Privacy Policy

TELEMETRY (Trustworthy mEthodologies, open knowLedgE & autoMated tools for sEcurity Testing of IoT software,  haRdware & ecosYstems) , an Horizon Europe project , funded by the European Union under grant agreement ID 101119747.,    is committed to protecting your privacy.

This Privacy policy applies to the www.telemetry-project.eu web site (hereforth, “the Website”)  and governs data collection and usage. The Website falls under the responsibility of the Telemetry Consortium and is concerned with the dissemination and exchange of information about the research conducted in the course of the project and the outcome of this work. By using this Website, you consent to the data practices described in this statement. 

1. Policy Scope

This Privacy Policy applies to this Website telemetry-project.eu and it applies regardless of whether you use a computer, mobile phone, tablet, TV or other device.

2. Personal Data that this Website collects provided by you and how we use it

Unless stated otherwise in detail in the relevant sections of the Website, Personal Data generated from the use of our Website is processed as follows:

(i) Use of Contact Form

Should you choose to communicate with us using the contact form embedded in our Website, we ask you to provide your name, as well your mailing address. The contact form generates an email to info@telemetry-project.eu. Please note that your name and mailing address is the only data we collect required for the specified purpose.  Without this information we are unable to answer to your message and address it to you personally. The legal basis for processing Personal Data for the purposes set out in this Section 2 is art. 6(1)(b) of GDPR as the processing is necessary for the response to requests from the interested party.

(ii) Social Media

Some of our webpages use social plug-ins from other organizations (such as the “Facebook Recommend” function, Twitter’s retweet function etc included in the Blog/News” section of the website). These other organizations may receive and use personal data about your visit to our sites or apps. If you browse our Website or view content on our apps, information they collect may be connected to your account on their site. For more information on how these organizations use personal data, please read their privacy policies.

(iii) Site visitation tracking

We use Google Analytics 4 (GA4) to collect data about user activity and/or interaction on the website, and for statistical reasons. We use this data to determine the number of people using our site, to better understand how they find and use the existing  web pages and to see users’ journey through the website.

Although GA4 records data such as your geographical location, device, internet browser and operating system, none of this information personally identifies you to us.  Your IP address is anonymized by GA4 services and cannot be used to personally identify you. We consider Google to be a third party.

GA4 makes use of cookies, details of which can be found on Google’s developer guides. For your information, our Website uses the analytics.js implementation of GA4.  Disabling cookies on your internet browser will stop GA from tracking any part of your visit to pages within this website.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page.

(iv) Newsletter

We use Mailchimp platform to send out regular newsletters regarding updates and information relevant to its scope and area of interest (such as invitations to events and webinars, news stories, case studies and reports, among others). People interested in receiving this newsletter have to Sign Up and explicitly express their will to receive these newsletters via the respective form (opt in). All Mailchimp legal policies can be found here, including details on how this platform handles personal data in terms of Privacy.

3. How we store your Personal Data   

If you submit your contact details in our contact form, the only personal data will be stored by TELEMETRY] is your name and email address we receive from you. We will not share your contact details with no one and will be securely stored by TELEMETRY with access only by authorized personnel. This is currently the only occasion where personal data will be stored by this Website.

We utilise state-of-the-art technology to store your data. The following safeguards are used, for example, to protect your personal data from misuse or any form of unauthorized processing:

  • Access to personal data is restricted to a limited number of authorized persons for the stated purposes.
  • The IT systems used for processing data are technically isolated from other systems to prevent unauthorized access and hacking.
  • Access to these IT systems is constantly monitored to detect and prevent misuse in the early stages.
  •  
  • 4. How long we will keep your Personal Data for

We will keep your personal information only for as long as it is relevant and useful for the intended purpose for which it was originally collected, or as required by law.

5. Cookies and Third Party – Cookies

Cookies are small text files that can be used by websites to make a user’s experience more efficient. Our Website does not collect any cookies apart from the necessary ones. When you are visiting our Website third parties such as youtube.com and twitter.com are collecting Cookies. Nevertheless, we cannot fully control what they are doing with their Cookies, so please read their privacy statements or cookies policy as well. For more information you can also see the Cookie Declaration on the Cookies we use.

You reserve the right to set up your browser to warn you before accepting cookies, or you can simply set it to refuse them, although you may not have access to all the features of this website if you do so. See your browser ‘help’ button for how you can do this. You do not need to have Cookies on to use or navigate through many parts of this Website. Remember that if you use different computers in different locations, you will need to ensure that each browser is adjusted to suit your Cookie preferences.

You can at any time change or withdraw your Cookies consent from the Cookie Declaration on our Website.

6. Data Breaches

We will report any unlawful data breach of your data within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.

