Privacy policy
The privacy and security of your personal information is very important to Euro-BioImaging. This privacy policy explains how and why your personal data is used, and what is done to make sure you can be confident about giving Euro-BioImaging your information.
Euro-BioImaging will only use your personal data on relevant lawful grounds as permitted by the European Union (EU) General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR) and relevant national laws. Euro-BioImaging will never use your personal data commercially and will only share it with third parties that Euro-BioImaging works with, when such sharing is necessary and permitted, and always assuring the privacy and security of your data.
If you have any questions about this policy or the use of your personal data, please contact info@eurobioimaging.eu.
Who and what does this policy apply to
This policy applies to the operations of the Euro-BioImaging ERIC infrastructure, and the Euro-BioImaging Web Portal and all its sub-pages under the domain eurobioimaging.eu, whenever personal data is used. This policy applies whether you are a registered user of any Euro-BioImaging services, a staff member of Euro-BioImaging Hub or Nodes, an external reviewer for Euro-BioImaging, or if you just visit the Euro-BioImaging Web Portal, or email, call or write to Euro-BioImaging.
Euro-BioImaging is a pan-European research infrastructure that offers open access to selected imaging facilities, called Nodes, across its member states, as well as training and image data services. Euro-BioImaging was established as an ERIC (European Research Infrastructure Consortium) on 29 October 2019, according to European Council Regulation (EC) 723/2009, Implementing Decision (EU) 2019/1854. Euro-BioImaging is coordinated by a Hub consisting of three members: Finland (Turku) coordinates all operations and hosts the Euro-BioImaging Web Portal, the European Molecular Biology Laboratory (EMBL Heidelberg, Germany) coordinates operations specific to biological imaging and Italy (Torino) coordinates operations specific to medical imaging.
Before Euro-BioImaging ERIC was established, Euro-BioImaging conducted interim operation through an Interim Web Access Portal at eurobioimaging-interim.eu, which continues to operate until all interim operation user projects have been completed. This policy does not apply to Euro-BioImaging interim operation or the Interim Web Access Portal, which have their own privacy policy and terms and conditions.
What personal data does Euro-BioImaging collect and why
Euro-BioImaging collects only basic personal data (information which identifies you, or which can be identified as relating to you personally), and Euro-BioImaging only collects data that it needs to operate. Sensitive or specially protected personal data is not collected.
Basic personal data (for instance name, contact information and professional affiliation) is collected when logging in to the Euro-BioImaging Web Portal for the first time, and additional personal data (for instance research history and biography) may be collected in connection with specific activities, such as when applying for access to imaging technologies, conferences or training courses. Only personal data supplied to Euro-BioImaging directly by you is collected – personal data is not collected from other sources.
Euro-BioImaging collects personal data based on legitimate interest as defined in the General Data Protection Regulation of the European Union. This legitimate interest is to manage and run the Euro-BioImaging ERIC infrastructure or informed consent.
From where does Euro-BioImaging collect personal data
Euro-BioImaging collects personal data mostly through integrated online forms on the Euro-BioImaging Web Portal, from where the data is directly saved into the Euro-BioImaging database. In some cases Euro-BioImaging may use Survey Monkey forms to collect data (see “Third parties” below), and relevant data from the forms is then manually transferred to the Euro-BioImaging database.
Euro-BioImaging receives some personal data also from the user authentication services that it uses (see “Third parties” below) and in some cases also from procedures or projects where users can apply to use Euro-BioImaging services through third parties, for instance where access is applied to multiple infrastructures.
Euro-BioImaging does not collect personal information from emails or other sources, unless specifically mentioned.
How does Euro-BioImaging store your personal data and keep it safe
Your personal data is stored mainly in the primary Euro-BioImaging database, which is located on a server of the University of Turku in Turku, Finland, where the Euro-BioImaging Web Portal is also hosted. The database is highly secure with direct access possible only by the Euro-BioImaging Web Portal administrative staff, and the data is regularly backed up by the University of Turku. The IT staff running the server has no access to the database.
In some situations, for instance if you apply for access to imaging technologies at the Euro-BioImaging Nodes, some of your personal data may be temporarily stored also in computers and email systems used to process it. However, such storage is temporary and access to the data is password-limited to those individuals who have legitimate access to the computer or email account in question.
