Data privacy statement

The protection of personal data is very important to us. We observe the national and international guidelines regarding data protection, in particular, the EU General Data Protection Regulation (EU-GDPR), and would like you to know when we save which items of data and how we use them.

We reserve the right to modify our data protection provisions occasionally in order to ensure that they always comply with the current statutory requirements, or in order to implement changes in our services in the data privacy statement.

1. Name and address of the controller

In the sense of the General Data Protection Regulation (GDPR) and other national data protection laws in the EU-member states as well as other provisions of data protection law, the controller is:

INFRAFRONTIER GmbH
Coordination Office of the INFRAFRONTIER Research Infrastructure
Ingolstädter Landstraße 1
D-85764 Neuherberg
Germany

Tel.: +49 89 3187-0
Fax: +49-89-3187-3500
e-mail: vasb@vasensebagvre.rh
Website: https://www.infrafrontier.eu

2. Personal data

Personal data means all information regarding personal and material circumstances related to a specific identified or identifiable natural person. This includes information such as name, address, telephone number and e-mail address, the kind of services used, as well as IP address, MAC address and user name. Information that cannot be directly associated with your actual identity, such as the length of time spent on the website or the number of users of the website, can likewise be data that can allow a person to be identified.

We collect your personal data for various reasons, such as to process service requests, to communicate with you, to organise meetings, or in association with your job application.

3. Data collection and storage

When you use one of our contact, INFRAFRONTIER service request, strain submission, registration of interest, strain order, user feedback, or meeting and training course registration forms, or when you register for our newsletter, we require you to provide certain data, such as name, postal address, or e-mail address. We use these personal data exclusively for the purposes described in section 6 of this data privacy statement. Personal data is not passed on to third parties except when we are authorized or obligated to do so by law (e.g. for contractual or criminal law enforcement purposes) or when this is explicitly indicated in section 6 below. In this case, we follow the principle of data minimisation.

It may be possible for unknown parties to read unencrypted e-mails that you send us during their transport. Where appropriate, use other means of communication (telephone, encrypted e-mail or contact forms).

You have choices about the data we collect. When you are asked to provide personal data, you may decline. But if you choose not to provide data that is necessary to provide a service or feature, you may not be able to use that service or feature.

4. Legal basis for the processing of personal data

As far as we obtain consent from you as a “data subject” for personal data processing procedures, Article 6(1) point (a) EU-GDPR serves as the legal basis.

For the processing of personal data that is necessary for the performance of a contract to which you are a party, Article 6(1) point (b) EU-GDPR serves as the legal basis. This also applies to processing procedures that are necessary in order to take steps prior to entering into a contract.

As far as processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1) point (c) EU-GDPR is the legal basis.

If the processing is necessary to safeguard the legitimate interests of our company or of a third party, and your interests, fundamental rights and freedoms do not override the first-mentioned interests, Article 6(1) point (f) GDPR serves as the legal basis for the processing.

5. Data transfer

Your personal data will only be transferred in those cases necessitated by law, for example, to government agencies and public authorities for law enforcement resulting from attacks on our network infrastructure. Data will not be passed on to third parties for other purposes unless they are explicitly stated in section 6 of this data privacy statement.

6. Processing of data when using the different INFRAFRONTIER services

The personal data we collect, store, share, or publicly display depend on the resources, services and features you use. In general, we use the data to communicate with you, e.g. for answering general enquiries, sending service status updates, asking for feedback on user satisfaction, and informing about INFRAFRONTIER activities. Data is also used for preparing benchmarking reports to e.g. monitor the number and type of mouse strains archived or distributed, the numbers and affiliations of users, service times and user satisfaction. This data helps us to diagnose problems, and to improve our services.

