Data Privacy Policy
Data Privacy Policy
This privacy policy statement is meant to explain to you the way in which we process and protect your personal data on the CoMeCT website and beyond. The CoMeCT website is a central resource for information about the CoMeCT project it is managed by the European Clinical Research Infrastructure Network (ECRIN). Although you can consult the website without giving any personal information, in some cases your personal data is required (e.g. in case you would send emails to the accounts listed on the website, register for the newsletter, or attend a CoMeCT organised event).
The policy on protection of individuals with regards to the processing of personal data is based on the principles set out by the by the Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regards to the processing of personal data (the GDPR) as well as the relevant French law, as applicable.
1. WHAT IS THE SCOPE OF THIS DATA PRIVACY POLICY?
This policy covers CoMeCT's data processing on its website (www.comectproject.org) as well as links to the CoMeCT newsletter, CoMeCT organised events, and meetings.
ECRIN as hosts to the CoMeCT website, and other project partners including the Norwegian Institute of Public Health as well as other consortium members, as is necessary for the organisation of their events, use external service providers and tools (Teams, Zoom, Google Forms, Mailchimp) to gather and share opinions as well as organise events, trainings and meetings both on & offline which may require the collection and sharing of limited personal data with third parties.
Moreover, CoMeCT's website may provide links to third-party sites (e.g. LinkedIn, YouTube, ECRIN partner websites to communicate about events). When you click on links to visit third-party websites, you may need to accept their specific terms and conditions and cookie policies as ECRIN has no control over their privacy policies.
ECRIN and the other CoMeCT project partners will never use this data without your consent.
2. WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU?
The following personal data might be required when you access and use our website or attend an CoMeCT organised event:
-
Contact details (First name, Last name, Email address, address, phone number) and job information.
-
Additional personal information, such as photos and videos, may be collected on rare occasions, in which case the organiser will inform you and acquire supplementary consent.
We do not collect, but may access your personal data, that you made available on social media, if you follow CoMeCT or contact one of its project members on one of their channels (LinkedIn, YouTube) :
-
First name, Last name, Email address, address, phone number, photos.
In case ECRIN needs to use such data, ECRIN will inform you and acquire specific consent.
3. FOR WHAT PURPOSE DO WE COLLECT YOUR DATA?
Any collection and processing of personal data is for one of the following defined purposes:
- To send you CoMeCT's newsletter and to manage your subscription
- To measure the effectiveness and efficiency of our website.
- To organise events, training and meetings for the infectious disease clinical community and beyond.
Specific information for each of the above purposes is detailed in the second half of this Data Privacy Policy.
4. DOES ECRIN PUBLISH YOUR DATA ON THE CoMeCT WEBSITE?
ECRIN does not publish any of your personal data on its website, unless you have specifically provided your consent for a given purpose.
5. ON WHAT GROUNDS DO WE PROCESS YOUR DATA?
As a general rule, we process your personal data on the basis of your CONSENT to ECRIN or any other partner's processing of your personal data.
6. WHERE DO WE STORE YOUR DATA?
All information provided by you is gathered securely through the SSL (SecureSockets Layer). A SSL is a protocol that encrypts your information into codes so that your information is kept secure while being transmitted via the Internet.
ECRIN looks to store all personal data within the European Union (“the EU”).
However, given the international nature of online services, ECRIN cannot guarantee that all the service providers involved in our activities store your data within EU in which case ECRIN will inform you and request your consent. Before consenting, ECRIN will also invite you to consult their data privacy policy which is freely accessible online.
For instance, some events and meetings are organised through other online meeting service providers (Teams, Zoom) which may store some of your personal data outside the EU as per their data privacy policy which is freely accessible online and which we encourage you to consult.
Some CoMeCT events are organised directly on the ECRIN Zoom account subsequent consent for storing and processing of your information on Zoom is required upon registration.
7. WHO HAS ACCESS TO YOUR DATA?
The project relevant internal parties and, as applicable, ECRIN service providers and project partners that host CoMeCT events.
For instance, ECRIN’s Communications Officer has access to the data that you provide via our website for newsletter subscription or events registration.
