In all cases, the BBMRI-NL initiative complies with the applicable laws and regulations. This means that:
• Processing of your personal data is limited to data minimally needed for the purposes they are processed for;
• We have taken appropriate technical and organisational measures to safeguard the security of your personal data;
• We are aware of your rights regarding your personal data, we want to point these out and will respect those.
Special Notice – if you are under 18 years old
Our website is not aimed at children under 18 years old and we will not collect, use, provide or process in any other form any personal data of children under the age of 18 deliberately. We therefore also ask you, if you are under 18 years old, please do not send us your personal data (for example, your name, address and email address). If you are under 18 years old and you nevertheless wish to ask a question or use this website in any way which requires you to submit your personal data, please get your parent or guardian to do so on your behalf.
Who is responsible for the personal information collected on this site?
The data we collect from you
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together below as follows:
– Notification and Communication Data which includes information you provide us for subscribing to our email notifications and/or newsletters, the communication content and metadata associated with the communication. Our website will generate the metadata associated with the communications made using website contact forms.
– Technical Data which includes your internet protocol ([IP) address, geographical location, time zone setting, browser plug-in types and versions, operating system and platform. The source of usage data is Google Analytics.
We do not collect any Special Categories of Data which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientations, political opinions, trade union membership, information about your health and genetic and biometric data.
How we use your personal data
One of the purposes of our website is to inform you of who we are and what we do. We have set out below in table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified our legitimate interest, where appropriate. Please note that we may process your data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
If at any time you wish us to stop using your personal data for any or all of the purposes set out in the table, please contact us (details below). Unless otherwise restricted by any applicable law, we will stop the use of your personal data for such purposes as soon as it is reasonably possible to do so.
|Purpose/Activity||Type of Data||Lawful basis for processing including basis of legitimate interest|
|To send newsletters and invitations for events||Notification and Communication Data||Consent|
|Analysing the use of the website and services||Usage Data||Consent / Our Legitimate Interest, namely monitoring and improving our website and services|
|Record-keeping||Notification and Communication Data
|Our Legitimate Interest, namely the proper administration of our website and business|
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
Please note that in addition to the instances set out above we may need to process your personal data without your knowledge or consent where this is required or permitted by law or in order to protect your vital interests or the vital interests of another person.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.
Disclosure of your Personal Data
As part of the administration of our Website we might need to share your personal data with third parties such as:
– Service Providers located in The Netherlands acting as processors who provide IT and system administration services. In particular, Lygature employs the services of Elonisas to act as the Hosting Provider. The Hosting Provider hosts all data received through the Website on their secured server. Lygature employs Tamara de Haas as the Site Developer. The Site Developer maintains and develops the Website. Lygature will, at all times, control and be responsible for the use of your information and ensure that the Hosting Provider and Site Developer processes your personal data in accordance with all applicable data protection laws.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for the purposes that we have agreed with you and in accordance with our instructions. We request those third parties to implement adequate levels of protection in order to safeguard your personal data.
We will get your express opt-in consent before we share your personal data with any third party for marketing purposes. You can ask us or third parties to stop sending you marketing messages at any time by [following the opt-out links on any marketing message sent to you or] contacting us at any time.
Some of the third parties identified in the section above are located outside of the European Economic Area (EEA) so the processing of your data will involve a transfer of data outside of the EEA. Whenever we transfer your data out of the EEA we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
– We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
– Where we use certain service providers we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe.
– Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US.
We respect your personal data and therefore, we will take steps to ensure that your privacy rights continue to be protected if we transfer your personal data outside of the EEA in this way. In addition, if you use our services while you are outside the EEA, your personal data may be transferred outside the EEA in order to provide you with those services.
Keeping our records accurate
We aim to keep your personal data as accurate as possible. If you would like to review, change or delete the details you have supplied us with, please contact us as set out below.
Security of your personal data
We have implemented appropriate security measures and policies with the objective of protecting your personal data from unauthorized access and improper use and will update these measures as new technology becomes available, as appropriate. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instruction and they are subject to a duty of confidentiality.
We only retain personal data for as long as is reasonably necessary to fulfil the purposes we collected it for, including the purpose of satisfying any legal, regulatory or reporting requirements. We may retain your personal data for a longer period in the event of complaint or if we reasonably believe there is a prospect of litigation. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data and the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory or other requirements.
Use of your personal data submitted to other websites
Under certain circumstances you have rights under data protection laws in relation to your personal data. Some of the rights are complex and not all of the details have been included in the summary below. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.
Your principal rights under data protection law are:
– The right to access: this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
– The right to rectification: this enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide us.
– The right to erasure: this enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. Note, however, that we may not always be able to comply with your request for erasure for specific legal reasons which will be notified to you, if applicable, at the time of the request.
– The right to object to processing: this enables you to object to our processing of your data if you feel it impacts your fundamental rights or freedoms. You also have the right to object to processing where we are using data for direct marketing purposes. Note, however, that in some cases we may demonstrate we have a compelling legitimate ground to process your information that overrides your fundamental rights or freedoms.
– The right to restrict processing: this enables you to ask us to suspend the processing of your data if you want us to establish the data’s accuracy, where processing us unlawful but you oppose erasure, we no longer need the personal data for processing but you require us to hold it for the establishment, exercise or defence of legal claims ad you have objected to the grounds of processing but we need to verify if we have overriding legitimate grounds to use it
– The right to data portability: this enables you to ask us to transfer the personal data to you or a third party chosen by you. Note this right only applies to automated information you initially provided consent for is to use or where we use this information to perform a contract with you data
– The right to complain to a supervisory authority
– The right to withdraw consent: this applies when you have provided your consent to our processing but does not affect the lawfulness of processing carried out before your withdraw your consent.
If you wish to exercise any of the rights set out above, please contact us (details below). We may need to request specific information from you in order to help us confirm your identify and ensure your rights to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
How you can contact us