We share your personal data with INFRAFRONTIER partners at EMMA nodes or mouse clinics, as appropriate, for them to provide the resources and services of our distributed research infrastructure. The INFRAFRONTIER partners listed below have access to the data by inclusion in e-mail notifications, via our internal data portal (where the partners update service progress) and on our internal benchmarking server. Database curators at CNR Monterotondo, Italy have full access to our mouse strain and user database. Employees of EMMA nodes and mouse clinics, as well as data curators, will get in touch with users directly and they will also store part of the data in their local records. These are the INFRAFRONTIER partners that have access to data:

INFRAFRONTIER GmbH, Munich, Germany
Helmholtz Zentrum München Deutsches Forschungszentrum für Gesundheit und Umwelt GmbH, Munich, Germany (EMMA node)
Institute of Molecular Genetics of the ASCR, v.v.i., Prague, Czech Republic (EMMA node)
University of Oulu, Oulu, Finland (EMMA node)
Centre Européen de Recherche en Biologie et Médecine – Groupement d’Intérêt Economique, Strasbourg, France (EMMA node)
Biomedical Sciences Research Centre Alexander Fleming, Vari/Athens, Greece (EMMA node)
Veterinärmedizinische Universität Wien, Vienna, Austria (EMMA node)
European Molecular Biology Laboratory, Hinxton, UK (EMMA node)
Agencia Estatal Consejo Superior de Investigaciones Cientificas, Madrid, Spain (EMMA node)
Centre National de la Recherche Scientifique, Orléans, France (EMMA node)
Consiglio Nazionale delle Ricerche, Monterotondo/Rome, Italy (EMMA node, data curation)
Netherlands Cancer Institute, Amsterdam, The Netherlands (EMMA node)
Fundação Calouste Gulbenkian, Oeiras, Portugal (EMMA node)
Karolinska Institutet, Stockholm, Sweden (EMMA node)
Medical Research Council, Harwell, UK (EMMA node)

EMMA archiving service

The data that is submitted to us in the context of the INFRAFRONTIER/EMMA mouse strain archiving service includes name and contact information of submitters, producers, shipping contacts, and any additional owners, along with mouse strain information, which can include genotyping protocols, welfare assessments, health reports of the animal facility, publications and manuscripts. It is forwarded to members of the INFRAFRONTIER external Evaluation Committee. If strains are accepted for archiving and not covered by a grace period, we display producer (and additional owner, if applicable) name and affiliation, as well as mouse strain information on the public EMMA strain search (example: https://www.infrafrontier.eu/search?keyword=EM:06350). Mouse strain names (without contact information) and their availability at EMMA are also displayed in the International Mouse Strain Resource (IMSR) at findmice.org. Strain details with submitter name and affiliation are forwarded to Mouse Genome Informatics (MGI) for approval of official nomenclature (http://www.informatics.jax.org/mgihome/nomen/index.shtml). IMSR and MGI are operated by the Jackson Laboratory, Bar Harbor, Maine, USA.

As it is the main purpose of a repository to store both the mouse material and the associated data indefinitely, data is not deleted, unless requested by the user.

To keep users informed about INFRAFRONTIER activities and services they might want to use in the future, e-mail addresses are added to the INFRAFRONTIER contact list (see newsletter service below). This is also our legitimate interest in processing your personal data.

EMMA distribution service

The data that is submitted to us in the context of the INFRAFRONTIER/EMMA mouse strain and GEMM ES cell distribution service includes name and contact information of principal investigators, shipping and billing contacts, information about the requested EMMA resource, the type of user (academic, service provider, industry), as well as information relevant for payment (purchase order number and VAT ID of the requesting institution).

Requests for mice that apply the TET-System technology are copied to TET Systems Holding GmbH & Co. KG, Heidelberg, Germany (see Licenses for Strains using ‘TET-System’ Technology).

Requests from for-profit users are forwarded to the original producers of the mouse strain so that requestor and producer can negotiate about conditions of transfer. In the case of for-profit requests for a subset of strains from the EUCOMM/EUCOMMTools resource, requests are forwarded to genOway, Lyon, France.

