Skip to main content Scroll Top

Privacy & Cookies

Website Privacy Policy 

Introduction

Thank you for visiting the ECHO website. This website is dedicated to the dissemination of the ECHO project, funded by the European Union under grant agreement No. 101214318.

This privacy policy is part of the ECHO website and solely concerns the processing of personal data that occurs in connection with this website. This privacy policy explains how Carr Communications (“CARR”, “we”, “us”, “our”), the administrator of the ECHO website, uses personal data collected from you when you use the website and when you provide your personal details to us via the contact form available on the website.

In particular, this privacy policy will help you find information on:

  • who is legally responsible for the personal data processing (data controller);
  • the data collection that we carry out automatically when you visit our website;
  • the data that we collect and process when you contact us via the contact form or when you sign up for our newsletter;
  • Your rights as a data subject;
  • Your right to lodge a complaint;
  • Our policies on the use of social media and cookies.

We regularly review our website’s privacy policy and will post any updates to it on this webpage. This privacy policy was last updated on 16th October 2025.

 

Who We Are 

ECHO is a Horizon Europe funded initiative aiming to strengthen urban resilience planning and management in Europe. ECHO tackles the current challenges in this area, specifically the neglect of specific and/or regional needs, the fragmentation of key stakeholders and resources, and inadequate operational efficiency.

The ECHO project is coordinated by Netcompany S.A. (NCI). CARR is responsible for leading the dissemination and communication efforts of the project.

For the purposes of this website, CARR is the responsible data controller. We are registered in Dublin, Ireland, under registered number 42175, with the registered office at 33 Fitzwilliam Square, Dublin 2, D02 V802, Ireland.

You can contact us:

  • by e-mail at info@carrcommunications.ie
  • by telephone: (+353.1) 772 8900
  • by fax: (+353.1) 772 8901

Please explicitly mention “ECHO” in the subject line of your communication.

CARR is committed to processing personal data responsibly, securely, and proportionally throughout our activities in compliance with the EU General Data Protection Regulation (GDPR) 2016/679.

 

What Data We Collect

Automatically collected personal data/metadata

When you access the ECHO website on your device, we may automatically collect certain personal data, which may include:

 

  1. Usage data (analytics / log data)

These relate to how the user interacts with the website, and includes:

  • Date and time of access
  • Duration of visit
  • Referrer (the website accessed immediately before)
  • Volume of data sent

 

  1. Device and technical data

These describe the technical characteristics of the device and software used, and includes:

  • Operating system
  • Device used for access (e.g., desktop, mobile, tablet)
  • Browser type (including version)
  • Unique device identifiers and other diagnostic data

 

  1. Network / connection data

These identify the connection or network used, and includes:

  • IP address (unique identifier related to device connection)

 

Personal data provided by you

By contacting us through the website contact form, you will provide us with (and we will collect) your personal details, such as:

  • Your name
  • your contact details, such as your email address, and
  • the message you submitted.

 

Data collected via cookies

For more information on the data collected via cookies, please visit our cookies page.

 

Purpose of Data Collection

We process your personal data for the following purposes:

  • Usage data are processed to operate and improve the website. This includes providing, operating, and maintaining the webpage, as well as understanding how visitors use it in order to enhance its performance and content.
  • Device and technical data are processed to ensure website functionality and to troubleshoot issues. This includes making sure the website works correctly across different devices and browsers and identifying and resolving technical problems.
  • Network/connection data are processed to ensure secure communication and maintain website security. This includes enabling secure data exchange between your device and our servers and delivering website content securely.
  • Data provided by you are processed to respond to enquiries and manage subscriptions. This includes replying to your messages and sending you our newsletter when you have subscribed.
  • Data collected via cookies are processed for statistical purposes. This includes preparing aggregated statistical reports of visitor activity, but only where you have given your consent.

 

Legal Bases for Processing

Legitimate Interest

For the data that we collect automatically, we rely on Article 6 (1) (f) of the GDPR (i.e. legitimate interest), as they are required for us to provide the service, to ensure technical operation and to investigate and remove any malfunctions of the website and to ensure the page’s security. It is in our interest to ensure the use and technical operability of our website. This data is automatically processed when our website is accessed. Unless they are provided, you cannot use our service.

 

Consent

For the personal data that you provide us with through the contact form, we rely on your consent (Article 6(1)(a) of the GDPR), which you express by completing and submitting the contact form, or by actively signing up to our newsletter.

With regard to the processing of personal data collected via cookies for the purposes of aggregated statistics, the lawfulness of the processing is based on your consent. For more information, please visit our cookies page.

 

How We Protect Your Data

We have put technical and organisational security measures and procedures in place to protect your personal data from unauthorised access, loss, misuse, alteration, or destruction. Also, we have made efforts to collect the minimum information needed for the website to function and to respond to your messages/requests.

More specifically, we install and regularly update all security and anti-virus software in use on all our systems.

We protect data in transit between your device and our website by using the SSL secure protocol, which ensures the confidentiality and integrity of your personal data.

