Last Updated on March 8th, 2021
This privacy policy has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation) and Regulation (EU) 2018/1725 of the European Parliament and of the Council.
This privacy policy relates solely to data acquired through NFFA-Europe Portal (this Website), except for the cases expressly indicated in the text below.
Data Controllers
The data Controllers are NFFA-Europe PILOT project partners, here listed with the related points of contact for the management of personal data:
With the exception of JRC, each of the Parties is a joint Data Controller in relation to the Data being processed through this Website for providing Transnational Access or managing Data services.
The JRC is a joint Controller exclusively with regard to the processing operations involved in the evaluation of the feasibility of the proposals (TLNet) and the scientific reporting, With regard to the processing operations involved in requesting and providing physical access to the facilities, JRC defines alone the purposes and means of the data processing and will act as independent data Controller, applying its own site access protocols in accordance with applicable law, namely Regulation (EU) 2018/1725 (see https://ec.europa.eu/dpo-register/detail/DPR-EC-11562).
Contact
CNR-IOM Director acts as a single point of contact on behalf of the whole group of Parties (protocollo.iom@pec.cnr.it).
CNR Data Protection Officer can be reached at the following email address: rpd@cnr.it
Types of Data collected
Among the types of Personal Data automatically collected when using this Website, by itself or through third parties, there are: Tracker; Usage Data.
Personal Data provided by the User by registering or authenticating are: Last name; Email address; Gender; Nationality; Affiliation; Affiliation address; Affiliation legal status, Job; Research role; ORCID; Password.
Additional Personal Data required only if an accepted proposal is carried out in presence in one or more sites of the NFFA-Europe infrastructure are: Date of birth; Place of birth; Personal address; Fiscal address; Phone number; Education level; Taxpayer code; Passport or identity document; Visa; Insurance data.
Bank account Data are required only in the event that the User is eligible for the financial support offered by NFFA-Europe.
Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Any use of Cookies – or of other tracking tools – by this Application or by the owners of third-party services used by this Application serves the purpose of providing the Service required by the User, in addition to any other purposes described in the present document and in the Cookie Policy.
Users are responsible for their processing of any third-party Personal Data obtained, published or shared through this Website, in accordance with applicable data legislation.
Mode and place of processing the Data
Methods of processing
NFFA-Europe takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. Within our organization, your information is stored on password-protected servers that are accessible only to a limited group of people. All Data Controllers undertake to instruct and educate individuals who will have access to the data. In some cases, the Data may be accessible to external parties appointed as Data Processors by the Data Controllers. The updated list of these parties may be requested by the User at any time.
Legal basis of processing
The Data Controllers may process Personal Data relating to Users if one of the legal grounds set out in Art. 6 GDPR apply, notably:
In any case, the Data Controllers will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
Place
The Data is processed at the Data Controllers' operating offices and in any other places where the involved Data Processors are located (European Union and Switzerland).
Retention time
Personal Data shall be processed and stored until 28/02/2031. However, where the processing is based on the Data Subject consent, processing should not be pursued on that basis where the Users’ consent to processing is withdrawn before this date.
After this date all personal information will in principle be deleted from the servers. However, Data may be continuing to be processed, including stored, for longer periods, solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with applicable legislation. This includes processing for statistical purposes by the European Commission (including JRC) and of the NFFA infrastructure.
The right of access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow the Data Controllers to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as for analytics purposes.
In any case, the processing operations shall be carried out in such a way as to guarantee the security, confidentiality and availability of the data, according to principles of correctness, lawfulness and transparency, aimed at protecting the fundamental rights and freedoms of natural persons.
Specifically, Personal Data is collected for the following purposes and using the following services:
Registration and authentication
By registering or authenticating, Users allow this Website to identify them and give them access to dedicated services.
The Personal Data provided by registering or authenticating are required for:
The User registers by filling out the registration form and providing the Personal Data directly to this Website.
Personal Data processed: First name; Last name; Email address; Gender; Nationality; Affiliation; Affiliation address; Affiliation legal status, Job; Research role; ORCID; Encrypted Password.