In order to communicate with users later and for internal benchmarking, data is not deleted, unless requested by the user.

We monitor the impact of our distribution service on output of the scientific community and display lists of publications that were facilitated by INFRAFRONTIER on our webpage. Therefore, we regularly search public databases for publications in which the mouse alleles we distribute have been used. To validate whether any of these publications were enabled by EMMA mouse mutants, we correlate the author lists of these publications with the names, e-mail addresses, and affiliation information of scientists who received the particular mouse strains from EMMA. This matching of author and EMMA user information is run internally at the INFRAFRONTIER/EMMA partner European Molecular Biology Laboratory, Hinxton, UK, i.e. user information is not included in external searches.

Other INFRAFRONTIER services

The data that is submitted to us in the context of other INFRAFRONTIER services for e.g. rodent model generation, systemic phenotyping, or an axenic service via e-mail or via our general service request form includes name and contact information, gender, researcher status, ORCID id, selected service type, the type of user (academic, service provider, industry), as well as a brief project description. It is forwarded to INFRAFRONTIER partners (listed above and described in detail here) for coordinating and preparing the project proposals.

In order to communicate with users later and for internal benchmarking, data is not deleted, unless requested by the user.

Open calls

The data that is submitted to us in the context of INFRAFRONTIER open calls for e.g. mouse and rat model generation, phenotyping, or a germ-free service includes name and contact information, gender, birth year, nationality, researcher status, scientific background, a list of publications, as well as a project description. It is forwarded to members of the external Evaluation Committee (members listed here). If a proposal is accepted, part of the data is also provided to the European Commission according to the modalities of the Trans-national Access (TA) instrument.

In order to communicate with users later and for internal benchmarking, data is not deleted, unless requested by the user.

Meetings and training courses

When organising meetings and training courses, INFRAFRONTIER asks applicants/participants to provide their name, e-mail address, and affiliation, as well as information on accomodation requirements, flight schedule, dietary restrictions, and any special preferences.

Registration data will be deleted from our meeting database six months after the event. However, the participant’s name and affiliation, as well as photographs taken at the meeting, may be published on the internal or public part of the INFRAFRONTIER webpage and via our social media channel as part of the meeting results. Participant’s name and affiliation are also included in the participants list, which is circulated among the meeting participants as part of the meeting booklet.

Newsletter

To keep users, project partners, and members of associated communities updated about INFRAFRONTIER activities, e-mail news are sent to the INFRAFRONTIER contact list.

The e-mail addresses of persons who have used INFRAFRONTIER/EMMA services, or who have informally enquired about them, e.g. via phone, e-mail, or our contact form, are added to this contact list. Persons who want to have their e-mail address removed can unsubscribe at https://www.infrafrontier.eu/infrafrontier-newsletter or ask to be removed ivn r-znvy.

Part of the mailings are conducted by our communication partner Cyrano Kommunikation GmbH, Münster, Germany. For these mailings Cyrano receives the current e-mail list via protected file transfer. This is also our legitimate interest in processing your personal data.

7. Use of JavaScript and Matomo

7.1 Use of JavaScript

We use JavaScript in order to provide our information to you on a variety of remote devices. This is also our legitimate interest in processing your personal data. We work with widely used public JavaScript libraries so that we can display our web pages attractively. If you do not want this, please use your browser settings or add-ons, such as NoScript for Firefox, for example, in order to prevent the execution of these scripts. This may limit the functionality of our web offer.

7.2 Matomo

For statistical data collection purposes we employ the web analytics tool Matomo.

If you have not consented to the use of Matomo you prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

Data collected by Matomo

If you have consented to the use of Matomo, the following data are being recorded by our Matomo server and considered by the usage statistics.

