GASCA Privacy Policy
06/05/2023
1. WHAT IS THE PURPOSE OF THIS POLICY?
As AIFORLIVES (or "Company", "Project Coordinator"), we are running a Project titled GDPR Awareness and Compliance in the Accommodation Sector ("GASCA", “Project”) within the framework of the European Union Erasmus + Vocational Education KA2 Small Scale Partnerships program. As the Project Coordinator, we attach importance to the protection of personal data and confidential information. Therefore, as the Project Coordinator, in our capacity as the Data Controller, we implement adequate, proportionate, and necessary administrative and technical measures to process such data and information in a manner limited to our business purposes and in compliance with the EU General Data Protection Regulation ("GDPR"), German Bundesdatenschutzgesetz ("BDSG"), and Turkish Personal Data Protection Law ("KVKK"). This Privacy Policy covers information and data processed by the Project Coordinator on-site or remotely, in physical or electronic data processing environments and tools.
2. WHO WE ARE?
The Project Coordinator as a “Data Controller" processes individual’s personal data while carrying out project activities and is obliged to fulfill its obligations arising from the law. The Project Coordinator fulfills these obligations through the visibility, control, and assurance tools it produces and implements and the administrative measures it takes along with appropriate and proportionate technical measures.
Title : AIFORLIVES GmbH
Address : Seegefelder Weg 413b 13591 Berlin
Our Website : https://www.gdpr4hospitality.net
Phone : +49 152 28180645
e-mail : aiforlives@gmail.com
3. WHOSE DATA ARE WE PROCESSING?
The Project Coordinator processes the data of related persons intensively and generally within the scope of this Privacy Policy and other administrative and technical measures. During and after the project, data of related person groups such as PROJECT STAFF, PROJECT PARTICIPANTS, USERS, TRAINERS, PUBLIC OFFICIALS are processed.
4. WHAT LEGAL REASONS FOR DATA PROCESSING?
Processing shall be lawful only if and to the extent that at least one of the following applies:
-
the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
-
processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
-
processing is necessary for compliance with a legal obligation to which the controller is subject;
-
processing is necessary in order to protect the vital interests of the data subject or of another natural person;
-
processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
-
processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
5. WHOSE DATA, WHICH DATA, AND FOR WHAT PURPOSE DO WE PROCESS?
5.1 PROJECT EMPLOYEE DATA
As the Project Coordinator, we process the Identity, Contact, Finance, Visual and Auditory Records, Personnel, and Other Information of Project Employees in the categories of Customer Transactions for the following purposes:
• Execution of Project Management Activities,
• Providing Information to Authorized Persons, Institutions, and Organizations,
• Conducting Training Activities,
• Operating the Project Website,
• Providing Instant Messaging,
• Establishing Communication through Electronic Channels,
• Managing Domain Names,
• Providing Remote Work Opportunities,
• Organizing Meetings,
• Storing and Sharing Files Online,
• Making Payments,
• Managing Travel and Accommodation Processes,
• Promoting through Electronic Channels (Social Media),
• Disseminating Results,
• Advertising,
• Conducting Training, Courses, and Seminar Activities.
5.2 PROJECT PARTICIPANT DATA
As the Project Coordinator, we process the Identity, Contact, Finance, Visual and Auditory Records, Personnel, Transaction Security, and Professional Experience of the project participants for the following purposes:
• Execution of Project Management Activities,
• Providing Information to Authorized Persons, Institutions, and Organizations,
• Conducting Training Activities,
• Storing and Sharing Files Online,
• Conducting Survey and Social Research Activities,
• Promoting through Electronic Channels (Social Media),
• Disseminating Results,
• Conducting Online Training Activities,
• Advertising,
• Sending Mass Emails,
• Designing Pilot Courses,
• Conducting Training, Courses, and Seminar Activities.
5.3 USER DATA
As the Project Coordinator, we process the Transaction Security data of these individuals for the following purposes:
• Operating the Project Website,
• Providing Instant Messaging,
• Processing Website Cookie Records,
• Meeting Information Requests.
