DisGeNET - Privacy Policy

Introduction

Universitat Pompeu Fabra (the “University”) and the Fundació Institut Hospital del Mar d’Investigacions Mèdiques (IMIM), (or “we/us” when referring to both entities), are committed to protecting the privacy of all users (“You/r”) of our website and services. This Privacy Policy explains our practices regarding the use of personal data collected and processed through our website, contacts with third parties and the provision of services.

1. DATA CONTROLLER AND DATA PROTECTION OFFICERS

The entities responsible for Your personal data in a joint controller basis, are Universitat Pompeu Fabra, Pl. de la Merce, 12. 08002 Barcelona. Tel. (+34) 935 422 000 and Fundació Institut Hospital del Mar d’Investigacions Mèdiques (IMIM), C/ Aiguader 88. 08003 Barcelona. You can contact the Universitat Pompeu Fabra’s DPO at the following address:). https://www.upf.edu/en/web/universitat/-/delegat-de-proteccio-de-dades and the IMIM’s DPO at protecciodedades@imim.es

2. PERSONAL INFORMATION WE COLLECT ABOUT YOU AND HOW WE USE IT Data collected and its purposes

We collect and process the following data:

• a) Navigation data. Due to the standards of communications on the Internet, when You visit our website we automatically receive the URL of the site from which You come and the site You visit when You leave our website. We also receive the internet protocol (“IP”) address of Your computer and the type of browser You are using. We use this information to analyze global trends to improve the service. This information is not shared with third parties without Your consent. Except for the above, and what is stated in our cookies policy, we do not collect any type of personal data if You are only browsing the website.
• c) Suscription data. When subscribing for our services (DisGeNET), we will collect the following personal data: name, surname, institution you work for, country, email address, password. These data are required and if they are not provided, we cannot create Your account.
• d) Electronic communications data. We collect and process the personal data, about You or a third party, you provide us during any communications via electronic means, such us emails.
• Purposes We collect and process the data mentioned above for the following purposes:
  • Navigation Data: managing and improving our website
  • Subscription Data: providing access to registered users to DisGeNET, contacting You, if so requested
  • Electronic Communication Data: communicating with you

Prohibited data. It is forbidden to submit to us any data that contain data of special categories indicated in article 9 on the General Data Protection Regulation 679/2016 (“GDPR”).

3. LEGAL BASIS

The legal basis that allow us collecting and processing Your personal data are the ones set out below:

• Navigation Data: he legal basis for processing these data is our legitimate interest and, when applicable, your consent. Please read our cookies policy for further information.
• Registration Data: the legal basis for processing registration data is the performance of our contract for accessing the service.
• Electronic Communication Data: the legal basis for processing such data is your consent..

4. DATA DISCLOSURE

We process Your personal data with strict confidentiality in accordance with applicable law. Unless otherwise stated, Your personal data will not be provided to third parties. We do not sell or assign to third parties lists with personal data, nor of any other type.

Nonetheless, we may disclose Your data as follows:

• We can make personal data available to MedBioinformatics Solutions S.L., the entity that provides commercial licenses of our service DisGeNET, if you wish to subscribe to a commercial license.
• We may give access to Your personal data to our service providers under contracts for the provision of services in our favour. We require that all third parties respect the security of their personal data and treat them in accordance with the law. We do not allow our external service providers to use your personal data for their own purposes and we only allow them to process your personal data for specific purposes and in accordance with our instructions.

INTERNATIONAL TRANSFER

The University and the IMIM are based in Spain. We use technology services from third parties who can process Your data in the course of providing us with their services. These entities may be in jurisdictions that generally do not provide adequate guarantees in relation to the processing of personal data. However, we have entered into contracts with those entities that do include the safeguards required by applicable privacy laws, including the so called “standard model clauses”. For more information, contact us at dpd@upf.edu.

5. DATA RETENTION

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of Your personal data, the purposes for which we process Your data personal and if we can achieve those purposes through other means and the applicable legal requirements.

After that period, the data will be retained (in a blocked and secure manner) for the required period of legal and administrative liability and to comply with legal obligations and other purposes set out above, which may be up to 10 years according to current applicable law.

We may also retain anonymized data after the period mentioned above, for statistic purposes.

6. SECURITY MEASURES

We implement security measures and personal data protection schemes as required by the applicable data protection law to maintain the confidentiality and integrity of Your data and protection against unauthorized access, modification or destruction.

7. YOUR RIGTHS

You have the following rights under the data protection laws, in relation to Your personal data: the right to request access to Your personal data (commonly known as a “data subject access request”); request the correction of the personal data we have about You; request the erasure of Your personal data; objecting to the processing of Your personal data when we are relying on a legitimate interest (or those of a third party); request the restriction of processing Your personal data; request the transfer of Your personal data to You or to a third party (right to data portability); withdraw Your consent at any time where we are relying on consent to process Your personal data.

You can make the aforementioned rights effective by by following the procedures described at www.upf.edu/web/proteccio-dades/drets

You also have the right to file a complaint with the competent authority, in this case, the Catalan Data Protection Authority (www.apdcat.cat).

8. GENERAL

We reserve the right to modify the terms of this Privacy Policy and will notify You by clear notice of these changes by email, on our website, and in this Privacy Policy. If You continue to use our website and services after such update, You will be deemed to accept the new terms. If You do not accept the update, let us know and we will cancel Your account and will delete Your personal data (except when it is necessary to keep them for legal purposes) and You will not be able to continue using our services.

Unless a specific local regulation sets forth to the contrary, the Privacy Policy is governed by the laws of Spain

14/07/2021