Euro-BioImaging will only use your personal data on relevant lawful grounds as permitted by the European Union (EU) General Data Protection Regulation (Regulation (EU) 2016/679 (GDPR) and relevant national laws. Euro-BioImaging will never use your personal data commercially and will only share it with third parties that Euro-BioImaging works with, when such sharing is necessary and permitted, and always assuring the privacy and security of your data.
If you have any questions about this policy or the use of your personal data, please contact firstname.lastname@example.org.
Who and what does this policy apply to
This policy applies to the operations of the Euro-BioImaging ERIC infrastructure, and the Euro-BioImaging Web Portal and all its sub-pages under the domain, whenever personal data is used. This policy applies whether you are a registered user of any Euro-BioImaging services, a staff member of Euro-BioImaging Hub or Nodes, an external reviewer for Euro-BioImaging, or if you just visit the Euro-BioImaging Web Portal, or email, call or write to Euro-BioImaging.
Euro-BioImaging is a pan-European research infrastructure that offers open access to selected imaging facilities, called Nodes, across its member states, as well as training and image data services. Euro-BioImaging was established as an ERIC (European Research Infrastructure Consortium) on 29 October 2019, according to European Council Regulation (EC) 723/2009, Implementing Decision (EU) 2019/1854. Euro-BioImaging is coordinated by a Hub consisting of three members: Finland (Turku) coordinates all operations and hosts the Euro-BioImaging Web Portal, the European Molecular Biology Laboratory (EMBL Heidelberg, Germany) coordinates operations specific to biological imaging and Italy (Torino) coordinates operations specific to medical imaging.
What personal data does Euro-BioImaging collect and why
Euro-BioImaging collects only basic personal data (information which identifies you, or which can be identified as relating to you personally), and Euro-BioImaging only collects data that it needs to operate. Sensitive or specially protected personal data is not collected.
Basic personal data (for instance name, contact information and professional affiliation) is collected when logging in to the Euro-BioImaging Web Portal for the first time, and additional personal data (for instance research history and biography) may be collected in connection with specific activities, such as when applying for access to imaging technologies, conferences or training courses. Only personal data supplied to Euro-BioImaging directly by you is collected – personal data is not collected from other sources.
Euro-BioImaging collects personal data based on legitimate interest as defined in the General Data Protection Regulation of the European Union. This legitimate interest is to manage and run the Euro-BioImaging ERIC infrastructure or informed consent.
From where does Euro-BioImaging collect personal data
Euro-BioImaging collects personal data mostly through integrated online forms on the Euro-BioImaging Web Portal, from where the data is directly saved into the Euro-BioImaging database. In some cases Euro-BioImaging may use Survey Monkey forms to collect data (see “Third parties” below), and relevant data from the forms is then manually transferred to the Euro-BioImaging database.
Euro-BioImaging receives some personal data also from the user authentication services that it uses (see “Third parties” below) and in some cases also from procedures or projects where users can apply to use Euro-BioImaging services through third parties, for instance where access is applied to multiple infrastructures.
Euro-BioImaging does not collect personal information from emails or other sources, unless specifically mentioned.
How does Euro-BioImaging store your personal data and keep it safe
Your personal data is stored mainly in the primary Euro-BioImaging database, which is located on a server of the University of Turku in Turku, Finland, where the Euro-BioImaging Web Portal is also hosted. The database is highly secure with direct access possible only by the Euro-BioImaging Web Portal administrative staff, and the data is regularly backed up by the University of Turku. The IT staff running the server has no access to the database.
In some situations, for instance if you apply for access to imaging technologies at the Euro-BioImaging Nodes, some of your personal data may be temporarily stored also in computers and email systems used to process it. However, such storage is temporary and access to the data is password-limited to those individuals who have legitimate access to the computer or email account in question.
Some personal data may be stored also in the secondary Euro-BioImaging database, which is located on a secure computer in locked premises at the University of Turku in Turku, Finland, with regular backups taken to a local cloud service of the University of Turku and to an external hard drive stored in a secure location at the University of Turku. Only the Euro-BioImaging Web Portal administrative staff has direct access to the secondary database and its backups.