5.4 TRAINER DATA
As the Project Coordinator, we process the Identity, Contact, Personnel, Visual and Auditory Records, Transaction Security, and Professional Experience data of these individuals for the following purposes:
• Providing Information to Authorized Persons, Institutions, and Organizations,
• Conducting Training Activities,
• Providing Instant Messaging,
• Establishing Communication through Electronic Channels,
• Organizing Meetings,
• Storing and Sharing Files Online,
• Making Payments,
• Managing Travel and Accommodation Processes,
• Promoting through Electronic Channels (Social Media),
• Disseminating Results,
• Conducting Online Training Activities,
• Advertising,
• Designing Pilot Courses,
• Conducting Training, Courses, and Seminar Activities.
5.5 PUBLIC OFFICIAL DATA
As the Project Coordinator, we process the Identity, Contact, and Personnel data of these individuals for the following purposes:
• Execution of Project Management Activities,
• Providing Information to Authorized Persons, Institutions, and Organizations,
• Storing and Sharing Files Online.
6. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?
Each data subject is entitled to the rights listed below in accordance with GDPR Chapter 3(Art. 12-23)
-
the right to be informed about the collection and the use of their personal data
-
the right to access personal data and supplementary information
-
the right to have inaccurate personal data rectified, or completed if it is incomplete
-
the right to erasure (to be forgotten) in certain circumstances
-
the right to restrict processing in certain circumstances
-
the right to data portability, which allows the data subject to obtain and reuse their personal data for their own purposes across different services
-
the right to object to processing in certain circumstances
-
rights in relation to automated decision making and profiling
-
the right to withdraw consent at any time (where relevant)
-
the right to complain to the Information Commissioner
7. WHAT DATA PRINCIPLES WE FOLLOW?
Project Coordinator units and employees will pay attention to the following basic principles, on which the Privacy Policy and other corporate policies are also built, when processing the personal data of data subjects:
-
Lawfulness, fairness, and transparency 
-
Purpose limitation
-
Data minimization
-
Accuracy 
-
Storage limitation
-
Integrity and confidentiality
-
Accountability 
8. WHERE DO WE TRANSFER YOUR DATA TO?
As the Project Coordinator, for the purposes listed below, in accordance with Articles 8 and 9 of the Law, personal data is transferred to domestic and foreign public and private institutions/organizations with which we have a business relationship, and service providers and solution partners providing administrative, legal, and technical services.
As a data controller, we perform necessary controls to the extent possible to ensure that the institutions and organizations with which we share data fulfill their obligations arising from the Law, and we secure the parties' obligations through data transfer agreements.
8.1. Data Transfers within the EU
We share personal data with the following EU-based;
• Bundesinstitut für Berufsbildung (BiBB) for the purpose of project financing and auditing,
• European Union Directorate-General for Education, Youth, Sport and Culture for the purpose of project financing and auditing.
8.2. Data Transfers out of the EU
The Project Coordinator shares your personal data with the following foreign-based service providers for the purposes of running our website, improving services, carrying out office tasks and operations, providing services to users and visitors, ensuring satisfaction, meeting expectations, and establishing communication.
• With Atlassian Inc. (Confluence) in Australia for the execution of the project content, the production of documents and content, and the creation of a collaborative work environment,
• With Godaddy.com LLC in the United States for the purpose of purchasing domain names,
• With Google Inc. (YouTube) in the United States for the purpose of sharing training videos,
• With LinkedIn Inc. in the United States for the purpose of promoting the project and disseminating project results,
• With Meta Inc. (WhatsApp) in the United States to meet instant messaging needs for project execution,
• With Microsoft Inc. (Teams) and Zoom Inc. in the United States for conducting meetings and trainings via video conferencing,
• With Wix.com Ltd. in Israel for hosting the project website,
• With AYDO SOFTWARE Ltd. Co. based in Turkey, a project partner, for the collaborative execution of the project.
9. HOW TO GET MORE INFORMATION?
If you are one of the individuals whose data is processed within the scope of the project, you can request more detailed information about the processing of your personal data by using the email address provided above.