Privacy Policy

Legal basis of this privacy notice
The legal basis of this privacy notice is the European Union’s General Data Protection
Regulation (GDPR). Therefore, EUREC is committed to adhering to the following principles
enshrined in Art. 5 (1) GDPR:

  • The lawfulness, fairness and transparency principle
  • The purpose limitation principle
  • The data minimisation principle
  • The accuracy principle
  • The storage limitation principle
  • The integrity and confidentiality principle

Scope of this privacy notice
This privacy notice applies to personal data EUREC processes in the research projects EUREC
participates in. It informs research partners, research subjects and other stakeholders about
how EUREC collects, generates and processes personal data in general.

EUREC does this in the public interest, in the interests of EUREC’s research partners and/or in
the legitimate interests of EUREC itself. You will always be specifically informed about this
and, where necessary and required by law, will be asked for your consent.

How EUREC collects personal data
EUREC collects personal data directly and indirectly.

EUREC collects personal data directly from individuals by various means. For example, EUREC obtains personal data when:

  • You subscribe to newsletters administered by us
  • You register to attend meetings, conferences or other events organised or hosted by EUREC as well as during your attendance at such events
  • You become a member of stakeholder or expert boards administered by EUREC
  • You participate in an interview, focus group, survey or other research activity
  • EUREC performs services presupposing the supply of personal data pursuant to a contract

Please note that this list is not exhaustive, but only lists the most common sources of personal data EUREC regularly draws on.

EUREC collects personal data indirectly about individuals from various sources. These sources include, but are not limited to:

  • Our research partners
  • Public and open data sources, for example websites, public registers or news articles;
  • Social and professional networking sites (e.g., Twitter, LinkedIn, Facebook)

Types of personal data EUREC collects
The personal data types EUREC collects vary depending on the purpose of data collection.
Because EUREC participates in a number of research projects and fulfil different tasks, EUREC collects different types of personal data, including:

  • General personal data types
    • Contact details (e.g., name, institutional affiliation, position, telephone number, email address, postal address)
    • Professional information (e.g., educational background, professional memberships, published articles, research areas, areas of professional interest)
  • Special categories of personal data (based on explicit consent)
    • Dietary restrictions and identification documents when registering for events which may reveal religious beliefs or health preferences
    • Expense forms submitted for reimbursing attendance at events which include bank account information

What EUREC does with your personal data
EUREC processes your personal data in order to accomplish research purposes specified in
contracts. You can find an overview of the projects EUREC currently participates in on its
website. The projects’ websites provide further information on what our research is about
(http://www.eurecnet.org/eurec_projects/index.html). Most commonly, but not only, EUREC processes personal data to organise events, administer stakeholder or expert boards, gather research data and comply with legal and regulatory obligations.

Sharing of your personal data with third parties
EUREC may share your personal data with research partners or trusted third parties in order
to meet research objectives or contractual obligations. Before sharing any personal data,
EUREC ensures that our partners are contractually obliged to adequately safeguard the data.
Recipients whom EUREC may share data with are:

  • Research partners
  • The European Commission and other research funding agencies if grant agreements oblige us to do so
  • Parties that support us in fulfilling our tasks (e.g., cloud-based software services in accordance with the provisions of GDPR)
  • Financial accounting services
  • Professional advisers (e.g.; auditors and insurers)
  • Payment services providers
  • Law enforcement agencies, government agencies, regulatory agencies whenever

EUREC is legally required to do so
Transferring your data outside the European Economic Area EUREC stores all your personal data on servers located in the European Economic Area (EEA). EUREC may transfer data to research partners outside the EEA if this is necessary to accomplish research objectives. Transfers may happen, for example, when an institution EUREC collaborates with is located outside Europe. Before transferring your personal data, EUREC ensures that the partners safeguard the data in accordance with pertinent data protection legislation and regulation as well as contractual obligations.

Your rights
With regard to your personal data processed by us, you have the following rights:

  • Right to be informed: You have the right to be informed in intelligible language how your personal data will be used.
  • Right to withdraw consent: You can withdraw your consent to the processing of your personal data at any time. This does not affect the lawfulness of any processing carried out before the withdrawal.
  • Right of access: You have the right to access your personal data that EUREC is processing and can request access to a copy of this data.
  • Right to rectification: You can request us to rectify or amend your personal data if it is
    inaccurate or incomplete.
  • Right to erasure: You can request us to remove or delete your data after withdrawing
    your consent to processing or when EUREC no longer needs it for the purposes it was
    collected for. The right to erasure does not apply if the legal basis for data processing
    is either a legal obligation or a public task.
  • Right to restrict processing: You can request EUREC to temporarily restrict the
    processing of your personal data if you contest the accuracy of the data, prefer to
    restrict its use rather than demanding its erasure or need to preserve it for you to
    establish, exercise or defend a legal claim. A temporary restriction may apply while
    assessing if EUREC has overriding legitimate grounds to process the data. You can
    request EUREC to inform you before EUREC ends that temporary processing
    restriction.
  • Right to data portability: You can request EUREC to provide you with your data in a
    commonly used, structured, machine readable format. The right to data portability
    does not apply if the legal basis for data processing is a legal obligation, vital interests,
    a public task or legitimate interests.
  • Right to object: You can object to our processing of your data under certain
    circumstances. Unless you object to processing your data for marketing purposes, the
    right to object does not apply if the legal basis for data processing is consent (in that
    case you can withdraw your consent, however), a contract, a legal obligation or vital
    interests.
  • Right to lodge a complaint with a supervisory authority: The relevant supervisory
    authority is the Landesbeauftragte für Datenschutz und Informationsfreiheit
    Nordrhein-Westfalen (www.ldi.nrw.de).

In order to exercise these rights, please contact our data protection officer via email
(dataprotection@eurecnet.org) or per post (see contact information below). EUREC may need
to ask specific information from you in order to confirm your identity. In this manner, EUREC
strives to ensure that no personal data is disclosed to any unauthorised person. EUREC may
be unable to comply with your request due to other pertinent lawful grounds.

How long EUREC retains personal data
Unless legal exemptions apply or contractual provisions mandate otherwise, EUREC deletes
all personal data once the purpose for which it has been collected is accomplished. The GDPR’s
research exemption permits us to store your personal data for extended periods of time (see
above). Moreover, research projects funded by the European Commission under the auspices
of the Horizon 2020 programme, require EUREC to retain data for up to ten years after the
end of the project (even further retention may be requested by auditors).

Updates of this privacy notice
This privacy notice is reviewed regularly and updated if necessary.

Contact information
If you have any questions relating to how EUREC processes your personal data within our
research projects, you can contact per post or via email. EUREC will respond to your queries
within 30 days.

EUREC Office
Bonner Talweg 57
53113 Bonn
Germany
eurec@eurecnet.org