Personal Data Protection and Privacy Policy

Effective date: 20 November 2019

Website content disclaimer

The information contained on https://openrisknet.org/ website (the "Service") is for general information purposes only.

OpenRiskNet consortium (“OpenRiskNet”, the “author”, "us", "we", or "our") maintains this website to enhance public access to information about the project and its outcomes. Our goal is to keep this information timely and accurate. If errors are brought to our attention, we will correct them as soon as possible. However, we assume no responsibility for errors or omissions in the content on the Service.

This information about the project and its outcomes is

• of a general nature only and not intended to address the specific circumstances of any particular individual or entity;
• not necessarily comprehensive, complete, accurate or up to date;
• sometimes linking to external sites over which we have no control and for which we assume no responsibility.

In no event shall OpenRiskNet be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever. OpenRiskNet reserves the right to make additions, deletions, or modifications to the content on the Service at any time without prior notice.

OpenRiskNet has appropriate technical and organisational measures to ensure a level of security appropriate to the risk.

External links disclaimer

The Service may contain links to external websites that are not provided or maintained by or in any way affiliated with OpenRiskNet.

Please note that OpenRiskNet does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites. OpenRiskNet does not warrant that these external websites are free of viruses or other harmful components

Copyright and acknowledgement of sources

The author aims to observe the copyright of any graphics, audio documents, video sequence or text in all publications, to use his/her own graphics, audio documents, video sequences or texts or to make use of license free graphics, audio documents, video sequences or texts.

All trademarks and brands mentioned on the website, including those protected by third parties, are without limitation subject to the provisions under the respective labelling law and the rights of the copyright holder. The sole mentioning of a trade mark on this website should not lead to the assumption that it is not protected by the rights of a third party.

All trademarks and brands mentioned on the website, including those protected by third parties, are without limitation subject to the provisions under the respective labelling law and the rights of the copyright holder. The sole mentioning of a trade mark on this website should not lead to the assumption that it is not protected by the rights of a third party.

The author of the website has the exclusive copyright to all published objects created by him-/herself. The reproduction or use of any such graphics, audio documents, video sequences or texts in other electronic or printed publications is allowed under the Creative Commons License Attribution-ShareAlike 4.0 International (CC BY-SA 4.0).

The licenses of each application, tool, dataset or dissemination material (e.g. publication) part of the OpenRiskNet e-infrastructure are mentioned elsewhere and included within their own description. These individual licences needs to be considered when the applications, tools, datasets or dissemination materials are used or shared.

Data Protection and Privacy Policy

OpenRiskNet is committed to user privacy and complies with its obligations under the GDPR. The goal of this privacy policy is to help you understand how OpenRiskNet, as data controller, deals with any personal data you provide to us. In the context of the relationship with the Data Subject, OpenRiskNet ensures that Personal Data will be processed in a lawfully, fairly and transparent manner and that only process Personal Data that are adequate, relevant and limited to what is strictly necessary for the purposes for which they are processed.

Processing your personal data under your consent is necessary for our legitimate interest of allowing the day-to-day management, operation and functioning. On some pages (e.g. catalogue of services and service description, dissemination and training materials, etc.) you have the possibility to enter personal or business data. The disclosure of this data is voluntary. If technically feasible and where reasonable, all services offered can be used without disclosing personal information or by use of anonymised data or aliases.

The information provided in forms, surveys or questionnaires including the personal data will only be made available to the full partners of the OpenRiskNet consortium and will only be used to define the requirements or select services for the OpenRiskNet e-infrastructure.

Responsibility for the processing of Personal Data

We collect several different types of information (see also Categories of Personal Data processed by OpenRiskNet) for various purposes:

• To provide and maintain the Service
• To notify you about changes to our Service
• To allow you to participate in interactive features of our Service when you choose to do so
• To provide customer support
• To provide analysis or valuable information so that we can improve the Service
• To monitor the usage of the Service
• To detect, prevent and address technical issues

Categories of Personal Data processed by OpenRiskNet

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you ("Personal Data"). Personally identifiable information may include, but is not limited to:

• Identification data
• Personal contact details
• Access to the website data
• Data on preferences
• Data on the use of information technology

We may also collect information about how the Service is accessed and used ("Usage Data"). This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

Special categories of personal data will be uploaded anonymised by data provider.