Basic data:

IP address, shortened for anonymity
A cookie to distinguish different visitors
The previously visited URL (referrer), insofar as it has been transmitted by your browser
Name and version of your operating system
Name, version and language settings of your browser

Additional data, if JavaScript is active:

URLs visited in this website
Time stamps of visits
Types of HTML requests
Screen resolution and colour depth
Technical processes and formats supported by your browser (e.g. cookies, Java, Flash, PDF, WindowsMedia, QuickTime, RealPlayer, Director, SilverLight, Google Gears)

8. Application log files

For technical reasons, our servers and applications save personal details upon your visit to our websites in their log files. This is also our legitimate interest in processing your personal data. However, these data are only used for the immediate provision of our services, for troubleshooting purposes or for attack prevention and will be deleted automatically.

The following data are saved:

Your IP address
Date and time of your website visit
The address of the site visited
The address of the previously visited website (referrer)
Name and version of your browser / operating system (if transmitted by your browser)
Your e-mail address (e.g. when using the contact form)

9. Integrating services and contents of third parties

  It is possible that the contents of third parties are integrated into our online offer. This always requires that the provider of these contents (referred to in the following as the third-party provider) stores the IP addresses of the users. Without the IP address, the contents cannot be sent to the particular user’s browser. The IP address is consequently necessary to display these contents. We endeavour to use only contents whose providers use the IP addresses solely to deliver the contents. However we have no influence if the third-party provider stores the IP addresses for other purposes, such as statistical ones. Any time we are aware of such storage, we explain it to the users.

10. Linking to other websites

As the provider of our website, we are responsible for the contents of our own online offer. However, we have no influence on the compliance of the operators of websites that are linked to us with the relevant data protection regulations. We therefore accept no liability for the contents of external websites.   If you follow a hyperlink, your data will be sent to that website’s provider when you call up the external website. When you use external links and applications, the data protection guidelines of that particular provider apply. That provider is solely liable for damages resulting from incorrect or even illegal contents on its website.

11. Privacy policy for social media channels

11.1 General information

We appreciate your interest in our presence on the social media channels. We would like to give you an overview of what data is collected, used and stored by us on these channels and what rights you have with regard to this. Details on the social networks used by us can be found under section 11.5 of this privacy statement.

Social networks such as Facebook, Twitter, LinkedIn etc. can generally analyze your user behavior comprehensively when you visit their website, or a website with integrated social media content (e.g. like buttons or advertising banners). Visiting our social media channels triggers numerous data protection-related processing operations, which we would like to explain to you in more detail:

If you are logged into your social media account and visit our social media channel, the operator of the social media portal can assign this visit to your user account. However, there may be occasions when your personal data may also be collected if you are not logged in or do not have an account with the respective social media portal. In such circumstances, this data collection takes place, for example, via cookies, which are stored on your terminal device or by collecting your IP address.

With the help of the data collected in this way, the operators of the social media portals can create user profiles in which your preferences and interests are stored. By doing this, interest-based advertising can be displayed to you inside and outside the respective social media presence. If you have an account with the respective social network, the interest-based advertising may be displayed on all devices on which you are or were logged in.

Please also note that we are unable to track all processing steps on the social media portals. Depending on the provider, further processing procedures may therefore be carried out by the operators of the social media portals. For details, please refer to the terms of use and data protection provisions of the respective social media portals.

11.2 Responsible party and assertion of rights

If you visit one of our social media channels, we are jointly responsible with the operator of the social media platform for the data processing operations triggered during this visit. In principle, you can assert your rights (access to information, rectification, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Twitter).

Please note that it cannot be ruled out that the respective provider of the social media platform will use your profile and behavioural data, for example, to evaluate your habits, personal relationships, preferences, etc. This data may be used for other purposes. In this respect, we have no influence on the processing of your data by the provider of the social media platform, as it is determined by their corporate policy.

If you wish to assert your rights as a data subject against us, you can find the contact details in section 1 of this privacy statement.

If you wish to assert your rights against one of the operators of the social media platforms, please contact them directly. A list of the social media channels operated by us can be found under section 11.5 of this privacy statement.

