Privacy Policy

Personal Data Protection in the SciLifeLab Data Delivery System

In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, further in this text referred to as ‘GDPR’), SciLifeLab Data Centre at Uppsala University informs the entities on terms and conditions under which personal data in the Data Delivery System are processed. Data subjects are natural persons using the Data Delivery System. 

• The controller of the personal data as defined by GDPR is Uppsala University, SciLifeLab Data Centre, Dept. of Immunology, Genetics and Pathology, Husargatan 3, 751 08 Uppsala, Sweden (further in this text referred to as "SciLifeLab Data Centre").
• The Data Delivery System is aimed at SciLifeLab platforms and their users, which conform to the Terms and conditions for the access. By accessing the Data Delivery System, the entity (and through it individual natural persons – for instance employees, i.e. data subjects under GDPR) gains access to a unique method of data delivery between SciLifeLab platforms (data producers) and their users (data recipients and owners). This system is composed of two components: a web interface and a command line interface (CLI).
• As regards the access to the Data Delivery System: all access requires authentication and authorization. A user account needs to be created in order to access and/or use any of the two components.
• As regards the authentication and authorisation in the Data Delivery System, the following personal data are being processed: username, name, surname, e-mail, institutional affiliation.
• As regards the unauthorized access to the Data Delivery System, the following personal data are being processed: IP address (and other identifiers enabling the identification of the communication source and target).
• The processing of personal data is first launched upon the first use of the Data Delivery System. Non-anonymous personal data such as name, surname and e-mail are stored over the entire period of usage of the Data Delivery System. For security reasons (in particular in order to prevent any duplicity of user account identities) and for accounting and reporting reasons, personal data including username and e-mail are also stored in log files after the Data Delivery System accounts are deleted. The data controller defines the technical and organisations terms and conditions for securing personal data so that their integrity and confidentiality is not breached.
• In the case of a user wishing to have all their data removed, the account can be deleted and upon contact with the SciLifeLab Data Centre, the log files containing any personal information can be disposed of or cleared of any information regarding the individual user.
• Personal data such as username, traffic and location data (e.g. such as IP address and other identifiers enabling the identification of the communication source and target) will be kept for at most 18 months.
• Personal data relating to information about the usage of the Data Delivery System are stored for the period for which they are deemed necessary for the provision and improvement of the service.
• Personal data are being processed for the purpose of:
  • provision of own service comprising the need to authenticate and authorise the user;
  • administration;
  • statistics;
  • security;
  • drafting annual reports, monitoring reports, project result summaries and other similar documents;
  • delivering service announcements to the users;
  • invoicing;
• Personal data may be shared with:
  • organisational units (sections or departments) within SciLifeLab, which might also entail units at Karolinska institutet, Kungliga Tekniska Högskolan and Stockholms universitet, for reasons specified in art. 10.
  • personal data defined as traffic and location data, such as IP address (and other identifiers enabling the identification of the communication source and target) and may be shared with network and service administrators of the entities connected to SciLifeLab Serve and members of security teams within the process of addressing traffic issues and security incidents.
  • Other entities provided data subject’s personal data have been rendered anonymous or have undergone pseudonymisation.
• Access to the Data Delivery System may only be granted once the conditions set in the relevant rules of the Data Delivery System have been met and the consent to personal data processing provided. Legal grounds allowing for processing personal data are as follows:
  • contractual obligation, for providing the service;
  • justified interest of the controller, including in particular:
    • fraud prevention;
    • sharing personal data within a business group for internal administrative purposes;
    • ensuring network and information security, consisting among others in preventing unauthorised access to electronic communication network and services, proliferation of malicious codes and mitigating attacks, and damage on computer and electronic communication systems.
• The conditions set allowing user account creation in the Data Delivery System are that the person is an employee of a SciLifeLab platform, or a user of a SciLifeLab platforms services.
• The data subject may exercise his/her rights in accordance with GDPR. Data subjects should claim their rights from the relevant personal data collector. You can obtain more detailed information about the processing of your particular personal data and apply for a register extract by contacting the SciLifeLab Data Centre at datacente@scilifelab.se. You can also contact Uppsala University’s data protection officer at dataskyddsombud@uu.se.

Cookies

The Data Delivery System uses cookies. A cookie is a text file that a website asks to store on the visitor’s computer. Cookies contain information that is needed for various functions on the website. Cookies can be created and stored by the website owner or created and stored by third parties. “Third party cookies” are created by external services, such as tools for collecting web statistics. They can be used to map your behaviour on several different websites. Most browsers offer the option of blocking this type of cookies.

The Data Delivery System uses session-based cookies: Strictly necessary bookies.

These cookies are essential for you to browse the website and use its features, such as accessing secure areas of the site. Cookies that allow web shops to hold your items in your cart while you are shopping online are an example of strictly necessary cookies. These cookies will generally be first-party session cookies. While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user.

Limiting the cookies

There are several ways of limiting the cookies that are accepted by your web browser. The settings vary from browser to browser, but in general, the options may be described as follows:

You can:

• block cookies entirely in the browser settings;
• set the browser so you can accept or reject each cookie manually;
• set the browser to block third party cookies;
• list a number of trusted websites from which your browser will accept cookies;
• use a plug-in that wholly or partly limits cookies based on adjustable conditions;
• set the browser to delete all cookies when you close the program.

You can read more about cookies on the Swedish Post and Telecom Authority’s website.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. Thus, we advise you to review this page periodically for any changes. We will notify you of any changes by posting the new Privacy Policy on this page. These changes are effective immediately, after they are posted on this page.

Contact Us

If you have any questions or suggestions about our Privacy Policy, do not hesitate to contact us.