ECRIN - European Clinical Research Infrastructure Network

Data Privacy Policy

This privacy policy statement is meant to explain to you the way in which we process and protect your personal data on the ECRIN website and beyond. The ECRIN website is a central resource for information about the ECRIN organisation, its services, tools, projects, news, events, and publications as well as other resources related to clinical trials and infrastructure development. Although you can consult our website without giving any personal information, in some cases your personal data is required (e.g. in case you would like to submit a Feedback form, attend an ECRIN organised event, provide feedback in written, video and / or other format, or would like to subscribe to our newsletter).

Our policy on protection of individuals with regards to the processing of personal data is based on the principles set out by the by the Regulation (eu) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regards to the processing of personal data (the GDPR) as well as the relevant French law, as applicable. 

1.    WHAT IS THE SCOPE OF THIS DATA PRIVACY POLICY?

This policy covers ECRIN's data processing on our website (www.ecrin.org) as well as links to the ECRIN newsletter, feedback on ECRIN activities and services, ECRIN organised events, trainings and meetings.

ECRIN uses external service providers and tools (GoToMeeting, Teams, Zoom, Google Forms, YouTube) to gather and share opinions as well as organise events, trainings and meetings both on & offline which may require the collection and sharing of limited personal data with third parties.

Please be aware that ECRIN has developed specific data privacy policies for data processing related to other activities such as projects and travel. 

Moreover, ECRIN's website may provide links to third-party sites (e.g. LinkedIn, YouTube, ECRIN partner websites to communicate about events). When you click on links to visit third-party websites, you may need to accept their specific terms and conditions and cookie policies as ECRIN has no control over their privacy policies.

ECRIN also may have access to your personal data that you choose to make available on social media (LinkedIn, Twitter, YouTube) if you follow ECRIN or contact one of its personnel on one of their channels. ECRIN will never use this data without your consent. However, ECRIN might use the information freely provided by these providers (as outlined in their privacy policies) as feedback to improve the ECRIN communication strategy.

2.    WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU? 

The following personal data might be required when you access and use our website or attend an ECRIN organised event: 

  • Contact details (First name, Last name, Email address, address, phone number) and job information.
  • Additional personal information, such as photos and videos, may be collected on rare occasions, in which case ECRIN will inform you and a acquire supplementary consent.

We do not collect, but may access your personal data, that you made available on social media, if you follow ECRIN or contact one of its personnel on one of their channels (LinkedIn, Twitter, YouTube) :

  • First name, Last name, Email address, address, phone number, photos.

In case ECRIN needs to use such data, ECRIN will inform you and acquire specific consent.

3.    FOR WHAT PURPOSE DO WE COLLECT YOUR DATA?

Any collection and processing of personal data is for one of the following defined purposes: 

  1. To send you ECRIN's newsletter and to manage your subscription 
  2. To gather your feedback and to improve ECRIN’s services collected via the ECRIN Feedback form (e.g. to respond to your requests or inquiries) and / or questionnaires on activities related to ECRIN via Google Form or RedCap (a tool hosted by the ECRIN servers).
  3. To measure the effectiveness and efficiency of our website. 
  4. To organise events, training and meetings for our user community and provide related information.
  5. Promotion of ECRIN’s activities, events and success stories

Specific information for each of the above purposes is detailed in the second half of this Data Privacy Policy.

4.    DOES ECRIN PUBLISH YOUR DATA ON ITS WEBSITE?

ECRIN does not publish any of your personal data on its website, unless you have specifically provided your consent for a given purpose. 

5.    ON WHAT GROUNDS DO WE PROCESS YOUR DATA? 

As a general rule, we process your personal data on the basis of your CONSENT to ECRIN's processing of your personal data. 

In some cases, we could consider other lawful bases such as the legitimate interest of ECRIN, contractual arrangements, or legal obligations. In this case, we will carefully consider your rights and obligations and we will inform you about your data protection rights by adequate means. 

6.    WHERE DO WE STORE YOUR DATA?

All information provided by you is gathered securely through the SSL (SecureSockets Layer). A SSL is a protocol that encrypts your information into codes so that your information is kept secure while being transmitted via the Internet.

ECRIN looks to store all personal data within the European Union (“the EU”).

