Privacy Policy

This Privacy Policy explains how the DIEFI2 project website processes personal data relating to visitors, direct contacts, and authorised users of the administration area. It should be read together with our Cookie Policy, which contains detailed information about cookies, similar technologies, and consent preferences.

Who is responsible for the processing

For the purposes of this website, the DIEFI2 project consortium acts as the controller through the contact point team@diefi.eu.

This policy covers processing connected with browsing the public website, contacting us directly by email, storing browser preferences, and accessing the restricted administration area by authorised users.

What personal data we process

  • Technical and browsing data: IP address, server logs, browser and device data, pages visited, and information required for security and diagnostics.
  • Consent and preference data: language choice, cookie-consent status, and, if you allow it, optional interface preferences stored locally in the browser.
  • Analytics data: aggregated website-usage statistics collected through Google Analytics 4 only when you provide consent.
  • Contact data: information you choose to include when you contact us directly by email.
  • Administration-area data: name, username, email address, access role, and data required for authentication and platform management, only for authorised users.

Purposes and legal bases

Purpose Legal basis
Providing the website, preserving its security, preventing abuse, and maintaining technical operation Legitimate interests under art. 6(1)(f) GDPR
Answering emails and managing institutional contacts Legitimate interests and, where applicable, pre-contractual steps
Measuring audience usage with Google Analytics 4 and storing optional browser preferences Consent under art. 6(1)(a) GDPR
Managing access to the administration area, authentication, and accountability of authorised users' actions Performance of the applicable relationship with authorised users and legitimate interests in platform security
Complying with legal obligations, responding to authorities, and defending rights in case of disputes Legal obligation and legitimate interests

Who may receive the data

We do not sell personal data. Data may be disclosed only to recipients who need it for the purposes described above, namely:

  • Hosting, technical-support, and website-maintenance providers.
  • Google LLC, only if you consent to analytics, for the provision of Google Analytics 4.
  • DIEFI2 consortium partners where necessary to manage legitimate project-related requests.
  • Public authorities, courts, or advisers when required by law or necessary for the exercise or defence of rights.

If you accept analytics cookies, some data may be transferred outside the European Economic Area through Google LLC. In those situations, the transfer is framed by standard contractual clauses and the safeguards described in Google's documentation.

How long we keep the data

  • Language and consent preferences are kept according to the retention periods described in the Cookie Policy.
  • Optional browser preferences remain stored until they are cleared by the user or until the corresponding consent is withdrawn.
  • Email contacts are kept for as long as necessary to respond to the request, ensure follow-up, and comply with any applicable legal duties.
  • Administration-area data is kept while authorised access remains active and, afterwards, only for the period necessary for security, accountability, and legal compliance.
  • Technical and security logs are retained for a limited period compatible with incident prevention, abuse detection, and the defence of rights.

Your rights

Under the GDPR, you may exercise the following rights whenever applicable:

  • Access to the personal data we process about you.
  • Rectification of inaccurate or incomplete data.
  • Erasure of data, within the limits established by law.
  • Restriction of processing in certain circumstances.
  • Objection to processing based on legitimate interests.
  • Portability where processing is based on consent or contract and is carried out by automated means.
  • Withdrawal of consent, without affecting the lawfulness of processing carried out beforehand.
  • Complaint to the competent supervisory authority, including the Portuguese authority CNPD, or the authority in your usual place of residence.

To exercise these rights, contact us at team@diefi.eu using the subject “Data Protection / DIEFI2”. We may request additional information to confirm your identity before replying.

Security and external links

We apply appropriate technical and organisational measures to reduce the risk of unauthorised access, loss, alteration, or improper disclosure of personal data. No system is entirely risk free, but we review and improve the adopted safeguards whenever necessary.

The website may contain links to external pages. Those pages are managed by separate entities with their own privacy practices, so we recommend reviewing their policies before sharing personal data outside the DIEFI2 environment.

Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The most recent version will always be published on this page together with its update date.

Last updated: April 13, 2026

Contact us

If you have questions about this Privacy Policy or about the processing of your personal data in the context of the DIEFI2 project website, contact us using the address below.

Email:  team@diefi.eu