Privacy Policy for Use of AI Assistant (PaulineGPT)

Effective Date: 3 May 2025

This Privacy Policy explains how ABARKA ONGD (hereafter “we”, “us”, or “the Provider”) processes personal data when users interact with the integrated AI assistant “PaulineGPT” (powered by OpenAI’s ChatGPT technology) within the Actions Tools platform. This assistant supports the design, drafting, and coordination of EU-funded projects.

1. Data Controller

ABARKA ONGD
Address: Agerrealde Etxadia 7bajo, 20180 Oiartzun, Spain
Contact: info@ongabarka.org

We act as the Data Controller responsible for processing data during your use of the assistant.

2. Purpose of Processing

The AI assistant is designed to support:

• Development and drafting of EU funding applications (e.g., Erasmus+, Horizon Europe, CERV)

• Creation of logical frameworks, timelines, and budget plans

• Strategic advice on proposal coherence and compliance with EU priorities

Use of the assistant helps users co-create better, more impactful project applications.

3. Types of Data Collected

When using EUGrantMaster, we may collect:

• Input texts you submit (questions, descriptions, application content, etc.)

• Uploaded documents

• Technical metadata (timestamps, session identifiers)

⚠️ Please do not submit sensitive personal data (e.g., health information, political beliefs) unless strictly necessary and lawful.

4. Legal Basis

Processing is based on:

• Consent (Article 6.1.a GDPR): By using the assistant, you consent to data processing.

• Legitimate Interest (Article 6.1.f GDPR): To enhance the quality, efficiency, and strategic coherence of project proposals.

5. Data Sharing & Subprocessors

• Your input is processed by OpenAI’s infrastructure under contract. OpenAI acts as a data processor.

• Data is not used to train AI models.

• We do not share your data with third parties beyond what is technically required for service provision.

6. Data Retention

We store user inputs and AI outputs for a maximum of 30 days, solely for collaborative work continuity, internal audits, and quality improvement.

7. Your Rights

Under the GDPR, you have the right to:

• Access your personal data

• Correct inaccurate information

• Request erasure (“right to be forgotten”)

• Restrict or object to processing

• File a complaint with your Data Protection Authority

To exercise any of these rights, contact us at: info@ongabarka.org

8. Security Measures

We apply appropriate technical and organizational measures, including:

• Encrypted communication (HTTPS)

• Access control for stored content

• Periodic review of retention and deletion protocols

9. Changes to this Policy

We may revise this Privacy Policy as needed. Any updates will be clearly posted in the Actions Tools environment or communicated via email.

10. Contact – Data Protection

Data Protection Officer / Legal Contact:
Clotaire Mesmin Ntienou Tchiengue
📩 info@ongabarka.org