Privacy Policy

EOSC.eu Privacy Policy

The EOSC Association, also referred to in this document as the Data Controller, is committed to protecting the online privacy of the users of the www.eosc.eu Web Portal (henceforth ‘Web Portal’). As such, this Privacy Policy has been written in order to allow you to understand Data Controller’s policy regarding your privacy, as well as how your personal information will be handled. This Privacy Policy will also provide you with information so that you are able to consent to the processing of your personal data in an explicit and informed manner, where appropriate.

In general, any information or data which you provide to the Data Controller, will be processed by the Data Controller in a lawful, fair and transparent manner. To this end, and as further described below, the Data Controller takes into consideration internationally recognised principles governing the processing of personal data, such as purpose limitation, storage limitation, data minimisation, data quality and confidentiality.

CONTENTS

1. Data controller

2. Personal Data processed

      a. Name, contact details and other Personal Data

      b. Browsing data

      c. Cookies

3. Purposes of processing

4. Grounds for processing and mandatory / discretionary nature of processing

5. Recipients of Personal Data

6. Transfers of Personal Data

7. Retention of Personal Data

8. Data subjects’ rights

9. Amendments

 

1. Data controller

The EOSC Association is the Data Controller regarding all personal data processing carried out through the Web Portal. You can contact the Data Controller with any questions related to this Privacy Policy or the Data Controller’s personal data processing practices by sending a written communication to info@eosc.eu.

2. Personal Data processed

When you use the Web Portal, the Data Controller will collect and process information regarding you (as an individual) which allows you to be identified either by itself, or together with other information which has been collected.

This information may be classified as “Personal Data” and can be collected by the Data Controller both when you choose to provide it (e.g., when you request Services provided by the Data Controller) or simply by analysing your behaviour.

Personal Data which can be processed by the Data Controller are as follows:

a. Name, contact details and other Personal Data

You will be asked to submit information about yourself, such as your name, professional title, organisation name/type, primary (and secondary) domain of work/expertise, e-mail address, city/country of residence, address, gender, Twitter handle, LinkedIn profile, and short bio and picture. Mandatory fields will be marked as such in the online registration forms – it is not possible to process your registration if any of the mandatory fields are left incomplete.

In addition, whenever you communicate with the EOSC Association by submitting a general enquiry, as well as whenever you participate in any surveys on the Web Portal, the Data Controller may collect additional information which you choose to provide.

b. Browsing data

The Web Portal’s operation, as is standard with any websites on the Internet, involves the use of computer systems and software procedures, which collect information about the Web Portal’s users as part of their routine operation. While the Data Controller does not collect this information in order to link it to specific users, it is still possible to identify those users either directly via that information, or by using other information collected – as such, this information must also be considered Personal Data.

This information includes several parameters related to your operating system and IT environment, including your IP address, location (country), the domain names of your device, the type of device, the URI (Uniform Resource Identifier) addresses of resources you request on the Web Portal, the time of requests made, the method used to submit requests to the server, the dimensions of the file obtained in response to a request, the numerical code indicating the status of the response sent by the server (successful, error, etc.), and so on.

These data are used to compile statistical information on the use of the Web Portal, to ensure its correct operation, as well as restore backup from possible failures of the Web Portal and identify any faults and/or abuse of the Web Portal. Save for this last purpose, these data are not kept for more than 90 business days.

c. Cookies

- Definitions, characteristics, and application of standards

Cookies are small text files that may be sent to and registered on your computer by the websites you visit, to then be re-sent to those same sites when you visit them again. It is thanks to these cookies that those websites can “remember” your actions and preferences (e.g., login data, language, font size, other display settings, etc.), so that you do not need to configure them again when you next visit the website, or when you change pages within a website.

Cookies are used for electronic authentication, monitoring of sessions and storage of information regarding your activities when accessing a website. They may also contain a unique ID code which allows tracking of your browsing activities within a website, for statistical or advertising purposes. Some operations within a website may not be able to be performed without the use of cookies which, in certain cases, are technically necessary for operation of the website.

