Privacy Policy
Last updated: May 26, 2026
This information notice summarises the terms and legal bases of personal data processing implemented on the ELEVATE platform, in compliance with the General Data Protection Regulation (GDPR - EU 2016/679) and the Artificial Intelligence Act (AI Act - EU 2024/1689).
1. Regulatory Framework
Data processing is subject to Regulation (EU) 2016/679 (GDPR) and Regulation (EU) 2024/1689 (AI Act) concerning the use of personal data and technological evaluation systems.
2. Data Controller
The data controller is Intercultures, acting as coordinator of the ELEVATE project. For any questions or to exercise your rights, you can contact your regular contact person at the association.
3. Nature of Data Processed and Purposes
Processing is limited strictly to: profile identification data (first name, last name, email address, organisational role) and evaluation session logs (participations, responses, text explanations).
4. Cookies and Trackers
In compliance with ePrivacy directives, the platform strictly uses necessary technical cookies for service delivery and authentication. The user's language preference is also stored locally via a technical cookie for interface translation purposes. No marketing or behavioural trackers are deployed; therefore, no consent banner is required.
5. Subprocessors and Data Transfers
The Publisher uses the following processors under contracts complying with Article 28 of the GDPR: Resend (transactional email management) and Cloudflare Inc. (traffic security and Turnstile protection). Turnstile protection is based on the Publisher's legitimate interest in securing infrastructures and preventing abuse, without requiring a consent banner.
sections.anonymization.title
sections.anonymization.content
7. Rights of Data Subjects (GDPR)
Every data subject has the right to access, rectify, limit processing, object, and delete their personal data. Data export and account closure can be initiated directly within the profile settings interface.