Privacy Policy

TRIANGLE is committed to protecting your personal data and respecting your privacy rights in accordance with EU GDPR and EIT Higher Education Initiative guidelines.

Last Updated: December 6, 2025

Who We Are

TRIANGLE (Transforming Research, Industry, and Academia into Networks for Growth and Leadership across Europe) is a pan-European innovation ecosystem initiative funded by the EIT Higher Education Initiative. This Privacy Policy explains how we collect, use, store, and protect your personal information when you interact with our website and services.

Data Controller

Project Coordinator:

University of Barleti (UniBa)

Tirana, Albania

Contact Email: co.research@umb.edu.al

For data management inquiries, please refer to our Data Management Plan managed by Novelcore, a consortium partner responsible for data protection compliance.

What Personal Data We Collect

We only collect personal data that is necessary to provide our services and communicate with you effectively. Below is a comprehensive list of the data we may collect.

1. Information You Provide Directly

Contact Form Submissions

When you contact us through our website forms, we collect:

Name: To address you properly in our communications
Email address: To respond to your inquiry
Organization/Affiliation: To understand your context and provide relevant information
Message content: To understand and address your inquiry or feedback

Newsletter Subscriptions

If you subscribe to our newsletter, we collect:

Email address: To send you updates about the TRIANGLE project
Subscription preferences: To ensure you receive relevant communications

2. Information Collected Automatically

Technical Information

When you visit our website, we may automatically collect:

IP address: For security purposes and to understand geographic reach
Browser type and version: To ensure website compatibility
Operating system: To optimize user experience
Page visits and navigation patterns: To improve website structure and content
Date and time of access: For security monitoring and analytics

⚠️ Important: No Cookies Policy

The TRIANGLE website does not use cookies or similar tracking technologies. We do not store any information on your device, and we do not track your browsing behavior across other websites.

How We Use Your Personal Data

We process your personal data lawfully, fairly, and transparently. Below are the purposes for which we use your information and the legal basis for each use.

Purposes of Data Processing

1. Communication and Support

Purpose: To respond to your inquiries, provide information about TRIANGLE, and offer support.

Legal Basis: Legitimate interest in communicating with stakeholders and responding to inquiries.

2. Newsletter and Updates

Purpose: To send you information about TRIANGLE activities, events, opportunities, and project updates.

Legal Basis: Your explicit consent (you can unsubscribe at any time).

3. Website Improvement

Purpose: To analyze website usage, improve user experience, and ensure website security.

Legal Basis: Legitimate interest in maintaining and improving our digital services.

What We Do NOT Do With Your Data

We do NOT sell your personal data to third parties

We do NOT use your data for automated decision-making or profiling

We do NOT share your data with commercial marketing companies

We do NOT transfer your data outside the European Economic Area (EEA) without appropriate safeguards

We do NOT use your data for purposes other than those stated in this policy without your consent

Data Sharing and Third Parties

We only share your personal data when necessary to deliver our services, comply with legal obligations, or with your explicit consent.

Who We Share Your Data With

1. TRIANGLE Consortium Partners

Your data may be shared with the six consortium partners involved in delivering the TRIANGLE project:

UniBa - University of Barleti (Albania) - Project Coordination
AUBM - American University of Beirut Mediterranean (Cyprus)
HUA - Harokopio University of Athens (Greece)
S2X - Software to Excellence (Spain)
NVCR - Novel Core Research (Cyprus) - Data Management Responsibility
CSI - Communication Science Institute (Albania)

Purpose: To monitor dissemination and promotional activities of the TRIANGLE project.

2. European Institute of Innovation and Technology (EIT)

As the funding body for TRIANGLE, the EIT and its Knowledge and Innovation Communities (KICs) may receive aggregated and anonymized data about website visitors and project outcomes for monitoring and evaluation purposes.

Purpose: To fulfill reporting obligations and demonstrate project impact.

