PRIVACY POLICY

This privacy policy explains how we collect, use, and safeguard your data as part of the DIVERSIFAIR Erasmus+ project, ensuring compliance with GDPR and other relevant privacy regulations.

1. Introduction

1.1 This is the privacy policy of the DIVERSIFAIR Erasmus+ project (the “Policy”), which is referred to as “DIVERSIFAIR”. The DIVERSIFAIR project aims at addressing intersectional bias in artificial intelligence. Its consortium consists of the following eight partners: CorTexter (The Netherlands), Eticas (Spain), Institut d’Etudes Politiques Paris (France), TNO (The Netherlands), Turing College (Lithuania), University College Dublin (Ireland), Women4Cyber (Belgium) and Women in AI (France). Women in AI and Women 4 Cyber manage the Work Package 5 “Communication and Impact Maximisation”, with Women in AI taking the lead. The project has received funding from the European Education and Culture Executive Agency (EACEA) in the framework of Erasmus+, EU solidarity Corps A.2 – Skills and Innovation under grant agreement 101107969. The project runs from June 2023 to June 2026.

1.2 For the purposes of GDPR, Women in AI is the ultimate controller of any personal data collected for the scope of deliverables to DIVERSIFAIR. Women in AI a nonprofit do-thank working towards inclusive AI that benefits global society located in France at 15 rue Géo Chavez 75020 Paris, France. Hereinafter it is referred to as “us” or “we” throughout this Policy. This Policy provides details of the ways in which we process personal data in line with our obligations under data protection law including the General Data Protection Regulation (No 2016/679) (“GDPR”).

1.3 As part of its compliance, Women in AI has appointed a data protection officer in the European Union for the DIVERSIFAIR project:
Louise Aupetit – louise(a)womeninai.co

2. Background and Purpose

2.1 The purpose of this Policy is to explain what personal data we process and how and why we process it. For the purposes of this Policy, personal data means any information relating to an identified or identifiable person. Please read this Policy carefully as it provides important information about how we use personal data and explains your legal rights. In addition, this Policy outlines our duties and responsibilities regarding the protection of such personal data. The way we process data will evolve over time, and we will update this Policy to reflect changing practices and law. We will notify you of any changes, either the next time you visit a website or to the contact details we hold for you.

2.2 In order to meet our transparency obligations under data protection law, we will incorporate this Policy by reference into various points of data capture used by us (e.g. application forms etc.) and may provide additional information where relevant.

3. Women in AI as a Data Controller

3.1 We will act as a data controller in respect of personal data provided to us by various individuals in connection with the operation and administration of DIVERSIFAIR. Such individuals will generally include the following:
a. DIVERSIFAIR consortium partners: CorTexter (The Netherlands), Eticas (Spain), Institut
d’Etudes Politiques Paris (France), TNO (The Netherlands), Turing College (Lithuania), University
College Dublin (Ireland), Women 4 Cyber and Women in AI (France)
b. DIVERSIFAIR activities participants and respondent to any questionnaire
c. Interested parties or stakeholders who consent to share their personal data

We sometimes use third party providers to collect this information on our behalf such as Eventbrite, Qualtrics, Google Form and Brevo. They are responsible for protection of personal data that they collect and process as per the GDPR.

4. What personal data do we collect from you?

4.1 In order for us to provide our services to you, we require certain personal data from you. We collected the following personal data for the various data subjects:

Categories of data subject	Type of personal data
DIVERSIFAIR consortium partners	Name, contact details including email and phone number. Age range, areas of expertise, LinkedIn link, University/School/organisation name.
DIVERSIFAIR activities participants	Name and contact details, including email. Age range, highest degree of education, field of studies/job, areas of expertise, LinkedIn link, rate of knowledge in AI, University/School/organisation name.
Interested parties or stakeholders	Name and contact details, including email. Age range, highest degree of education, field of studies/job, areas of expertise, LinkedIn link, rate of knowledge in AI, University/School/organisation name.
Individuals who expressed interest in the project	Name and contact details, including email. Organisation and country.
Website Visitors	Domain; IP address; date, time and duration of your visit; browser type; operating system; page visits; other information about your computer or device; and internet traffic. Any Personal Data provided by users using the email addresses provided on our website.

5. What are the purpose for processing your personal data?

5.1 This personal data is processed by us for the following purposes:

Purpose of processing	Lawful basis under GDPR
Training, mentorship, educational and professional support, quality monitoring or/and evaluating the services we provide.	Such processing is necessary for the legitimate interests pursued by the Chapter of improving and providing the quality of services we offer to users.
The organisation, promotion and running of events.	Such processing is based on attendees’ consent.
Maintaining contact details of subscribers and communicating with them through various means including email and online social media retargeting.	As necessary for the performance of the DIVERSIFAIR legitimate interests where photographs or details are published, the consent of the relevant individuals.
Publishing and circulating a newsletter, website updates and other member communications, which may include publication of photographs or details of subscribers and other individuals.	The consent of the relevant individuals.
Website services, including troubleshooting, data analysis, and survey purposes.	We have a legitimate interest in operating a website and for related purposes.
Statistical information that cannot be related back to individuals to help us improve the services we offer and for research purposes.	We have a legitimate interest in operating a website and for related purposes.