Some personal data may be stored also in the secondary Euro-BioImaging database, which is located on a secure computer in locked premises at the University of Turku in Turku, Finland, with regular backups taken to a local cloud service of the University of Turku and to an external hard drive stored in a secure location at the University of Turku. Only the Euro-BioImaging Web Portal administrative staff has direct access to the secondary database and its backups.
Everyone in Euro-BioImaging who can access your personal data in any situation (see “Who gets to see your personal data” below) has been instructed to take care of such data with appropriate confidentiality and security measures, and there are procedures in place within the infrastructure for reporting any unusual activity related to personal data, such as possible security breaches.
How does Euro-BioImaging use your personal data
How Euro-BioImaging uses your personal data depends on the nature of your relationship with Euro-BioImaging and how you interact with the Euro-BioImaging Web Portal and various services and activities. Your personal data is used for the following purposes:
- Administering your Euro-BioImaging user account, including ensuring the security of the Euro-BioImaging Web Portal and services, and communicating with you as required.
- Managing your proposals and projects for accessing imaging technologies at Euro-BioImaging Nodes, including for instance reviewing your applications, arranging access visits, and communicating with you throughout the process.
- Managing your attendance to Euro-BioImaging training courses, events, conferences and meetings, including for instance communication with you regarding confirmation of registration, clarifying further details, or resolving any issues with your participation.
- Managing your use of Euro-BioImaging data services or other data services provided in collaboration with or through Euro-BioImaging, in situations where such use may require personal identification or personal information (many services do not require this).
- Sending you additional information on Euro-BioImaging and its services, such as a regular email newsletter, occasional questionnaires or surveys, information from the Euro-BioImaging Industry Board, or occasional other information.
Euro-BioImaging will primarily communicate with you by email, but in some cases also phone calls or regular mail may be used. When you log in to the Euro-BioImaging Web Portal for the first time, your permission for being contacted in different ways is asked. You may change these settings at any time in the Euro-BioImaging Web Portal (Admin panel – Edit profile). Please note that if you do not give Euro-BioImaging permission to contact you, especially by email, most Euro-BioImaging services will not be available to you. However, you may separately choose for instance not to receive the newsletter or other similar emails, but allow email communication necessary for applying to access Euro-BioImaging imaging technology or training services.
Euro-BioImaging collects various statistics and other information about its operations for instance to monitor and develop its services and to report to funding agencies. Whenever possible, personal data will be anonymized or pseudonymized. However, in certain situations, for instance if a funding agency so requires, Euro-BioImaging may release certain personal information as required
Terms and conditions
In addition to this Privacy Policy, Euro-BioImaging and its Web Portal have Terms and conditions, that you need to read and accept the first time you log in to the Euro-BioImaging Web Portal. In addition, your agreement to the Terms and conditions will be confirmed occasionally, for instance in conjunction with applying to use certain Euro-BioImaging services, such as access to imaging technologies at the Nodes. You may change your consent to the Terms and conditions at any time in the Euro-BioImaging Web Portal (Admin panel – Edit profile), but please note that if you revoke your agreement, you will not be able to use any Euro-BioImaging services or the Web Portal. Please note that the Terms and conditions apply also when you visit the Euro-BioImaging Web Portal without logging in.
How long is your personal data stored
Euro-BioImaging stores your personal data as long as you continue using Euro-BioImaging services or otherwise being involved with the infrastructure. If you have not logged in to the Euro-BioImaging Web Portal for 5 years, your personal data will be deleted from the Euro-BioImaging database. Statistical information of e.g. your past use of Euro-BioImaging services will remain in the database, but this is anonymized general information only, necessary for producing statistics such as user numbers, and does not contain any personal data.
Who gets to see your personal data
Your personal data is accessed only on a need-to-know basis, and primarily only by the administrative staff of the Euro-BioImaging Web Portal. Depending on how you use Euro-BioImaging services, your personal data may need to be accessed also by other staff members of the Euro-BioImaging Hub, and third parties such as Euro-BioImaging Nodes, external scientific reviewers or training providers (see “Third parties” below).
Euro-BioImaging does not relay your personal data to any other third parties, sell it to anyone or use it for any purposes other than running the infrastructure.