3. Service Providers

We may share your data with trusted third-party service providers who assist us in operating our website and delivering services:

Web Hosting Provider: To host our website and store data securely
Email Service Provider: To send newsletters and communications (if applicable)
Analytics Provider (Google Analytics): To understand website usage and improve user experience

All service providers are carefully selected and contractually bound to process data only according to our instructions and in compliance with GDPR.

4. Legal and Regulatory Authorities

We may disclose your personal data if required by law, court order, or government regulation, or to protect our rights, property, or safety.

Data Sharing Safeguards

All data sharing is conducted under strict conditions:

Data Processing Agreements (DPAs) are in place with all partners and service providers
Data is shared on a need-to-know basis only
Technical and organizational security measures are implemented
All recipients comply with EU GDPR requirements

International Data Transfers

All TRIANGLE consortium partners are located within the European Economic Area (EEA): Albania, Spain, Cyprus, and Greece. Your personal data is processed and stored within the EEA, ensuring full GDPR protection.

In the rare event that data needs to be transferred outside the EEA, we will ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions confirming the recipient country provides adequate protection
Your explicit consent for the specific transfer

International Data Transfers

All TRIANGLE consortium partners are located within the European Economic Area (EEA): Spain, Cyprus, Greece, and Albania. Your personal data is processed and stored within the EEA, ensuring full GDPR protection.

In the rare event that data needs to be transferred outside the EEA, we will ensure appropriate safeguards are in place, such as:

Standard Contractual Clauses (SCCs) approved by the European Commission
Adequacy decisions confirming the recipient country provides adequate protection
Your explicit consent for the specific transfer

Data Retention and Security

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy, and we implement robust security measures to protect your information.

How Long We Keep Your Data

Contact Form Inquiries

Retention Period: Up to 2 years after your last contact, or until your inquiry is resolved and any follow-up period has passed.

Newsletter Subscriptions

Retention Period: Until you unsubscribe or the TRIANGLE project concludes (February 2028), whichever comes first. After project completion, we will contact subscribers about continued communications or deletion.

Programme Participant Data

Retention Period: For the duration of the TRIANGLE project (until February 2028) plus 5 years for audit and reporting purposes as required by EU Horizon Europe programme regulations. After this period, data will be anonymized or deleted.

Website Analytics Data

Retention Period: Up to 26 months for aggregated, anonymized analytics data used to improve website performance.

Research and Publication Data

Retention Period: Data used for scientific research and publications may be retained longer in anonymized form to enable reproducibility and verification of research findings, in accordance with the FAIR principles (Findability, Accessibility, Interoperability, and Reusability).

Extended Retention: In some cases, we may retain data for longer periods when required by law, for legal proceedings, to resolve disputes, or to enforce our agreements.

How We Protect Your Data

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction:

Technical Security Measures

SSL/TLS Encryption: Our website uses HTTPS protocol to encrypt data transmitted between your browser and our servers
Secure Data Storage: Personal data is stored on secure servers with encryption at rest
Access Controls: Strict access controls ensure only authorized personnel can access personal data
Regular Backups: Data is regularly backed up to prevent loss and ensure business continuity
Security Monitoring: Continuous monitoring for security threats and unauthorized access attempts
Regular Updates: Systems and software are regularly updated with the latest security patches

Organizational Security Measures

Data Protection Training: All consortium partners and staff handling personal data receive GDPR training
Confidentiality Agreements: All personnel with access to personal data are bound by confidentiality obligations
Data Processing Agreements: Formal agreements with all service providers and partners
Incident Response Plan: Procedures in place to respond to data breaches or security incidents
Regular Audits: Periodic security assessments and compliance reviews

⚠️ Data Breach Notification

In the unlikely event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Article 33 and 34.

