RESONANT: Data Protection Notice

Data Protection for European Programmes

Data Protection Notice

The purpose of this Data Protection Notice (“Notice”) is to inform you about the further processing of personal data in the context of task “Identification and Classification of Tactics, Techniques, and Procedures (TTPs)” of the RESONANT research and innovation project (Programme: Horizon Europe, Grant Agreement: 101132439), in accordance with Art. 14 (5) (b) GDPR (Information to be provided where personal data have not been obtained from the data subject).

This Notice is available on KEMEA’s website, as KEMEA leads this research activity, as well as on the RESONANT project’s website https://resonantproject.eu/ where detailed information about the project can be found.

Data controller: Center for Security Studies (KEMEA), a scientific, consulting and research organization overseen by the Minister of Citizen Protection (Law 3387/2005 – Government Gazette 224/Α/12.09.2005), established in P. Kanellopoulou Str. 4, Athens 10177, Greece, available at kemea@kemea.gr and Tel: +30 2107710805.

Controller’s representatives and contact points for the purposes of the present Notice are Mrs Panagiota Benekou, who can be contacted at p.benekou@kemea-research.gr and Tel: +30 2107710805 (ext.364), as well as Mr Konstantinos Margaros, who can be contacted at k.margaros@kemea-research.gr and Tel: +30 2107710805 (ext.333).

Data Protection Officer (DPO):
KEMEA’s Data Protection Officer can be contacted at dpo@kemea-research.gr and Tel: +30 2107710805 (ext.384).

Purposes and legal bases:
KEMEA further processes previously collected personal data in a compatible way for archiving purposes in the public interest and scientific research purposes implementing appropriate safeguards, including both technical and organisational measures, after having assessed and minimised any risk to the rights and freedoms of the data subjects through a Data Protection Impact Assessment [Art. 6 (4) GDPR, Recital 50 GDPR, Art.89 (1) GDPR, Art. 9(2)e GDPR, Art.35 GDPR]. In particular, the purposes of the processing are to establish a solid foundation for social network analysis by systematically examining, testing, and classifying open-source tools for detecting Foreign Information Manipulation and Interference (FIMI) tactics, techniques, and procedures (TTPs) to create the RESONANT Suite of Tools, as well as to identify, classify and document FIMI tactics – focusing on information suppression – employed by state and non-state actors, targeting diaspora communities in the EU and Ukraine.

Data sources:
Data from publicly available online content such as news articles, blogs, government reports, embassy posts, TV broadcasts, YouTube videos, and social media posts from platforms such as Facebook, X/Twitter, Meta Threads, and Reddit may be further processed.

Categories of personal data:
The categories of the data that are further processed are:
i. Identification and contact details:

  • Names of journalists, bloggers, or authors when included in news articles or blog posts
  • Email addresses, if included in publicly available news re-posts or blogs

ii. Online identifiers:

  • Usernames and social media handles
  • IP addresses, if they are publicly disclosed
  • URLs to public posts, comments and/or pages
  • Cookies and tracking identifiers if embedded in websites or linked

iii. Location data:

  • Publicly disclosed location data in social media posts or comments
  • Geotagged images or videos that are publicly available

iv. Engagement and interaction data:

  • Original social media post content which may contain political opinions, religious beliefs or ethnic affiliations
  • Engagement metrics such as re-posts, likes, comments, and shares

v. Multimedia data (non-biometric data as neither the technical means nor the purpose of processing allow the unique identification of the data subjects):

  • Facial images of individuals in public photos or videos.
  • Voice data from YouTube videos, interviews or news broadcasts.

Potential further processing of special categories of data, such as political opinions, ethnic origins, religious beliefs, health data, or data on sexual orientation may occur only incidentally. No targeted processing, profiling or analysis will be conducted on these categories and any unnecessary data will be immediately deleted in accordance with the data minimization principle.

Processors:
The RESONANT partners HELLENIC POLICE (HP) and KHARKIV NATIONAL UNIVERSITY OF INTERNAL AFFAIRS (KhNUIA) are processing personal data on behalf of KEMEA. Two data processing agreements have been signed between KEMEA and each processor (Art. 28 GDPR) and they also include a Research Protocol where detailed instructions are provided by KEMEA. The processors HP and KhNUIA are granted access only to data that have been structured and refined by KEMEA (selected articles, blog posts, and/or social media posts) for further analysis using OSINT techniques and the RESONANT Suite of Tools. Their role is to investigate incidents manually, classify the tactics malign actors used, and analyse information to generate structured case reports by strictly following KEMEA’s instructions. Refined datasets are securely stored on an SFTP server with controlled access, accessible only to the processors’ personnel that have a need-to-know.

Transfers to third countries or international organisations:
As one of the processors, KhNUIA, is a public body established in Ukraine, the data processing agreement between KEMEA and KhNUIA sets out appropriate safeguards for personal data transfer and constitutes an international data processing agreement and a legally binding and enforceable instrument between public authorities [Article 46(2)(a) GDPR]. Α copy of the agreement can be granted after a relevant request to KEMEA. To the extent necessary to protect sensitive or confidential information, the text may be redacted prior to sharing a copy.

Recipients:

The European Commission, which funds the RESONANT project, or any other competent public authority, may have access to this information, only under the conditions of law.

Storage period:

The processing will conclude by 30/06/2025, while all collected data will be retained in a pseudonymized format until the end of the RESONANT research project (30/11/2026). Upon reaching the expiration period, they will undergo secure, irreversible deletion.

All outputs, including project deliverables and publications derived from this work, will be prepared in strict adherence to data protection regulations and will not contain any personal data.

Automated decision-making, including profiling:

Not applicable.

Data subjects’ rights:

You have, under the circumstances of the applicable law, the right to:

  • Request information about the processing (Art.15 GDPR).
  • Request access to your personal information (Art.15 GDPR).
  • Request rectification of any incomplete or inaccurate information (Art.16 GDPR).
  • Request erasure of your personal information (Art.17 GDPR).
  • Request restriction of the processing (Art.18 GDPR).
  • Object to the processing on grounds relating to your particular situation (Art.21 GDPR).
  • Lodge a complaint with a supervisory authority where you consider that the processing is in non-compliance with the GDPR (Art.77 GDPR).
  • Request an effective judicial remedy against a controller or processor where you consider that your data protection rights have been infringed due to the processing (Article 79 GDPR).

Please note that, given that personal data is further processed for scientific research purposes, derogations from specific rights apply in accordance with applicable European and national law. For further information, you may contact dpo@kemea-research.gr.

Post Views: 69
FacebookTwitterPinterestEmail
Υπουργείο Προστασίας του Πολίτη
European Commission
Horizon

NATIONAL LINKS

INTERNATIONAL LINKS

Copyright © 2025 KEMEA. All Rights Reserved.

Terms of Use – Privacy Policy – Personal Data Protection

@2021 - All Right Reserved. Designed and Developed by PenciDesign