Privacy Policy

Terms of Use

By accessing this site you are agreeing to these terms and conditions. This site is for general information purposes only and does not purport to be comprehensive or to constitute professional advice and you must not act in reliance upon it. All intellectual property rights in this site, including without limitation all copyright, design right and trademarks, belong to us or are used by us with the permission of the owner. You have no right to copy, reproduce, modify, publish, upload, post, transmit or distribute any logo, graphic, text, sound or image on this website without our prior written consent, except to the limited extent necessary to access the contents of this site. Where we provide links to other websites we have no control over those websites or their content. The provision of such a link does not imply that we endorse the website or the products and services offered through it. We have no liability to you for any loss or damage whatsoever arising in relation to or in any way in connection with this site or those to which it links.

Privacy Notice

The GRACE Partner Consortium acknowledges the data protection principles and respects the rules laid down in the EU Data Protection legislation, and the General Data Protection Regulation in particular. For us, the proper processing of your personal data is of utmost importance and we strive to meet all applicable EU data protection requirements and ensure a high level of personal data protection.

The Data Controller

Although the GRACE Partners are acting as joint controllers and are held responsible for ensuring the compliance with all applicable data protection rules, both at EU and national level, within the GRACE Website, personal data is being processed only by:

Sheffield Hallam University (SHU) – Centre of Excellence in Terrorism, Resilience, Intelligence and Organised Crime Research (CENTRIC)

T: +44 (0)114 225 5555



Categories of personal data

The GRACE data controllers collect, process and use personal information concerning only visitors of the GRACE Website. While visiting the GRACE Website certain data is gathered and stored on the servers of such as: IP address, the date, time and length of your visit, from which server and which website you accessed the site, the actions carried out on the Website, the browser-type and the language settings.

In case you contact us via the contact form on the GRACE Website, the project coordinator is collecting and processing the following information: identification data such as name, e-mail address, as well as the content of the message you sent to us.

Purposes of data processing

The above-mentioned categories of personal data are processed for the following purposes:

  • to identify the visitor, if necessary;
  • to ensure the proper functioning of the GRACE Website, also ensure network and information security;
  • to evaluate the use of the website, compile reports on website activity for website operators and provide other services relating to website activity and internet usage;
  • to respond to your requests;
  • to exercise or defend the rights and legitimate interests of a Partner or the GRACE Consortium as a whole;
  • other purposes explicitly provided for in the Terms of Use or in this Privacy Notice;
  • as well as for statistical purposes.

The GRACE Consortium undertakes the due care and bears responsibility for protection of your information, except in the event of force majeure events or Malicious Actions of third parties.

Legal basis for processing

  • You have given consent to the processing of your personal data for a specific purpose – e.g. when you send us a message via the contact form;
  • Data processing is necessary for the purposes of the legitimate interest pursued by a Partner or the GRACE Consortium – e.g. to facilitate your access and use of the GRACE Website, or to protect from malicious attacks.

Recipients or categories of recipients of the personal data

Your personal data will be only disclosed to third parties in certain sporadic cases where the data controllers shall comply with a legal obligation or need to protect their rights and legitimate interests.

The personal data collected via the GRACE Website may be also shared with IT services providers and/or web hosting providers. The information accessed by these service providers is necessary for them to perform their services and may not be used for any other purposes.

As the Website is developed under a project funded by the European Union’s Horizon 2020 Programme, only anonymised and aggregated data (statistics) will be provided to the European Commission.

Transfers of personal data to third countries or international organisations

The data controller does not intend to transfer your personal data to data controllers or processors established in third countries or international organisations. Should the cases of data transfer to data controllers or processors in third parties or international organisations arise, the data controller shall keep you informed. In any event, the transfer will be carried out in full compliance with the applicable data protection laws.


The United Kingdom is currently a full member of the EU. However, as the MIICT Coordinator is based in the UK, data transfers to third countries shall occur in case UK leaves the European Union. All data transfers between EEA and the UK will be executed in compliance with the applicable data protection laws.

Period for personal data storage

The Partner Consortium strives to meet all data protection requirements and to respect all the principles laid down in the General Data Protection Regulation. In this context, following the principle of data minimisation, the Partner Consortium shall process your data as long as it is necessary for the purpose for which the data is collected and to the extent permitted by the applicable laws. Once the purpose for data processing is reached out, we will remove the data and/ or anonymise it so that you are no longer identifiable.

For reporting purposes statistical data is kept for 5 years after the project end. The statistical data will not render any of the GRACE Website users identifiable.

Data Subject Rights

You are entitled to the following rights under GDPR:

  • the right to obtain information regarding the processing of your personal data on the GRACE Website by the controllers (controllers’ contact details, the purposes of processing and the legal basis for processing, recipients, storage period, etc.)
  • the right to access your personal data processed on the GRACE Website and get information about the processing of your personal data (the purposes of processing, categories of personal data, storage period, etc.);
  • the “right to be forgotten” by the GRACE controllers – your data could be erased by the data controllers in the cases where your personal data is no longer necessary, where you have withdrawn your consent on which the processing is based, where the data processing is unlawful, where the personal data has been processed on the basis of parental consent, or your data have be erased in order to comply with national or EU legal obligation;
  • the right to request restriction of processing of your personal data – this right could be exercised where you have contested the accuracy of your personal data, where the processing is unlawful, where the GRACE controllers no longer need your personal data for the purposes of processing, or you have exercised your right to object to the processing of your personal data based on the legitimate interests pursued by the GRACE controller(s)
  • the right to object to the processing of your personal data which is based on the legitimate interest pursued by the GRACE Consortium. You also have the right to object to the processing of your personal data for direct marketing purposes;
  • the right not to be subject to a decision based solely on automated processing, including profiling – however, this rule does not apply if the decision is based on your given consent, or it is necessary for entering into, or performance of a contract, or it is authorized by  the EU or national legislation to which the GRACE controller(s) is(are) subject;

Exercise of Data Subject Rights

You can exercise your rights by sending a message to the following e-mail address:

Additionally,  all data subjects have the right to submit a complaint to their national data protection authority, if they deem that their data is processed in an unlawful way.

Links to other websites

Our Website may contain links to other websites and social media pages that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. In this context, we strongly advise you to review the Privacy Policy of every site you visit.

Amendments and updates of this policy

Please note that we may update this Privacy Notice occasionally and the new version will be published on this webpage. We recommend reviewing the content of the Privacy Notice for any changes. The changes are effective when posting them on this webpage.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.