However, given the international nature of online services, ECRIN cannot guarantee that all the service providers involved in our activities store your data within EU in which case ECRIN will inform you and request your consent. Before consenting, ECRIN will also invite you to consult their data privacy policy which is freely accessible online.

For instance, some ECRIN events and meetings are organised through other online meeting service providers (Teams, GoToMeeting, Zoom) which may store some of your personal data outside the EU as per their data privacy policy which is freely accessible online and which we encourage you to consult. 

Some ECRIN events are organised directly on the ECRIN Zoom account subsequent consent for storing and processing of your information on Zoom is required upon registration.

Furthermore, ECRIN uses the tool RedCAP that is hosted on its servers in France for some of its questionnaires. Alternatively, in the case of some questionnaires and feedback forms your information may be stored within a Google Form which may store some of your personal data outside the EU as per their data privacy policy which is freely accessible online and which we encourage you to consult. 

7.    WHO HAS ACCESS TO YOUR DATA?

ECRIN’s relevant internal parties and, as applicable, ECRIN service providers and organisations that co-host events together with ECRIN.

For instance, ECRIN’s Communications Officer has access to the data that you provide via our website for newsletter subscription or events registration. 
Relevant internal parties have access to the data that you provide via the feedback form or questionnaire.
In case we use a service provider for certain data processing or share event organising duties we will disclose this information in the information notice so that you can make an informed decision about the access and use of your data.

On the rare occasion that your personal data is made public on our website or another ECRIN communication channel, this is based on your CONSENT to do so.

We never pass on, sell or swap your data for marketing purposes to other third parties outside ECRIN.

8.    HOW LONG WILL ECRIN RETAIN YOUR PERSONAL DATA? 

ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data and will require the service provider to do the same. 

9.    WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA ON OUR WEBSITE?  

As a general rule, ECRIN acts as the data controller of the processing of your personal data for the purposes stated above. In case ECRIN acts as a joint controller or a data processor, we will inform you via the information notice or other adequate means. 

DATA CONTROLLER: EUROPEAN CLINICAL RESEARCH INFRASTRUCTURE NETWORK (ECRIN)
5-7 rue Watt
75013 
Paris, France
Registration number: 801 933 235

10.    WHAT ARE YOUR RIGHTS?

ECRIN will ensure that you can exercise your rights pertaining to your personal data. 
To that end, ECRIN informs you that you are entitled: 
a)    to have access, upon simple request, to your personal data – in which case you may receive a copy of such data (if requested)
b)    to obtain a rectification of your personal data should your personal data be inaccurate, incomplete or obsolete ("right to rectification")
c)    to obtain the deletion of your personal data ("right to be forgotten");
d)    to withdraw your consent to the data processing (where your personal data has been collected and processed on the basis of your consent);
e)    to request a limitation of the data processing in the situations set forth by applicable law ("right to restrict processing");
f)    to receive your personal data (data which you provided to ECRIN) in a structured, commonly used and machine-readable format and to transmit those data to another controller ("data portability right" allowed only where the processing is based on your consent and the processing is carried out by automated means) 
g)    to file a complaint to the French supervisory authority, CNIL (French data protection authority), located at: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 .
You can also check the CNIL website: https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment

In case we are processing your data on a different legal ground, we will inform you about your data protection rights by adequate means. 
If you have any questions about how your personal data is being processed within this context or if you would like to exercise your data subject rights, please email your request to legal@ecrin.org and we will refer you to our Legal manager.  

SPECIFIC INFORMATION FOR EACH OF THE ABOVE PURPOSES IS DETAILED BELOW (all in an individual accordion for clarity of reading and anchors for easy identification when linking from an external document)

Please note that the content of this Website Privacy Policy may be updated from time to time. Therefore, we advise you to visit the page of this Website Privacy Policy regularly to verify any updates.

Updated: 23/06/2022
 

What types of personal data do we process for this purpose?

First name, Last name, and Email address. 

Who has access to your personal data?

  • ECRIN's staff in charge of the website.
  • The provider which we use to send you our newsletter. Currently, we use a very popular provider Mailchimp, which is an online marketing platform operated by Intuit Inc since September 2021, a company headquartered in the State of California in the United States. Their tools are only used to send you ECRIN's newsletter. 