Everyone in Euro-BioImaging who can access your personal data in any situation (see “Who gets to see your personal data” below) has been instructed to take care of such data with appropriate confidentiality and security measures, and there are procedures in place within the infrastructure for reporting any unusual activity related to personal data, such as possible security breaches.
How does Euro-BioImaging use your personal data
How Euro-BioImaging uses your personal data depends on the nature of your relationship with Euro-BioImaging and how you interact with the Euro-BioImaging Web Portal and various services and activities. Your personal data is used for the following purposes:
- Administering your Euro-BioImaging user account, including ensuring the security of the Euro-BioImaging Web Portal and services, and communicating with you as required.
- Managing your proposals and projects for accessing imaging technologies at Euro-BioImaging Nodes, including for instance reviewing your applications, arranging access visits, and communicating with you throughout the process.
- Managing your attendance to Euro-BioImaging training courses, events, conferences and meetings, including for instance communication with you regarding confirmation of registration, clarifying further details, or resolving any issues with your participation.
- Managing your use of Euro-BioImaging data services or other data services provided in collaboration with or through Euro-BioImaging, in situations where such use may require personal identification or personal information (many services do not require this).
- Sending you additional information on Euro-BioImaging and its services, such as a regular email newsletter, occasional questionnaires or surveys, information from the Euro-BioImaging Industry Board, or occasional other information.
Euro-BioImaging will primarily communicate with you by email, but in some cases also phone calls or regular mail may be used. When you log in to the Euro-BioImaging Web Portal for the first time, your permission for being contacted in different ways is asked. You may change these settings at any time in the Euro-BioImaging Web Portal (Admin panel – Edit profile). Please note that if you do not give Euro-BioImaging permission to contact you, especially by email, most Euro-BioImaging services will not be available to you. However, you may separately choose for instance not to receive the newsletter or other similar emails, but allow email communication necessary for applying to access Euro-BioImaging imaging technology or training services.
Euro-BioImaging collects various statistics and other information about its operations for instance to monitor and develop its services and to report to funding agencies. Whenever possible, personal data will be anonymized or pseudonymized. However, in certain situations, for instance if a funding agency so requires, Euro-BioImaging may release certain personal information as required
Terms and conditions
How long is your personal data stored
Euro-BioImaging stores your personal data as long as you continue using Euro-BioImaging services or otherwise being involved with the infrastructure. If you have not logged in to the Euro-BioImaging Web Portal for 5 years, your personal data will be deleted from the Euro-BioImaging database. Statistical information of e.g. your past use of Euro-BioImaging services will remain in the database, but this is anonymized general information only, necessary for producing statistics such as user numbers, and does not contain any personal data.
Who gets to see your personal data
Your personal data is accessed only on a need-to-know basis, and primarily only by the administrative staff of the Euro-BioImaging Web Portal. Depending on how you use Euro-BioImaging services, your personal data may need to be accessed also by other staff members of the Euro-BioImaging Hub, and third parties such as Euro-BioImaging Nodes, external scientific reviewers or training providers (see “Third parties” below).
Euro-BioImaging does not relay your personal data to any other third parties, sell it to anyone or use it for any purposes other than running the infrastructure.
Keeping your personal data up to date
The accuracy of your information is important to Euro-BioImaging. If you change your email address, or if any other information is inaccurate or out of date, please update your online profile, by visiting the Euro-BioImaging Web Portal ()
Your IP address
Euro-BioImaging uses anonymized IP addresses for Google Analytics (see “Third parties” below). Euro-BioImaging may also collect full IP addresses in the Web Portal or server logs for security reasons, as a legitimate interest for instance for the purposes of detecting and preventing unauthorized system access.
In some cases, some of your personal data will be relayed to third parties that are essential for the operation of Euro-BioImaging, or such third parties may relay personal data to Euro-BioImaging. These third parties are described below.
Please note that all third parties only see data which are relevant to them, for instance regarding access proposals assigned to them. No third party has direct access to the Euro-BioImaging databases.
