ECRIN - European Clinical Research Infrastructure Network

Data Privacy Policy

The ECRIN website is a central resource for information about the ECRIN organisation, its services, tools, projects, news, events, and publications as well as other resources related to clinical trials. Although you can consult our website without giving any personal information, in some cases your personal data is required (e.g. in case you would like to submit a Feedback form, or would like to subscribe to our newsletter). This privacy policy statement is meant to explain to you the way in which we process and protect your personal data on ECRIN's website.

Our policy on protection of individuals with regard to the processing of personal data is based on the principles set out by the by the Regulation (eu) 2018/1725 of the European parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data (the GDPR) as well as the relevant French law, as applicable. 

1.    WHAT IS THE SCOPE OF THIS DATA PRIVACY POLICY?

This policy covers ECRIN's data processing on our website (www.ecrin.org).

Please be aware that ECRIN has developed specific data privacy policies for data processing not related to ECRIN's website (e.g. projects, travel). 

Also please note that ECRIN's website may provide links to third-party sites (e.g. YouTube, ECRIN partner websites to communicate about events). When you click on links to visit third-party websites, you may need to accept their specific terms and conditions and cookie policies as ECRIN has no control over their privacy policies.

2.    WHAT PERSONAL DATA DO WE COLLECT ABOUT YOU? 

The following personal data might be required when you access and use our website: 

First name, Last name, Email address, function

3.    FOR WHAT PURPOSE DO WE COLLECT YOUR DATA?

Any collection and processing of personal data on our website is for one of the following defined purposes: 

  1. To send you ECRIN's newsletter and to manage your subscription 
  2. To gather your feedback on ECRIN services collected via the ECRIN Feedback form (e.g. to respond to your requests or inquiries)
  3. To measure the effectiveness and efficiency of our website. 

Specific information for each of the above purposes is detailed below.

4.    DOES ECRIN PUBLISH YOUR DATA ON ITS WEBSITE?

ECRIN does not publish any of your personal data on its website, unless you have specifically provided your consent for a given purpose. 

5.    ON WHAT GROUNDS DO WE PROCESS YOUR DATA? 

As a general rule, we process your personal data on the basis of your CONSENT to ECRIN's processing of your personal data. 

In some cases, we could consider other lawful bases such as the legitimate interest of ECRIN. In this case, we will carefully consider your rights and obligations and we will inform you about your data protection rights by adequate means. 

6.    WHERE DO WE STORE YOUR DATA?

All information provided by you is gathered securely through the SSL (SecureSockets Layer). A SSL is a protocol that encrypts your information into codes so that your information is kept secure while being transmitted via the Internet.

7.    WHO HAS ACCESS TO YOUR DATA?

ECRIN’s relevant internal parties.

For instance, ECRIN’s Communications Officer has access to the data that you provide via our website for newsletter subscription. 
Relevant internal parties have access to the data that you provide via the feedback form.
 
We never pass on, sell or swap your data for marketing purposes to other third parties outside ECRIN.

In case we use a service provider for certain data processing, we will disclose this information in the specific data policy and, as applicable, in the information notice so that you can make an informed decision about using our tools.

8.    HOW LONG WILL ECRIN RETAIN YOUR PERSONAL DATA? 

ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data. 

9.    WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR DATA ON OUR WEBSITE?  

ECRIN acts as the data controller of the processing of your personal data for the purposes stated above. In case ECRIN acts as a joint controller or a data processor, we will inform you via the information notice or other adequate means. 

DATA CONTROLLER: EUROPEAN CLINICAL RESEARCH INFRASTRUCTURE NETWORK (ECRIN)
5 rue Watt
75013 
Paris, France
Registration number: 801 933 235

10.    WHAT ARE YOUR RIGHTS?

ECRIN will ensure that you can exercise your rights pertaining to your personal data. 
To that end, ECRIN informs you that you are entitled: 
a)    to have access, upon simple request, to your personal data – in which case you may receive a copy of such data (if requested)
b)    to obtain a rectification of your personal data should your personal data be inaccurate, incomplete or obsolete ("right to rectification")
c)    to obtain the deletion of your personal data ("right to be forgotten");
d)    to withdraw your consent to the data processing (where your personal data has been collected and processed on the basis of your consent);
e)    to request a limitation of the data processing in the situations set forth by applicable law ("right to restrict processing");
f)    to receive your personal data (data which you provided to ECRIN) in a structured, commonly used and machine-readable format and to transmit those data to another controller ("data portability right" allowed only where the processing is based on your consent and the processing is carried out by automated means) 
g)    to file a complaint to the French supervisory authority, CNIL (French data protection authority), located at: 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 .
You can also check the CNIL website: https://www.cnil.fr/fr/cnil-direct/question/adresser-une-reclamation-plainte-la-cnil-quelles-conditions-et-comment

In case we are processing your data on a different legal ground, we will inform you about your data protection rights by adequate means. 
If you have any questions about how your personal data is being processed within this context or if you would like to exercise your data subject rights, please email your request to contact@ecrin.org and we will refer you to our Legal manager.  