Our measures also include the creation and storage of both online and offline nlbaine/offline] back-ups, encryption, and hardware monitoring.

The staff of CARR who access the data have been specifically authorised and trained in the handling of personal data and are bound by confidentiality obligations.

Although we have rigorous technical and organisational security procedures in place to keep your personal data secure, you are advised to remember that the Internet is not always a secure medium and that transmissions over the Internet are never completely private or secure.

If you are unsure about submitting any personal data to us through the website, please contact us instead via telephone, fax, or post.

 

Who we share your data with 

Recipients of your personal data include the employees of CARR and third parties.

Our employees access your personal data on a need-to-know/ need-to-do basis.

We may occasionally share personal data with trusted third parties, such as those listed below, to help us deliver efficient and quality services. When we do so, we will ensure that these recipients are contractually bound to safeguard the data we entrust to them before sharing the data with them.

We may engage with several or all of the following third parties:

  • Parties that support us as we provide our services (e.g., the host of this website);
  • Our professional advisers, including lawyers and auditors;
  • Law enforcement or other government and regulatory agencies (e.g., tax authorities) or other third parties as required by, and in accordance with, applicable law or regulation.

 

How Long We Keep Your Data

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, as described in this privacy notice. Where processing is based on your consent, we will retain your data until you withdraw that consent. In all cases, we will assess whether continued retention is necessary, and when it is no longer needed, we will securely delete or anonymise your data – unless we are legally required to retain it for a longer period (e.g. due to legal, regulatory, or tax obligations).

Below we explain the applicable retention periods for each category of data:

  • Data collected via the website contact form will be retained for up to 6 months after our last communication, unless further retention is needed to respond to follow-up queries or establish, exercise, or defend legal claims.
  • Data processed for sending newsletters will be retained for as long as you remain subscribed. If you unsubscribe, we will promptly remove you from our mailing list and delete your data.
  • Technical and usage data collected automatically when you use our website will be retained for no longer than 12 months, unless a longer retention is necessary for security purposes (e.g. to investigate incidents).
  • Cookie data will be retained according to the durations specified in our Cookie Policy. You may withdraw your consent at any time via the cookie settings.
  • Data collected in connection with legal claims, regulatory matters, or disputes may be retained as long as necessary to defend our rights or comply with legal obligations, and in any case for up to 7 years after the resolution of the matter.

We periodically review the personal data we hold and securely delete or anonymise data that is no longer needed.

Transfers of your personal data outside of the EU

We do not transfer your data outside the EU. By default, we store personal data on servers located exclusively within the EU.

 

Automated decision-making

Your personal data is not subject to automated decision-making or profiling.

 

Your rights in relation to the personal data collected via this website

As a data subject, you have several rights regarding your personal data, as provided by the GDPR. You may exercise these rights at any time by contacting us using the contact details mentioned under the “Who we are” section.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us ensure that personal data is not disclosed to any person who has no right to receive it.

You will not have to pay a fee to exercise your rights, unless your request is clearly unfounded or excessive (for example, repetitive).

Please note that most of these rights are not absolute, which means that some legal exceptions may apply. Each request will be assessed on a case-by-case basis. Depending on the circumstances, we may be unable to comply with your request if other lawful grounds for processing apply.

 

Right to access (Art. 15 GDPR)

You have the right to obtain confirmation as to whether or not we process your personal data. If this is the case, you can request access to your personal data and receive information about such processing. This right allows you to know what data we hold about you, for what purposes and for how long, as well to whom they are disclosed, so that you can verify the lawfulness of such processing.

 

Right to rectification (Art. 16 GDPR) 

You have the right to obtain the rectification of inaccurate personal data that concerns you, and to have incomplete personal data completed.

 

Right to restriction of processing (Art. 18 GDPR)

You have the right to obtain the restriction of processing of your personal data, where:

  • You contest the accuracy of your personal data;
  • the processing is unlawful, but you oppose the erasure of personal data and request the restriction of processing instead;
  • We, as the controller, no longer need your personal data, but you require them to establish, exercise or defend legal claims;
  • you have objected to the processing pursuant to GDPR Article 21.1 pending verification of whether our legitimate grounds (as the controller) override yours.

When processing is restricted, your data will be stored but not otherwise processed, except with your consent or for the establishment, exercise or defence of legal claims.

 

Right to object (Art. 21 GDPR)

At any time, you shall have the right to object to the processing of your data, on grounds relating to your particular situation, unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or for the establishment, exercise, or defence of legal claims.

 

Right to erasure (‘Right to be forgotten’) (Art. 17 GDPR)

You have the right to erase your personal data, if:

  • you object to the processing pursuant to Art. 21.1 and there are no overriding legitimate grounds for us to keep the data;
  • you withdraw your consent (where processing is based on consent);
  • your personal data is no longer necessary for the purposes for which it was collected;
  • your personal data has been unlawfully processed;
  • your personal data must be erased for compliance with a legal obligation in Union or Member State law to which we as the controller are subject.

