The EGI Surveys service (hereinafter referred to as: “the service” or “Surveys”) allows individuals to take part in surveys managed and conducted by EGI Foundation.
This privacy notice describes how we, the EGI Foundation (hereinafter referred to as "we" or "the Data Controller"), collect and process data by which you can be personally identified (“Personal Data”) when you use the service.
In addition to the subsequent information, any survey form will include more specific information on what happens with the answers submitted through the survey form, how and how long they will be stored, and who will gain access to them.
Data controller
The EGI Foundation
Science Park 140
1098 XG Amsterdam
The Netherlands.
Data protection officer
The EGI Foundation
Data Protection Officer
Science Park 140
1098 XG Amsterdam
The Netherlands
E-mail: dpo@egi.eu
Jurisdiction and supervisory authority
Jurisdiction: NL, The Netherlands
EGI Foundation's lead supervisory authority is the Dutch Data Protection Authority. They can be contacted at https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us
Personal data processed
The service may process the following personal data:
- Identification data:
- Name
- E-mail address
- IP address
- Other identification data as far as captured by the individual survey
- Behavioural data, data allowing conclusions on the personality, biographical data, sociodemographic data:
- Data on login, access and usage of the survey site (survey.egi.eu)
- Other data in these categories are only processed as far as they are captured by the individual survey.
Purpose of the processing of personal data
The purpose of the collection, processing and use of the personal data mentioned above is:
- Conduct surveys, including the evaluation and reporting of the answers provided through the survey forms
- Monitor and maintain the stability performance and security of the survey site
Legal basis
The legal basis for processing personal data is: Legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR.
Third parties to whom personal data is disclosed
Personal data will not be used beyond the original purpose of their acquisition. If a forwarding to third parties should be necessary to answer an inquiry or to carry out a service, the approval of the data subject is considered to have been given by entering in a contract when using the respective function or service.
For the purpose given in this privacy policy, personal data may be passed to the following third parties:
- Within the EU / EEA:
- LimeSurvey GmbH (resource provider, sub-contracted data processor)
- Survey managers
- The records of your use and technical log files produced by the Check-in service components may be shared for security incident response purposes with other authorised participants in the academic and research distributed digital infrastructures via secured mechanisms, only for the same purposes and only as far as necessary to provide the incident response capability where doing so is likely to assist in the investigation of suspected misuse of Infrastructure resources.
- Outside the EU / EEA:
Any data transfer to a third country outside the EU or the EEA only takes place under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this privacy policy and any related policies adopted by the EGI Federation
Your rights
You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:
- Information about your data stored with us and their processing
- Correction of incorrect personal data
- Deletion of your data stored by us
- Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations
- Objection to the processing of your data by us
- Data portability
You can complain at any time to the supervisory data protection authority (DPA) responsible for you. Your responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at https://edpb.europa.eu/about-edpb/board/members_en.
You can contact EGI Foundation's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.
Data retention and deletion
If you enrolled for an account your personal data associated with your account is kept as long as your account is active. Your account can be deactivated on request.
The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months.
Security
We take appropriate technical and organisational measures to ensure data security and the protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access. A comprehensive overview of the technical and organisational measures taken by EGI Foundation can be downloaded from EGI Documentation Database.
Additional Policies
EGI Foundation is conforming to GEANT Code of Conduct and your personal data will be processed in accordance with the Code of Conduct for Service Providers and the EGI-doc-2732-v3: Policy on the Processing of Personal Data.
Based on the AARC Policy Development Kit (licenced under CC BY-NC-SA 4.0)
EGI surveys