SPECIFIC INFORMATION FOR EACH OF THE ABOVE PURPOSES IS DETAILED BELOW

PURPOSE 1: To send you ECRIN's newsletter and to manage your subscription 

What types of personal data do we process for this purpose?

First name, Last name, and Email address. 

Who has access to your personal data?

  • ECRIN's staff in charge of the website.
  • The provider which we use to send you our newsletter. Currently, we use a very popular provider Mailchimp, which is an online marketing platform operated by The Rocket Science Group LLC, a company headquartered in the State of Georgia in the United States. Mailchimp is self-certified to the Privacy Shield. Their tools are only used to send you ECRIN's newsletter. 

PLEASE NOTE: 
Apart from your first/last name and email address, we do not send any other personal data to Mailchimp. However, Mailchimp may automatically collect certain information about your device and usage of the Services and use cookies and other tracking technologies to collect this information as indicated in their policy. Your data will be transferred to, and stored on, data servers of Mailchimp which are located in the USA.

PLEASE BE AWARE:
Mailchimp has developed its own policy with respect to the GDPR and its own terms and conditions. Please read their policy and if you do not agree with their policy and or with ECRIN sending your data to Mailchimp for the purpose stated above, do not subscribe to /unsubscribe from our newsletter. 

On what legal basis do we process your personal data?

In order for you to subscribe to our newsletter, we will ask you to consent (a consent request is included in our subscription form) that we process your data and that we send your contact information (first/last name and email address) to Mailchimp for the purpose of delivering you our newsletter.

How long do we save your data for this purpose? 

We will keep your data for as long as your newsletter subscription is active, except where we have to retain your data for longer periods as required or permitted by law. 

What happens to your data if you cancel your subscription? 

You may choose to unsubscribe at any time by clicking on the 'unsubscribe' link located at the bottom of our newsletter. 

ECRIN will then permanently delete your data (name, email) from its mailing list. 
However, please be aware that according to Mailchimp deletion policy, Mailchimp will continue to keep a record of the email address for compliance purposes. As noted in Section 7 of its Data Protection Policy, Mailchimp committed itself to ensure that such information is securely isolated and protected from any further processing. 

Should you have any questions concerning the way in which Mailchimp is processing your data and/or wish to exercise your rights, please let us know so you can direct your request to Mailchimp so they can respond to your request accordingly. You can also contact them directly as described in their policy, ‘Privacy for Contacts’ section.

PURPOSE 2: To gather your feedback on ECRIN services collected via the ECRIN feedback form 

The form is intended to collect your requests or inquiries, or your feedback on services.

What types of personal data do we process?

First name, last name, function, and contact information. 

On what legal basis do we process your personal data?

Your consent. Once you have carefully read the feedback form (www.ecrin.org/feedback), as well as our privacy policy, and you decide to submit the form, you are providing us with your consent to process your personal data for the purpose of submitting your feedback. 

Who has access to your personal data?

Your data may be shared within ECRIN's organisation. We never pass on, sell or swap your data for marketing purposes to third parties outside ECRIN.

How long do we save your data for this purpose?

ECRIN will retain and process your personal data for as long as it deems relevant, and subject to applicable law, to fulfil the purpose(s) for which the data were collected. After such time, ECRIN will delete your personal data. You may also contact ECRIN directly to delete your feedback form submission data at: feedbacktoecrin@ecrin.org

PURPOSE 3: To measure the effectiveness and efficiency of our website 

ECRIN uses cookies to enhance users’ experience and to measure the effectiveness and efficiency of our website. 

Cookies help us to improve your experience and interaction with our website. The information gathered enables the website to remember your actions and preferences for a certain period of time, so you do not have to re-enter this information on future visits.

What are cookies?

Cookies are small text files that are placed on your computer / device by websites that you visit. They collect standard information such as browser type, browser language, your Internet Protocol (IP) address, and your interaction with the website. 

What cookies and how does ECRIN use on this website?

We use Google Analytics cookies. 

ECRIN collects standard information and details of visitor behaviour such as time spent on the website and on specific pages. This is achieved by checking for the unique identifier in a cookie left there on a previous visit. 
This information is collected in a way that does not identify anyone and makes no attempt to identify the individuals visiting our website. ECRIN will not associate any data gathered from this site with any personally identifying information from any source. 

All of our cookies are anonymous and session based and we hold no personal information in any of our cookies.

On what legal basis do we use cookies?

Your consent.

You can accept or reject the cookies on our website. To accept, click on the ‘Accept’ button that pops up when you first visit the website. If you do not click on Accept, and close the pop-up window, you are rejecting the cookies. 
You can also disable cookies directly in your browser settings.

Who has access to your data contained in cookies?

The Communications Officer (and other relevant staff members, as appropriate) have access to this data. 

Please note that the content of this Website Privacy Policy may be updated from time to time. Therefore, we advise you to visit the page of this Website Privacy Policy regularly to verify any updates.

Updated: 20/12/2019