When browsing a website, you may also receive cookies from websites or web servers other than the website being visited (i.e., “ third-party cookies”).

There are various types of cookies, depending on their characteristics and functions, which may be stored on your computer for different periods of time: “session cookies”, which are automatically deleted when you close your browser, and “persistent cookies”, which will remain on your device until their pre-set expiration period passes.

According to the law which may be applicable to you, your consent may not always be necessary for cookies to be used on a website. In particular, “ technical cookies” – i.e. cookies which are only used to send messages through an electronic communications network, or which are needed to provide services you request – typically do not require this consent. This includes browsing or session cookies (used to allow users to login) and function cookies (used to remember choices made by a user when accessing the website, such as language or products selected for purchase).

On the other hand, “profiling cookies” – i.e., cookies used to create profiles on users and to send advertising messages in line with the preferences revealed by users while browsing websites – typically require specific consent from users, although this may vary according to the applicable law.

- Types of cookies used by the Web Portal

The Web Portal uses the following types of cookies:

Browsing or session cookies, which are strictly necessary for the Web Portal’s operation, and/or to allow you to use the Web Portal’s content and Services.

Analytics cookies, which allow the Data Processor to understand how users make use of the Web Portal, and to track traffic to and from the Web Portal.

Function cookies, which are used to activate specific Web Portal functions and to configure the Web Portal according to your choices (e.g., language), in order to improve your experience.

Profiling cookies, which are used to observe the preferences you reveal through your use of the Web Portal and to send you advertising messages in line with those preferences.

The Data Processor also uses third-party cookies – i.e. cookies from websites / web servers other than the Web Portal, owned by third parties. These third parties will either act as independent data controllers for the Data Processor regarding their own cookies (using the data they collect for their own purposes and under terms defined by them) or as data processors for the Data Processor (processing personal data on the Data Controller’s behalf). For further information on how these third parties may use your information, please refer to their privacy policies:

Google

o Privacy Policy: https://www.google.com/policies/privacy/partners/ ;

o Cookie Policy: https://policies.google.com/technologies/cookies?hl=en-US ;

o Opt-out Mechanism: https://tools.google.com/dlpage/gaoptout .

LinkedIn

o Privacy Policy: https://www.linkedin.com/legal/privacy-policy ;

o Cookie Policy: https://www.linkedin.com/legal/cookie-policy ;

o Opt-out Mechanism: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out?trk=microsites-frontend_legal_cookie-policy .

Twitter

o Privacy Policy: https://twitter.com/en/privacy ;

o Cookie Policy: https://help.twitter.com/en/rules-and-policies/twitter-cookies ;

o Opt-out Mechanism: https://help.twitter.com/en/rules-and-policies/twitter-cookies .

- First-party cookies present on the Web Portal

In detail, the cookies present on the Web Portal are as follows:

Technical name

Data Controller

Cookie type, function and purpose

Type of cookie

 

Duration

_GA

Google

Google Analytics cookie used to distinguish users.

 

third party cookie/cookie analytics

2 Years

_gid

Google

Google Analytics cookie used to distinguish users.

third party cookie/cookie analytics

24 hours

_gat_gtag_UA_136588840_1

Google

Google Analytics cookie used to throttle request rate.

third party cookie/cookie analytics

1 minute

has_js

Data Controller

Functional cookie to remember whether a visitor has javascript in his browser

first party cookie/browsing cookie

Expires at the end of the session

Cookie-agreed

Data Controller

Cookie that records whether the cookies notification pop-up has been acknowledged by a user

first party cookie/browsing cookie

100 days

- Cookie settings

You can block or delete cookies used on the Web Portal via your browser options. Your cookie preferences will be reset if different browsers are used to access the Web Portal. For more information on how to set the preferences for cookies via your browser, please refer to the following instructions:

Chrome

Firefox

Internet Explorer

Safari

You may also provide your preferences on third-party cookies by using online platforms such as AdChoice.

