1 Introduction
The MetaHeritage consortium is committed to protecting the privacy of all visitors and contributors to its website, https://metaheritage.eu/.
All processing of personal data is carried out in accordance with Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, “GDPR”) and any applicable national legislation.
2 Who is responsible for your data?
Controller
The primary controller for the processing operations described below is the University of Trás‑os‑Montes e Alto Douro (UTAD), acting as coordinator of the MetaHeritage project.
Postal address: Quinta de Prados, 5000-801 Vila Real, Portugal
E‑mail: contact@metaheritage.eu
Joint controllers
For specific tasks (e.g. stakeholder mapping, communication, event management) the other project partners listed on the “Project Partners” section of the website act as joint controllers, each bound by an internal consortium agreement that allocates GDPR responsibilities.
Data‑Protection Officer (DPO)
You can contact the project DPO writing to contact@metaheritage.eu
3 Why do we process your data?
| Purpose | Legal basis (Art. 6 GDPR) | What data?* |
|---|---|---|
| A. To publish the Heritage & Innovation Map and enable networking between stakeholders | Consent (Art. 6 (1)(a)) | Identification and professional contact details you enter in the on‑line questionnaire; profile information about your organisation and thematic interests |
| B. To send project news, invitations and newsletters | Consent (Art. 6 (1)(a)) | Name, e‑mail address, organisation, language preference |
| C. To run on‑line or hybrid events (registration, participant lists, follow‑up mailings) | Legitimate interest in dissemination (Art. 6 (1)(f)) or, where relevant, pre‑contractual steps (Art. 6 (1)(b)) | Name, organisation, role, e‑mail, dietary or accessibility needs (if voluntarily supplied) |
| D. To generate aggregated, non‑identifiable website statistics | Legitimate interest in service improvement (Art. 6 (1)(f)) | Pseudonymised IP address, device type, pages visited, time‑stamp |
*MetaHeritage does not intentionally collect any special categories of data within the meaning of Art. 9 GDPR.
4 Source of the data
Personal data are obtained directly from you when you:
- complete the stakeholder questionnaire (“Access to survey” link)
- subscribe to our mailing list,
- register for an event, or
- correspond with us by e‑mail.
The website can be browsed without submitting any personal information.
5 Who receives your data?
- Members of the MetaHeritage consortium responsible for communication, stakeholder engagement, event organisation and IT support.
- Service providers acting as processors under written contracts, e.g.
- Web‑hosting company IONOS located in Germany;
- E‑mail campaign provider MailChimp for bulk mailouts.
- EU institutions or national authorities if required for audit or reporting purposes under the Interregional Innovation Investments Instrument (I3) funding rules.
No data are transferred outside the European Economic Area unless the recipient country offers an adequacy decision or appropriate safeguards (Art. 46 GDPR).
6 How long do we keep your data?
| Dataset | Retention period |
|---|---|
| Stakeholder‑map profiles | Until 31 December 2028 (two years after the scheduled project end) or until you request deletion, whichever is earlier |
| Mailing‑list records | Until you unsubscribe (automatic deletion) |
| Event lists | 3 years after the event for reporting purposes |
| Web‑server logs | 6 months |
Back‑ups are held for a maximum of 12 months before secure erasure.
7 Your rights
You have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”) where GDPR Art. 17 applies;
- Restrict processing in the situations set out in Art. 18;
- Data portability for data processed by automated means on the basis of consent or contract;
- Object to processing based on legitimate interests or to direct marketing;
- Withdraw consent at any time, without affecting the lawfulness of processing before withdrawal.
To exercise any of these rights, please write to contact@metaheritage.eu or use the contact details in Section 2. You also have the right to lodge a complaint with your national supervisory authority; in Portugal, this is the Comissão Nacional de Proteção de Dados (CNPD).
8 Security measures
We apply industry‑standard technical and organisational measures to prevent unauthorised access, loss or alteration of your data, including:
- TLS encryption of all traffic to / from https://test2.metaheritage.eu/;
- Role‑based access control and strong authentication for administrators;
- Regular security updates of the content‑management system;
- Daily off‑site, encrypted back‑ups;
9 Cookies and tracking technologies
The website uses first‑party cookies essential for its operation and, with your consent, and analytical cookies. A cookie banner appears on your first visit enabling you to accept or decline analytics cookies.
| Cookie | Purpose | Expiry |
|---|---|---|
cookieconsent_status |
Stores your cookie‑banner choice | 12 months |
MATOMO_SESSID |
Maintains session for Matomo opt‑out | End of session |
_pk_id, _pk_ses, etc. |
Matomo analytics (aggregated statistics) | 13 months (id); 30 min (ses) |
Videos and social‑media feeds embedded from platforms such as YouTube or X/Twitter are only loaded when you actively click on them; their providers may set additional cookies beyond MetaHeritage’s control. Please consult the respective third‑party policies.
You can delete or block cookies at any time via your browser settings. This will not affect your access to the core content of the site, but certain interactive features may not function.
10 E‑mail communications
When you write to any project mailboxes (e.g. contact@metaheritage.eu), the data you provide are used solely to answer your enquiry. Messages may be forwarded internally to the relevant consortium member if required to respond.
Bulk newsletters are distributed via MailChimp. Each message contains an unsubscribe link.
11 Automated decision‑making
No automated decisions producing legal or similarly significant effects are made on the basis of your data.
12 Changes to this statement
This Privacy Statement was last updated on 19 June 2025. We will post any future changes on this page and, where appropriate, notify subscribers by e‑mail.
Need help?
For any questions about this Privacy Statement or the way we handle your data, please contact contact@metaheritage.eu.