Data Management Plan (DMP)

TRIANGLE follows a comprehensive Data Management Plan (DMP) developed in accordance with EU Horizon Europe requirements and overseen by Novel Core Research (NVCR), our consortium partner responsible for data management:

FAIR Principles: All research data follows FAIR principles (Findability, Accessibility, Interoperability, Reusability)
Open Access: Research outputs are made openly accessible when possible, respecting privacy and intellectual property
Data Quality: Procedures ensure data accuracy, completeness, and reliability
Metadata Standards: Comprehensive metadata documentation for all datasets
Trusted Repositories: Data stored in recognized repositories such as the European Open Science Cloud (EOSC)

Your Rights Under GDPR

Under the EU General Data Protection Regulation (GDPR), you have comprehensive rights regarding your personal data. We are committed to facilitating the exercise of these rights.

Your Data Protection Rights

1. Right to Access (Article 15)

You have the right to request access to your personal data and obtain information about how we process it.

What you can request: A copy of your personal data, information about processing purposes, categories of data, recipients, retention periods, and your other rights.

2. Right to Rectification (Article 16)

You have the right to have inaccurate or incomplete personal data corrected or completed.

What you can do: Request correction of errors or addition of missing information in your personal data.

3. Right to Erasure / "Right to be Forgotten" (Article 17)

You have the right to request deletion of your personal data in certain circumstances.

When this applies: Data no longer necessary, consent withdrawn, unlawful processing, or legal obligation to erase. Note: This right may be limited if we have legal obligations to retain data (e.g., EU funding reporting requirements).

4. Right to Restriction of Processing (Article 18)

You have the right to request that we limit how we use your personal data.

When this applies: When you contest data accuracy, processing is unlawful but you don't want erasure, or you need the data for legal claims.

5. Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, and machine-readable format.

What you can do: Request your data in a portable format (e.g., CSV, JSON) and transmit it to another service provider where technically feasible.

6. Right to Object (Article 21)

You have the right to object to processing of your personal data based on legitimate interests or for direct marketing purposes.

What you can do: Object to processing for direct marketing (we will stop immediately) or processing based on legitimate interests (we must demonstrate compelling grounds to continue).

7. Right to Withdraw Consent (Article 7)

Where processing is based on your consent, you have the right to withdraw it at any time.

What you can do: Withdraw consent as easily as you gave it (e.g., unsubscribe from newsletters). Withdrawal does not affect the lawfulness of processing before withdrawal.

8. Right to Lodge a Complaint (Article 77)

You have the right to lodge a complaint with a supervisory authority if you believe your data protection rights have been violated.

Where to complain: Contact your national data protection authority or the Spanish Data Protection Agency (AEPD) as TRIANGLE is coordinated by the University of Barleti.

How to Exercise Your Rights

To exercise any of your GDPR rights, please contact us using the following methods:

Contact Information

Email: co.research@umb.edu.al

Subject Line: "GDPR Data Request - [Your Name]"

Postal Address: University of Barleti, TRIANGLE Project Coordinator, Tirana, Albania

Please include in your request:

Your full name and contact information
A clear description of your request and which right(s) you wish to exercise
Proof of identity (to protect your data from unauthorized access)
Any relevant reference numbers or dates of interaction with TRIANGLE

Response Timeline

Initial Response: We will acknowledge your request within 7 business days
Full Response: We will respond to your request within one month of receipt
Complex Requests: If your request is complex, we may extend the response period by up to two additional months, and we will inform you of the extension and reasons
Free of Charge: Exercising your rights is generally free, unless requests are manifestly unfounded or excessive

Identity Verification

To protect your privacy and prevent unauthorized access to your data, we may ask you to verify your identity before processing your request. This may include requesting additional identification documents or asking security questions based on information we hold.

📧 Easy Unsubscribe

For newsletter subscriptions, you can unsubscribe directly by clicking the "Unsubscribe" link at the bottom of any newsletter email. No need to send a formal request!

Special Provisions

Children's Privacy

The TRIANGLE website and programmes are not directed at children under the age of 16. We do not knowingly collect personal data from children under 16 without parental consent.

