You are here

Privacy and Cookie Policy

Website Privacy and Cookie Policy

1. What is ReCRED?

ReCRED is an R&D project financed by the EU within the HD-2020-DS-2014 program and developed by a consortium of organizations (“Consortium”, “ReCRED” or “us/we”), which is the data controller of data processed by this website, with the following participants:


The objective of the ReCRED project is to design and implement mechanisms that anchor all access control (AC) needs to mobile devices that users habitually use and carry. It aims to build integrated next generation access control (AC) solution that satisfies the following properties:

  • It solves the following problems that stem from the weaknesses of the current authentication methods, namely: a) password overload, referring to the inability of users to remember different secure passwords for each one of their accounts; b) identity fragmentation, stemming from the fact that independent identity providers (email, social networks, etc.) create disjoint identity realms, making it difficult for end users to prove joint ownership of accounts, e.g., for reputation transfer or to fend off impersonation attacks; c) lack of real-world identity binding to an individual’s legal presence, e.g., id number, passport, etc.; and d) lack of support for attribute-based access control, which facilitates account-less access through verified identity attributes (e.g., age or location).
  • It is aligned with current technological trends and capabilities.
  • It offers a unifying access control framework that is suitable for a multitude of use cases that involve online and physical authentication and authorization via an off-the-shelf mobile device

It is attainable and feasible to implement in the existing products under the scope and timeframe of the project.

2. Data Controller and Data Protection Officer

ReCRED, in its capacity as Data Controller according to EU Regulation 679/2016 (hereinafter referred to as "Regulation"), is fully committed to protecting the privacy of the personal information that you share with us. Therefore, in this Privacy Policy we provide you with information regarding the collection, processing, use and sharing of personal information through our website (hereinafter referred to as the "Site"). By “personal information”, we mean information that identifies you or can reasonably be used to identify you. You can contact ReCRED and our data protection officer at for any request relating to the processing of your personal information or to exercise your privacy rights (see point 8 below).

3. Categories of personal information collected

ReCRED collects information from you when you browse our Site in order to provide you with a better browsing experience. The following personal information is processed through the Site:

4. Web browsing data

In the course of your browsing activity, the systems we use to operate the Site acquire certain type of personal information about you. This information is not collected with the intent of associating it with identified users but, by its very nature, it could lead to the identification of users through processing. This category of data includes browser type and settings, device type and settings, operating system, location data, IP address or domain name of the device used by users who connect to the Site, the URL (Uniform Resource Identifier) addresses of requested resources, the time of the request, the method used to submit the request to the server, the size of the file received in reply and other parameters regarding your operating system. This data is used for the sole purpose of obtaining anonymous statistical information on the use of the Site to check its correct functioning, to identify anomalies or misuses; in any event, they are deleted immediately after processing. This information could be used to ascertain responsibility in the event of computer crimes against the Site or third parties.

5. Data voluntarily provided by the user

ReCRED also processes personal information you voluntary provide us when filling out the form contained on the Site in order to ask for information. Such personal information includes your name and surname, e-mail address and telephone number. Providing your personal information is necessary to fill the “Contact Us” form and denial thereof will prevent us from answering your question.

6. Data collected through cookies

This cookie policy refers exclusively to the Site. Cookies are small text files that the websites visited by the user send and record on user’s personal computer or mobile device, these cookies are then re-transmitted to the same websites upon the user's subsequent visit. Because of cookies, a website remembers the user's actions and preferences (such as login data, chosen language, font size, other display settings, etc.) in such a way that they do not have to be newly indicated when the user returns to visit the above-mentioned website or browse from one page to another. Therefore, cookies are used to perform computer authentications, to monitor sessions and store information concerning the activities of the users who access a website. Cookies may also contain a unique identification code that enables a user's browsing within the website to be tracked for statistical or advertising purposes. While browsing a website, the user may also receive cookies from websites or web servers other than the one the user is visiting (so-called third-party cookies) on user’s computer or mobile device. Some operations may not be able to be performed without the use of cookies, which in some cases are, therefore, technically necessary for the functioning of the above-mentioned website. There are various types of cookies, according to their characteristics and functions, and these can remain on the user's computer or mobile device for different periods of time: so-called session cookies, which are automatically deleted when the browser is closed; so-called persistent cookies, which remain on the user's devices until a predetermined deadline. The user's express consent is not required for the use of "technical cookies", namely cookies used for the sole purpose of transmitting a communication over an electronic communications network, or used to the extent strictly necessary to provide a service explicitly requested by the user. These are cookies are indeed necessary for the operation of the website or to perform activities requested by the user. By contrast, for "profiling cookies" designed to create user profiles and used to send advertising messages in line with the preferences expressed by the same user in the context of web-browsing, the user's prior consent is required. However, this Site does not use profiling cookies. Types of technical cookies used on this Website:

  • has_js: Drupal uses this cookie to indicate whether or not the visitors browser has JavaScript enabled. The main purpose of this cookie is: Functionality\
  • _qa: This cookie name is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.
  • _gid: This cookie name is asssociated with Google Universal Analytics. Store and update a unique value for each page visited. The main purpose of this cookie is: Performance

7. Purpose of Processing

Your personal information will be processed for the following purposes:

i)    to allow your browsing of the Site;

ii)    to maintain and improve the Site (for instance, ReCRED uses your information to ensure the website is running as intended);

iii)    to respond to your questions sent through the “Contact Us” form.

8. Processing Legal Basis

ReCRED processes your personal information on different legal bases, specifically:

  • the legal basis for data processing for the purposes set out in letters i) and ii) of section 4 is the legitimate interest pursued by ReCRED to run the Site and constantly improve it;
  • the legal basis for data processing for the purposes set out in letter iii) is the necessity to reply to your questions.

9. Data Retention

It is our policy not to keep your personal information for longer than is strictly necessary to achieve the purposes mentioned above. Data shall be deleted as soon as the service requested will be provided.

10. Data Communication

Your personal data will be processed only by ReCRED and, for reason strictly necessary to provide the services, the following categories of external subjects: service providers of ReCRED (professional and technical) properly appointed as data processors and legitimate recipients pursuant to law. The data recipients act as data controllers, data processors or persons in charge of the processing in accordance with applicable law.

11. Data Subject's Rights

Pursuant to the Regulation, you have the right to obtain from us confirmation as to whether or not personal information concerning you is processed and, if it is, to request access to that personal information including the categories of personal information processed, the purpose of the processing and the recipients or categories of recipients; you may have the right to obtain from us the rectification of inaccurate personal information concerning you. You have also the right to have incomplete personal information completed, including by means of providing a supplementary statement; under certain circumstances, you may have the right to obtain from us the erasure of personal information concerning you and we may be obliged to erase such personal information; under certain circumstances, you may have the right to request the restriction of processing. You may have the right to receive personal information concerning you, which you have provided to us, in a structured, commonly used and machine-readable format and you may have the right to transmit that data to another entity. Under certain circumstances you may have the right to object, on grounds relating to your particular situation, at any time to the processing of your personal information by us and we can be required to no longer process your personal information. You also have the right to lodge a complaint with the competent supervisory authority.

12. Changes to Privacy Policy

We may change or update this Privacy Policy from time to time. Therefore, we invite you to regularly check this policy before browsing our Site.