Find support
Exit

Privacy Policy

Privacy Policy Of Stepto.Support Website

This Website collects some personal data from its users regarding only their geolocational data.
This document can be printed for reference by using the print command in the settings of any browser.
See our Cookies policy.

Owner and Data Controller

IANUS Technologies Ltd, Spyrou Kyprianou 85, Eleneio Megaro, Larnaca, 6051, Cyprus

Owner websitehttps://ianus-technologies.com

Owner contact emaile.michos@ianus-technologies.com

Data Collected

Complete details on each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanation texts displayed prior to the Data collection. Unless specified otherwise, all data requested by this website is mandatory and failure to provide this data may make it impossible for this website to acquire its analytics. Users who are uncertain about which personal data is mandatory are welcome to contact the Owner. Any use of Cookies – or of other tracking tools — by this Website or by the owners of third-party services used by this Website serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy, if available.

Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.

Legal Basis Of Processing

The Owner may process Personal Data relating to Users if one of the following applies:

  • Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process personal data until the user objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of personal data is subject to European data protection law;
  • provision of data is necessary for the performance of an agreement with the user and/or for any pre-contractual obligations thereof;
  • processing is necessary for compliance with a legal obligation to which the Owner is subject;
  • processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
  • processing is necessary for the purposes of the legitimate interests pursued by the Owner or by an organisation of the 2PS consortium.

In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.

Storing processed data

The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.

Depending on the User’s location, data transfers may involve transferring the user’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.

Users are also entitled to learn about the legal basis of data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their data.

If any such transfer takes place, users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.

For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) or use other Personal Data (such as the user’s visiting country) for this purpose.

Retaining processed data

Personal Data shall be processed and stored for as long as required by the purpose they have been collected for. Therefore:

  • Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.

The Owner may be allowed to retain Personal Data for a longer period whenever the user has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.

Once the retention period expires, Personal Data shall be deleted. Therefore, the right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.

Purpose of processing data

The Data concerning the user is collected to allow the Owner and the 2PS Consortium in general to acquire analytical information regarding the geographical information of the visitors, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its users or third parties), detect any malicious or fraudulent activity, as well as the following:  Interaction with external social networks and platforms, Analytics, Collection of privacy-related preferences, Tag Management, Device permissions for Personal Data access and Displaying content from external platforms.

This Website does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.

Device permissions

Depending on the User’s specific device, this Website may request certain permissions that allow it to access the User’s device Data as described below.

By default, these permissions must be granted by the User before the respective information can be accessed. Once the permission has been given, it can be revoked by the User at any time. In order to revoke these permissions, Users may refer to the device settings or contact the Owner for support at the contact details provided in the present document. The exact procedure for controlling app permissions may be dependent on the User’s device and software.

Please note that the revoking of such permissions might impact the proper functioning of this Website.

If User grants any of the permissions listed below, the respective Personal Data may be processed (i.e accessed to, modified or removed) by this Website.

Webpage Analytics

Although Matomo Analytics is a web analytics software with a purpose to track user activity on your website, we take privacy very seriously.

The following advanced privacy protections in Matomo provide you with more control:

By default, users are opted-out from being tracked. If they agree for their data to be processed, the following data is tracked with their consent:

  • Geolocation Information: Country, City, Region
  • Device: Type, Model, Resolution, Brand
  • System: Operating System, Browser, Engine, Plugins
  • Other: Date and Time, if is a returning visitor, what the visitor did in the website

The plugin anonymize sthe last byte(s) of visitors IP addresses to comply with local privacy laws/guidelines. This offers more user privacy but less accuracy on the region/city that a user visits from.

Matomo webpage: https://matomo.org/

Matomo Privacy Policy: https://matomo.org/privacy-policy/

User personal rights

Users may exercise certain rights regarding their Data processed by the Owner.

In particular, Users have the right to do the following, to the extent permitted by law:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right to obtain the erasure of their Data from the Owner.
  • Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance.
  • Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.

