The entity responsible for Your personal data is Universitat Pompeu Fabra, Pl. de la Merce, 12. 08002 Barcelona. Tel. (+34) 935 422 000. You can contact the Universitat Pompeu Fabra’s DPO at the following address: Pl. de la Mercè, 12 08002 – Barcelona. You can also contact by phone (93 542 200 00) or e-mail (firstname.lastname@example.org).2. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT Data collected and its purposes
We collect and process the following data:
- a) Navigation data. Due to the standards of communications on the Internet, when You visit our website we automatically receive the URL of the site from which You come and the site You visit when You leave our website. We also receive the internet protocol (“IP”) address of Your computer and the type of browser You are using. We use this information to analyze global trends to improve the service. This information is not shared with third parties without Your consent. Except for the above, and what is stated in our cookies policy, we do not collect any type of personal data if You are only browsing the website.
- c) Suscription data. When subscribing for our services (DisGeNET), we will collect the following personal data: name, surname, institution you work for, country, email address, password. These data are required and if they are not provided, we cannot create Your account.
- d) Electronic communications data. We collect and process the personal data, about You or a third party, you provide us during any communications via electronic means, such us emails.
Purposes We collect and process the data mentioned above for the following purposes:
- Navigation Data: managing and improving our website
- Subscription Data: providing access to registered users to DisGeNET, contacting You, if so requested
- Electronic Communication Data: communicating with you
Prohibited data. It is forbidden to submit to us any data that contain data of special categories indicated in article 9 on the General Data Protection Regulation 679/2016 (“GDPR”).3. LEGAL BASIS
The legal basis that allow us collecting and processing Your personal data are the ones set out below:
- Navigation Data: he legal basis for processing these data is our legitimate interest and, when applicable, your consent. Please read our cookies policy for further information.
- Registration Data: the legal basis for processing registration data is the performance of our contract for accessing the service.
- Electronic Communication Data: the legal basis for processing such data is our legitimate interest in communicating with You.
We process Your personal data with strict confidentiality in accordance with applicable law. Unless otherwise stated, Your personal data will not be provided to third parties. We do not sell or assign to third parties lists with personal data, nor of any other type.
Nonetheless, we may disclose Your data as follows:
- We can make personal data available to MedBioinformatics Solutions S.L., the entity that provides commercial licenses of our service DisGeNET, if you wish to subscribe to a commercial license.
- We may give access to Your personal data to our service providers under contracts for the provision of services in favor of the University. We require that all third parties respect the security of their personal data and treat them in accordance with the law. We do not allow our external service providers to use your personal data for their own purposes and we only allow them to process your personal data for specific purposes and in accordance with our instructions.
The University is based in Spain. We use technology services from third parties who can process Your data in the course of providing us with their services. These entities may be in jurisdictions that generally do not provide adequate guarantees in relation to the processing of personal data. \ However, we have entered into contracts with those entities that do include the safeguards required by applicable privacy laws, including the so called “standard model clauses”. For more information, contact us at email@example.com. DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of Your personal data, the purposes for which we process Your data personal and if we can achieve those purposes through other means and the applicable legal requirements.
After that period, the data will be retained (in a blocked and secure manner) for the required period of legal and administrative liability and to comply with legal obligations and other purposes set out above, which may be up to 10 years according to current applicable law.
We may also retain anonymized data after the period mentioned above, for statistic purposes.6. SECURITY MEASURES
We implement security measures and personal data protection schemes as required by the applicable data protection law to maintain the confidentiality and integrity of Your data and protection against unauthorized access, modification or destruction.7. YOUR RIGTHS
You have the following rights under the data protection laws, in relation to Your personal data: the right to request access to Your personal data (commonly known as a “data subject access request”); request the correction of the personal data we have about You; request the erasure of Your personal data; objecting to the processing of Your personal data when we are relying on a legitimate interest (or those of a third party); request the restriction of processing Your personal data; request the transfer of Your personal data to You or to a third party (right to data portability); withdraw Your consent at any time where we are relying on consent to process Your personal data.
You can make the aforementioned rights effective by contacting us at firstname.lastname@example.org
You also have the right to file a complaint with the competent authority, in this case, the Catalan Data Protection Authority (www.apdcat.cat).8. GENERAL