Storage of Personal Data

The criteria used to determine the period of storage of Personal Data is the respective statutory retention period. After expiration of that period, the corresponding data is routinely deleted, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. However, OpenRiskNet may be obliged to storage some personal Data for a longer period, taking into account factors such as:

• Legal obligations, under current laws, to keep personal data for a certain period;
• Limitation periods, under the laws in force;
• Judicial and administrative Proceedings and Procedures;
• Guidelines issued by the data protection supervisory authorities;

During the processing period, OpenRiskNet guarantees that Personal Data is processed in accordance with this Data Protection and Privacy Policy. Once the personal data is no longer necessary, OpenRiskNet will proceed to its erasure in a safe way.

Sharing of Personal Data

Personal Data may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction.

Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

OpenRiskNet will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

OpenRiskNet may disclose your Personal Data in the good faith belief that such action is necessary

• to comply with a legal obligation;
• to protect and defend the rights or property of OpenRiskNet;
• to prevent or investigate possible wrongdoing in connection with the Service;
• to protect the personal safety of users of the Service or the public; and
• to protect against legal liability.

Data Protection Rights under the General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. If you want to exercise your data subject rights please contact us by email. In your email, clearly state your request and include the URL of the website/webpages your request refers to. Please note that we may ask you to verify your identity before responding to such requests.

You have the following data protection rights:

• The right to access, update or delete the information we have on you: whenever made possible, you can access, update or request deletion of your Personal Data directly within your account settings section. If you are unable to perform these actions yourself, please contact us by email to assist you;
• The right of rectification: You have the right to have your information rectified if that information is inaccurate or incomplete;
• The right to object: You have the right to object to our processing of your Personal Data;
• The right of restriction: You have the right to request that we restrict the processing of your personal information;
• The right to data portability: You have the right to be provided with a copy of the information we have on you in a structured, machine-readable and commonly used format;
• The right to withdraw consent: You also have the right to withdraw your consent at any time where OpenRiskNet relied on your consent to process your personal information.

Please note that the above rights, particularly the deletion, are only available whenever the processing of your personal data is not necessary to:

• Comply with a legal obligation;
• Perform a task carried out in the public interest;
• Exercise authority as a data controller;
• Archive for purposes in the public interest, or for historical research purposes, or for statistical purposes;
• Establish, exercise or defend legal claims.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We may employ third party companies and individuals to facilitate our Service ("Service Providers"), to provide the Service on our behalf, to perform Service-related services or to assist us in analysing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

The login to OpenRiskNet reference site is using social authentication Service Providers for managing logins. Currently the following providers are supported:

• LinkedIn
• GitHub

Using a social authentication provider means that we never see your password. You authenticate with the social provider and if successful they forward you back to the OpenRiskNet website. We only store minimal information about you: name and email.

Analytics

We may use third-party Service Providers to monitor and analyze the use of our Service:

• Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit Google Privacy & Terms web page.

Security and Integrity

Personal data will be treated by OpenRiskNet only in the context of the purposes identified in this Policy, in accordance with the internal policies of OpenRiskNet and using technical and organizational measures designed according to the risks associated with the specific treatment of Personal Data. The technical and organizational measures designed to ensure, to the maximum extent possible, the security and integrity of Personal Data, in particular in relation to unauthorized or unlawful treatment and its accidental loss, destruction or damage.

Cookies

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Tracking technologies also used are beacons, tags, and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

• Session Cookies. We use Session Cookies to operate our Service.
• Preference Cookies. We use Preference Cookies to remember your preferences and various settings.
• Security Cookies. We use Security Cookies for security purposes.

SSL or TSL encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Email communication

Security gaps can occur in email communication, if the connection is not encrypted. An email sent to a recipient can be intercepted and read by experienced Internet users. Emails are received by the Coordinator Office at Edelweiss Connect which processes the messages on behalf of OpenRiskNet. If you send an email to the Coordinator Office, we assume that the staff is authorised to reply by email. If you do not wish to receive an email, we kindly ask you to consider alternative ways of communication.

Changes of this Data Protection and Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Legal effect of disclaimer

This disclaimer is part of the website linked to this page. If parts of this text or certain wordings are not, no longer or not completely in line with current legislation, it will not prejudice the rest of the document in terms of content or validity.

Contact Us

If you have any questions about this Privacy Policy or any other issue related to personal data protection, please contact by email the Coordinator Office and Data Protection Officer of OpenRiskNet.