Keeping your personal data up to date
The accuracy of your information is important to Euro-BioImaging. If you change your email address, or if any other information is inaccurate or out of date, please update your online profile, by visiting the Euro-BioImaging Web Portal (Admin panel – Edit profile)
Use of cookies
Certain pages of the Euro-BioImaging Web Portal may issue your computer with small files called cookies. Cookies are used for the purposes of managing and improving the services of the Euro-BioImaging Web Portal. Cookies issued by the Euro-BioImaging Web Portal do not contain any personally indentifiable information. You may set your browser to either refuse cookies or warn you before accepting them, however, please note that some cookies are essential for the operation of the Euro-BioImaging Web Portal. You can also prevent Euro-BioImaging from tracking you on the Web Portal by setting ‘Do not track' in your browser. Euro-BioImaging analytics have been configured to respect do-not-track requests.
Your IP address
Euro-BioImaging uses anonymized IP addresses for Google Analytics (see “Third parties” below). Euro-BioImaging may also collect full IP addresses in the Web Portal or server logs for security reasons, as a legitimate interest for instance for the purposes of detecting and preventing unauthorized system access.
Third parties
In some cases, some of your personal data will be relayed to third parties that are essential for the operation of Euro-BioImaging, or such third parties may relay personal data to Euro-BioImaging. These third parties are described below.
Please note that all third parties only see data which are relevant to them, for instance regarding access proposals assigned to them. No third party has direct access to the Euro-BioImaging databases.
Please also note that in some situations your personal information may also be relayed to outside of the European Economic Area (EEA) (for instance some of the external scientific reviewers reside outside the EEA), and therefore leave the EU General Data Protection Regulation jurisdiction. All reasonable steps will be taken to ensure that your data is treated securely and in accordance with this privacy policy in all situations
Euro-BioImaging Nodes
Access to imaging technologies in Euro-BioImaging takes place at imaging facilities called Nodes. As part of the normal evaluation procedure, Euro-BioImaging technology access proposals are reviewed by the Node(s) access is being applied to. Designated contact persons at the Nodes access the proposals through the Euro-BioImaging Web Portal. The Nodes are not legally part of Euro-BioImaging ERIC, but all Nodes have signed a Service Level Agreement with Euro-BioImaging, stating that they will maintain confidentiality of any data they receive, and do not distribute the data beyond the personnel required to handle the user access visits in practice. All Nodes have also declared to adhere to the General Data Protection Regulation of the European Union. Note that this Privacy policy applies only to data relayed through the Euro-BioImaging Web Portal, not to possible direct communication between users and the Nodes, even if that communication takes place via the messaging tools of the Euro-BioImaging Web Portal.
External scientific reviewers
As part of their normal evaluation procedure, Euro-BioImaging technology access proposals may be reviewed by external scientific reviewer(s) for consultation and advice. The external reviewers access the proposals assigned to them through the Euro-BioImaging Web Portal. The reviewers are not part of Euro-BioImaging ERIC, but all reviewers have declared compliance with conflict of interest and confidentiality requirements. These requirements state that reviewers will maintain confidentiality of the proceedings and associated materials, they will not disclose information related to the review, and they will destroy any documentation they might have upon completing the review.
Euro-BioImaging training providers
Euro-BioImaging offers training courses and workshops to which you can apply through the Euro-BioImaging Web Portal, somewhat similarly as you apply for access to imaging technologies at the Nodes. The training coordinator of Euro-BioImaging and the training providers of courses you have applied to have access to some of your personal data, as part of the procedure for accepting your application and arranging the practicalities of the training. All training providers have declared compliance with Euro-BioImaging requirements, which state that the training providers will maintain confidentiality of any data they receive, and do not distribute any data beyond the personnel required to handle the training activity in practice. All training providers have also declared to adhere to the General Data Protection Regulation of the European Union. Note that this Privacy policy applies only to data relayed through the Euro-BioImaging Web Portal, not to possible direct communication between users and the training providers, even if that communication takes place via the messaging tools of the Euro-BioImaging Web Portal. Note also that Euro-BioImaging may also list and advertise other courses and events on the Euro-BioImaging Web Portal, for which the application/registration procedure does not go through the Web Portal. This Privacy policy does not apply in such cases, and Euro-BioImaging has no control over personal data possibly given by you to such external training providers.