CAUTION : If you block or delete technical and/or function cookies used by the Web Portal, the Web Portal may become impossible to browse, certain services or functions of the Web Portal may become unavailable or other malfunctions may occur. In this case, you may have to modify or manually enter some information or preferences every time you visit the Web Portal.

3. Purposes of processing

The Data Controller intends to use your Personal Data, collected through the Web Portal, for the following purposes:

  1. To allow you to express your interest to join the EOSC Association as a Member or Observer, to send you informative newsletters and other communications, to respond to your enquiries and requests for support, and to provide any other services which you may request (“Service Provision”);
  2. To include information on you as a registered Member within the EOSC Association database (“ Database Publication”);
  3. For marketing, promotional and publicity purposes, including to carry out direct marketing, market research and surveys, via e-mail, through push notifications / pop-up banners, as well as events hosted by selected third parties (“Marketing”);
  4. For future marketing, promotional and publicity purposes, by sending you direct e-mail marketing communication regarding events hosted and services provided by the EOSC Association (“ Soft Opt-in”);
  5. To create a profile of you as a Member or Observer, through the use of profiling cookies and by collecting and analysing information on the preferences you select and choices you make in the Web Portal. This profile will be used to give you information about other websites / services you may be interested in, and to show you information and advertisements which may be relevant to you and your interests. All algorithms involved in this processing are regularly tested, to ensure the processing’s fairness and control for bias (“Profiling”);
  6. For compliance with laws which impose upon the Data Controller the collection and/or further processing of certain kinds of Personal Data (“ Compliance”);
  7. For development and administration of the Web Portal, in particular by use of data analytics regarding how you and other users make use of the Web Portal, as well as the information and feedback you provide, to improve our offerings (“ Analytics”);
  8. To prevent and detect any misuse of the Web Portal, or any fraudulent activities carried out through the Web Portal, including by carrying out internal audits (“Misuse/Fraud”).

4. Grounds for processing and mandatory / discretionary nature of processing

The Data Controller’s legal bases to process your Personal Data, according to the purposes identified in Section 3, are as follows:

  1. Service Provision : processing for this purpose is necessary to provide the services and, therefore, is necessary for the performance of a contract with you – Art. 6(1)(b) GDPR. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any services to you.
  2. Database Publication : processing for this purpose is based on your consent – Art. 6(1)(a) GDPR. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to provide any services to you.
  3. Applications : processing for this purpose is needed in order for the Data Controller to be able to consider your application and, therefore, is necessary to take steps at your request before (potentially) entering into a contract – Art. 6(1)(b) GDPR. It is not mandatory for you to give the Data Controller your Personal Data for these purposes; however, if you do not, the Data Controller will not be able to consider your applications.
  4. Marketing : processing for this purpose is based on your consent – Art. 6(1)(a) GDPR. It is not mandatory for you to give consent to the Data Controller for use of your Personal Data for these purposes, and you will suffer no consequence if you choose not to give it (aside from not being able to receive further marketing communications from the Data Controller). Any consent given may also be withdrawn at a later stage (please see Section 8 for more information).
  5. Soft Opt-In : processing for this purpose is based on the Data Controller’s interest in sending you direct e-mail marketing communication regarding events and services provided by the Data Controller and which are identical or similar to those you have previously signed up for or acquired through the Web Portal – Art. 6(1)(f) GDPR. It is not mandatory for you to give consent for these communications, and you will suffer no consequence if you decide not to give consent (aside from not being able to receive further communications from the Web Portal), and you can object through the link provided at the bottom of all such communications.
  6. Profiling : processing for this purpose is based on your consent, collected by means of the cookie pop-up banner and/or a specific tick box – Art. 6(1)(a) GDPR. It is not mandatory for you to give consent to the Data Controller for use of your Personal Data for this purpose, and you will suffer no consequence if you choose not to (aside from not being able to benefit from greater personalisation of your user experience regarding the Web Portal). Any consent given may also be withdrawn at a later stage (please see Section 8 for more information).
  7. Compliance : processing for this purpose is necessary for the Data Controller to comply with its legal obligations – Art. 6(1)(c) GDPR. When you provide any Personal Data to the Data Controller, the Data Controller must process it in accordance with the laws applicable to it, which may include retaining and reporting your Personal Data to official authorities for compliance with tax, customs or other legal obligations.
  8. Analytics : Information collected for this purpose is used to allow the Data Controller to understand how users interact with the Web Portal and to improve the Web Portal accordingly, with the aim to providing a better user experience – Art. 6(1)(f) GDPR.
  9. Misuse/Fraud : Information collected for this purpose is used exclusively to prevent and detect fraudulent activities or misuse of the Web Portal (for potentially criminal purposes) – Art. 6(1)(f) GDPR.