In case we use a service provider for certain data processing or share event organising duties we will disclose this information in the information notice so that you can make an informed decision about the access and use of your data.
On the rare occasion that your personal data is made public on our website or another CoMeCT communication channel, this is based on your CONSENT to do so.
We never pass on, sell or swap your data for marketing purposes to other third parties outside the project.
8. HOW LONG WILL THE PROJECT RETAIN YOUR PERSONAL DATA?
The project will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, the relevant project partner will delete your personal data and will require the service provider to do the same.
9. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA ON OUR WEBSITE?
As a general rule, ECRIN acts as the data controller of the processing of your personal data for the the website and the newsletter. In case another project partner acts as a data controller or a data processor for the purpose of organising meetings, you will be informed of this via the information notice or other adequate means.
DATA CONTROLLER: EUROPEAN CLINICAL RESEARCH INFRASTRUCTURE NETWORK (ECRIN)
30 Bd St Jacques
75014
Paris, France
Registration number: 801 933 235
10. WHAT ARE YOUR RIGHTS?
ECRIN, as the data controller, will ensure that you can exercise your rights pertaining to your personal data.
To that end, ECRIN informs you that you are entitled:
a) to have access, upon simple request, to your personal data – in which case you may receive a copy of such data (if requested)
b) to obtain a rectification of your personal data should your personal data be inaccurate, incomplete or obsolete ("right to rectification")
c) to obtain the deletion of your personal data ("right to be forgotten");
d) to withdraw your consent to the data processing (where your personal data has been collected and processed on the basis of your consent);
e) to request a limitation of the data processing in the situations set forth by applicable law ("right to restrict processing");
f) to receive your personal data (data which you provided to ECRIN) in a structured, commonly used and machine-readable format and to transmit those data to another controller ("data portability right" allowed only where the processing is based on your consent and the processing is carried out by automated means)
g) to file a complaint to the French supervisory authority, CNIL (French data protection authority), located at: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 .
You can also check the CNIL website: https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment
In case we are processing your data on a different legal ground, we will inform you about your data protection rights by adequate means.
If you have any questions about how your personal data is being processed within this context or if you would like to exercise your data subject rights, please email your request to legal@ecrin.org and we will refer you to our Legal manager.
SPECIFIC INFORMATION FOR EACH OF THE ABOVE PURPOSES IS DETAILED BELOW (all in an individual accordion for clarity of reading and anchors for easy identification when linking from an external document)
Please note that the content of this Website Privacy Policy may be updated from time to time. Therefore, we advise you to visit the page of this Website Privacy Policy regularly to verify any updates.
What types of personal data do we process for this purpose?
First name, Last name, and Email address.
Who has access to your personal data?
- ECRIN's staff in charge of the website.
- The provider which we use to send you our newsletter. Currently, we use a very popular provider Mailchimp, which is an online marketing platform operated by Intuit Inc since September 2021, a company headquartered in the State of California in the United States. Their tools are only used to send you CoMeCT's newsletter.
PLEASE NOTE:
There are two ways to subscribe to the CoMeCT newsletter hosted by Mailchimp 1. a double authentication via the subscribe function on our website, 2. Opting in to subscribe to the newsletter when registering for an event. In both cases your first/last name and email address, are collected and shared with Mailchimp on the basis of consent. Please be aware, Mailchimp may automatically collect certain information about your device and usage of the Services and use cookies and other tracking technologies to collect this information as indicated in their policy. Your data will be transferred to, and stored on, data servers of Mailchimp which are located in the USA.
PLEASE BE AWARE:
Mailchimp has developed its own policy with respect to the GDPR and its own terms and conditions. Please read their policy and if you do not agree with their policy and or with ECRIN sending your data to Mailchimp for the purpose stated above, do not subscribe to or unsubscribe from our newsletter.
On what legal basis do we process your personal data?
In order for you to subscribe to our newsletter, we will ask you to consent (1.a consent request is included in our subscription form 2.a separate subscription consent is included in the event registration form) to process your data and to send your contact information (first/last name and email address) to Mailchimp for the purpose of delivering you our newsletter.
