PRIVACY POLICY

Pursuant to Regulation (EU) 2016/679 (“GDPR”)
Last updated: 12.06.2026

Monithon Europe ETS (“Monithon” or the “Controller”) places particular importance on the protection of personal data and transparency towards users of the platform.

This Privacy Policy describes how personal data are processed through the website and platform available at www.monithon.eu (hereinafter, the “Website” or the “Platform”).

DATA CONTROLLER

The Data Controller is:

Monithon Europe ETS
Tax Code: 94083340581
Email: info@monithon.eu
Certified Email (PEC): monithon@pec.it

For any request relating to the processing of personal data, you may contact the Controller using the contact details above.

The Controller has not appointed a Data Protection Officer (DPO), as the conditions set out in Article 37 GDPR do not currently apply.

CATEGORIES OF PERSONAL DATA PROCESSED

The Website and the Platform may involve the processing of the following categories of personal data:

  • identification and contact data (e.g., email address, first name and surname, where provided);
  • user account and profile information created on the Platform;
  • content uploaded by users as part of civic monitoring activities (texts, images, attachments, links, comments, and similar materials);
  • data relating to participation in training activities, events, or projects;
  • technical data relating to the use of and navigation on the Platform.

Content uploaded by users may include references to third parties, information obtained from public sources, or data collected in the context of civic monitoring activities.

Users are required to limit the inclusion of third-party personal data to cases that are strictly necessary and relevant to the purposes of civic monitoring and participation in the Platform’s activities.

Users are also required to avoid including special categories of personal data within the meaning of Article 9 GDPR, as well as personal data relating to minors, unless strictly necessary for civic monitoring purposes and processed in compliance with applicable law.

PURPOSES AND LEGAL BASES FOR PROCESSING

Personal data are processed for the following purposes:

User Registration and Account Management

Processing is necessary to:

  • enable registration on the Platform;
  • allow the creation and management of user accounts;
  • enable the publication and management of civic monitoring reports.

Legal basis: performance of pre-contractual measures and the relationship with the user pursuant to Article 6(1)(b) GDPR.

Platform Management and Publication of Content

Data are processed to:

  • ensure the operation of the Platform;
  • allow methodological and editorial review of reports;
  • publish content and materials within Monithon’s institutional activities.

Any personal data contained in civic monitoring reports are processed within the framework of the Platform’s objectives of civic participation, public policy monitoring, and dissemination of information of public interest.

Legal basis: the Controller’s legitimate interest pursuant to Article 6(1)(f) GDPR, consisting of managing the participatory platform and carrying out the civic and institutional activities of the association.

Training Activities, Projects, and Events

Data may be processed to:

  • organise training activities;
  • manage event registrations;
  • coordinate projects and collaborative activities;
  • send organisational communications relating to activities promoted by Monithon.

Where a data subject expressly requests to receive periodic updates, newsletters, or other informational communications not strictly related to the management of specific activities, events, or projects in which they participate, such processing will be based on specific consent, which may be withdrawn at any time.

Legal basis: performance of the relationship with data subjects and the Controller’s legitimate interest in managing its association and project-related activities.

Compliance with Legal Obligations

Data may be processed to comply with obligations imposed by applicable laws and regulations.

Legal basis: compliance with a legal obligation pursuant to Article 6(1)(c) GDPR.

CONTENT PUBLICATION PROCEDURES

Civic monitoring reports uploaded by users may be subject to methodological and editorial review prior to publication.

Such review aims to:

  • verify the methodological consistency of the content;
  • improve the clarity and readability of reports;
  • limit the presence of personal data or manifestly inappropriate content.

However, such review does not constitute systematic monitoring or a comprehensive verification of the accuracy, completeness, or truthfulness of the information provided by users.

Users remain solely responsible for the content they upload and the information included in their reports.

Monithon reserves the right to:

  • suspend or refuse publication of content deemed non-compliant;
  • remove content that is manifestly unlawful, inappropriate, or infringing upon the rights of third parties;
  • intervene in response to substantiated requests for removal or objections.

Additional rules concerning the use of the Platform and the publication of content may be set out in the Website’s Terms of Use.

PROVISION OF DATA

Providing the data required for registration and account management is necessary in order to use the Platform.

Failure to provide such data may result in the inability to access certain functionalities of the Website.

RECIPIENTS OF PERSONAL DATA

Personal data may be processed by:

  • persons authorised by the Controller;
  • collaborators and editorial staff responsible for managing the Platform;
  • technical and infrastructure service providers supporting the operation of the Website;
  • project partners or entities involved in activities carried out by Monithon, to the extent strictly necessary.

Personal data may also be published on the Platform where required by the Website’s functionalities and civic monitoring activities.

DATA TRANSFERS

At present, personal data are hosted on infrastructure located within the European Union.

Should it become necessary in the future to transfer personal data to countries outside the European Union, the Controller will adopt all measures required under applicable data protection legislation.

DATA RETENTION PERIODS

Personal data are retained for the period necessary to achieve the purposes for which they were collected.

In particular:

  • data relating to user accounts are retained until the account is deleted or use of the Platform ceases;
  • published content may be retained for longer periods in light of the Platform’s documentary, civic participation, and public interest purposes;
  • data processed for administrative or legal obligations are retained for the periods required by applicable law.

DATA SUBJECTS’ RIGHTS

Data subjects may exercise, where applicable, the following rights:

  • access to their personal data;
  • rectification of inaccurate data;
  • erasure of personal data;
  • restriction of processing;
  • objection to processing;
  • data portability.

Data subjects also have the right to lodge a complaint with the competent supervisory authority for personal data protection.

Requests may be submitted using the contact details provided in this Privacy Policy.

PROFILING AND AUTOMATED DECISION-MAKING

The Controller does not carry out automated decision-making processes or profiling activities within the meaning of Article 22 GDPR.

COOKIES AND TRACKING TECHNOLOGIES

The Website may use technical cookies and similar tools necessary for the proper functioning of the Platform.

The Website may also use third-party services for geolocation, georeferencing, and mapping functionalities, including services provided by Google, OpenStreetMap, Leaflet, or similar tools. The use of such services may involve the processing of technical and navigation data by the respective providers in accordance with their own terms and privacy policies.

Further information regarding cookies and tracking technologies used on the Website will be made available through a dedicated Cookie Policy.

SECURITY

The Controller adopts reasonable technical and organisational measures to protect personal data processed through the Platform.

However, no information system can guarantee absolute security.

Users are encouraged to use appropriate credentials and exercise caution when uploading content to the Platform.

CHANGES TO THIS PRIVACY POLICY

This Privacy Policy may be updated from time to time.

Any material changes will be made available through the Website or by other appropriate means designed to ensure that users are adequately informed.