5.2 Research activities

The personal data you provide will be used to support research activities within the DIVERSIFAIR Erasmus+ project. This includes collecting and analysing data to enhance our understanding of diversity and inclusion in educational and professional settings. Your data will contribute to developing new strategies, insights, and tools to promote diversity and inclusion. Participation is voluntary, and all data will be anonymized to ensure your privacy and confidentiality. If you choose not to provide your personal data, you will still be able to participate in the project, but your data will not be included in the research analysis.

5.3 Communication purpose

To send you emails about DIVERSIFAIR, we need your personal data. Providing this information is optional. However, if you choose not to provide your personal data, DIVERSIFAIR will not be able to contact you regarding the project.

6. What is the legal basis for the processing of your personal data?

6.1 To process your personal data as described above, WOMEN IN AI relies on the active content you provided. Your consent can be removed at any time, without affecting the data processing lawfulness before the removal.

7. How long do we keep your personal data for?

7.1 For the above-mentioned purposes, your personal data will be kept for no longer than the duration of the project after their collection, which runs until June 2026. To satisfy its legal obligations or in order to have the necessary elements to assert its rights, Women in AI will be able to retain the data for another ten years under the conditions established by applicable rules and regulations.

15. Further Information/Complaints Procedure
15.1 For further information about this Policy and/or the processing of your personal data by or
on behalf of Women in AI please contact the representative listed in paragraph 1.1.2.
15.2 While you may make a complaint in respect of our compliance with data protection law to
the relevant data protection supervisory authority in your jurisdiction, we request that you
contact Women in AI (at the contact listed in paragraph 1.1.2) in the first instance to give us the
opportunity to address any concerns that you may have. A list of data protection supervisory
authorities is available here.
16. Contact information
If you have questions or comments about this Policy, please contact us at:
WOMEN IN AI
15 rue Géo Chavez
75020 Paris
FRANCE
Data Protection Office for the DIVERSIFAIR project: [email protected]
Date: 26 June 2024

8. Who are the recipients of your personal data?

8.1 In the context of such processing, the recipients of all or part of your personal data will be the personnel of WOMEN IN AI (France) and Women4Cyber (Belgium) in charge of administration, supervision, communication, information systems management and hosting of DIVERSIFAIR. All such recipients are located within the European Economic Area (EEA) and in the country referred to above.

9. Is your personal data transferred out of the European Economic Area?

9.1 Your data will not be transferred outside of the European Economic Area (EEA).

10. Individual Data Subject Rights

10.1 Applicable data protection laws provide certain rights in favour of you as a data subjects (, such as the right:
1. of a data subject to receive detailed information on the processing (by virtue of the
transparency obligations on the controller);
2. of access to personal data;
3. to rectify or erase personal data (right to be forgotten);
4. to restrict processing;
5. of data portability;
6. to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; and
7. to object to automated decision making, including profiling, and where we rely on its legitimate interests to process your personal data (for example, for marketing purposes).

10.2 You may make a request to us to exercise any of the above rights by contacting the Data Protection Officer listed in paragraph 1.1.2. Your request will be dealt sveltely with in accordance with data protection law.

11. Data Security and Data Breach

11.1 We have technical and organisational measures in place to protect personal data from unlawful or unauthorised destruction, loss, change, disclosure, acquisition or access. Personal data are held securely using a range of security measures including, as appropriate, IT measuressuch as encryption, and restricted access through approvals and passwords.

11.2 The GDPR obliges data controllers to notify the relevant data protection supervisory authority and affected data subjects in the case of certain types of personal data security breaches. Any data breaches identified in respect of personal data controlled by us will be dealt with in accordance with data protection law and our internal data breach procedure.

12. Women in AI and third party Data Processors

12.1 We will engage in certain events, ticketing and surveying service providers (including Eventbrite, Qualtrics, Googleform and Brevo) to perform certain services on our behalf which may involve the collection and processing of personal data. To the extent that such processing is undertaken based on the instructions of us and gives rise to a data controller and data processor relationship, we will ensure that such a relationship is governed by a contract which includes the data protection provisions prescribed by data protection law.

13. Disclosing Personal Data

13.1 From time to time, we may disclose personal data to third parties, or allow third parties to access personal data which we process (for example where a law enforcement agency or regulatory authority submits a valid request for access to personal data).

14. Data Retention

14.1 We will keep personal data only for as long as the retention of such personal data is deemed necessary for the purposes for which that personal data is processed (as described in Section 3.2 of this Policy). The retention period depends on a number of factors including statutory limitation periods, consents provided by users and other legal requirements.

15. Further Information/Complaints Procedure

15.1 For further information about this Policy and/or the processing of your personal data by or on behalf of Women in AI please contact the representative listed in paragraph 1.1.2.

15.2 While you may make a complaint in respect of our compliance with data protection law to the relevant data protection supervisory authority in your jurisdiction, we request that you contact Women in AI (at the contact listed in paragraph 1.1.2) in the first instance to give us the opportunity to address any concerns that you may have. A list of data protection supervisory authorities is available here.

16. Contact information

If you have questions or comments about this Policy, please contact us at:
WOMEN IN AI
15 rue Géo Chavez
75020 Paris
FRANCE

Data Protection Office for the DIVERSIFAIR project: louise(a)womeninai.co

Date: 26 June 2024