Authentication to NFFA-Europe services and data and metadata management tools
Users’ credentials provided by registering or authenticating to this Website also guarantee the access to different types of services and data and metadata management tools. The Personal Data is collected after the first access of the user to the specific service and stored for registration or identification purposes only. The Data collected are only those necessary for the provision of the services. The updated list of these services may be requested by the User at any time.
Personal Data processed: Email address; Encrypted Password.
Proposal review process
Submitted Proposals are first checked for technical feasibility by technical experts internal to the project (TLNet), then evaluated and ranked according to scientific merit by an external panel of reviewers (ARP).
Data Processors: Access Review Panel members
Personal Data processed: First name; Last name; Email address; Gender; Nationality; Affiliation; Affiliation address; Affiliation legal status, Job; Research role; ORCID.
Internal statistics and periodic reporting purposes
The data collected are required for compliance of NFFA-Europe PILOT project with any legal, contractual and regulatory obligation in relation to the European Commission, auditors and corporate statutory and auditing bodies, project coordinators and/or partners.These Data are also used for internal project statistics.
Personal Data processed: First name; Last name; Email address; Gender; Nationality; Affiliation; Affiliation address; Affiliation legal status, Job; Research role; ORCID.
User database management
The database allows the Data Controllers to build user profiles by using the information that the User provides to this Website and to manage authorizations. Some of the services also enable the sending of timed messages to the User, such as emails based on specific actions performed on this Website and on related platforms. The companies offering these services are NFFA-Europe partners Promoscience and eXact lab.
Personal Data processed: All the data.
Place of processing: Italy
Hosting and backend infrastructure
This type of service has the purpose of hosting the password-protected servers that enable this Website and NFFA Datashare platform to run and be distributed as well as to provide a ready-made infrastructure to run specific features or parts of this Website. It also allows to save and manage backups of this Website on external servers managed by the service provider itself. The backups may include the source code and content as well as the data that the User provides to this Website.
Personal Data processed: All the data.
Place of processing: Italy
Analytics
Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network. This integration of Google Analytics anonymizes your IP address.
Data Processor: Google Analytics (Google Ireland Limited)
Personal Data processed:Tracker; Usage Data.
Place of processing: Ireland – Privacy Policy – Opt Out.
Interaction with external social networks and platforms
This type of service allows interaction with social networks or other external platforms directly from the pages of this Website. The interaction and information obtained through this Website are always subject to the User’s privacy settings for each social network. This type of service might still collect traffic data for the pages where the service is installed, even when Users do not use it.
Youtube (Google LLC) – Privacy Policy
Google Maps (Google LLC) – Privacy Policy
Facebook (Facebook, Inc.) – Privacy Policy
Twitter (Twitter, Inc.)– Privacy Policy
LinkedIn (LinkedIn Corporation)– Privacy Policy
The rights of Users
Users may exercise the following rights regarding their Data processed by the Data Controllers:
Any requests to exercise User rights can be directed to the Data Controllers through the contact details provided in this document.
Cookies
This Website uses technical cookies. To find out more, the User can consult the Cookie Policy.
Additional information about Data collection and processing
Legal action
The User's Personal Data may be used for legal purposes by the Data Controllers in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Data Controllers may be required to reveal personal data upon request of public authorities.
Additional information about User's Personal Data
In addition to the information contained in this privacy policy, this Website may provide the User with additional and contextual information concerning particular Services or the collection and processing of Personal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this Website, the services offered as Virtual Access and any third-party services may collect files that record interaction with this Website (System logs) and/or use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Data Controllers at any time. Please see the contact information at the beginning of this document.
Changes to this privacy policy
The Data Controllers reserve the right to make changes to this privacy policy at any time by notifying its Users on this page. It is strongly recommended to check this page often, referring to the date of the last modification listed at the bottom.
Should the changes affect processing activities performed on the basis of the User’s consent, the Data Controllers shall collect new consent from the User, where required.