Legal and Privacy Notice  


This document is important to inform and raise awareness of how we collect, use, access, or otherwise process data regarding this initiative. It does not apply to data processing that occurs on other websites or in charge of any other initiative. The entity main for processing data including personal data (‘we’, ‘us’, ‘our’) is:  

TRILATERAL RESEARCH LTD, Marine Point (2nd Floor, Belview Port, Co. Waterford, X91 W0XW, Ireland 

This Notice provides information about what kind of data is processed, how and for what purpose we need this personal data, ensures the equal and secure treatment of data, informs about the rights of data subjects and contributes to our accountability in terms of data protection.  

Key explanations    

In order for us to comply with our legal obligations and implement the initiative explained in detail in the Declaration, we need to process certain data, including personal data. Personal data is any information that relates to an identified or identifiable living individual. Various information that, when collected or combined with other information, may lead to the identification of a specific individual is also personal data. Processing of personal data means any operation or set of operations which is performed upon personal data or on a set of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction 

Natural people whose personal data is processed are considered data subjects and are entitled to exercise the rights guaranteed by the relevant data protection laws. Since we determine the purposes and means of the processing of personal data, we are legally considered to be the controller of personal data.  

Data we process 

We process different categories of data to enable cooperation and collaboration under this initiative. Some of the data we process has the character of personal data. About the types of data we process and the purposes for which we process them, as follows: 

  • Name of organization/administration – We process this data to identify the participating entity and add it to the list of signatories and supporters. 
  • Country – The geographic location of the organizations participating in or merely supporting this initiative is processed to show the diversity of participating entities. 
  • Website (URL) – By processing the website of the participating organizations or supporters, we provide a reference to more information about the organization and its activities. 
  • Email address – The email address is processed to facilitate communication between us and the participating organization (signatories and supporters) regarding updates, information sharing and future activities related to the project. 
  • Organization Logo – If they would like supporters can visually represent their organization on the CYBERSPACE project website. 

How we protect personal data   

We take all steps that are reasonable in the circumstances to apply our practices, procedures and systems relating to personal data to ensure that we comply with applicable laws, including the GDPR. We do not collect or retain personal data for longer than is necessary for the purposes set out above. When the purpose of processing personal data expires, we irrevocably delete the data. 

We implement technical and organizational measures in accordance with good industry practice to ensure the appropriate security of personal data against accidental or unlawful loss, alteration, theft, unauthorized disclosure or access, unauthorized use and all other unlawful forms of processing. 
We may disclose personal data to third parties in order to successfully implement this initiative. We will take all measures with respect to recipients of personal data to ensure an adequate level of protection and appropriate safeguards as set forth in applicable data protection laws and, in particular, in GDPR. Therefore, where appropriate, we will enter into data protection agreements with recipients of your data and ensure that adequate safeguards are in place. 

Data subject rights   

In case of processing personal data, a data subject may exercise data protection right under the relevant laws, including the GDPR. The following rights are provided to data subjects:  

  • Right of access – Data subjects may request information about the personal data we process, the legal basis and purposes of the processing, the categories of recipients of stored personal data and other information about personal data;  
  • Right to rectification – Data subject may request us to rectify or complete their personal data if they consider that data is incomplete or inaccurate;  
  • Right to erasure – Data subject have the right to request the erasure of personal data concerning them to be deleted if there is no other legal basis justifying further retention;  
  • Data portability – Data subjects have the right to request that their personal data be transferred to another organization;  
  • Right to object – Data subjects have the right to object to the processing of personal data in a situation where such processing is based on tasks carried out in the public interest or based on legitimate interest;  
  • Right to restriction of processing – Data subjects have the right to request that the personal data not be processed for the period of deciding about his/her complaint, when the lawfulness of the data processing is challenged, punctuality of the data is challenged, when the legitimate interest overrides the rights of data subjects and in situations where data subjects want their data to be kept for possible legal claims;  
  • Data subjects have the right to lodge a complaint with a supervisory authority. Our lead supervisory authority is the Information Commissioner’s Office.   

Please note that we do not use profiling tools or fully automated decision-making processes for the purpose of implementing this initiative. We must also point out that there are exceptions/restrictions to the above rights. For example, access to personal information may be denied in certain circumstances where we are prevented by law from disclosing such information. 

For any questions about the processing of data including your personal data or would like to exercise any of the above rights, please send us an email at  


We reserve the right to change this Notice at any time. If we change the material content of the Notice, we will notify relevant entities including data subjects through our services, or by other means and provide them with an opportunity to review the changes before they become effective.  

This Legal and Privacy Notice is effective from the 8th of May 2023.