Details about the right to object to processing

Where personal data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their personal data be processed for direct marketing purposes, they can object to that processing at any time, free of charge and without providing any justification. Where the user objects to processing for direct marketing purposes, the Personal Data will no longer be processed for such purposes. To learn whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be answered by the Owner as early as possible and always within one month, providing Users with the information required by law. Any rectification or erasure of Personal Data or restriction of processing will be communicated by the Owner to each recipient, if any, to whom the Personal Data has been disclosed unless this proves impossible or involves disproportionate effort. At the Users’ request, the Owner will inform them about those recipients.

The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services. The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.

Changes To This Privacy Policy

The Owner reserves the right to make changes to this privacy policy at any time by notifying its Users on this page and possibly within this Website and/or – as far as technically and legally feasible – sending a notice to Users via any contact information available to the Owner. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.

Legal information

This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).

This privacy policy relates solely to this Website, if not stated otherwise within this document.

Privacy Policy Of Stepto.Support Website

Introduction

Thank you for visiting the Stepto.Support Website (the Website). Our purpose is to provide information on support services for people with sexual interest in children, to prevent corresponding offences. We achieve this using different channels – such as a map of available services in the EU, interactive chat function and contact form. Note that the chat and contact form follow the informative goal exclusively; they are not established to e.g., provide therapeutic advice, but rather to navigate people to places where they can obtain it. We also seek to obtain information on how the website is used, in order to improve it and obtain aggregated, anonymous or anonymised research insights. Your privacy is paramount to us. In achieving our goals, we seek to process as little personal data as possible. Personal data flows on our platform were carefully designed to prevent identification of users. We do not sell or share your data, nor do we use it for marketing or advertising. In this privacy policy, you will find information on:

  • Who is legally responsible for the data processing (data controller).
  • The data collection and processing that we carry out when you visit
    our website and use its different components.
  • Your rights as a data subject.

We also use cookies on our website, please see our Cookies policy.
This document can be printed for reference by using the print command
in the settings of any browser.

Data Controllers

NameIANUS Technologies (IANUS)Charité – Universitätsmedizin Berlin (CUB)
Role and tasks on the platform
  • Sole administrator of the platform
  • Website metrics collection
  • Technical security implementation
  • Platform maintenance
  • Collection of user behaviour analytics
  • Primary data subject contact
  • Chat operations and transcript collection
  • User data processing from chat; Email management
  • Metrics evaluation
Contact details of the lead representative for the platformEvangelos Michos – e.michos@ianus-technologies.comIsabel Schilg – isabel.schilg@charite.de
Contact details of the data protection officer (email)steptosupport@2ps-project.eudatenschutzbeauftragte@charite.de
Organisation’s addressIANUS Technologies Ltd, Spyrou Kyprianou 85, Eleneio Megaro, Larnaca, 6051, CyprusCharitépl. 1, 10117 Berlin, Germany
Organisation’s websitehttps://ianus-technologies.comhttps://www.charite.de/en/

What data do we collect, for what purpose, and on what legal basis?

Purposes and bases for processing

IDProcessing purposeDescription & legal basis for processing
A.Addressing the inquiry submitted via the contact form.The user of the platform can ask general questions through the contact form. The processing of personal data is based on the legitimate interest in addressing inquiries submitted via the contact form.
B.Operating the platform (passive provision of information)Personal data is utilized to deliver informative services. The processing of personal data is based on the legitimate interest in providing the informative service through the platform.
C.Enhancing the quality of the platformTo continuously enhance the quality of the platform, personal data of the users of the platform is collected and processed. Personal data is utilized to offer comprehensive information about the performance of the platform and the behaviour of the user of the platform. The processing of personal data is based on the legitimate interest in enhancing the quality on the platform.
D.Ensuring the safety and security of the services on the platformTo ensure that the services on the platform are used in a manner that complies with applicable laws and regulations and to prevent abuse and fraud, certain information is tracked from the users of the platform. The processing of personal data is based on the legitimate interest in ensuring the safety and security of the services on the platform.
E.Addressing questions in chat regarding support, guidance and alternative pathwaysThe processing of personal data is based on the legitimate interest in ensuring the safety and security of the services on the platform. The user of the chat functionality can ask different questions regarding support, guidance, and alternative pathways for individuals of the target group. The processing of personal data is based on the legitimate interest to address questions asked during the chat with the online operator.