User authentication and authorization services
Euro-BioImaging uses Authentication and Authorization Infrastructure (AAI) provided by external partners, in order to enable users to login with their existing credentials, if they so choose, without necessarily needing separate user IDs and passwords for the Euro-BioImaging Web Portal. Currently, Euro-BioImaging AAI services are provided by Life Science Login. In the past, they have been provided by Elixir AAI, and some of the Elixir AAI infrastructure may still be partly employed during the login process, as the migration of Elixir AAI to Life Science Login is a gradual one. Only minimal personal data (name, institutional affiliation and email address) is exchanged between Euro-BioImaging and Life Science Login (or Elixir AAI) during the authentication process. Life Science Login and Elixir AAI both adhere to the General Data Protection Regulation of the European Union.
Survey Monkey
Euro-BioImaging sometimes uses Survey Monkey forms to collect information that may also contain personal data. A Business Associate Agreement has been signed with Survey Monkey, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), for Protected Health Information. This ensures that all information sent through Survey Monkey will remain confidential and secure, with Survey Monkey themselves having no access to it. For added security, all information sent through Survey Monkey will be manually and permanently deleted from Survey Monkey as soon as it has been received by Euro-BioImaging. Survey Monkey adhere to the General Data Protection Regulation of the European Union.
Other third parties
Euro-BioImaging also works together with several other third parties in the development and running of its services. However, none of these third parties have access to any personal data or the Euro-BioImaging databases. These other third parties include:
- Google Analytics is used to collect standard internet log information, such as visitor numbers and behavior patterns. The information is processed in a way that does not identify anyone, and no attempt is made to find out the identities of those visiting the Euro-BioImaging Web Portal.
- The Euro-BioImaging Web Portal is developed in collaboration with Instruct-ERIC, and it is partly based on the ARIA portal of Instruct-ERIC. However, Euro-BioImaging runs its own instance of the ARIA code and uses its own separate databases, and Instruct-ERIC and ARIA developers have no access to Euro-BioImaging personal data or the other way around.
- Euro-BioImaging also collaborates with the BioImage Archive developers at EMBL-EBI (Cambridge, UK) and the Open Microscopy Environment developers at the University of Dundee (Dundee, UK) in the development of data services, but this collaboration involves only research data, no personal data.
- University of Turku IT services host the Euro-BioImaging Web Portal, primary database and Euro-BioImaging email addresses and mailing lists.
Your data protection rights
Where Euro-BioImaging is using your personal data on the basis of consent, you have the right to access your data and to change your data if it is incorrect, and the right to withdraw that consent at any time, in the Euro-BioImaging Web Portal (Admin panel – Edit profile). However, if you withdraw your consent, you might no longer be able to use some Euro-BioImaging services. Where Euro-BioImaging is using your personal data on the basis of legitimate interest, based on your user account on the Euro-BioImaging Web Portal, you have the right to request that your account is terminated and your personal data deleted. However, you would no longer be able to log in to the Euro-BioImaging Web Portal or use any Euro-BioImaging services that require login.
You are entitled to request a copy of the data Euro-BioImaging holds on you. In your request, you would need to provide adequate information to confirm your identity. If Euro-BioImaging holds personal information about you, you will be provided with a sufficient copy of the information in an understandable format, together with an explanation of why Euro-BioImaging has this information and how it is being used. Once Euro-BioImaging has assembled all the information necessary to respond to your request, you will receive the information within one month. This timeframe may be extended to up to three months if your request is particularly complex.
If you would like further information on your rights or wish to exercise them, please write to us at info@eurobioimaging.eu.
Changes to this policy
This Privacy Policy may be updated from time to time. After each update, the new version will be published on the Euro-BioImaging Web Portal. You should check this page occasionally to ensure that you are happy with the current version of this policy. You may be notified of changes to this policy in the News section of the Euro-BioImaging Web Portal, or by email.
What to do if you are not happy or something is unclear
In the first instance, please talk to us at Euro-BioImaging directly so that we can hopefully resolve any problem or query. The easiest method is to first email info@eurobioimaging.eu, and then we can see how to best take your issue further.