M-ERA.NET Data Privacy Policy

Name and Address of the Data Controller

Data Controller according to the data protection laws regarding the processing on this website is the

Austrian Research Promotion Agency (Österreichische Forschungsförderungsgesellschaft mbH)
1090 Vienna, Sensengasse 1
FN 252263a HG Wien

Tel:  +43 (0)5 7755 - 0
Fax: +43 (0)5 7755 - 97900
datenschutz@ffg.at

The Austrian Research Promotion Agency acts as the M-ERA.NET consortium coordinator.

A list of the current consortium members is available at https://m-era.net/about/m-consortium.

Please keep in mind that in some cases a joint responsibility pursuant to Article 26 GDPR between the FFG and the other consortium members might exisst,

 General information on data processing

The M-ERA.NET data privacy policy describes how we process your personal data when you use our services or visit our website.

For further information and details on the processing of personal data by the different funding agencies, please refer to the specific privacy policy statements of the respective agency.

Your personal data will be deleted or made unavailable by us once the purpose for storing and processing of such data no longer applies, provided that longer retention cannot be justified by statutory obligations or that no legal claims which may still be asserted against us and require retention exist.

Within the scope of electronic data processing, we use IT service providers (data processors) who might obtain access to your personal data in the course of their work in case they require the data to render the respective service. These service providers were obliged by us to take appropriate technical and organisational measures to ensure the security of your data. These service providers are not permitted to pass on your data (except in cases stipulated by law).

Specific processing operations

  1. General data processing on the website

1.1 Purpose of data processing

  • Data is collected and exchanged during each visit to a website to enable you to access and use the website.
  • Some data is used for statistical data analysis in order to measure the demand for web offerings on the M-ERA.NET website.
  • Some data is processed to prevent attacks on our infrastructure.

1.2 Scope of the processing of personal data

The M-ERA.NET website automatically collects and stores data transmitted from your browser to our server. This data include:

  • type and version of your internet browser
  • operating system used
  • the page visited
  • the page visited before our website (referrer URL)
  • time of the server inquiry
  • client IP address

It is not possible for us to trace this data back to a specific individual. This data is not merged with other data sources.

1.3 Legal basis for processing personal data

The legal basis for the aformentioned data proccessing is the legitimate interest pursuant to Article 6(1)(f) GDPR.

The legitimate interest is our interest to protect our website from attacks and misuse and to safeguard the security and stability of our systems, to enable you or services via the website and to use data analysis in order to measure the demand for web offerings on the M-ERA.NET website

1.4 Data retention period

IP addresses are stored for 14 days to detect and prevent attacks on the infrastructure. After that time the IP addresses are deleted.

In all other cases data will be stored in compliance with the statutory retention periods or as long as they are necessary for the relevant processing. Your data will be erased before such period expires if you exercise your right to object.

1.5 Data recipients

Data collected from visits to the M-ERA.NET consortium offers on the internet is transmitted to third parties only when required by law or court order or in cases when attacks on the infrastructure of the M-ERA.NET consortium make it necessary to forward such data for the purposes of legal action or criminal prosecution.

Data will not be transferred for any other reason.

 

  1. Newsletter

2.1 Purpose of data processing

We process your contact details for the purpose of sending you the newsletter you subscribed to.

2.2 Scope of the processing of personal data

We will collect the following personal data upon registration for the newsletter:

  • E-mail address

2.3 Legal basis for processing personal data

During the registration process for the newsletter, you will be asked to consent to the processing of your data; thus, the legal basis is Article 6 (1)(a) GDPR.

2.4 Data retention period

Your data will be stored for the duration of your newsletter subscription.

2.5 Data recipients:

To provide you with the latest news via our newsletter we have to share your data with our partners from the M-ERA.NET consortium. The data will not be shared with other third parties without your consent or without a legal obligation.

2.7 Unsubscribe:

You can cancel your subscription to the M-ERA.NET newsletter at any time through this link.