If you are under 16, please do not provide any personal information through our website
If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible
If you believe we have collected information from a child under 16, please contact us immediately

Third-Party Websites and Links

Our website may contain links to third-party websites, including partner institutions, EIT KICs, and external resources. This Privacy Policy applies only to the TRIANGLE website.

⚠️ External Links Disclaimer

We are not responsible for the privacy practices or content of third-party websites. We encourage you to read the privacy policies of any external websites you visit. Links to external sites do not constitute an endorsement.

Automated Decision-Making and Profiling

TRIANGLE does not use automated decision-making or profiling that produces legal effects or similarly significantly affects individuals.

All programme selection decisions involve human review and judgment
We do not use algorithms to make automated decisions about participants
Any data analytics are used for aggregate insights, not individual profiling

EU Funding Transparency Requirements

As a project funded by the European Institute of Innovation and Technology (EIT) under Horizon Europe, TRIANGLE is subject to specific transparency and accountability requirements:

Public Reporting: Aggregated, anonymized project data may be publicly reported to demonstrate impact and accountability
Audit Rights: EU bodies may audit project data, including participant information, for compliance verification
Data Retention: EU regulations require retention of project data for at least 5 years after project completion
Beneficiary Information: Names of participating organizations may be published in compliance with EU transparency requirements

EIT HEI Compliance

TRIANGLE adheres to all EIT Higher Education Initiative branding, communication, and data management guidelines. All project outputs properly acknowledge EIT HEI funding and follow required visibility standards.

Contact and Additional Information

Contact Us About Privacy

If you have any questions, concerns, or requests regarding this Privacy Policy or how we handle your personal data, please contact us:

TRIANGLE Data Protection Contact

Project Coordinator:

University of Barleti (UniBa)

Tirana, Albania

General Inquiries:

Email: co.research@umb.edu.al

Please use subject line: "Privacy Policy Inquiry"

Data Management Responsibility:

Novelcore (NVCR)

Responsible for the TRIANGLE Data Management Plan (DMP)

Expected Response Time: We aim to respond to all privacy inquiries within 7 business days and provide full responses within one month as required by GDPR.

Supervisory Authorities

You have the right to lodge a complaint with a data protection supervisory authority if you believe your data protection rights have been violated. You can contact:

Primary Supervisory Authority

Albanian Commissioner for the Right to Information and Data Protection

Komisioneri për të Drejtën e Informimit dhe Mbrojtjen e të Dhënave Personale

Tirana, Albania

Website: www.idp.al

Email: komisioni@idp.al

As the project is coordinated by the University of Barleti in Tirana, Albania, the Albanian Commissioner is our lead supervisory authority.

Other Relevant Supervisory Authorities

You may also contact the data protection authority in your country of residence or where the alleged violation occurred:

🇪🇸 Spain (S2X)

Spanish Data Protection Agency (AEPD)

Website: www.aepd.es

🇨🇾 Cyprus (AUBM, NVCR)

Commissioner for Personal Data Protection

Website: www.dataprotection.gov.cy

🇬🇷 Greece (HUA)

Hellenic Data Protection Authority

Website: www.dpa.gr

For a complete list of EU and European data protection authorities, visit the Eu

Acknowledgment and Consent

Your Consent Matters

By using the TRIANGLE website, submitting forms, or participating in our programmes, you acknowledge that you have read, understood, and agree to this Privacy Policy.

If you do not agree with this Privacy Policy, please do not use our website or services.

Thank You for Your Trust

At TRIANGLE, we are committed to protecting your privacy and handling your personal data with the highest standards of care and transparency. Your trust enables us to build a pan-European innovation ecosystem that transforms research, industry, and academia into networks for growth and leadership across Europe.

Questions or Concerns?

We're here to help. Contact us anytime about your privacy.

TRIANGLE Project
Transforming Research, Industry, and Academia into Networks for Growth and Leadership across Europe

Funded by the EIT Higher Education Initiative