This policy describes how we, ICOS ERIC, use your personal data when you visit the ICOS ERIC website www.icos-ri.eu or the ICOS Carbon Portal website www.icos-cp.eu.
ICOS Central Facilities and National Networks run and maintain their own websites. Their domain names are usually www.icos-name.country or www.icos-country.eu. This policy doesn’t apply to those websites.
Who is responsible for my data?
ICOS ERIC is the data controller. That means we are responsible for collecting your data and looking after it.
What data is used?
We ask for your email address when logging into the Carbon Portal, when submitting a reference to BibBase, when subscribing to our newsletter, and in the feedback form. These functions can’t be used without providing an email address. Your email address is erased when it no longer serves a purpose, for example after unsubscribing from our newsletter. Processing is based on your consent.
The ICOS website also offers services requiring registration, such as submitting an abstract or registering to the ICOS Science Conference, or to other ICOS events. To provide these services, for example, to organise the events in question and to communicate with you, we ask your contact information. Your input data will only be used for the purpose of using the service for which you have registered and for communicating about similar events in the future. We may also ask dietary information in order to arrange the catering in an event. Your dietary information will be deleted after the event.
We will process the data provided during registration only based on your consent per EU GDPR regulation, Art. 6 (1)(a) DSGVO. You may revoke your consent at any time with future effect. An informal email making this request is sufficient.
Your IP address is recorded when downloading data from the Carbon Portal. We use IP addresses to record unique downloads over time and country. Processing is based on our legitimate interest in analyzing the spread of ICOS RI data over time.
A cookie is a tiny file that is created on your computer upon visiting a website, which then communicates with websites. We use a cookie containing your Carbon Portal login status and expiry time. Denying this cookie necessarily prevents Carbon Portal login. This cookie expires after approximately a day. Processing is based on your consent.
Who gets my data?
Personal data will be used for the purpose it was first collected for. We won’t transfer your personal information outside of ICOS Research Infrastructure unless otherwise mentioned. For information about the infrastructure, please see here https://www.icos-ri.eu/icos-research-infrastructure
ICOS Carbon Portal profile data and reference submissions are handled in accordance with scientific customs. This means names, affiliations and email addresses (e.g. of corresponding authors) are used to attribute publications of data, abstracts, articles and reports and the like to the rightful authors and contributors. These data are used as metadata in ICOS databases and possibly transferred to other external databases that ICOS connects to, as FAIR metadata.
Google transfers its Analytics data to the United States. We transfer your email address to MailChimp, the service we use to distribute our newsletter. Google and MailChimp are covered by the EU-US Privacy Shield Framework. The framework protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States for commercial purposes. The European Commission has also issued a decision declaring the United States as ensuring an adequate level of personal data protection.
Our websites and services use SSL encryption. All services run through a reverse proxy, which only allows the programmatic access built into the application programming interface of the services. The servers are only accessible for admins from a select number of machines with fixed IP addresses from Lund University, Sweden. ICOS ERIC runs its own dedicated two servers through Carbon Portal, which are physically located at LUNARC computing center at Lund University. The university doesn’t have access to the servers.
What rights do I have?
Unconditional rights by law
Access to the personal data. You have the right to a copy of your processed data, so you can check the data itself.
Rectification. You have the right to have incorrect data corrected.
Complaint. You have the right to lodge a complaint with your national supervisory authority. In Finland you can the Finnish Data Protection Ombudsman: https://tietosuoja.fi/en/contact-information.
Object to processing. Where processing data is based on our legitimate interests, you have the right to object to the processing. The processing stops until we demonstrate compelling legitimate grounds for the processing. A document assessing our legitimate interests and their relationship with you will be provided to you.
These rights apply if certain conditions are met.
Erasure. You might have the right to have your data removed from our storage, for example when you withdraw consent for processing. If there are grounds for erasure, we will take reasonable steps to have it erased from third party databases as well.
Restriction of processing. You might have the right to have us restrict the processing of your data, for example when we don’t need the data anymore, but you require it for a legal claim.
Portability. You have the right to have your data transmitted to another controller without hindrance from ICOS ERIC when the processing is based on your consent or a contract between you and us.
Exercising your rights
For further information about your rights and exercising them, please see here https://tietosuoja.fi/en/know-your-rights.
Changes to this policy
We will inform you of any material changes to this policy with a notice on our website.
This policy has been last updated in March 27, 2020.