to third parties.
  • The Provider will share the data of the User if legally obliged to do so, for example, to obey a court order or a third party needs the data for the technical support or to maintain the Platform. In such cases, the third party is obliged to process such data in accordance with this Privacy Policy.

7. Account termination and deletion

Users may terminate their account at any time, by contacting anastasia.garbi@eurodyn.com. The user will receive a verification e-mail. If the user account is deleted, all data stored on it including the encrypted data are deleted completely.

8. Contact

User may contact the Provider at any time. We only use the data you provide to process your requests. The data will not be transferred to third parties.

9. User’s rights

In accordance with statutory provisions the traveller has the right to request information free of charge about his/her stored data (this also includes the information, that no data has been stored about traveller (art. 15 GDPR), as well as the right to rectification (art. 16 GDPR), erasure (art. 17 GDPR), right to restriction of processing (art. 18 GDPR), right to data portability (art. 20) and right to object (art. 21 GDPR).

You are also free to withdraw your consent to the processing of your data at any time without providing a reason for your decision. Your decision to withdraw your consent will not have any negative impact. In the case of withdrawal, personal data will be immediately deleted (see No. 6 account termination and deletion) and no longer be processed by the providers. Any data that could be reconnected to you will be deleted. Please note that personal information that was anonymised in the course of the project cannot identify you and therefore will not be deleted.

For questions concerning the collection, processing or use of your data, as well as to claim your rights, please contact:

European Dynamics S.A.

Address: 209, Kifissias Av. & Arkadiou Str., 15124 Maroussi, Athens, Greece, e-mail: anastasia.garbi@eurodyn.com

10. Data retention

All data obtained in the ChArGED pilots will be either anonymised or deleted on 31 August 2019.

11. Changes to the Privacy Policy

Provider reserves the right to change this Privacy Policy in compliance with data protection regulations. For questions or suggestions concerning the protection of personal data, please contact anastasia.garbi@eurodyn.com.