External scientific reviewers
As part of their normal evaluation procedure, Euro-BioImaging technology access proposals may be reviewed by external scientific reviewer(s) for consultation and advice. The external reviewers access the proposals assigned to them through the Euro-BioImaging Web Portal. The reviewers are not part of Euro-BioImaging ERIC, but all reviewers have declared compliance with conflict of interest and confidentiality requirements. These requirements state that reviewers will maintain confidentiality of the proceedings and associated materials, they will not disclose information related to the review, and they will destroy any documentation they might have upon completing the review.
Euro-BioImaging training providers
User authentication and authorization services
Euro-BioImaging uses Authentication and Authorization Infrastructure (AAI) provided by external partners, in order to enable users to login with their existing credentials, without needing separate user IDs and passwords for the Euro-BioImaging Web Portal. Currently, Euro-BioImaging AAI services are provided by Elixir AAI. In the future, they may be provided by Life Science AAI, which is still under development, but may already occasionally be tested on the Euro-BioImaging Web Portal. Only minimal personal data (name, institutional affiliation and email address) is exchanged between Euro-BioImaging and Elixir AAI or Life Science AAI during the authentication process. Elixir AAI and Life Science AAI both adhere to the General Data Protection Regulation of the European Union.
Euro-BioImaging sometimes uses Survey Monkey forms to collect information that may also contain personal data. A Business Associate Agreement has been signed with Survey Monkey, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), for Protected Health Information. This ensures that all information sent through Survey Monkey will remain confidential and secure, with Survey Monkey themselves having no access to it. For added security, all information sent through Survey Monkey will be manually and permanently deleted from Survey Monkey as soon as it has been received by Euro-BioImaging. Survey Monkey adhere to the General Data Protection Regulation of the European Union.
Other third parties
Euro-BioImaging also works together with several other third parties in the development and running of its services. However, none of these third parties have access to any personal data or the Euro-BioImaging databases. These other third parties include:
- is used to collect standard internet log information, such as visitor numbers and behavior patterns. The information is processed in a way that does not identify anyone, and no attempt is made to find out the identities of those visiting the Euro-BioImaging Web Portal.
- The Euro-BioImaging Web Portal is developed in collaboration with , and it is partly based on the ARIA portal of Instruct-ERIC. However, Euro-BioImaging runs its own instance of the ARIA code and uses its own separate databases, and Instruct-ERIC and ARIA developers have no access to Euro-BioImaging personal data or the other way around.
- Euro-BioImaging also collaborates with the developers at EMBL-EBI (Cambridge, UK) and the developers at the University of Dundee (Dundee, UK) in the development of data services, but this collaboration involves only research data, no personal data.
- IT services host the Euro-BioImaging Web Portal, primary database and Euro-BioImaging email addresses and mailing lists.
Your data protection rights
Where Euro-BioImaging is using your personal data on the basis of consent, you have the right to access your data and to change your data if it is incorrect, and the right to withdraw that consent at any time, in the Euro-BioImaging Web Portal (Admin panel – Edit profile). However, if you withdraw your consent, you might no longer be able to use some Euro-BioImaging services. Where Euro-BioImaging is using your personal data on the basis of legitimate interest, based on your user account on the Euro-BioImaging Web Portal, you have the right to request that your account is terminated and your personal data deleted. However, you would no longer be able to log in to the Euro-BioImaging Web Portal or use any Euro-BioImaging services that require login.
You are entitled to request a copy of the data Euro-BioImaging holds on you. In your request, you would need to provide adequate information to confirm your identity. If Euro-BioImaging holds personal information about you, you will be provided with a sufficient copy of the information in an understandable format, together with an explanation of why Euro-BioImaging has this information and how it is being used. Once Euro-BioImaging has assembled all the information necessary to respond to your request, you will receive the information within one month. This timeframe may be extended to up to three months if your request is particularly complex.
If you would like further information on your rights or wish to exercise them, please write to us at email@example.com.
Changes to this policy
What to do if you are not happy or something is unclear
In the first instance, please talk to us at Euro-BioImaging directly so that we can hopefully resolve any problem or query. The easiest method is to first email firstname.lastname@example.org, and then we can see how to best take your issue further.