An exposition on THe forEign informatioN mAnipulation and interference​

Last updated:  01 February 2024 

Thank you for visiting the ATHENA website. 

Who we are 
ATHENA is a three-year EU-funded project (Grant Agreement no: 101132686) that kicked-off in November 2023. UK participants are supported by UKRI grant number 10107667 (Trilateral Research Ltd.). For further information, we can be contacted at: 

Scope of this privacy policy 
The ATHENA consortium has implemented this privacy policy to inform website visitors and other stakeholders about how we process and safeguard personal data within the project and when you access our website. We are obligated and committed to processing personal data responsibly, securely, and proportionally throughout our activities, in compliance with the General Data Protection Regulation 2016/679 (hereafter ‘the GDPR’) [1]. 

The personal data types we collect and why 
We collect the following types of personal data about individuals: 

The lawful bases for processing personal data  
During the ATHENA project, each of the partners will act as the data controller and therefore will be responsible for the implementation of data protection rules in relation to the processing operations it will perform. ATHENA partners will be considered as joint controllers when they jointly determine the purposes and means, or at least the essential elements of these purposes and means, for data processing operations that will be performed within the project. 

For personal data processed through the website or as a result of emailing us and/or subscribing to our mailing list, Trilateral Research Ltd. will act as the data controller. 

ATHENA partners will process personal data in accordance with the GDPR, in addition to adhering to all relevant national legislation (e.g., UK-GDPR). We expect to process personal data on the following legal basis:  

How we secure your personal data when we process it 
We have put technical and organisational security policies and procedures in place to protect personal data (including, if necessary, sensitive personal data) from loss, misuse, alteration, or destruction. We aim to ensure that access to your personal data is password protected. Data is restricted only to a limited number of individuals who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software in use on all our systems, nevertheless the security of data transmitted over the internet cannot be completely guaranteed. In addition, the consortium conducts ethical and data protection monitoring over the duration of the project, wherein the consortium will identify and assess any ethical or data protection risks and find solutions to overcome any such risks.  
Do we share personal data with third parties? 
The ATHENA consortium will generally not share personal information with anyone except the European Commission if it so requests. All partners will treat information received from other partners as confidential and will not disclose it to third parties, unless it is obvious that the information is already publicly available or there is a legal obligation to do so. The partners will impose the same obligations on their employees and suppliers. 

We may occasionally share personal data with trusted third parties, such as those listed below, to help us deliver efficient and quality services. When we do so, we ensure that recipients are contractually bound to safeguard the data we entrust to them before we share the data. We may engage with several or all the following categories of recipients: 

Do we transfer your personal data outside the EU? 
We store personal data on servers located in the EU, but also in the EEA (Switzerland) and in the UK, where partners are based.  As mentioned, we may also transfer personal data to reputable third-party service providers, notably SharePoint and Dropbox which may also be located outside of the EU.   

Data breach notification: 

In the event of a data breach, we have a clear process to notify users and authorities as required by law. Our goal is to provide timely, transparent information about the breach and actions taken to mitigate its impact. We take data security seriously and appreciate your vigilance in promptly reporting any concerns. Your cooperation helps us maintain data security, and we are committed to supporting you through any incidents. 

Third-party links: 

It is important to note that our website may contain links to third-party websites or services. Please be aware that our privacy policy applies solely to our website and the data we collect or process. When you navigate to a third-party website through links provided on our platform, you will be subject to the privacy policies and practices of that external site. We encourage you to review their policies to understand how your data is handled, as we have no control over external websites. 

Do we use cookies? 
Cookies are small text files that are placed on your computer to make websites work better and to provide information to the owners of the website about its use by visitors. We only use third-party cookies on our website. 

Where cookies are used, a statement will be sent to your browser explaining the use of cookies. We give visitors the option of not having cookies from our website. 

Your data protection rights  
You have the following rights regarding our processing of your personal data. You can exercise your rights by emailing us (see below) including: 

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make an initial request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds. 

How long do we retain personal data? 
We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations, and professional obligations to which we are subject. Please note that we have an obligation to retain data [5] concerning European Union research projects (Horizon Europe) for up to five years after the end of the project (unless further retention is requested by auditors). 

As the records and documentation containing personal data have been collected within the delivery of a European Commission project, we expect that the Commission will process it in compliance with the GDPR. After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner. 
Do we change this privacy policy? 
We regularly review this privacy policy and will post any updates to it on this webpage. This privacy policy was last updated on 01 February 2024. 
Contact us 
If you have any concerns as to how your data is processed or if you have some issues or queries concerning the ATHENA website, you can contact us at:

Definition of terms 

Personal Data: any information that relates to an identified or identifiable living individual 

Data Controller: determines the purposes for which anld how personal data is processed 

Data Processor: engages in personal data processing on behalf of the controller 

Legitimate interest: most flexible lawful basis for processing, appropriate when an individual’s data is being used in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing. 

[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons regarding the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation) (‘GDPR’). 

[2] Article 6.1.a of GDPR states that processing is lawful if the data subject has given consent to the processing of his or her personal data, for one or more specific purposes. 

[3] Article 6.1.f of GDPR states that processing is lawful if it is necessary for the purposes of legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interest“s or fundamental rights and freedoms of the data subject. 

[4] Article 6.1.c of GDPR states that processing is lawful if it is necessary for compliance with a legal obligation to which the controller is subject. Article 38.1 of the project’s Grant Agreement between the European Commission and the project states that beneficiaries of Horizon Europe projects have an obligation to promote the project and its results. 

[5] This includes any data that demonstrates the proper implementation of the action.