7. Your rights as Data Subject with respect to your Personal Data

Under the General Data Protection Regulation [Articles 15-21], you have a number of important rights free of charge. In summary, those include rights to:

(i) Right of access

You have the right to be aware and verify the legitimate nature of the processing. So, you have the right to access your personal data and receive additional information about how we process it.

(ii) Right to rectification

You have the right to study, correct, update or modify your personal data by contacting TELEMETRY at the info@telemetry-project.eu .

(iii) Right to erasure (Right to be forgotten)

You have the right to request deletion of your personal data when we process it on your consent or in order to protect our legitimate interests. In all other cases (such as, where there is a contract, obligation to process personal data legally required, or public interest), this right is subject to specific restrictions or shall not exist, as the case may be.

(iv) Right to restriction of processing

You have the right to request a restriction of the processing of your personal data in the following cases: (a) when the accuracy of the personal data is contested and until the accuracy is verified (b) when you oppose the deletion of your personal data and request the restriction of their use instead, c) when personal data are not needed for processing purposes, they are however required for the establishment, exercise, or defense of legal claims, and (d) when you object to the processing and the decision on your objection to processing is pending.

(v) Right to object to processing

You have the right to object at any time to the processing of your personal data where, as described above, the processing is based on the legitimate interests we pursue as data controllers, as well as, for the purposes of direct marketing and consumer profiling, if applicable.

(vi) Right to data portability

You have the right to receive your personal data free of charge in a format that allows you to access, use, and edit them with commonly used editing methods. You also have the right to ask us, in case it is technically feasible, to transmit the data directly to another controller. Your right to do so exists for the data you have provided to us and is processed by automated means based on your consent or for the execution of a relevant contract.

(vii) Right to withdraw your consent

In cases where processing is based on your consent, you have the right to withdraw it without affecting the lawfulness of processing based on consent prior to its withdrawal.

If you would like to exercise any of those rights, please:

  • contact us using our Contact details below
  • let us have enough information to identify you,
  • let us have proof of your identity and address, and
  • let us know the information to which your request relates.

8. Time limits for compliance with your rights as Data Subject

We make every effort to comply with all requests within 30 days. However, this period may be extended for reasons relating to the specific right or complexity of your request.

9. Contact Details

All questions, comments and requests regarding this Privacy Policy may be addressed via e-mail to info@telemetry-project.eu (Attn: Website Privacy Policy).

10. How to complain

We hope that we can resolve any query or concern you raise about our use of your Data However, if you believe that we have not responded in an appropriate manner to your complaints or concerns, the General Data Protection Regulation also gives you the right to lodge a complaint with your local data protection or supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred.

This privacy policy may change from time to time inline with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.

European Cyber Security Community Initiative (ECSCI)

The European Cyber Security Community Initiative (ECSCI) brings together EU-funded cybersecurity research and innovation projects to foster cross-sector collaboration and knowledge exchange. Its aim is to align technical and policy efforts across key areas such as AI, IoT, 5G, and cloud security. ECSCI organizes joint dissemination activities, public workshops, and strategic dialogue to amplify the impact of individual projects and build a more integrated European cybersecurity landscape.

Supported by the European Commission, ECSCI contributes to shaping a shared vision for cybersecurity in Europe by reinforcing connections between research, industry, and public stakeholders.

Visit the website

European Cluster for Cybersecurity Certification

The European Cluster for Cybersecurity Certification is a collaborative initiative aimed at supporting the development and adoption of a unified cybersecurity certification framework across the European Union. Bringing together key stakeholders from industry, research, and national authorities, the cluster facilitates coordination, knowledge exchange, and alignment with the EU Cybersecurity Act.

Its mission is to contribute to a harmonized approach to certification that fosters trust, transparency, and cross-border acceptance of cybersecurity solutions. The cluster also works to build a strong stakeholder community that can inform and support the work of the European Union Agency for Cybersecurity (ENISA) and the future European cybersecurity certification schemes.

Visit the website

CertifAI

CertifAI is an EU-funded project aimed at enabling organizations to achieve and maintain compliance with key cybersecurity standards and regulations, such as IEC 62443 and the EU Cyber Resilience Act (CRA), across the entire product development lifecycle. Rather than treating compliance as a one-time activity or post-development task, CertifAI integrates compliance checks and evidence collection as continuous, embedded practices within daily development and operational workflows.

The CertifAI framework provides structured, practical guidance for planning, executing, and monitoring compliance assessments. It supports organizations in conducting gap analyses, building compliance roadmaps, collecting evidence, and preparing for formal certification. The methodology leverages best practices from established cybersecurity frameworks and aligns with Agile and DevSecOps principles, enabling continuous and iterative compliance checks as products evolve.

A central feature of CertifAI is the use of automation and AI-driven tools—such as Retrieval-Augmented Generation (RAG) systems and Explainable AI—to support the interpretation of complex requirements, detect non-conformities, and generate Security Assurance Cases (SAC) with traceable evidence. The approach is organized into five main phases: preparation and planning, evidence collection and mapping, assessment execution, reporting, and ongoing compliance monitoring.

