canSERV Open Call for Transnational Service Provision
DATA CONTROLLER AND DATA PROCESSOR
BBMRI-ERIC is the Biobanks and Biomolecular resources infrastructure-European Research Infrastructure Consortium established in December 2013 according to the Commission Implementing Decision of 22 November 2013, 2013/701/EU. The registered address of BBMRI-ERIC is at Neue Stiftingtalstraße 2/B/6, 8010 Graz, Austria.
BBMRI-ERIC is the Coordinator of the Horizon canSERV project, Grant number: 101058620 and coordinator of the CanSERV Open Call for Transnational Service Provision
BBMRI-ERIC is the Data Controller of the data which are collected from applicants, and is thus responsible to control the ways in which the applicants’ personal data are collected and the purposes for which personal data are used.
BBMRI-ERIC will use a software called ARIA to manage the CanSERV Open Call for Transnational Service Provision. Instruct-ERIC is in charge of operating, developing and maintaining this software/ Instruct-ERIC is the European research infrastructure in structural biology, settled in Oxford House, Parkway Court, John Smith Drive, Oxford, OX4 2JY, UK, and it has been appointed as Data Processor on behalf of BBMRI-ERIC. ARIA is also used outside of Instruct-ERIC by organisations across Europe.
BBMRI-ERIC will also use the platforms Catalogue (Directory) and the Negotiator, the Privacy Notice for these tools can be found here:
PERSONAL DATA COLLECTED FROM APPLICANTS
Applicants to the Open Call for Transnational Service Provision need to have their data securely processed. BBMRI-ERIC aims at the highest standard for data privacy introduced by GDPR. In the context of the canSERV Open Call for Transnational Service Provision, the Data Controller will collect the applicants’ first and last name,email address, address, sensitive/special categories of data (gender), nationality and country of residence, CV, and applicants might also provide information such as job titles, roles, expertise, experiences, specialisation. The Controller will also collect any other application data or project data that the applicant decides to provide, and this set of data will be considered as ‘personal’ begin referred to an identifiable applicant.
BBMRI-ERIC will also collect and process the applicants’ call application form which may include names, affiliations and personal details of co-applicants involved in the proposed project. Applicants must ensure to have the permission of those named in the application to include them in the application.
PERSONAL DATA COLLECTED FROM REVIEWERS AND MODERATORS
‘Moderators’ are defined as one identified individual per application who selects reviewers on the platform, and takes the final action of accepting or rejecting a proposal on the basis of the final decision.
Profile information, moderation/review statistics, and completed reviews are shared with administrators and moderators of the access route or call for which the reviewer/moderator is assigned. Anonymized review information may be available to the applicants depending on configuration. Anonymized review/moderation responses are available to service/facility administrators of the services/facilities included in the proposal. Moderators may be anonymously contacted by service/facility administrators, administrators, reviewers, and applicants via the ARIA internal messaging system.
PURPOSES FOR PROCESSING
BBMRI-ERIC collects and processes the above-mentioned personal information to carry out the canSERV Open Call for Transnational Service Provision and to manage the successful projects resulting from the Call. Data collected from applicants are processed on the basis of the applicants’ consent. Data collected from reviewers, moderators and service providers are collected on the basis of either a contract (so, for the aim of performing a contract) or on the basis of BBMRI-ERIC’s legitimate interest. Data could also be used for providing services to the applicants or on the basis of BBMRI-ERIC’s legitimate interests or for complying with the law and reporting obligations to authorities.
BBMRI-ERIC will not share the applicants’ personal data with third parties for commercial and marketing purposes. In the context of the canSERV Call for Service Provision, BBMRI-ERIC will share the information with:
- Authorised Data Processor staff, namely staff administering the ARIA system for the Call for Service Provision
- canSERV consortium members working in work packages linked to the Call for Service Provisions, managing the Open Call for Transnational Service Provision and resulting service provisions,
- Transnational Access Managers experts delegated by canSERV consortium members,
- Project Governance Bodies , and staff working in project and financial management,
- External reviewers (technical, ethical and scientific) invited by the “Open Call for Transnational Service Provision” Consortium and Coordination to perform independent scientific review of applications.
- The European Commission and its Research Executive Agency
As far as these third parties have access to personal data in order to execute these processing activities, BBMRI-ERIC and Instruct-ERIC have taken required technical and organizational measures to ensure that the applicants’ personal data is processed exclusively for the purposes mentioned above. BBMRI-ERIC may share the applicants’ personal data with the competent authorities, and only if required to do so by law.
DATA PROCESSING FOR APPLICANTS
BBMRI-ERIC will use the applicants’ personal information and the personal information of the application team (name, affiliation and email address) to contact the applicants about the status of their application. Successful applicants will continue to be contacted regarding the progress of their project and feedback and reporting.
BBMRI-ERIC may also use the successful applicants’ name and institution alongside reports on the projects resulting from the canSERV Open Call for Transnational Service Provision and for disseminating the applicants’ project and its outputs.
BBMRI-ERIC keeps the applicants’ personal data only for as long as they are needed. The retention period depends on the purpose of processing. BBMRI-ERIC will actively review the information held and when there is no legal or business need to hold it, data will be deleted securely.
The application will be done through ARIA software, which uses Matomo software for data analytics. The data is collected, processed and stored either on the servers of BBMRI-ERIC’s IT infrastructure or on Instruct-ERIC’s system (see https://matomo.org/privacy/). Matomo uses some additional cookies to help analyse how users use sites in order to improve the user experience. The user may refuse the use of these cookies using appropriate settings in their browser. The user can also prevent Data Controller and Data Processor from tracking him on their sites by setting “Do not track” in his browser. Do-not-track requests will be respected. Cookies set by Matomo start with “_pk_”. For more information about the cookies used for Matomo please see https://matomo.org/faq/general/faq_146/
THE DATA SUBJECTS’ RIGHTS
Under GDPR applicants are entitled to see copies of all personal data held by Data Controller and to amend, correct, delete or export such data. They can also limit, restrict or object to the processing of their data. To view their data, or exercise any of the above described rights, applicants can make a request to the Data Controller’s address above or by e-mail at email@example.com.
BBMRI-ERIC will come back to applicants as soon as possible and within maximum of one month. It may also ask the applicant to verify his identity before providing any information.
If the applicants wish to raise a complaint on how BBMRI-ERIC has handled their personal data, they can contact BBMRI-ERIC at firstname.lastname@example.org.
Applicants can exercise their rights by contacting the Data Controller (email@example.com), or in case of conflict the Data Protection Officer (firstname.lastname@example.org). If necessary, they may lodge a complaint about the processing of their personal data with the European Data Protection Supervisor (email@example.com) at any time.