Privacy Notice for EGA Public Website
This Privacy Notice explains what personal data is collected by the specific service you are requesting, for what purposes, how it is processed, and how we keep it secure.
1. Who controls your personal data and how to contact us?
European Genome- Phenome Archive - EGA offers a service for permanent archiving and sharing of all types of personally identifiable genetic and phenotypic data resulting from biomedical research projects, jointly managed by European Molecular Biology Laboratory – European Bioinformatics Institute (EMBL-EBI) and Fundació Centre de Regulació Genòmica - Centre for Genomic Regulation (CRG).
EMBL-EBI and CRG represent joint Data Controllers’ of processing of your personal data. They and their Data protection officers may be contacted for data protection queries and for exercising your rights under Section 8.
You may contact EMBL-EBI, represented by dr. Thomas Keane, by:
- email at: firstname.lastname@example.org or
- post at EMBL-EBI, Wellcome Genome Campus, CB10 1SD Hinxton, Cambridgeshire, UK.
EMBL’s Data Protection Officer may be contacted by:
- telephone at +49 6221 387-8590,
- email at email@example.com , or
- post at EMBL Heidelberg, Data protection officer, Meyerhofstraße 1, 69117 Heidelberg, Germany.
You may contact CRG, whose EGA team is represented by dr. Jordi Rambla de Argila, by:
- email at firstname.lastname@example.org, or
- post at Fundació Centre de Regulació Genòmica - Centre for Genomic Regulation (CRG), Dr.Aiguader 88, PRBB Building, 08003 Barcelona, Spain.
CRG Data protection officer may be contacted by:
- email at email@example.com
- post at Fundació Centre de Regulació Genòmica - Centre for Genomic Regulation (CRG), C/ Dr. Aiguader, 88, PRBB Building, 08003 Barcelona, Spain.
2. Which is the lawful basis for processing personal data?
For providing you access to the website and for offering support whilst using the website, we need your consent under Article 5 (2) of the IP 68 (equivalent to Article 6 (1)(a) of the GDPR).
For monitoring your activities on the website, we process your personal data on the grounds of important public interest. Such legal basis is found in Article 5(1)(a) of EMBL Internal Policy No 68 on General Data Protection (hereinafter IP 68), which is equivalent to Article 6 (1)(e) of the EU General Data Protection Regulation (hereinafter GDPR) and upon which personal data are processed for the achievement of the aims laid down in 1973 agreement establishing EMBL, such as the promotion of the cooperation in the fundamental research, in the development of advanced instrumentation and in advanced teaching in molecular biology and dissemination of information.
3. What personal data is collected from users of the service? How do we use this personal data?
We collect the following personal data from you:
- IP addresses
- Date and time of a visit to the service website
- Operating system
- Amount of data transmitted
- Email address (only when support is requested by the user)
The data controller will use your personal data for the following purposes:
- To provide the user access to the service
- To better understand the needs of the users and guide future improvements of the service
- To better understand the needs of the website visitors and guide future improvements of the service
- To conduct and monitor website security activities
- To create anonymous usage statistics
4. Who will have access to your personal data?
The personal data will be disclosed to:
- Authorised staff in the data controller’s institutions acting on data controller`s behalf and instructions.
5. Will your personal data be transferred to third countries (i.e. countries not part of EU/EEA) and/or international organisations?
There are no personal data transfers to third countries or international organisations.
6. How long do we keep your personal data?
Any personal data directly obtained from you will be retained as long as the service is live. Such duration serves the purpose of enabling scientific research and ensures legal compliance and facilitates internal and external audits if they arise.
By contrast, the log files for the data categories related to anonymous usage statistics (raw web service logs) are processed only for 30 days and thereafter erased.
7. The joint Data Controllers provide these rights regarding your personal data
You have the right to:
- Not be subject to decisions based solely on an automated processing of data (i.e. without human intervention) without you having your views taken into consideration.
- Request at reasonable intervals and without excessive delay or expense, information about the personal data processed about you. Under your request we will inform you in writing about, for example, the origin of the personal data or the preservation period.
- Request information to understand data processing activities when the results of these activities are applied to you.
- Object at any time to the processing of your personal data unless we can demonstrate that we have legitimate reasons to process your personal data.
- Request free of charge and without excessive delay rectification or erasure of your personal data if we have not been processing it respecting the data protection policies of the respective controllers.
It must be clarified that rights under points 4 and 5 are only available whenever you need support whilst using our website. For other processing based on the grounds of important public interest you cannot exercise your rights to object, rectify or erase your personal data according to the Article 13(2)(a)(b) of IP 68 (equivalent to Article 17(3)(b)(d) and Article 21(6) of the GDPR).
8. Supervisory authority
If you wish to complain against the processing of your personal data, you may do so by post at:
- EMBL Heidelberg, Data Protection Committee, Meyerhofstraße 1, 69117 Heidelberg, Germany, or
- Autoritat Catalana de Protecció de Dades (Catalan Data Protection Authority), C/Rosselló 214, Esc A, 1r 1a, Barcelona 08008, Spain.
February 6, 2019