PLEASE NOTE: 
There are two ways to subscribe to the ECRIN newsletter hosted by Mailchimp 1. a double authentication via the subscribe function on our website, 2. Opting in to subscribe to the newsletter when registering for an event. In both cases your first/last name and email address, are collected and shared with Mailchimp on the basis of consent.  Please be aware, Mailchimp may automatically collect certain information about your device and usage of the Services and use cookies and other tracking technologies to collect this information as indicated in their policy. Your data will be transferred to, and stored on, data servers of Mailchimp which are located in the USA.

PLEASE BE AWARE:
Mailchimp has developed its own policy with respect to the GDPR and its own terms and conditions. Please read their policy and if you do not agree with their policy and or with ECRIN sending your data to Mailchimp for the purpose stated above, do not subscribe to  or unsubscribe from our newsletter. 

On what legal basis do we process your personal data?

In order for you to subscribe to our newsletter, we will ask you to consent (1.a consent request is included in our subscription form 2.a separate subscription consent is included in the event registration form) to process your data and to send your contact information (first/last name and email address) to Mailchimp for the purpose of delivering you our newsletter.

How long do we save your data for this purpose? 

We will keep your data for as long as your newsletter subscription is active, except where we have to retain your data for longer periods as required or permitted by law. 

What happens to your data if you cancel your subscription? 

You may choose to unsubscribe at any time by clicking on the 'unsubscribe' link located at the bottom of our newsletter. 

ECRIN will then permanently delete your data (name, email) from its mailing list.

How can you exercise your rights?

I case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights see please Section 10 of the ECRIN Data Privacy Policy.
However, please be aware that according to Mailchimp deletion policy, Mailchimp will stop further processing of your data and continue to keep a record of the email address for compliance purposes. As noted in Section 7 of its Data Protection Policy, Mailchimp committed itself to ensure that such information is securely isolated and protected.

Should you have any questions concerning the way in which Mailchimp is processing your data and/or wish to exercise your rights, please let us know so you can direct your request to Mailchimp so they can respond to your request accordingly. You can also contact them directly as described in their policy, ‘Privacy for Contacts’ section.

The feedback form on the ECRIN website is intended to collect your requests or inquiries, or your feedback on services. Similarly, questionnaires using GoogleForms or RedCAP may be sent to identified stakeholders to gain insight on ECRIN activities.

What types of personal data do we process?

First name, last name, function, and contact information. 

On what legal basis do we process your personal data?

Your consent. The choice to submit (or save) the information in the feedback form (www.ecrin.org/feedback), or questionnaire (individual link) is equivalent to your consent to process your personal data for this purpose as per this Data Privacy Policy. Be sure to read and agree with the terms of the Data Privacy Policy in full before providing your consent.  

Who has access to your personal data?

Your data may be shared within ECRIN's organisation. We never pass on, sell or swap your data for marketing purposes to third parties outside ECRIN.

How long do we save your data for this purpose?

ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data. You may also contact ECRIN directly to delete your feedback form submission data or questionnaire data at: feedbacktoecrin@ecrin.org.

How can you exercise your rights?

In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights please see Section 10 of the ECRIN Data Privacy Policy.

 

ECRIN uses cookies to enhance users’ experience and to measure the effectiveness and efficiency of our website. 

Cookies help us to improve your experience and interaction with our website. The information gathered enables the website to remember your actions and preferences for a certain period of time, so you do not have to re-enter this information on future visits.

What are cookies?

Cookies are small text files that are placed on your computer / device by websites that you visit. They collect standard information such as browser type, browser language, your Internet Protocol (IP) address, and your interaction with the website. 

What cookies and how does ECRIN use on this website?

We use Google Analytics cookies. 

ECRIN collects standard information and details of visitor behaviour such as time spent on the website and on specific pages. This is achieved by checking for the unique identifier in a cookie left there on a previous visit. 
This information is collected in a way that does not identify anyone and makes no attempt to identify the individuals visiting our website. ECRIN will not associate any data gathered from this site with any personally identifying information from any source. 

All of our cookies are anonymous and session based and we hold no personal information in any of our cookies.

On what legal basis do we use cookies?

Your consent.

You can accept all or deny all the cookies on our website. By “all” we mean Google Analytics Cookies, no other cookies are used on the ECRIN website. To accept, click on the ‘Accept All’ button that pops up when you first visit the website. If you do not click on Accept All, and close the pop-up window, you are rejecting the cookies just as you are when you click on Deny All. 
You can also disable cookies directly in your browser settings.

