Updated May 2021

The privacy and security of your personal information matters to us. The below Privacy Policy explains the ways in which we use your personal data, why it is necessary for us to use it in some situations, and the measures we take to ensure your information is safe.

The EMBRC-BE website is a major resource for information about the Research Infrastructure, where the user can find information about EMBRC-BE organisation, contact points, services, events and news and can access the majority of this information without providing any personal information. However, in some instances, your personal data is required, for example applying for access to our services or responding to a survey.

Our policy on the protection of individuals with regard to processing personal data has been developed in line with the principles set out by the Regulation (eu) 2019/1725 of the European Parliament and of the council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data (General Data Protection Regulation) as well as the relevant Belgian law, as applicable. When we refer to the ‘law’ or ‘legislation’ in this policy, we are referring to those regulations.

1.    What is the scope of this privacy policy?

This policy covers EMBRC-BE’s data processing on our website (www.embrc.be). The EMBRC-BE website may include links to third-party websites (e.g. links to news and events; EMBRC-ERIC website and EMBRC partner websites; YouTube). When you click on links to third-party websites and navigate away from the EMBRC-BE website, you may be asked to accept other terms and conditions pertaining to the third-party website. EMBRC-BE has no control over privacy policies for third-party websites. EMBRC-BE will not relay through our website any personal information that has been communicated to us, virtually or in-person (for example through email signatures, business cards, newsletter subscription, etc.).

2.    What are your rights?

Under GDPR you are entitled to see copies of all personal data held by us and to amend, correct, delete or export such data. You can also limit, restrict or object to the processing of your data. If at any point you would like to view your data in a legible format, or exercise any of the above described rights, you can make a request via any of the below contact points:

By post:  EMBRC-Belgium, Krijgslaan 281/S8, 9000 Gent (Belgium)

By email: embrc@ugent.be

By phone: +32 (0) 9 264 45 21

When you get in touch, it is our duty to respond to you as soon as possible and within a maximum of 30 days. We may ask you to verify your identity before we provide you with any personal information. GDPR stipulates that each request made must be logged.

3.    Who is responsible for your personal data?

EMBRC-BE is a national node of the EMBRC-ERIC (European Research Infrastructure Consortium) established with the European Commission Implementing Decision of 20 February 2018 (reference C(2018) 826), with the goal of providing a single access entry point to a comprehensive portfolio of services and research platforms, marine ecosystems, biological resources, E-infrastructure and metadata.

Our registered address is EMBRC-Belgium, Krijgslaan 281/S8, 9000 Gent (BE).

EMBRC-BE is the data controller of the data which we collect from you, and as such we control the ways in which your personal data are collected and the purposes for which your personal data are used.

4.   Hosting

The EMBRC-BE website is hosted by OVH, which is located in France (see the OVH Privacy Policy here).

5.    What personal data do we collect about you?

We aim to adhere to the highest standard of data privacy in alignment with GDPR. By using our website and by contacting us by email, telephone or via post, we may collect and process some of the following personal data: name, professional position, address, email address, phone number.

6.    Why do we need your data, and what do we do with it?

Any personal data we collect from our website is collected to fulfill one of the below criteria. These categories are regularly reviewed to account for changes in information gathering.

-    To send you the EMBRC-BE newsletter and manage your subscription (note: when you sign up to receive EMBRC-BE news via the sign-up bar in the website footer, you are submitting your email address to our MailChimp account; MailChimp is a third-party provider. You may access their Privacy Policy here; for information on MailChimp's compliance with GDPR in particular, click here.)

-    To measure the effectiveness and efficiency of our website

7.    Does EMBRC publish your data on its website? Is your data shared by EMBRC?

EMBRC-BE does not publish your data on our website and it is our responsibility to ensure the user’s consent before publishing any personal data, such as name and location, before integrating this into internal or external documents such as reporting or case studies.

If we do publish any personal data, such as names, it will be for a specific purpose, such as listing members of an EMBRC-BE advisory or governance body. This will only be done if your consent is explicitly provided (in writing) for this purpose.

EMBRC-BE does not share your data with third parties for commercial or marketing purposes. Your personal data may only be shared in the context of specific scientific activities and research collaboration opportunities. Some personal information may be shared with our third-party service providers (such as web hosting, newsletter software providers, online surveys, etc.) solely for the purpose of realising these services. As and when third parties have access to personal data in order to execute the above processing activities, we take the necessary organisational and contractual measures to ensure that your personal data is processed exclusively for the purposes mentioned here.

We may be obliged to share your personal data with the competent authorities, only if we are required to do so by law.

8.    How long do we keep your data?

Your data is only kept for as long as we need it or for as long as the data agreement between the user and EMBRC-BE lasts, and at least as long as is required for legal purposes (e.g. accountancy). For purposes concerning proof in judicial disputes, EMBRC-BE may store personal data for up to 10 years after the fact, which is the maximum legal term for placing personal claims.

We will actively review the information we hold and when there is no longer a legal or business need for us to hold it, we will delete it securely.

Personal information we hold for the purpose of distributing the newsletter will be kept until you notify us that you no longer wish to receive this information. If you have previously opted in to receiving emails from us, you can unsubscribe by clicking on the link in all emails from EMBRC-BE.

9.    Who has access to your data?

EMBRC-BE’s relevant internal parties have access to the data that you consent to us using.

We will never pass on, sell or exchange your data for marketing purposes to third parties outside of EMBRC. In case we use a service provider for certain data processing, we will disclose this information in the specific data policy and, as applicable, in the information notice so that you can make an informed decision about using our tools.

10.    What are cookies and how are they used?

What are cookies? Cookies are short text files placed on your computer or device by websites that you visit. The log we keep of website visits includes the following information: IP address, time information, and the URL visited, for bug tracking and to monitor for malicious visits. We also use cookies to enhance the surfing experience.

The EMBRC-BE website uses Google Analytics cookies. The user can accept or reject the cookies on the site by choosing to accept or reject the initial cookies notice.

Through cookies, we collect standard information and details of visitor behaviour such as time spent on the website and on specific pages. This is done by checking for the unique identifier in a cookie left there on a previous visit. This information is collected in a way that does not identify the visitor(s). EMBRC does not associate any data gathered from this site with any personally identifying information from any source. All of our cookies are anonymous and session based and we hold no personal information in any of our cookies.

11.    Links to other websites

The EMBRC-BE website contains links to other websites, for example through the News section or to other project pages. When you follow the links to other websites from the EMBRC-BE website, we advise you to be aware of and read their privacy policy. EMBRC-BE is not responsible for the privacy practices of other websites.

12.    What to do if you have a complaint

If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at embrc@ugent.be.

If you are not satisfied with our response or believe that we are not processing your personal data in accordance with the legislation, you have the right to make a complaint to the supervisory authority which is responsible for the protection of personal data in the country where you live or work, or in which you think the breach of data protection regulation might have taken place.  Data Protection Authority (the “Data Protection Authority”), Rue de la Presse - Drukpersstraat 35, 1000 Brussels, Belgium. Website: https://www.dataprotectionauthority.be/citizen

13.    Changes to the Privacy Policy

We may periodically update our Privacy Policy. If we make any substantial changes, these will be posted on our website so please check our Privacy Policy on a regular basis.