How long do we save your data for this purpose?
We will keep your data for as long as your newsletter subscription is active, except where we have to retain your data for longer periods as required or permitted by law.
What happens to your data if you cancel your subscription?
You may choose to unsubscribe at any time by clicking on the 'unsubscribe' link located at the bottom of our newsletter.
ECRIN will then permanently delete your data (name, email) from its mailing list.
How can you exercise your rights?
In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights see please Section 10 of this Data Privacy Policy.
However, please be aware that according to Mailchimp deletion policy, Mailchimp will stop further processing of your data and continue to keep a record of the email address for compliance purposes. As noted in Section 7 of its Data Protection Policy, Mailchimp committed itself to ensure that such information is securely isolated and protected.
Should you have any questions concerning the way in which Mailchimp is processing your data and/or wish to exercise your rights, please let us know so you can direct your request to Mailchimp so they can respond to your request accordingly. You can also contact them directly as described in their policy, ‘Privacy for Contacts’ section.
Cookies help us to improve your experience and interaction with our website. The information gathered enables the website to remember your actions and preferences for a certain period of time, so you do not have to re-enter this information on future visits.
What are cookies?
Cookies are small text files that are placed on your computer / device by websites that you visit. They collect standard information such as browser type, browser language, your Internet Protocol (IP) address, and your interaction with the website.
What cookies and how does ECRIN use on this website?
We use Matomo cookies.
ECRIN collects standard information and details of visitor behaviour such as time spent on the website and on specific pages. This is achieved by checking for the unique identifier in a cookie left there on a previous visit.
This information is collected in a way that does not identify anyone and makes no attempt to identify the individuals visiting our website. ECRIN will not associate any data gathered from this site with any personally identifying information from any source.
All of our cookies are anonymous and session based and we hold no personal information in any of our cookies.
On what legal basis do we use cookies?
Your consent.
You can accept all or deny all the cookies on our website. By “all” we mean Matomo Cookies, no other cookies are used on the ECRIN website. To accept, click on the ‘Accept All’ button that pops up when you first visit the website. If you do not click on Accept All, and close the pop-up window, you are rejecting the cookies just as you are when you click on Deny All.
You can also disable cookies directly in your browser settings.
Who has access to your data contained in cookies?
The Communications Officer (and other relevant staff members, as appropriate) have access to this data.
How can you exercise your rights?
In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights please see Section 10 of the CoMeCT Data Privacy Policy.
CoMeCT project partners organise or co-host many events and meetings both online and in person. In order to facilitate the organisation of these events participant personal data is required.
What types of personal data do we process?
Participants: Contact details and professional information.
Speakers: Contact details, professional information, on occasion this can include photo, video and or audio content.
On what legal basis do we process your personal data?
Participants: Your consent. For ECRIN coordinated events, dedicated event registration page are developed, with specific information sheet and or specific data privacy policy. Your consent to participate in the event and to share your information with ECRIN, other organisers and services providers are required.
Speakers: Your consent. For ECRIN coordinated events, dedicated information sheet outlines the personal data and the purposes of its use. A signed consent is required to share your personal data at the event.
All: For ECRIN coordinated meetings that use online meeting tools by choosing to join the meeting you are consenting to the processing of your personal data by ECRIN and the service provider.
Who has access to your personal data for ECRIN organised events?
Participants: ECRIN’s relevant internal parties and, as applicable, ECRIN service providers and organisations that co-host events together with ECRIN
Speakers: Some of your personal data may be made public in order to promote the event, to participate in the event and to provide information on the event after the fact. In other cases where it is not made public your personal data (first name, last name, image, video & audio) would be made available to the participants and ECRIN’s relevant internal parties and, as applicable, ECRIN service providers and organisations that co-host events together with ECRIN
How long do we save your data for this purpose?
All: ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data.
How can you exercise your rights?
In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights see please Section 10 of the CoMeCT Data Privacy Policy.
You may also reach out to the service provider who processed your data as per their Terms & Conditions to exercise your rights within the GDPR.
Updated: 23/06/2022