All content of this website [www.ehden.eu] (hereinafter the “Website”) is owned or controlled by the Consortium of the European Health and Data Evidence Network (EHDEN) Project (hereinafter referred to as the “EHDEN Consortium”). The aim of this Website is to keep the public informed about the activities of the EHDEN Consortium and its efforts in the harmonisation and standardisation of health data.
1. What data do we collect?
The Personal Data that you give to us, e.g when some areas of the Website may ask you to submit personal information, such as your name, your e-mail address, your phone number and your organisation (the “Personal Information”), in order for you to benefit from some specified features, such as newsletter subscriptions. Also, when you create an account, login in the website, contact us, send us an email, call us. A separate consent will by requested where appropriate.
2. Why do we process your personal data?
We may use data from or about you for the following purposes:
- to respond to your inquiries and fulfil your requests, such as sending you newsletters or e-mail alerts;
- to send you important information regarding our relationship with you or regarding the Website, changes to our terms, conditions, and policies and/or other administrative information;
- for IT purposes, such as enhancing our website and identifying website usage trends.
- For the EHDEN grant portal: please consult article 9 for more information.
We will only process the collected data for the purposes as described above and will not further process the data in a manner that is incompatible with those purposes.
The data will only be processed in so far necessary to achieve the above mentioned purposes. Your data will also be kept up to date where necessary (for which your input may be required and asked).
The personal data will be processed fairly, lawfully and in a transparent manner, meaning that at least one of the following legal bases applies:
- We have received your explicit consent for the processing of your personal data;
- We are obliged to process your personal data according to applicable law or court order;
- The personal data are processed in view of the legitimate interests of the EHDEN Consortium partners.
3. Who can access your Personal Data and why?
We may disclose information collected through the website in so far necessary to achieve the above mentioned purposes:
- to the EHDEN Consortium partners, for the purposes as listed above;
- to our service providers (processors) who provide services such as website hosting and moderating, mobile application hosting, data analysis, IT services, e-mail and direct mail delivery services, auditing services, and other services, in order to enable them to provide services; as we believe to be necessary, if permitted or required by applicable law.
In transferring data to processors, we will conclude a contract with such processor setting out the subject matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. We will only use processors providing sufficient guarantees to implement appropriate technical and organizational measures so that the processing of the data meets the legal requirements.
4. Do we transfer your Personal Data?
Your personal data will not be transferred to other third parties unless required or allowed by applicable law.
If the processing of your personal data would take place in a third country (i.e. a country outside the European Economic Area) which does not offer an adequate level of protection, this processing shall be carried out in accordance with the requirements and appropriate safeguards under the applicable data protection legislation, such as, entering into EU standard contractual clauses.
With your explicit consent (in so far required), we may also use and disclose information collected through the website in other ways and for any other purpose. In addition, we may use and disclose information that is not considered to be personally identifiable and thus not personal data for any purpose.
5. What are your rights with regard to your personal data?
You have the right to request, review, correct, update, or delete the personal data that you have provided via the Website as described below:
- Right to inspection: If you are capable of proving your identity, you obtain the right to acquire information about the processing of your data. Consequently, you have the right to the processing objectives, the data categories, the categories of recipients to which the data are sent, the criteria that determine the period of data storage and the rights that you can exercise with regard to your data.
- Right to correct personal data: Inaccurate or incomplete data may be corrected. It is first and foremost the User’s responsibility to make the necessary modifications to his or her “User Profile”. You may also contact us with a request to modify the data.
- Right to delete personal data: You also have the right to obtain the deletion of your personal data under the following circumstances:
- Your personal data are no longer necessary for the intended purpose;
- You revoke your consent to process your data and there is no other legal basis for processing your data;
- You have legitimately exercised your right of objection;
- Your data has been unlawfully processed;
- Your data must be deleted arising from a legal obligation.
- Deleting data is primarily related to visibility; the deleted data may remain temporarily stored.
- Right to restrict processing: In some cases, you have the right to request restrictions on the processing of your personal data. This certainly applies in the case of a dispute relating to the accuracy of data, if the data are necessary in the context of a legal procedure or during the time necessary for EHDEN to determine that you are validly able to exercise your right of deletion.
- Right to object: You have the right to object at any time to the processing of your personal data for “direct marketing” purposes, profiling purposes or purposes arising from the legitimate interests of the data controller. EHDEN will stop processing your personal data unless it can demonstrate that there are compelling legal reasons to process that prevail over your right to object.
- Right to data portability: You have the right to obtain the personal data provided to EHDEN in a structured, common and machine-readable form. In addition, you have the right to transfer such personal data to another data controller unless this is technically impossible.
- Right to withdraw consent and opt-out or unsubscribe to mailing communication: You are entitled to withdraw your consent at any time, purposes and you will receive an unsubscribe link in every communication e-mail you will receive from us.
Where consent is asked from you and you are a child below the age of 16 years, your holder of parental responsibility needs to give or authorise such consent.
