Privacy Notice for I2BC Public Websites

This Privacy Notice explains what personal data is collected by the specific I2BC services you are requesting, for what purposes, how it is processed, and how we keep it secure.

1. Which is the lawful basis for processing your personal data?

• Processing your personal data is necessary for our legitimate interest of allowing the day-to-day management, operation and functioning of I2BC.

2. What personal data do we collect? How do we use this personal data?

We collect the following personal data:

• IP addresses
• Date and time of a visit to the service website
• Operating system
• Amount of data transmitted
• Browser
• Email (only when support is requested by the user or when user wants to receive results analysis by email)

We will use the personal data:

• To provide the user access to the service
• To better understand the needs of the users and guide future improvements of the service
• To check that the Terms of Use of the service are followed
• To conduct and monitor data protection activities
• To create anonymous usage statistics
• To conduct and monitor security activities
• To answer a support request sent by the user

3. Who will have access to your personal data?

The personal data will be disclosed to:

• Authorised I2BC staff.
• Service providers which I2BC relies on to provide the service.

4. Will your personal data be transferred to third countries (i.e. countries not part of EU/EAA) and/or international organisations?

Personal data is transferred to the following service provider based in a third country that I2BC relies on to provide the service:

• Google Analytics

There are no personal data transfers to international organisations.

5. How long do we keep your personal data?

Any personal data directly obtained from you will be retained as long as the service is live, even if you stop using the service. We will keep the personal data for the minimum amount of time possible to ensure legal compliance and to facilitate internal and external audits if they arise.

• We will anonymise our web logs by removing the recorded IP address after 30 days.
• We will retain relevant security logs for 90 days

Access to the web and security logs containing personal data are restricted to the relevant I2BC staff

6. Your rights regarding your personal data

You have the right to:

1. Not be subject to decisions based solely on an automated processing of data (i.e. without human intervention) without you having your views taken into consideration.
2. Request at reasonable intervals and without excessive delay or expense, information about the personal data processed about you. Under your request we will inform you in writing about, for example, the origin of the personal data or the preservation period.
3. Request information to understand data processing activities when the results of these activities are applied to you.
4. Object at any time to the processing of your personal data unless we can demonstrate that we have legitimate reasons to process your personal data.
5. Request free of charge and without excessive delay rectification or erasure of your personal data if we have not been processing it respecting the I2BC Internal Policy for Data Protection.

It must be clarified that rights 4 and 5 are only available whenever the processing of your personal data is not necessary to:

1. Comply with a legal obligation.
2. Perform a task carried out in the public interest.
3. Exercise authority as a data controller.
4. Archive for purposes in the public interest, or for historical research purposes, or for statistical purposes.
5. Establish, exercise or defend legal claims.

Published at: September 20, 2018 - 13:42