Privacy Statement

Privacy Statement EURAXESS

Protection of your personal data

1. Introduction

This privacy statement explains the reason for the processing, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The European institutions are committed to protecting and respecting your privacy. As this service/application collects and further processes personal data, Regulation (EC) N°45/2001 (OJ L8 of 12/01/2001) of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, is applicable.

This statement concerns the EURAXESS web-portal. The EURAXESS initiative aims at facilitating the mobility of researches in the European Research Area and beyond. For this, it makes possible for the portal-registered users to look for such opportunities.

This service is under the responsibility of the Head of Unit B.2 of the Directorate-General for Research and Innovation (DG RTD).

2. Why do we process your data?

Purpose of the processing operations: DG RTD (referred to hereafter as Data Controller) collects and uses your personal information to create a pan-European network of researchers, recruiters/funders and supporting national centres.

The processing is lawful because:

• Your data are processed only after you have accepted the provisions of this privacy statement, published on the web-portal (article 5(d) of the Regulation);
• It is necessary for the performance of a public interest tasks, namely helping mobility of Researchers in Europe and worldwide (Article 5(a));
• It is necessary in order to take steps at the request of the data subject prior to entering into a contract if successful, namely an employment contract (Article 5(c)).

In addition, the registration of the members of the EURAXESS Centres and of the recruiters/funders must be validated by the Controller/his Processors before the concern persons can use the service.

In any case, the data are collected for specified, explicit and legitimate purpose and not further processed in a way incompatible with this purpose.

These processing operations of personal data do not fall under article 27 of the Regulation and have not been "Prior-Checked" by the EDPS[1].

3. Which data do we collect and process?

The personal information required for the creation of a EURAXESS account is limited to the data necessary to identify a person, which is: e-mail address, the first and last name, the current living country, their organisation/company (mandatory to create an account), the current job position , the collaboration with Researchers and Institutions, the provided by the user (optional).

In addition, users may provide additional information such as address, current job position, department, collaboration with researchers, collaboration with institutions, contact details, social accounts and personal website, any other information.

Also, users can optionally create a researcher profile with the following additional information: researcher’s profile, main research field, highest education level and discipline(s) (mandatory to create a Researcher profile), years of research experience, , publications/patents, spoken languages, job preferences, participation in Science4Refugees initiative, in other EU projects, desired job, preferred organisation, work country, type of contract, notice period and attach their CV file (optional).

The more information is provided, the higher the chances are of being found via the search functions.

If you have agreed to be part of EURAXESS mailing lists, you have the ability to unsubscribe at any time.

4. How long do we keep your data?

User data is retained as long as the user continues to use EURAXESS. Accounts are removed after five (5) years of inactivity. After one year, an email is sent to the data subject to offer the possibility to delete or update his/her account.

You can request to have your account deleted at any time. When an account is deleted, all related data are deleted with.

5. How do we protect your data?

All data in electronic format (e-mails, documents, uploaded batches of data etc.) are stored either on the servers of the European Commission or of its contractors; the operations of which abide by the European Commission’s security decision of 16 August 2006 [C(2006) 3602] concerning the security of information systems used by the European Commission.

The Commission’s contractors are bound by a specific contractual clause for any processing operations of your data on behalf of the Commission, and by the confidentiality obligations deriving from the transposition of Directive 95/46/CE in their establishment countries (for this specific service Italy[2] and Luxembourg[3]).

6. Who has access to your data and to whom is it disclosed?

Access to your data is provided to authorised staff of the Controller and its Processors according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements and contractual provisions.

Data provided by members and organisations are accessible to other members and organisations, and to the EURAXESS Centres members.

All users can always opt in or out of being visible to other users.

In addition, users can select to have personal information, such as name and email, hidden from other users.

The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.

7. What are your rights and how can you exercise them?

According to Regulation (EC) n°45/2001, you are entitled to access your personal data and rectify and/or block it in case the data is inaccurate or incomplete. You can exercise your rights by contacting the data controller, or in case of conflict the Data Protection Officer and if necessary the European Data Protection Supervisor using the contact information given at point 8 below.

8. Contact information

If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact the Data Controller using the following contact information:

The Data Controller:

• DG RTD Unit B.2
• Telephone number +32 229 93781
• Fax number 64287
• RTD-RMP@ec.europa.eu

The Data Protection Officer (DPO) of the Commission: DATA-PROTECTION-OFFICER@ec.europa.eu

In case of conflict, and preferably after a first contact with the Controller, the European Data Protection Supervisor (EDPS): edps@edps.europa.eu.

9. Where to find more detailed information?

The Commission Data Protection Officer publishes the register of all operations processing personal data. You can access the register on the following link:

http://ec.europa.eu/dpo-register

This specific processing has been notified to the DPO with the following reference:

DPO-3806.

[1]European Data Protection Supervisor (EDPS) (Website: https://secure.edps.europa.eu/EDPSWEB/edps/EDPS)

[2] Legge n. 675 del 31 dicembre 1996 - Tutela delle persone e di altri soggetti rispetto al trattamento dei dati personali; Data Protection Code - Legislative Decree no. 196/2003.

[3] Loi modifiée du 2 août 2002 relative à la protection des personnes à l'égard du traitement des données à caractère personnel ; Loi modifiée du 30 mai 2005 relative aux dispositions spécifiques de protection de la personne à l'égard du traitement des données à caractère personnel dans le secteur des communications électroniques et portant modification des articles 88-2 et 88-4 du Code d'instruction criminelle.