Give us your feedback

Privacy Policy

1. Introduction

    This Privacy Policy applies to all users of the AI on-Demand platform (hereinafter referred to as the “User(s)” and “AI on-Demand” or “AIoD”, respectively) and forms an integral part of the AI on-Demand platform’s Website Terms and Conditions.

    This Privacy Policy provides Users with general information about how the Data Controller uses personal data, as required by applicable data protection legislation. In case of future amendments, Users will be informed through updates published on the AI on-Demand website.

    2. Data Controller

    2.1. Identity of the Data Controller

    The organization responsible for the processing of Users’ personal data is:

    Alma Mater Studiorum – University of Bologna
    (hereinafter referred to as the “Data Controller” or “UNIBO”).

    2.2. Contact Details

    Users may contact the Data Controller regarding this Privacy Policy or for exercising their rights using the following means:

    • Email: info@aiod.eu
    • Postal Address:
      Alma Mater Studiorum – University of Bologna
      Via Zamboni 33
      40126 – Bologna
      Italy

    3. Purpose and Legal Basis for Processing

    3.1. Use of the AI on-Demand Platform

    The AIoD platform is designed to support European AI research and innovation by providing access to tools and services that facilitate knowledge sharing and deployment of AI solutions. The legal basis for processing personal data related to platform use (e.g., browsing, account creation, content submission) is the User’s prior consent.

    Users may withdraw their consent at any time without affecting the legality of prior data processing based on that consent.

    3.2. Compliance with Legal Obligations

    The Data Controller may process personal data to comply with legal obligations. In such cases, data will be processed only for the period necessary to fulfill those obligations.

    4. Personal Data Processed

    4.1. Account Authentication and Linking

    When Users create an account, they log in through the AIoD Login service, primarily via the EGI Check-in authentication service. The process includes:

    • Redirect to EGI Check-in to select an identity provider (e.g., university, Google, ORCID, LinkedIn, GitHub).
    • Authentication occurs outside the AIoD platform.
    • Upon first login and consent, the following data may be received by AIoD:

    Identification Data:

    • Full name
    • Unique user ID (from EGI Check-in)
    • Email address
    • Affiliation and country
    • IP address

    Behavioral Data:

    • Website/service usage
    • Login timestamps

    Membership Data:

    • Roles, groups, and communities

    Additional data (e.g., profile picture, language preference) may also be shared depending on the chosen identity provider.

    Account Linking: Users can link multiple authentication methods to a single AIoD profile.

    4.2. Content Submission

    Users may voluntarily submit content via the Contribution Gateway, including news, events, AI assets, educational material, and organization profiles. Submitted content is associated with the User’s:

    • Username (publicly visible)
    • Name and email (not publicly visible)

    This content is also accessible through the AIoD API.

    4.3. Platform Communication

    The Data Controller may use data associated with a User’s account and activity to communicate regarding permitted platform use.

    4.4. Mailing List

    If the User opts in to the mailing list, data such as name, email, IP address, and device info may be processed. Users may unsubscribe at any time.

    4.5. Usage Data

    AIoD collects technical information about how the site is accessed and used, such as:

    • IP address
    • Browser type/version
    • Visited pages
    • Time and date of visits
    • Time spent on each page
    • Device identifiers

    5. Data Collection Methods

    Personal data may be collected through:

    • 5.1. Login via AIoD Login (EGI Check-in)
    • 5.2. Voluntary content submission via the Contribution Gateway
    • 5.3. Mailing list subscription and interaction (e.g., clicks, IP address)

    6. Data Retention and Deletion

    6.1. Account Data

    Stored as long as the User maintains an active account. Users may request deletion via info@aiod.eu.

    6.2. Communication Data

    Stored while the account remains active. Deletion can be requested through account settings or by contacting the Data Controller.

    6.3. Mailing List

    Stored until the User unsubscribes.

    6.4. Statistical Analysis

    Usage data for website optimization and legal compliance is retained only as long as necessary.

    7. User Rights Under GDPR

    Users have the following rights under the General Data Protection Regulation (GDPR 2016/679):

    The Data Controller may request proof of identity when processing a rights request.

    Requests are handled within 1 month, extendable to 3 months in complex cases. Users will be informed of delays or additional information needed.