 

  1. E-Mails to the M-ERA.NET consortium

3.1 Purpose of data processing

When you send us an e-mail this e-mail and your e-mail address will be used solely for correspondence purposes.

3.2 Scope of the processing of personal data

  • E-mail address
  • If you enter any personal data in your text message (e.g. name or phone number), these will also be included in the processing.

3.3 Legal basis for processing personal data

The legal basis for this processing is the controller's legitimate interest according to Article 6 (1)(f) GDPR to provide interested parties with a simple and effective way of contacting us directly via e-mail and giving you the optimal support.

Article 6(1)(b) GDPR might also the legal basis in cases where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

3.4 Data retention period

Your personal data will be stored in compliance with the statutory retention periods or as long as they are necessary for the relevant processing. Your data will be erased before such period expires if you exercise your right to object.

3.5 Data recipients

Your message and your data will only be disclosed to the consortium members involved. The data will not be shared with other third parties without your consent or without a legal obligation.

 

  1. M-ERA.NET database

4.1 Purpose of data processing:

The M-ERA.NET database consists of project data.

Contact data of people involved in proposals/projects are stored to an extent which is necessary for managing the submitted proposals and funded projects.

This contact data are not available to the public and are only used for updating the database or for research purposes (e.g. impact assessments, surveys).

4.2 Scope of the processing of personal data

  • First and last name
  • Affiliation
  • Telephone number
  • E-mail adress
  • CV
  • List of publications
  • other project data

4.3 Legal basis for processing personal data

In certain cases, we process personal data on the basis of the consent of the data subject within the meaning of Article 6 (1) (a) of the GDPR.

Where processing of personal data is required for the conclusion of contracts, this takes place on the basis of the fulfilment of the contract or the performance of pre-contractual measures within the meaning of Article 6 (1) (b) of the GDPR.

Where we are under legal obligation to process personal data, such as statutory documentation and retention obligations, this is done on the basis of the fulfilment of a legal provision within the meaning of Article 6 (1) (c) of the GDPR.

4.4 Data retention period

Your personal data will be stored in compliance with the statutory retention periods or as long as they are necessary for the relevant processing. Your data will be erased before such period expires if you exercise your right to object.

4.5 Data recipients

Your data will be disclosed to the consortium members involved.

In all other cases your data will only be transmitted to third parties when required by law or court order or in cases when it is necessary to forward such data for the purposes of a legal action or criminal prosecution.

 

  1. Expert Applications

5.1 Purpose of data processing

Management and execution of the application procedure for experts to assist with the evaluation of proposals submitted to the M-ERA.NET Joint Calls and for experts to assist with defining the thematic scope of these calls. 

5.2 Scope of the processing of personal data

  • Gender
  • Name
  • E-Mail address
  • Country
  • Expert keywords
  • Organisation
  • Type of organisation
  • CV
  • Bank account data

5.3 Legal basis for processing personal data

If prior informed consent is obtained, processing shall be based on such consent pursuant to Article 6(1)(a) GDPR.

Article 6(1)(b) GDPR might also form the legal basis in cases where the processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract.

The legal basis for this processing can be the controller's legitimate interest according to Article 6 (1) (f) GDPR to enable a quick and effective way to fill in applications for experts.

5.4 Data retention period

Your personal data will be stored in compliance with the statutory retention periods or as long as they are necessary for the relevant processing.

5.5 Data recipients

Your data will only be disclosed to the consortium members involved and the call secretariat.

The data will not be shared with other third parties without your consent or without a legal obligation.

 

  1. Intranet

6.1 Purpose of data processing

Sharing of information necessary for the M-ERA.NET 3 implementation.

6.2 Scope of the processing of personal data

Users of the Database:

  • Login-Data (Name, E-Mail, Organisation, Password)

6.3 Legal basis for processing personal data

In certain cases, we process personal data on the basis of the consent of the data subject within the meaning of Article 6 (1) (a) of the GDPR.