 

Right to data portability (Art. 20 GDPR)

If you have provided us with your personal data based on your consent, and as long as that consent remains valid or another legal ground applies, and the processing is carried out by automated means, you may request that we provide you with the data you have supplied in  a structured, commonly used, and machine-readable format. You may also request that we transmit your data directly to a different controller, where technically feasible.

 

Right to withdraw your consent (Art. 7(3) GDPR)

Where the processing of your data is based on your consent (for example, through cookies), you may withdraw such consent at any time, without any adverse consequences, and as easily as you gave it. Please note, however, that this withdrawal will not affect the lawfulness of processing carried out based on your consent before its withdrawal. For more information on the processing of your personal data through cookies, please refer to our cookies page.

 

 

 

 

 

For your convenience, we have summarised the above information in the following table:

Purpose Type of data Legal basis Your rights
Website operation and improvement Usage data Legitimate interest (Art. 6(1)(f) GDPR) Access, Rectification, Erasure, Restriction, Objection 
Website functionality and troubleshooting Device and technical data Legitimate interest (Art. 6(1)(f) GDPR) Access, Rectification, Erasure, Restriction, Objection
Secure communication and security Network / connection data Legitimate interest (Art. 6(1)(f) GDPR) Access, Rectification, Erasure, Restriction, Objection
Responding to enquiries  Contact form data  Consent (Art. 6(1)(a) GDPR) Access, Rectification, Erasure, Restriction, Withdraw consent, Data portability (if applicable)
Sending newsletters, managing subscriptions Newsletter subscription data Consent (Art. 6(1)(a) GDPR) Access, Rectification, Erasure, Restriction, Withdraw consent, Data portability (if applicable)
Statistics  Data collected via cookies Consent (Art. 6(1)(a) GDPR) Access, Rectification, Erasure, Restriction, Withdraw consent, Data portability (if applicable)

 

 

Right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data infringes the GDPR. This right applies regardless of where the data processing takes place. You may contact the supervisory authority in the EU Member State of your habitual residence, your place of work, or the place where the alleged infringement occurred.

A list of national supervisory authorities can be found here. For CARR, the lead supervisory authority is the Irish Data Protection Commission.

https://www.dataprotection.ie/en

 

Disclaimer and limitations of liability

We aim to keep the information that appears on the ECHO website as accurate, complete, and up to date as possible. If errors are brought to our attention, we will take all reasonable steps to make any necessary corrections within a reasonable timeframe.

Please be aware that the information published on our website is for informational purposes only. None of the information contained on the website constitutes legal or professional advice, nor can we accept responsibility for how it might be used, and we are not responsible or liable for any errors or omissions in any of the information provided on the website. We cannot be held liable for any direct or indirect damage that may result from use of this site. Links to other websites are provided in good faith and for informational purposes only. A link to another website does not mean that we endorse or accept any responsibility for the content or use of such website.

While we take all possible steps to minimise disruption caused by technical errors, we cannot guarantee that our website will not be interrupted or otherwise affected by such problems. Please note that access may be suspended temporarily and without notice in the case of system failure, website maintenance, or repair for reasons beyond our control.

The use of our website is governed by the law of the Republic of Ireland. Any dispute arising from or related to the use of this website shall be subject to the non-exclusive jurisdiction of the Irish courts.

 

Links to other websites

Our websites may contain links to other sites, including the sites of the consortium partners, which are not governed by this privacy policy. Please review the destination websites’ privacy policies before submitting personal data on those sites.

Whilst we try to link only to sites that share our standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

 

Our use of cookies

Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website. These can be used for the technical functioning of a website, for gathering statistics on the use of the website or for other purposes, such as providing a user with a more personalised experience, for example, to enable an online service to remember your user profile without you having to login again.

Visit our cookies page for more information.

 

Our use of social media

We use social media to communicate information about the project through widely used channels, such as X (Twitter), LinkedIn, BlueSky, and YouTube. You can access ECHO’s accounts on social media platforms directly from our website. In order to protect your privacy, our social media buttons or components to connect to those services do not set cookies when our web pages are loaded on your device.

Each social media channel has their own policy on the way they process your personal data when you access their sites. For example, if you would like to watch one of the ECHO videos on our YouTube channel, you will be asked to accept YouTube cookies; if you look at our activity on X, you will be asked to accept X’s cookies; the same applies for LinkedIn and BlueSky.

If you have any concerns or questions about their use of your personal data, please carefully read their respective privacy policies before using them. The use of social media by ECHO, including X and LinkedIn, does not in any way imply an endorsement of X, LinkedIn, YouTube, BlueSky, and their privacy policies.

Please note: The ideas and views expressed by ECHO on social media are for informational purposes only. Views and opinions expressed do not necessarily reflect those of the European Union or any other affiliated body. Neither the European Union nor the granting authority can be held responsible for them.

 

Contact us 

Should you have any further questions or concerns as to how your personal data is processed, you can contact us by e-mail at info@carrcommunications.ie or by post: 33 Fitzwilliam Square, Dublin 2, D02 V802 Ireland.

We will respond to your queries as soon as possible, and no later than 30 days from when we receive them.