Privacy Policy
Last Updated: November 2020
This privacy policy explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).
The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes personal data, Regulation (2018)17251 is applicable, referred to as the Regulation.
This privacy policy concerns the ‘ORE publishing platform’ above, managed by Directorate-General Research and Innovation (DG RTD), hereinafter referred as the operating DG or Data Controller.
Why do we process your data?
Purpose of the processing operation: DG RTD (referred to hereafter as Data Controller) will only process data solely for the purposes of the implementation, management and monitoring of ‘ORE publishing platform’, run by F1000 Research Limited. as its contractor and on behalf of the Data Controller.
Only further to your explicit prior consent (to be provided on the ‘ORE publishing platform’), your identity and/or contact details data collected in this context will:
- Be published;
- Become part of a database;
With the purpose of facilitating the smooth functioning of the ‘ORE publishing platform’, and further communication activities of the Controller.
A specific record covers the 2nd bullet above as an optional part of the processing (record DPR-EC-3928 on subscriptions).
Lawfulness of the processing operations:
The processing operations of personal data in the context of the ‘ORE publishing platform’ are necessary and lawful under article 5(a) of the Regulation.
In addition, the possible disclosure and/or publication of your identity as an author/reviewer/commenter of an ORE publication, of your email as an author/reviewer/commenter of an ORE publication, as well as your registration in a data base for communication purposes, are conditioned upon your prior agreement (Art. 5(d) of the Regulation).
Your consent is required for:
-
Your registration in a database of stakeholders for receiving email alerts relating to:
-News, follow-up actions, other communications of the Data Controller;
-Invitations to meetings;
-Invitations to answer surveys;
-The publication of your identity as an author an ORE publication;
-The publication of your identity as a reviewer/commenter of an ORE publication;
-The publication of your email as author of an ORE publication;
-The publication of your email as reviewer/commenter of an ORE publication
The publication of aggregated or anonymised data does not fall within the scope of the Regulation.
Which data do we collect and process?
Data necessary for your registration on the ‘ORE publishing platform’ as a service are collected and processed, namely: title, first name, family name, organisation, department/service, organisation’s geographic area of activity, street and number, country, postal code, city, phone, e-mail address, ORCID-ID, EduGain, EU login.
If consent is given, the data provided from registration to a database of stakeholders and further processed are name, first name, family name, organisation and e-mail address.
If consent is given, the following personal data as author or reviewer/commenter of an ORE publication are published:
- Title, first name, family name;
How long do we keep your data?
The Data Controller only keeps the data for as long as follow-up actions to the ‘ORE publishing platform’ are necessary regarding the purpose(s) of the processing of personal data.
Reports containing personal data will be archived according to the Commission’s legal framework.
If you have given your explicit prior consent for this, your personal data will be part of a list of contact details shared internally amongst the staff of the Data Controller for the purpose of contacting you in the future in the context of its activities.
How do we protect your data?
All data in electronic format (e-mails, uploaded batches of data, etc.) are stored either on the servers of the European Commission, the operations of which abide by the European Commission’s security decision of 10 January 20172 on the security of communication and information systems in the European Commission, or of its contractor(s).
The Commission’s contractors are bound by specific contractual clauses regarding the processing and confidentiality of any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of the General Data Protection Regulation in the EU Member States (‘GDPR’ Regulation (EU) 2016/6793).
In order to protect your personal data, the Commission has put in place several technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Who has access to your data and to whom is it disclosed?
The Data Controller and its processors F1000 Research Limited will have access to your personal data.
In addition, and only further to your explicit prior consent, some of your personal data could be published on the ‘ORE publishing platform’ and/or registered in a Controller database (see ‘Why do we process your data?’ and ‘Which data do we collect and process?’).
The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.
Cookies
Cookies are short text files stored on a user’s device (such as a computer, tablet or phone) by a website. Cookies are used for the technical functioning of a website or for gathering statistics. Cookies are also typically used to provide a more personalised experience for a user, for example, when an online service remembers your user profile without you having to login.
Open Research Europe uses cookies to improve user experience on Open Research Europe, as well as to provide certain information to Open Research Europe to help us improve the product in the future.
Open Research Europe uses cookies for four main functions:
- To remember you and your preferences;
- Track user movements;
- Measure page usage; and
- Target content or advertising.
Persistent cookies remain on your device until a set expiry date or until you delete them, for example: information about you and your preferences; session cookies expire when you close the web browser, for example: information about pages you visited on the site.
You may be sent cookies by other websites that you interact with when you use our site such as social media sites. Our Service Provider also uses third party products that set cookies, for example: Google Analytics, which helps them monitor site usage and therefore improve user experience, and Google Adwords which uses cookies to enable our ads to be shown across the Internet to those who have previously visited our site.
Control of Cookies
Most web browsers automatically accept cookies, but you can usually modify your browser settings to notify you when a cookie is sent, and then you can then choose to accept or decline the cookie. However, this may mean that any preferences you set on the site will be lost or you will not be able to use the auto login or remember me facility at login.
You can opt out of Google's use of Cookies by visiting Google's Ads Settings.
More information about cookies.
What are your rights and how can you exercise them?
You are entitled to access your personal data and rectify, block or delete it in case the data is inaccurate or incomplete.
You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer, and if necessary, the European Data Protection Supervisor using the contact information given in point 8 below.
Contact information
If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:
The Data Controller: FMB@ec.europa.eu
The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu
The European Data Protection Supervisor (EDPS): edps@edps.europa.eu
Where to find more detailed information?
The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link: http://ec.europa.eu/dpo-register
This specific processing has been notified to the DPO with the following reference: record DPR-EC-01011.