    8. Data Security and Recipients of Personal Data

    8.1. Data Security Measures

    The Data Controller implements appropriate technical and organizational measures to safeguard personal data, including but not limited to:

    • Access controls and monitoring mechanisms
    • Strong password enforcement on all servers
    • Secure communication via HTTPS and SSH protocols

    8.2. Recipients of Personal Data

    The User’s personal data may be shared with the following categories of recipients:

    a. Associate organizations
    Entities that provide technical infrastructure for the AI on-Demand platform, including hosting services and the organization responsible for distributing platform-related electronic communications. Where legally required, the Data Controller enters into agreements with these organizations to ensure appropriate safeguards and regular monitoring of security measures. If personal data is transferred outside the EU, all necessary guarantees are in place.

    b. Administrative and judicial authorities
    If the Data Controller receives a valid request from an appropriate administrative authority, attorney, court, or other authority, it may disclose personal data in order to fulfill its legal obligations in the public interest. Where legally required, Users will be notified and may object to such processing in accordance with Section 7.

    c. Third-party identity providers
    Selected by the User during login via AIoD Login / EGI Check-in, including but not limited to eduGAIN, Google, ORCID, LinkedIn, GitHub, or EGI SSO.

    d. Security incident response participants
    In the event of a security incident involving AIoD Login / EGI Check-in, technical logs may be shared securely with authorized participants in research and academic infrastructures (e.g., federation operators of Sirtfi, supported by the eduGAIN Security Team) solely for the purpose of incident response.

    e. Other registered Users
    Professional details made available by each User (such as affiliation or area of expertise) may be visible to all registered Users of the AI on-Demand platform in the context of platform collaboration.

    f. Email service provider
    If a User subscribes to the mailing list, their name and email address will be processed by Zoho Corporation via the Zoho Campaigns service to deliver newsletters and updates.

    g. Analytics service provider
    If a User consents to analytics cookies, Zoho Corporation may process certain usage data through its Zoho PageSense service, as detailed in Section 10.6.

    9. Links to External Websites and Social Media

    The AI on-Demand Website may contain hyperlinks to external websites. These third-party websites are not managed by the Data Controller, and their content is not reviewed, endorsed, or guaranteed by the Data Controller. Therefore:

    • The Data Controller is not liable for the accuracy, lawfulness, or quality of content on these sites.
    • The Data Controller is not responsible for any damage arising from the User’s interaction with such websites.
    • Users should refer to the terms and privacy policies of the respective websites for more information.
    • Any issues related to external websites must be addressed directly with their administrators.
    • The inclusion of such links does not imply endorsement by the Data Controller.

    The Website also enables Users to interact with social media platforms at their own discretion. In such cases:

    • The Data Controller is not responsible for any processing of personal data that occurs via or by social media platforms.
    • Users should exercise their rights directly with the relevant social media platform.

    10. Cookies

    10.1. Purpose of Cookies

    AI on-Demand uses cookies to:

    • Ensure the platform operates correctly and efficiently
    • Improve navigation experience
    • Display content properly
    • Collect data for analytical and statistical purposes

    10.2. What Are Cookies?

    Cookies are small text files stored on the User’s device when they visit the AI on-Demand Website. These files may identify the device and help optimize platform usage.

    10.3. Consent for Cookies

    Except for strictly necessary cookies, other categories of cookies are installed only with the User’s explicit consent. Upon visiting the Website, the User may accept cookies and will be deemed to have read and understood the conditions for their use.

    10.4. Refusing Cookies

    Users may decline non-essential cookies. In this case, only technically necessary cookies will be installed.

    10.5. Cookie Management

    Users can manage their cookie preferences at any time using a control panel, where they can select which categories of cookies to accept.

    10.6. Cookies Used

    The AI on-Demand Website uses the following types of cookies:

    (Note: Here, you can include a table or list of specific cookies used, categorized by type — e.g., Necessary, Preferences, Statistics, Marketing — along with their purpose, duration, and provider.)

    11. Amendments to this Privacy Policy

    The Data Controller reserves the right to amend this Privacy Policy at any time. Amendments may be made, for example, in order to:

    • Comply with new legal requirements, guidelines, or technical standards
    • Reflect updates in the Data Controller’s internal processes or practices

    Users will be informed of any changes to this Privacy Policy via the AI on-Demand platform and/or by email. It is the User’s responsibility to regularly review this Privacy Policy for any updates or changes.

    12. Children’s Privacy

    The AI on-Demand platform is not directed to individuals under the age of 18. Accordingly:

    If we become aware that personal data has been collected from a child without parental consent, we will take appropriate steps to delete such data from our servers.

    We do not knowingly collect personally identifiable information from anyone under 18 years of age.

    If you are a parent or legal guardian and believe that your child has provided us with personal data, please contact us immediately.