/Privacy policy


Agroecology for Europe

Privacy policy


Pursuant to art. 13 of Regulation 679/2016, we hereby inform users regarding the personal data processing carried out through this website.

Personal data processing on this site takes place in compliance with current legislation on the protection of personal data and is based on principles of correctness, lawfulness, transparency, and data protection.

We specify that this information refers exclusively to the data of those who interact with the services accessible from the home page of the website: (hereinafter also referred to as "the site"), without extending to any other websites reached by the user through the links on the site.

The following are joint data controllers (bound pursuant to article 26 of the GDPR):


  • UNIVERSITY OF GASTRONOMIC SCIENCES, Piazza Vittorio Emanuele, 9, Pollenzo – 12042 Bra – Italia, VAT CODE. 03079180042, also referred to as “UNISG”;
  • Agroecology Europe,Rue Warichet 4 Box 202, 1435 Corbais, Belgium, Company number: 0668.428.681 (no VAT number), also referred to as“AEEU”.



For UNISG, the Data Protection Officer (DPO) was selected through a service contract with Spaziottantotto Srl, VAT no. 08283280017, registered office in Via Nino Bixio n.8 - 10138 Turin (TO).

For AEEU not falling within the list specified under Article 37 of the UE Regulation 2016/679, and also considering the indications of the guideline WP243, the data protection officer has not been designated.

The Joint controllers and the DPO can be reached at the mail

The privacy notice is a general obligation that must be fulfilled before or at the latest in the event of direct collection of personal data. In the case of personal data not collected directly from the data subject, the privacy notice must be provided within a reasonable time, or at the time of communication (not at the time of data recording) of the data (to third parties or the data subject). Pursuant to the General Regulation for the Protection of Personal Data of natural persons (GDPR – Reg. (EU) 2016/679), the Joint Data Controllers inform you of the following.

Sources and categories of personal data

The personal data held by the Joint Controllers are collected directly from the data subjects. This site does not collect data belonging to special categories of data, by which we mean those suitable for revealing racial or ethnic origin, philosophical or other religious beliefs, political opinions, membership of trade unions, associations, or organizations of a religious, philosophical, political or trade union, the health status, and sex life, except for what is spontaneously communicated by the data subjects regarding their personal opinions and experiences concerning the topic of scientific research as described in the research policy.

Navigation Data

During their normal operation, the computer systems and software procedures used to operate this website acquire some personal data whose transmission is implicit in the use of Internet communication protocols. This is information that is not collected to be associated with identified data subjects, but which by their very nature could allow users to be identified through processing and association with data held by third parties. This category of data includes the IP addresses or domain names of the computers used by users who connect to the site, the URI (Uniform Resource Identifier) addresses of the requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in response, the numerical code indicating the status of the response given by the server (successful, error, etc.) and other parameters relating to the operating system and the user's computing environment. These data are used for the sole purpose of obtaining anonymous statistical information on the use of the site and to check its correct functioning and are deleted immediately after processing. The data could be used to ascertain responsibility in the event of hypothetical computer crimes against the site.

Profiling Data

Profiling data regarding the data subject's consumption habits or choices is not directly acquired. However, it is possible that through links or by incorporating third-party elements, such information may be acquired by independent or different entities. In this regard, see the section on third-party cookies.


Like others, this website saves cookies on the browser used by the user intended for the transmission of information of a personal nature and to enhance the user experience. In fact, cookies are small text strings that the sites visited by the user send to his terminal (usually the browser), where they are memorized, sometimes even with characteristics of wide temporal persistence, to then be re-transmitted to the same sites at the next visit.


Further details on cookies and information on how to manage your consent to the use of cookies are available on our website under the section Cookie Policy  


While browsing the site, it should be noted that cookies could be connected to the second-level domain and therefore accessible on every third-level site or domain, without necessarily being used. In these cases, if there is a cookie policy available for the site or third-level domain this must be considered valid. The absence of a cookie policy indicates that no cookies are used, not even those connected to the second-level domain, even if accessible. 


Registration form

By filling in the registration form with their data, the user consents to their use for joining the Agroecology for Europe – HUB application and as regards the AE4EU – Agroecology for Europe – research project, as better detailed in the research policy.

The personal data processed may contain name, surname, e-mail, occupation, and other information voluntarily indicated by the user in the registration form. The collection and/or recording of special category or judicial data is excluded, therefore we invite you not to provide such information when filling out the contact form. If the user voluntarily communicates his/her personal data belonging to special categories (e.g., concerning health status) the Joint Controllers will proceed with the erasure of the very data if it does not affect the personal data processing.

Personal data is processed for the following purposes (the legal basis is indicated in brackets by reference to the articles of the GDPR): to develop the European agroecology network, personal data (name, surname, email, telephone number, address, etc.) will be shared within the Agroecology for Europe hub ( website) by the administration of the hub and the hub’s users will have access to them. In the hub, data are treated as described in the privacy policy (ref. article 6(1)(a) and (e) and article 9(2)(e) and (j) of the GDPR).

The Data Controller does not intentionally collect or store the personal data of individuals under the age of 18, nor does it intentionally allow such minors to use the Site. Users under the age of 18 are requested not to register on the Site and not to provide personal data.

Data provided voluntarily by the user

The optional, explicit, and voluntary sending of e-mails to the addresses indicated on the site entails the subsequent acquisition of the sender's address and any personal data included in the mail, deemed necessary to respond to provide information to the user or to respond to any other request communicated via the contact form. 

Purposes and legal bases of the processing

Personal data is processed (ref. article 6 (1)(a), and (b) of the GDPR): to allow navigation on the site and to help perform the tasks and services requested in the activities carried out by the Joint Controllers relating to the research AE4EU - Agroecology for Europe -.