CertifAI’s methodology is designed to be rigorous yet adaptable, offering organizations a repeatable process to proactively identify, address, and document compliance gaps. This supports organizations not only in meeting certification requirements, but also in embedding a culture of security and compliance into daily practice.

Ultimately, CertifAI’s goal is to make compliance and security assurance continuous, transparent, and integrated, helping organizations efficiently prepare for certification while strengthening their overall cybersecurity posture.

Visit the website

DOSS

The Horizon Europe DOSS – Design and Operation of Secure Supply Chain – project aims to improve the security and reliability of IoT operations by introducing an integrated monitoring and validation framework to IoT Supply Chains.

DOSS elaborates a “Supply Trust Chain” by integrating key stages of the IoT supply chain into a digital communication loop to facilitate security-related information exchange. The technology includes security verification of all hardware and software components of the modelled architecture. A new “Device Security Passport” contains security-relevant information for hardware devices and their components. 3rd party software, open-source applications, as well as in-house developments are tested and assessed. The centrepiece of the proposed solution is a flexibly configurable Digital Cybersecurity Twin, able to simulate diverse IoT architectures. It employs AI for modelling complex attack scenarios, discovering attack surfaces, and elaborating the necessary protective measures. The digital twin provides input for a configurable, automated Architecture Security Validator module which assesses and provides pre-certification for the modelled IoT architecture with respect of relevant, selectable security standards and KPIs. To also ensure adequate coverage for the back end of the supply chain the operation of the architecture is also be protected by secure device onboarding, diverse security and monitoring technologies and a feedback loop to the digital twin and actors of the supply chain, sharing security-relevant information.

The procedures and technology will be validated in three IoT domains: automotive, energy and smart home.

The 12-member strong DOSS consortium comprises all stakeholders of the IoT ecosystem: service operators, OEMs, technology providers, developers, security experts, as well as research and academic partners.

Visit the website

EMERALD: Evidence Management for Continuous Compliance as a Service in the Cloud

The EMERALD project aims to revolutionize the certification of cloud-based services in Europe by addressing key challenges such as market fragmentation, lack of cloud-specific certifications, and the increasing complexity introduced by AI technologies. At the heart of EMERALD lies the concept of Compliance-as-a-Service (CaaS) — an agile and scalable approach aimed at enabling continuous certification processes in alignment with harmonized European cybersecurity schemes, such as the EU Cybersecurity Certification Scheme for Cloud Services (EUCS).

By focusing on evidence management and leveraging results from the H2020 MEDINA project, EMERALD will build on existing technological readiness (starting at TRL 5) and push forward to TRL 7. The project’s core innovation is the development of tools that enable lean re-certification, helping service providers, customers, and auditors to maintain compliance across dynamic and heterogeneous environments —including Cloud, Edge, and IoT infrastructures.

EMERALD directly addresses the critical gap in achieving the ‘high’ assurance level of EUCS by offering a technical pathway based on automation, traceability, and interoperability. This is especially relevant in light of the emerging need for continuous and AI-integrated certification processes, as AI becomes increasingly embedded in cloud services.

The project also fosters strategic alignment with European initiatives on digital sovereignty, supporting transparency and trust in digital services. By doing so, EMERALD promotes the adoption of secure cloud services across both large enterprises and SMEs, ensuring that security certification becomes a practical enabler rather than a barrier.

Ultimately, EMERALD’s vision is to provide a robust, flexible, and forward-looking certification ecosystem, paving the way for more resilient, trustworthy, and user-centric digital infrastructures in Europe.

Visit the website

SEC4AI4SEC

Sec4AI4Sec is a project funded by the European Union’s Horizon Europe research and innovation programme under grant agreement No 101120393.

This project aims to create a range of cutting-edge technologies, open-source tools, and new methodologies for designing and certifying secure AI-enhanced systems and AI-enhanced systems for security. Additionally, it will provide reference benchmarks that can be utilized to standardize the evaluation of research outcomes within the secure software research community.

The project is divided into two main phases, each with its own name.

·       AI4Sec – stands for using artificial intelligence in security. Democratize security expertise with an AI-enhanced system that reduces development costs and improves software quality. This part of the project improves via AIs the secure coding and testing.

·       Sec4AI –  involves AI-enhanced systems. These systems also have risks that make them vulnerable to new security threats unique to AI-based software, especially when fairness and explainability are essential.

The project considers the economic and technological impacts of combining AI and security.

The economic phase of the project focuses on leveraging AI to drive growth, productivity, and competitiveness across industries. It includes developing new business models, identifying new market opportunities, and driving innovation across various sectors. 

Visit the website