Data Collected

We collect the following types of personal data, depending on which part of the platform you’re using.

Website

  • Masked IP addresses
    • Processing purpose – B.
    • Upon visiting the website, your IP address is collected and automatically pseudonymised by removal of two latter octets of information (e.g., 192.168.12.23 à 192.168.xxx.xxx). This means that it is impossible for us to identify you; at most, we can tell which country you are connecting from.
    • This masked IP address is processed in order to demonstrate location of relevant services and resources. It is also used to produce aggregated, anonymous findings on the use of the website.
    • Stored by IANUS; deleted until aggregated findings are extracted (max 2 years after the end of the project – September 2027).
  • User behaviour on the platform
    • Processing purpose – C
    • Using cookies, we analyse user behaviour on the platform – such as date and time of the visit, which pages are visited, how long users stay on a page, and what interactions they perform (e.g., clicking buttons or filling out forms).
  • § Important – This information is not connected to your full IP address or any identifier tied to your person. Instead, every time you connect, a randomly generated ID is generated by the system; we do not seek to track you across sessions.
    • Stored by IANUS; deleted until aggregated findings are extracted (max 2 years after the end of the project – September 2027).

Chat

  • IP address
    • Processing purpose – E.
    • Processing this IP address is necessary to enable the chat functionality.
    • Stored on servers of Talkative (established chat plugin provider), in the AWS cloud, in a database storing millions of interactions between IP addresses using Talkative.
  • Chat message content
    • Processing purpose – C.
    • We make it clear that personal data should not be conveyed through the chat function; however, we consider that it might happen nonetheless.
    • We’ve established a dedicated editing and storing procedure to handle this risk. Each chat transcript is stored on Talkative’s servers and made accessible to CUB only. Having received suitable training, CUB staff members acting as Talkative Administrators will manually review each transcript and anonymise it, if needed (in max 2 business days from the chat interaction). They will download the transcript (at which stage it is deleted from Talkative’s servers), remove all personal data from it, and upload it to CUB servers.

Contact form

  • Email address
    • Processing purpose – A.
    • The e-mail address is requested from the user of the platform when completing the contact form on the platform. This is to enable a response to the inquiry.
    • Stored by CUB; it will be deleted after max. 21 days from last interaction.
  •  Message content
    • Processing purpose – A.
    • We make it clear that personal data should not be conveyed through the contact form; however, we consider that it might happen nonetheless.
    • Stored by CUB; it will be deleted after max. 21 days from last interaction.

Third country data transfers

There exists a potential risk if personal data of EU data subjects is transferred to jurisdictions without adequate data protection standards, potentially breaching Articles 44-50 GDPR.

In the StS platform’s context, this affects transfers to Talkative (UK-based) and Google Analytics (US; see our cookies policy for further information).

Talkative stores chat transcripts and uses AWS (US) for storing the IP address & time of interaction of all its conversations. EU to UK transfers are covered by the Commission’s adequacy decision, and Talkative is responsible for maintaining sufficiently high

standards of protection in transferring data to AWS. AWS certifications suggest compliance with international data transfer standards. Situation in which an entity would request access to Talkative StS data from AWS is extremely unlikely. Coupled with a low chance of transcripts holding personal data and miniscule utility of this data, the likelihood and impact of this risk are limited, if not negligible.

Google Analytics data, in the form of a randomly generated Unique ID (per session only) holds even less of a utility, and the likelihood of it posing an additional risk by virtue of being transferred to the US is negligible. Nevertheless, this data transfer is protected by guarantees of the EU-US Data Privacy Framework (confirmed by European Commission’s adequacy decision).

User personal rights

Users may exercise certain rights regarding their data processed within the platform.