6. How can I exercise my rights?
- Should you wish to exercise your rights, you must submit a written request and proof of identity by email to [firstname.lastname@example.org] or by using our ehden.eu contact form. We will answer as soon as possible and no later than thirty (30) days after having received your request.
- Option of lodging a complaint: If you are not satisfied with the processing of your personal data by EHDEN, you are entitled to lodge a complaint with the Data Protection regulator You may lodge a complaint with a supervisory authority competent for your country or region. Please click find contact information for such authorities here: http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.
7. How do we secure your data?
We use a variety of measures to keep your Personal Data confidential and secure, including restricting access to your Personal Data on a need to know basis and following appropriate security standards to protect your data.
We take every reasonable step to ensure that your Personal Data is only processed for the minimum period necessary in connection with:
- the purposes set out in this Privacy Notice;
- any additional purposes notified to you at or before the time of collection of the relevant Personal Data or commencement of the relevant processing; or
- as required or permitted by applicable law; and thereafter, for the duration of any applicable limitation period. In short, once your Personal Data is no longer required, we will destroy or delete it in a secure manner.
In case of a personal data breach, we will notify the personal data breach to:
(i) the competent supervisory authority without undue delay and, where feasible, not later than 72 hours after having become aware of it, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons and
(ii) you, the data subject without undue delay if the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons.
Please note that some sites may collect and use data differently. These sites will have a local privacy notice explaining these practices. If the user leaves the EHDEN Consortium website and visits a website operated by a third party, The EHDEN Consortium cannot be held responsible for the protection and privacy of any information that users provide when visiting such third-party websites. Accordingly, users should exercise caution and review the privacy statement applicable to the website in question.
9. EHDEN SME application portal
Article 9 is applicable to the processing of personal information when using the SME application portal only.
The SME application portal is a dedicated portal on the EHDEN website designed to receive SMEs application for the EHDEN SME certification procedure.
You can access the EHDEN SME Application Portal by following the link below. You can register yourself as a grant applicant on the main page of the application portal.
Link to Portal : EHDEN Application Portal
(A) Purpose and legal basis for handling personal information
Personal information that the EHDEN Consortium collects via the grant application portal is used for
- handling of the SME applications and administration regarding given certifications
- communication with SME applicants / certification receivers
To the register is being stored
- the information requested in the SME application forms, including personal information
- the information regarding given certification and information requested in the final report, including personal information.
- contact information regarding the SME applicant, members of a working group (…) This information, including personal information, is collected directly from the SME applicant in the portal.
In addition to this, the technical server log information and information regarding the messages between the SME applicant and EHDEN is being collected in the portal.
The basis for collecting and handling personal information is in the consent of the SME applicant. If the applicant includes personal information of other parties, such as project partners, to the grant application, then s/he needs to make sure in beforehand that it is fine for these third parties to have their personal information stored in the grant application portal.
In order for EHDEN to be able to process the application, it is required that the SME applicant provides all the personal information required to complete the application form. If the personal information required in the form is insufficient, EHDEN reserves the right to leave the application in question unprocessed.
(B) Who handles the personal information over the grant applicant in the portal?
Following groups have the right to handle the personal information over grant applicants in the portal:
- Project management office of EHDEN
- Employees of the EHDEN Consortium partners and their affiliates
- Evaluators of the SME applications, designated by EHDEN
- Persons giving technical support regarding the application portal and applications
- Auditor of EHDEN and other possibly appointed persons
Access is granted on a need-to-know basis only and only the personal information relevant for the group in question (evaluators/auditor… etc.) is being shown to them in the application portal.
(C) How is personal information in the grant application portal being protected?
The right to use the SME application portal requires a personal user name. The main user of the portal defines the level and the extent of rights in the portal regarding individual users.
In order to be able to log in, a user needs his/her own personal password to the portal. The portal is used through a protected SSL connection. The use of the portal and sign-ins are being continuously monitored.
All the information in the portal is stored in a database. The database is protected with firewalls and other technical means. The database is physically located in a closed and guarded space, accessed only by certain designated persons.
(D) How long is personal information being stored in the application portal?
- Username and personal information connected to it remains saved if the user in question has incomplete/completed applications in the portal.
- If a username remains inactive, then it will be removed. A username is automatically removed, if it has not been used during the last 4 years in the portal.
- A user can him/herself remove his/her own incomplete applications in the portal.
- EHDEN will remove all the incomplete applications after a year from the end of the grant application period.
(E) The right of a user of the SME application portal
As an applicant, a user has the access to their information by signing in to the portal and opening the application form. A user has the right and the obligation to correct possible faulty information. If a user has inquiries regarding faulty information, s/he can address a question to EHDEN using the contact form or by sending a message in the application portal.
The data collected will be your name, your e-mail address, your phone number and your organisation in order for you to benefit from the SME portal features such as creating an account, login in the website, contacting us, sending us an email, calling us
Please note that your rights related to your personal data remain unchanged. You are entitled to request your data, change it, ask for its deletion, ask for a copy in a machine-readable format and even lodge a complaint if you consider that we didn’t respect your rights. Please refer to the article 5 of this Privacy for a precise list of your rights.