Where processing of personal data is required for the conclusion of contracts, this takes place on the basis of the fulfilment of the contract or the performance of pre-contractual measures within the meaning of Article 6 (1) (b) of the GDPR.

The legal basis for this processing can be the controller's legitimate interest according to Article 6 (1) (f) GDPR to grant the data subject involved the controlled access to the necessary information in a quick and effective way.

6.4 Data retention period

Your personal data will be stored in compliance with the statutory retention periods or as long as they are necessary for the relevant processing.

6.5 Data recipients

Your data will only be disclosed to the consortium members involved.

The data will not be shared with other third parties without your consent or without a legal obligation.

Regarding the data transfers to other consortium members

Some consortium members are not from a EU or EEA – member state.

We will transfer personal data to third countries if the requirements of the GDPR are met and sufficient safeguards are in place.

These requirements can be for example

  • An adequacy decision of the European Commission pursuant to Art. 45 GDPR;
  • Standard contractual clauses for the transfer of personal data to third countries pursuant to Article 46 GDPR.

Data transfers might occur in the following cases as well:

  • You have explicitly consented to the proposed transfer, after having been informed of the possible risks of such transfers for the data subject due to the absence of an adequacy decision and appropriate safeguards;
  • The transfer is necessary for the performance of a contract between you and us or the implementation of pre-contractual measures taken your request.
  • The transfer is necessary for the conclusion or performance of a contract concluded in your subject between the controller and another natural or legal person.
  • The transfer is necessary for the establishment, exercise or defense of legal claims.

Rights of the data subject

  1. Right to access

You have the right, vis-à-vis us, to request access to all data concerning you processed by us.

  1. Right to rectification and right to restriction of processing

You may request the rectification of inaccurate data or have incomplete data completed.

  1. Right to data portability

You may demand that we transmit to you - or if technically feasible to a third party indicated by you - a copy of your data in a structured, commonly used and machine-readable format. In addition, you have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where

  1. the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
  2. the processing is carried out by automated means.

In exercising this right, you also have the right to have the relevant personal data transmitted directly from one controller to another, where technically feasible. Rights and freedoms of others shall not be adversely affected by the above.

  1. Right to erasure

Under certain circumstances, you have the right to obtain erasure of your data, e.g. if your data is not processed in accordance with data protection requirements.

If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis us, we are obligated to communicate such rectification or erasure of data or restriction of processing to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.

  1. Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

In that case, the controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

  1. Right to withdraw consent

You have the right to withdraw your declaration of consent at any time.

The withdrawal of consent shall not affect the lawfulness of any consent-based processing performed until the withdrawal.

  1. Supervisory authority 

You have the right to lodge a complaint with the national supervisory authority in your place of residence if it is assumed that the processing of personal data is carried out unlawfully.

Each national supervisory authority shall be competent for the performance of the tasks assigned to and the exercise of the powers conferred on it in accordance with this Regulation on the territory of its own Member State.

Where processing is carried out by public authorities or private bodies acting on the basis of point (c) or (e) of Article 6 (1), the supervisory authority of the Member State concerned shall be competent.

If you have a complaint, please contact the competent supervisory authority.

The list of the national data protection authorities is available on the website: https://edpb.europa.eu/about-edpb/board/members_en

 

Contact

In connection with any of the above matters, in particular, with regard to exercising your rights as data subject, as well as in case you have any further questions, please contact the following e-mail address:

datenschutz@ffg.at

Cookies - Policy

Session cookies are small information units stored by the provider in the main memory of the user's computer. A session cookie contains a randomly generated unique identification number, a so-called session ID. A cookie also contains data on its origin and the storage period. These cookies cannot store any other data.

Other providers use permanent cookies to recognise visitors returning after a longer period of time. This information is stored as a text file on the hard drive of the user's computer. In contrast, the session cookies used by the M-ERA.NET consortium are deleted when the session is terminated.

Cookies can be controlled by all internet browsers. Most browsers are configured to accept all cookies without prompting the user.

Opt-out data analysis