IDData subject rightIn place?Explanation if not in place
1.Right of access Data subjects have the right to learn if data is being processed by the owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the data undergoing processing. (Article 15 GDPR)YESN/A
2.Right to rectification Users have the right to verify the accuracy of their data and ask for it to be updated or corrected. (Article 16 GDPR)YESN/A
3.Right to erasure Users have the right to obtain the erasure of their data from the owner. (Article 17 GDPR)YESN/A
4.Right to restriction of processing Users have the right to restrict the processing of their data. In this case, the owner will not process their data for any purpose other than storing it. (Article 18 GDPR)YESN/A
5.Right to data portability Users have the right to receive their data in a structured, commonly used and machine-readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. (Article 20 GDPR)NOThe right does not apply, as all processing activities rely on legitimate interest only. There would be a very limited scope in any case, as data subjects are actively discouraged from providing any personal data in any of the activities covered by this DPIA.
6.Right to object Data subjects have the right to object to the processing of their data if the processing is carried out on a legal basis other than consent. (Article 21 GDPR)YESN/A
7.Right not to be subject to automated individual decision-making No automated individual decision-making on the platform and/or chat functionalities. (Article 22 GDPR)NOThis is not applicable as there are no automated individual decision-making on the platform and/or the chat functionalities.
8.Right to withdraw consent Data subjects have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data. (Article 7(3) GDPR)NOAll processing of personal data relies on the legal basis of legitimate interest.
9.Right to lodge a complaint Data subjects have the right to bring a claim before their competent data protection authority. (Article 77 GDPR)YESN/A

These data subject rights apply to StS platform’s datasets in the following manner:

DatasetData subject rights from arts. 15, 16, 17, 18 and 21?Data controller responsibleExplanation of limitation on the exercise of data subject rights (if applicable)
Website – Masked IP addresses (pre-masking)NoIANUSThe pre-masked IP addresses are immediately pseudonymised after collection, there isn’t a time window during which the data subject rights could be meaningfully exercised.
Website – Masked IP addressesNoIANUSFollowing pseudonymisation, it is impossible to identify the IP address of the data subject and distinguish it from other IP addresses. For example, if two data subjects have IP addresses of 192.168.1.20 and 192.168.44.528, the stored IP address in the form of 192.168.xxx.xxx could pertain to both of them.
Website – User behaviour on the platformNoIANUSUser behaviour data are collected per session, and in such a way that makes identifying the data subject practically impossible.
Google Analytics – Unique user IDNoIANUS (for Google Analytics)As this is a randomly assigned user ID, tied to the website, Google has no way of verifying the identity of the data subject making the request.
Chat – Users – IP addressYesCUB (for Talkative and AWS)N/A
Chat – Users – Chat message content (original transcript)NoCUB (for Talkative)In this case, there is a very small window where the data subject could request e.g., a right to erasure, before CUB anonymises the transcript and deletes the original (max 2 business days from collection). At the same time, CUB only has access to the transcript – it would not be possible to identify the data subject, unless they provide additional information. The process of processing their request would most likely extend beyond the planned anonymisation procedure.
Contact form – email addressYesCUBN/A
Contact form – message contentYesCUBN/A

Additional considerations

This Website does not support “Do Not Track” requests. To determine whether any of the third-party services it uses honour the “Do Not Track” requests, please read their privacy policies.

Changes To This Privacy Policy

We reserve the right to make changes to this privacy policy at any time by notifying the website’s users on this page and/or – as far as technically and legally feasible – sending a notice to users via any contact information available to us. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.

Legal information

This privacy statement has been prepared primarily on the basis of Arts. 13 and 14 of Regulation (EU) 2016/679 (General Data Protection Regulation). This document relates solely to this website, if not stated otherwise within this document.

Steptosupport

This project has received funding from the European Union’s Horizon Europe Programme under grant agreement No. 101073949

steptosupport@charite.de

About
Services
Contact us
2PS PROJECT

Visit the official 2PS project website

2ps-project.eu

2PS Overview
2PS Consortium
FAQ
Funded by the European Union

© 2PS Prevent & Protect through support. All Right Reserved – Privacy PolicyCookie Policy