11.3 General information on data processing

11.3.1 Scope and purpose of the processing of personal data

The data you enter on our social media channels, such as comments, videos, images, likes, etc., are published by the respective social media platform and are not used or processed by us for any other purpose at any time. We only reserve the right to delete content if this should be necessary. If applicable, we share your content on our site if this is a function of the social media platform and communicate with you via the social media platform.

11.3.2 Legal basis for the processing of personal data

Our social media presences are intended to ensure the most comprehensive presence possible on the Internet and serve our public relations work. This is a legitimate interest within the meaning of Art. 6(1) point (f) EU-GDPR. When contacting us via a social media platform, your inquiries will be processed with your consent and for the purpose of processing and handling the contact inquiry in accordance with Art. 6(1) point (a) and (b) EU-GDPR. The analysis processes initiated by the social networks may be based on different legal bases to be specified by the operators of the social networks (e.g. consent within the meaning of Art. 6(1) point (a) EU-GDPR).

11.3.3 Data deletion and storage duration

The personal data collected directly by us via the social media presence will be deleted from our systems as soon as the purpose for storing it no longer exists, you request us to delete it, or you withdraw your consent to its storage. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected. We have no influence on the storage period of your data, which is stored by the operators of the social networks for their own purposes. For details on this, please contact the operators of the social networks directly (e.g., in their privacy policy, see section 11.5 of this privacy statement).

11.4 Disclosure of personal data

We will only pass on your personal data to third parties if:

you have given your express consent to do so in accordance with Art. 6(1) point (a) EU-GDPR,
the disclosure is necessary for the assertion, exercise or defense of legal claims pursuant to Art. 6(1) point (f) EU-GDPR and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
there is a legal obligation for the disclosure pursuant to Art. 6(1) point (c) EU-GDPR, or
this is necessary for the processing of contractual relationships with you according to Art. 6(1) point (b) EU-GDPR.

Any further transfer outside our company will not take place.

11.5 Social networks in detail

11.5.1 Twitter

We have a profile on Twitter. The provider is Twitter, Inc, 1355 Market Street #900, San Francisco, California 94103, USA.

For details and options for contacting Twitter as a data subject, please refer to Twitter’s privacy policy: https://twitter.com/de/privacy.

11.5.2 LinkedIn

We have a profile on LinkedIn. The provider is LinkedIn Corporation, 1000 West Maude Avenue, Sunnyvale, California 94085, USA.

For details and options for contacting LinkedIn as a data subject, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

12. Exercise of rights applying to data subjects

As a user of this website, you have the right to withdraw your consent to the use of your data at any time and to demand, at no cost, information regarding the scope, origin and receivers of your personal stored data, as well as the purpose of the storage. You can freely withdraw the consent at any time with an explicit request communicated ivn r-znvy. You can furthermore exercise your rights to restriction, erasure or rectification of your personal data. If you would like to have your personal data that we have stored corrected, or if you require a copy of certain personal information that have been passed on, or if you learn of inaccurate information, please also contact us. We are, however, obligated to verify your identity and further details before we can provide you with information or correct incorrect information. We shall contact you within 30 days following the successful verification of your identity and the further details. Furthermore you have the right to obtain the data we hold about you in a structured, commonly-used and machine-readable format, and to transmit that data to another controller without hindrance, or to arrange for us to transmit the data.

In the cases where we rely on our legitimate interest to process your personal data you have the right to object to this processing, provided there are grounds for doing so relating to your particular situation. If you object, your data will no longer be processed unless we can demonstrate compelling legitimate grounds for processing that override your interests, rights and freedoms, or where processing is required to establish, assert or defend legal claims.

You have the right to lodge a complaint with a supervisory authority, if you consider that the processing of personal data to you infringes the GDPR.

13. Contact

Please feel free to contact us ivn r-znvy if you have any questions regarding this data protection statement.