Furthermore, all personal data may be processed:


  • for purposes related to obligations envisaged by law, as well as by provisions issued by authorities legitimated by the law (ref. article 6 (1) (c) and Article 9(2)(e), and (j) of the GDPR);
  • for the assessment, exercise, or defense of a judicial or extra-judicial right (legitimate interest) of the Joint Controllers (ref. article 6(1)(f) and Article 9(2)(f) of the GDPR);
  • to allow the provision of the services requested by you, including registration in the Agroecology for Europe - HUB application and participation in the AE4EU - Agroecology for Europe - research project, as better detailed in the research policy (ref. article (6)(1)(a) and(b) and article (9)(2)(e) and (j) of the GDPR);
  • for functional purposes, according to the legitimate interest of the Joint Controllers in particular; for cookies, the advertising ids used to show advertisements and announcements; for navigation and user logs to protect the site and the service from cyber-attacks, identify any malicious or fraudulent activity (ref. article 6(1)(f) of the GDPR).


Consequences of refusing to provide data

The provision of data by the data subject is optional but essential for data processing for the purposes indicated in letters a), b) and c). If data subjects fail to communicate their essential data and do not allow the data processing, it will not be possible to proceed with the completion and implementation of the tasks and services offered and to follow up on the contractual obligations undertaken which will further harm or influence accounting, fiscal and administrative regulatory obligations.

Apart from that specified for navigation data, the user is free to provide personal data for cookies and specific requests through forms, e.g., on products and/or services. Failure to provide such data may make it impossible to obtain what has been requested. For all non-essential data, including those belonging to special categories, the provision of data is optional. In the absence of consent or the incomplete or incorrect provision of certain data, including those belonging to special categories, the required fulfilments could be so incomplete as to cause damage or penalties, or loss of benefits. This may happen both due to the inability to guarantee the adequacy of data processing to the purposes for which it is performed and for the possible mismatch of the data processing results required by the relevant regulations, meaning that the Joint Controllers of the data processing will not be responsible for any sanctions or afflictive measures.

Methods of data processing

The data connected to the web services of the site are processed with automated tools only for the duration strictly necessary to achieve the purposes for which they were collected; they take place at the server in Italy or the EU and are only handled by technical personnel in charge of processing, or by persons in charge of maintenance and administration operations. Specific security measures are observed to prevent data loss, illicit or incorrect use and unauthorized access, and loss of confidentiality. The facility is equipped with anti-intrusion devices, firewalls, logs, and disaster recovery. Specific data encryption and segregation mechanisms and user authentication and authorization mechanisms are used.


Data processing means the collection, recording, organization, storage, processing, modification, erasure, and destruction or the combination of two or more of these operations. In relation to the aforementioned purposes, personal data processing takes place through manual, computerized, and telematic tools, with logic strictly related to the stated purposes. And in any case, so as to guarantee the security and confidentiality of personal data, it will therefore be processed in compliance with the methods indicated in art. 5 EU Reg. 2016/679, which foresee, among other things, that the data be processed lawfully and correctly, collected and recorded for specific, explicit and legitimate, exact, and if necessary updated, relevant purposes complete and not excessive in relation to the purposes of the processing, respecting fundamental rights and freedoms, as well as the dignity of the data subject with particular reference to confidentiality and personal identity, through protection and security measures. The Joint Controllers have prepared and will further improve the access security and data retention system.

An automated decision-making process (e.g., profiling) is not established.

Non-EU transfers

The data processing will take place mainly in Italy and the EU but could also take place in non-EU and non-EEA countries if deemed necessary for the efficient fulfillment of the objectives pursued with due respect to the guarantees given to and interests of the data subjects. Finally, when the data subject requests connections and links that originate from non-EU and non-EEA countries, the data processing will take place in those non-EU and non-EEA countries. The Joint controller will have no responsibility and control over such data processing.

Data retention period

Personal data will be kept, in general, as long as the purposes of the data processing persist according to the category of data processed.

Categories of recipients

The data (only the essential ones) are communicated

  • to the appointees and  data processors, both internal to the organization of the Joint Controllers and external, who perform specific tasks and operations (site administration, analysis of navigation and traffic data, profiling data, management of both e-mails and forms sent voluntarily by the user, request-response, etc.);
  • in the cases and to the subjects required by the law

The data collected will not be disseminated without anonymization or unless otherwise mandated by law. Except as specified for Cookies and third-party elements, without the prior general consent of the data subject for communications to third parties, it will be possible to carry out only services that do not provide for such communications. If needed, specific and timely consents will be requested and the subjects who receive the data will use them as independent data owners

In some cases (not as a part of routine management of this site) the authorities may request reports and information for the purpose of inspecting personal data processing. In these cases, the answer is mandatory, the lack of which may result in a penalty of an administrative fine.

Rights of the data subjects

At any time the data subject may: exercise his/her rights (access, rectification, erasure, restriction, portability, opposition, absence of automated decision-making processes) when required against each Joint Data Controller, pursuant to articles from 15 to 22 of the GDPR (link to the regulation); propose a complaint to the Guarantor (; if the processing is based on consent, revoke this consent given, taking into account that the revocation of the consent does not affect the lawfulness of the processing based on the consent before the revocation.

Addresses and contacts

You may exercise the abovementioned rights by writing to – HUB or sending a registered letter with acknowledgment to one of the Joint Controllers at the addresses indicated at the beginning of this document. The complete list of data processors is available upon request.

This document constitutes the Web Policy of the site and is subject to updates. It is the user's responsibility to consult the document and its updates.