5. Recipients of Personal Data

Your Personal Data may be shared with the following list of entities (“Data Processors”) engaged in order to provide or support the Web Portal and services (e.g., hosting providers, e-mail platform providers, technical maintenance providers Web Portal administrators and Web Portal user administrators):

o Trust-IT Services Ltd (contact: privacy@trust-itservices.com ), located at Chase Green House, 42 – Chase Side, Enfield, Middlesex, EN2 6NF United Kingdom, VAT no. 848450895 (“Processor” on behalf of Trust-IT Srl).

o Trust-IT Srl (contact:privacy@ trust-itservices.com ), located at Via Nino Bixio 25, 56125 Pisa, Italy. VAT no. 01870130505.

o COMMpla Srl (contact: privacy@commpla.com), located at Via Nino Bixio 25, 56125 Pisa, Italy. VAT no. 01958380501 (“ Processor” on behalf of Trust-IT Srl).

o Consortium GARR (contact: csd-support@garr.it) located at Via dei Tizii 6, 00185 Roma, Italy. VAT no. 07577141000

Your Personal Data may be shared with the following list of persons / entities (“Recipients”):

● Persons, companies or professional firms providing the EOSC Association with advice and consultancy regarding accounting, administrative, legal, tax, financial and debt collection matters related to the provision of the services and which act typically as Data Processors on behalf of the Data Controller;

● Persons authorised by the Data Controller to process Personal Data needed to carry out activities strictly related to the provision of services, who have undertaken an obligation of confidentiality or are subject to an appropriate legal obligation of confidentiality (e.g., members of the team operating the Web Portal, and other functions with access to Personal Data processed via the Web Portal);

● Persons, companies or professional firms providing the EOSC Association with communications or dissemination activities, such as sending newsletters about the association.

● Public entities, bodies or authorities to whom your Personal Data may be disclosed, in accordance with the applicable law or binding orders of those entities, bodies or authorities.

Additionally, with your consent, some of your Personal Data may be published on the web pages available online at the Web Portal. Furthermore, when you sign-up for an event, you will be listed in attendee lists made available on the Web Portal.

More information on these transfers is available upon written request to the Web Portal Managing Team at the following address: info@eosc.eu.

6. Transfers of Personal Data

Considering the worldwide relevance of the EOSC Association, your Personal Data may be transferred to recipients located in several different countries.

The Data Controller implements appropriate safeguards to ensure the lawfulness and security of these Personal Data transfers, by complying with the relevant data laws in place, or other safeguards or conditions considered adequate to the transfer at hand.

More information on these transfers is available upon written request to the Data Controller at the following address: info@eosc.eu.

7. Retention of Personal Data

Personal Data processed for Service Provision will be kept by the Data Controller for the period deemed strictly necessary to fulfil such purposes – in any case, as these Personal Data are processed for the provision of the services, the Data Controller may continue to store this Personal Data for a longer period, as may be necessary to protect the Data Controller’s interests related to potential liability related to the provision of the services.

