This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data.
Why and how do we process your personal data?
Personal data is collected when you create an account and when you place an enquiry for any product or service, or when you initiate these processes. Personal data is collected to allow you to personalise your use of the EVA-GLOBAL website and related services (placing enquiries, email notifications, newsletters) and for the delivery of ordered products.This data may be evaluated to determine the legitimacy of requests for products. Aggregate data will be analysed to help EVA GLOBAL to improve services, and individuals may also be invited to participate in a survey or quiz.
EVA-GLOBAL may use your personal information in the context of disseminating the results of this project to the EC, as a EU-funded research and innovation project (H2020 - grant agreement n°871029-EVA-GLOBAL).On what legal grounds do we process your personal data?
We process your personal data, because:
- processing is necessary for the performance of a task carried out in the public interest (eg: control of your ability to receive the products)
- processing is necessary for compliance with a legal obligation to which the person in charge of the control is subject
- you as the data subject have given consent to the processing of your personal data for one or more specific purposes
Additional legal basis for the processing:
- Regulation (EU) No 1291/2013 of the European Parliament and of the Council of 11 December 2013 establishing Horizon 2020 - the Framework Programme for Research and Innovation (2014-2020)
Which personal data do we collect and further process?
In order to carry out the processing operations, the collected data corresponds to the data you provide on your profile page and to the data you provide while placing an enquiry on our products.
To register as a EVA-GLOBAL user, your full name, a username, password and email address are sufficient and the minimum required to allow us to create an account. Further information is collected if you need to place an enquiry about our products. This additional information is partly required by the EC for analysing the funded accesses to our resource and will also permit the EVA GLOBAL teams to:
- Identify you as a real end-user (Nationality, Gender, Birth Year, Researcher status, Scientific background)
- Evaluate the legitimacy of the request to receive biological material ( Qualification certificates, Project objectives, Intended use, Name of your group leader and information on your employing organisation/ home institution)
- Evaluate your eligibility for funding according with the European Community criteria (List of references, publications, previous accesses to the resource)
- Dispatch any ordered products to you (Shipping and billing addresses, Telephone number)
- Record and monitor accesses to the EVA-GLOBAL resources
- Provide the European Community with up to date data in the reports of this H2020 European project
How long do we keep your personal data?
Your data are connected to your user account on our website, and are linked to the history of your enquiries placed through our website.
You can edit your profile data at any time. Please be aware that for backup purposes any edited data can remain available in our backup system for 31 days. After that delay they will be automatically removed.
You can ask us to cancel or delete your end user account by using our contact form. When an account is cancelled, it no longer is held on the website, although the data will still be used to complete the analyses in points 5. and 6. in the section above.
How do we protect and safeguard your personal data?
All personal data transmitted through our website are stored on a sovereign cloud solution with data-centres based in Europe with a European framework contract having GDPR compliance for contractors and subcontractors.
The used cloud platform and associated processes implement a high level of certifications: ISO 27001 + 27017 & 27018 , ISO 20000-1, ISO 140001, ISO 9001, SOC1, ISAE3402
In order to protect your personal data, our project has put in place a number of technical and organisational measures.
- Technical measures include appropriate actions to address online security (eg: SSL connection, password encryption), risk of data loss (eg: backup system with life-cycle management), alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed.
- Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Who has access to your personal data and to whom is it disclosed?
Access to your personal data is provided to the project's management staff responsible for carrying out the processing operations, to authorised staff of our partners laboratories in charge of managing orders and dispatching the products, and to a Selection Panel in charge to evaluate the requests for free of charge accesses.
Extractions of the users data can be sent to the EC for reporting purposes as we are a H2020 funded project. These extractions can only cover the H2020 - grant agreement n°871029-EVA-GLOBAL funding period.
The EVA-Global website and repository are hosted in the European Union by an external contractor, subject only to French and European laws and regulations, implementing GDPR compliance for the proposed services including its contractors and subcontractors.
Other security considerations:
For security purposes we can ban from our website any IP addresses exhibiting suspicious behaviours; this is not connected to your account or any of your personal data on our website. In case you observe an unjustified ban of your IP you can ask the corresponding public authorities to remove your IP from the public blacklists (eg: HTTP Blacklist). If your IP is not listed on public blacklists you can ask us through our contact form to remove a considered safe IP from our ban list.
What are your rights and how can you exercise them?
You have specific rights as a 'data subject' under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 5(1)(a).
By creating your account and/or placing an enquiry through our website you have consented to provide your personal data for processing operations. You can withdraw your consent at any time by notifying us through our contact form. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.
Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description in your request.
Your requests will be handled within a maximum of 15 working days.
Cookies do many different jobs, like letting you navigate between pages efficiently, remembering your preferences, and generally improving the user experience.
We use 4 different categories of cookies on this website:
- Essential cookies: These cookies are essential to provide you with the Website and any services available and to use some of its features, such as access to secure areas. These cookies have to be enabled on our website.
- Functional cookies: Functional cookies record information about choices you have made and allow us to tailor the Website to you (e.g., selecting a layout preference). These cookies mean that when you continue to use or come back to the Website, we can provide you with our services as you have asked for them to be provided.
- Social cookies: These cookies are used when you share an article using a social media sharing button on our Website (e.g., Facebook, LinkedIn) as the social network that has created the button will record that you have done this. If you are logged in to your account with the third party, the third party will be able to link information about you with your actions via cookies.
- Analytical cookies: Our website uses Google Analytics, a web analytics service provided by Google Inc. ("Google") as a third party tool. Please note that this website uses Google Analytics with the anonymizing option so that IP-addresses sent by the tracker objects are processed only in an abbreviated form by removing the last octet of the IP address prior to its storage in order to rule out any direct relation to persons. This analytics allows us to measure the visits on our Website and permit to analyse how the Website is accessed, used, or is performing. You can opt out of Google Analytics without affecting how you visit our site – for more information on opting out of being tracked by Google Analytics across all websites you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.