Who has access to your data contained in cookies?

The Communications Officer (and other relevant staff members, as appropriate) have access to this data. 

How can you exercise your rights?

In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights please see Section 10 of the ECRIN Data Privacy Policy.

ECRIN organises or co-hosts many events and meetings both online and in person. In order to facilitate the organisation of these events participant personal data is required.

What types of personal data do we process?

Participants: Contact details and professional information. 

Speakers: Contact details, professional  information, on occasion this can include photo, video and or audio content. 

On what legal basis do we process your personal data?

Participants: Your consent. For ECRIN coordinated events, dedicated event registration page are developed, with specific information sheet and or specific data privacy policy. Your consent to participate in the event and to share your information with ECRIN, other organisers and services providers are required.

Speakers: Your consent. For ECRIN coordinated events, dedicated information sheet outlines the personal data and the purposes of its use. A signed consent is required to share your personal data at the event.

All: For ECRIN coordinated meetings that use online meeting tools by choosing to join the meeting you are consenting to the processing of your personal data by ECRIN and the service provider.

Who has access to your personal data?

Participants: ECRIN’s relevant internal parties and, as applicable, ECRIN service providers and organisations that co-host events together with ECRIN

Speakers: Some of your personal data may be made public in order to promote the event, to participate in the event and to provide information on the event after the fact. In other cases where it is not made public your personal data (first name, last name, image, video & audio) would be made available to the participants and ECRIN’s relevant internal parties and, as applicable, ECRIN service providers and organisations that co-host events together with ECRIN

How long do we save your data for this purpose?

All: ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data.

How can you exercise your rights?

In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights see please Section 10 of the ECRIN Data Privacy Policy.

You may also reach out to the service provider who processed your data as per their Terms & Conditions to exercise your rights within the GDPR.

For the purpose of enhancing the understanding of ECRIN’s operations promotional materials will be developed on ECRIN’s activities, events and success stories to be shared in writing & video on ECRIN’s website, print material, and social media.

An example are the written and video interviews developed within the ECRIN annual report.

The publication of these promotional materials may involve sharing the participant’s image, views, voice as well as associated personal data.

What personal data will be processed?

Contact details, job information, image, voice and video.

On what legal basis do we process your personal data?

Your specific signed consent to the various types of personal data outlined for this purpose. A dedicated consent form will be provided in advance to the recording or sharing of any personal data for the creation of promotional material. In the case of an event, this may be the same consent form (with separate consent for publication for promotional activities).

Who has access to your personal data?

ECRIN will process interviewees names, emails and images for the purposes of the promotional material. The resulting promotional material, once approved by the relevant parties, will be made widely available on ECRIN’s communication channels.

For the recording process, when in person interviews are not possible, ECRIN will be conducting the interview using the videoconferencing service (Zoom) as data processor and will possible will only record to a local computer. Use of Zoom requires the processing of the user's email address.

Any video interview or footage will be hosted by the video provider YouTube. The footage will include video of the interviewee in their area of expertise, their name and affiliation. While the interviewee name may be included in the title no other personal data (ie email) will be included.  Youtube has developed a Data Privacy policy to meet the GDPR requirements. According to their policy, the data will be processed by Google Ireland Limited (Ireland) and only for the purpose of provision of service.)

For photos taken during ECRIN coordinated meetings and events, the photos will be available on ECRIN communication channels, including social media for as long as the accounts are active, and they may also be included in print materials such as ECRIN's annual report. 

ECRIN will retain the exclusive right to use, reuse, share, publish or reproduce and to authorise others to use, publish or reproduce, internally and publicly, all or part of my participation (video footage, photographs and/or audio recording of me) without restrictions as to changes or alteration, as they are used for the promotional material for which they were developed.

In addition, the recorded material and photographs may be used without notice and without compensation, or obligation of any kind to the interviewee. ECRIN's publications can be seen throughout the world, and not just in the European Union where the data protection regulation (i.e. the GDPR) applies.

ECRIN will not use and will not authorize Zoom and/or Youtube to use the photographs/your name for other purposes than those for which they act as data processors ( see above)

How long do we save your data for this purpose?

ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data.

How can you exercise your rights?

In case you have any further questions regarding ECRIN’s handling of your data or you want to exercise your rights see please Section 10 of the ECRIN Data Privacy Policy.