For what purposes is personal data collected and used?
We collect, store and process your personal data only for predefined purposes. The main purposes for processing personal data are:
- project communications (newsletters and event invitations) and responding to contact requests.
What data you collect about me and from which sources?
We collect personal data about you mainly from yourself when you contact us or use our services. In addition to this, we may collect personal data about you from public sources and registers, such as organisational websites and social media channels. We also collect personal data about our website visitors with Google Analytics, so that we could analyze our website use, develop it further and for targeting relevant marketing content for our customers and website visitors.
Typically we may get the following personal data directly from you:
- Email address
- Telephone number
Personal data from public sources:
- Email address
- Telephone number
What is the basis for processing your personal data?
We make sure that we always have a legal basis to process your personal data. We may process your data on several different bases. Firstly, we may process your data to fulfil and execute a contract and to meet legal obligations. Secondly, we may process your data also to further our legitimate interests, which is operating and developing our research project.
Who processes my personal data and is it transferred to anyone else?
Primarily your personal data is processed by people within our project. We may also outsource some parts of the processing to third parties, such as the data systems used to store and process personal data (MailChimp, Google Drive, Microsoft Teams). In these situations, we make sure with contracts and otherwise that the confidentiality of your personal data is secured and data is otherwise processed lawfully. We may also disclose information to fulfil our other contractual or legal obligations or when a legal authority requires a disclosure.
Is my data transferred outside the EU?
By default, your data is not transferred outside the EU. Possible transfers would concern only such situations, where some of the servers where our data is stored are located outside of the EU (e.g. Mailchimp, Google Drive, Microsoft Teams). In these situations, we make sure that your data is transferred and processed in a legal manner with adequate safeguards.
How long is my data stored?
We will not store your personal data for a longer period than is necessary for its purpose or required by contract or law. All personal data will be stored five years after the end of the research project. We also intend to keep your data up to date.
How is my data stored and kept secure?
Your data is stored on the servers provided by our service providers, which are secured according to general industry standards and practices. We consider and keep your personal data confidential and do not disclose them to anyone else than those who need it for their work or confidentially to our customers based on contracts we have made with them. Access to your personal data has been protected with user-specific logins, passwords and user rights.
Is it mandatory to provide personal data? What happens if I don’t give it to you?
If you don’t provide us some of your personal data or allow processing of it, it is very likely that we cannot contact you and involve you in our research project. If you don’t want us to process your data, we ask you to not provide us any personal data.
What rights do I have relating my personal data?
Withdraw your consent
If we process personal data based on your consent, you can at anytime withdraw your consent by notifying us, for instance by sending email to firstname.lastname@example.org.
Access to data
You have the right to have confirmed if we are processing your personal data and also to know what data we have about you. In addition, you have right to some supplemental information described in the law about the processing activities.
Right to have errors corrected
You have the right to request that we correct any inaccurate or outdated personal data we have about you.
Right to prohibit direct marketing
You have the right to request that your personal data is not processed for direct marketing purposes by sending us email to email@example.com.
Right to object processing
If we process your personal data based on public interest or our legitimate interest, you have the right to object processing of your data, to the extent that there is no such significant other reason that would override your rights or the processing is not necessary for handling legal claims. Please notice that in this situation we may not be able to serve you anymore.
Right to restrict processing
In certain situations you have the right to require that we restrict processing of your personal data.
Right to data portability
If we process your personal data based on your consent or fulfilling of a contract, you have the right to require a transfer of the data you have provided to us to another services provider in a commonly used electronic format.
How can I use my rights?
You can execute and use your rights by contacting us, for instance by sending email to firstname.lastname@example.org. Remember that we need to also verify your identity. If you consider that the processing of your personal data is not lawful, you can always also make a notification to a supervisory authority.
Who can I contact in privacy matters?
Project GRETA, Data Protection Officer