Personal Data processed for Applications will be kept by the Data Controller for up to 5 years, according to the relevant data laws in place in the EU. The Data Controller may contact applicants before the expiration of this period, in order to request an extension of the retention period.

Personal Data processed for Database Publication, Marketing and Profiling will be kept by the Data Controller from the moment you give consent until it is withdrawn. Once consent is withdrawn (or not given, following a renewal), Personal Data will no longer be used for these purposes, although it may still be kept by the Data Controller in particular as may be necessary to protect the Data Controller’s interests related to potential liability arising from this processing.

Personal Data processed for Soft Opt-In will be kept by the Data Controller from the moment where it is provided by you to the Data Controller (in the context of registrations for events or services requested via the Web Portal) until you object to this processing. Once you have objected, your Personal Data will no longer be used for these purposes, although it may still be kept by the Data Controller, in particular as may be necessary to protect the Data Controller’s interests related to potential liability arising from this processing.

Personal Data processed for Compliance will be kept by the Data Controller for the period required by the specific legal obligation or by the applicable data laws.

Personal Data processed for preventing Misuse/Fraud will be kept by the Data Controller for as long as deemed strictly necessary to fulfil the purposes for which it was collected.

More information on applicable retention periods is available upon written request to the Web Portal Managing Team at the following address: info@eosc.eu.

8. Data Subjects’ Rights

As a Data Subject, you are entitled to exercise the following rights before the Data Controller, at any time:

  1. Access your Personal Data being processed by the Data Controller (and/or a copy of that Personal Data), as well as information on the processing of your Personal Data;
  2. Correct or update your Personal Data processed by the Data Controller, where it may be inaccurate or incomplete;
  3. Request erasure of your Personal Data being processed by the Data Controller, where you feel that the processing is unnecessary or otherwise unlawful;
  4. Request the restriction of the processing of your Personal Data, where you feel that the Personal Data processed is inaccurate, unnecessary or unlawfully processed, or where you have objected to the processing;
  5. Exercise your right to portability: the right to obtain a copy of your Personal Data provided to the Data Controller, in a structured, commonly used and machine-readable format, as well as the transmission of that Personal Data to another Data Controller;
  6. Object to the processing of your Personal Data, based on relevant grounds related to your particular situation, which you believe must prevent the Data Controller from processing your Personal Data;
  7. Withdraw your consent to processing (for Marketing, Database Publication, Soft Opt-in, and Profiling).

Please note that most of the Personal Data you provide to the Data Controller can be changed at any time, including your e-mail preferences, by accessing, where applicable, your user profile created on the Web Portal.

You can also withdraw consent for Marketing (for communications received via e-mail) or object to Soft Opt-In by selecting the appropriate link included at the bottom of every marketing e-mail message received. The same applies to the Web Portal’s newsletter which you may have subscribed to and receive as a service.

Consent for Profiling carried out by cookies may be withdrawn as described in Section 2 (e) . Where consent for Profiling was given via a specific tick box, you may withdraw this consent by changing your preferences, at any time, within your user profile created on the Web Portal, where applicable.

Aside from the above means, you can always exercise your rights described above by sending a written request to the Web Portal Managing Team at the following address: info@eosc.eu.

In any case, please note that, as a Data Subject, you are entitled to file a complaint with the competent supervisory authorities for the protection of your Personal Data, if you believe that the processing of your Personal Data carried out through the Web Portal is unlawful.

9. Amendments

This Privacy Policy entered into force on 12.03.2021.

The Data Controller reserves the right to partly or fully amend this Privacy Policy, or simply to update its content, e.g., as a result of changes in applicable law. The Web Portal Managing Team will inform you of such changes as soon as they are introduced, and they will be binding as soon as they are published on the Web Portal. The Web Portal Managing Team therefore invites you to regularly visit this Privacy Policy in order to acquaint yourself with the latest, updated version of the Privacy Policy, so that you may remain constantly informed on how the Data Controller collects and uses your Personal Data.