Data protection

Privacy Statement concerning Personal Data Processing within the Project
“CARLiS (Careers in Life Sciences) - within the framework of the Interreg V-A Slovakia - Austria programme”

The organisations detailed below in the section concerning Controllers created a consortium to jointly prepare and implement the project entitled “Rozvoj kapacít a programov pre doktorandov v oblasti vied o živej prírode pre ich lepšie uplatnenie na trhu práce/Entwicklung von Kapazitäten und Programmen für Doktoranden im Bereich Lebenswissenschaften zur besseren Etablierung auf dem Arbeitsmarkt” (further referred to as ‘the Project’) within the framework of the Interreg V-A Slovakia - Austria programme and cofinanced also by the Action Austria - Slovakia. For implementing the Project the Grant Agreement between SAIA, n. o. and the Ministry of Investments, Regional Development and Informatisation of the Slovak Republic (further referred to as “MIRRI”) shall be concluded based on the approval of the Project application No. NFP305010ABB8/V608 – CARLiS submitted to the call Interreg V-A SK-AT/2016/1 (further referred to as “Grant Agreement” or “Project application”) on behalf of the consortium. The consortium and its members are also responsible for effective, economical and purposeful management of the funds, having responsibility towards the granting institution. The activities within the Project are also related to the processing of personal data that the organisations shall process in compliance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016, on Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”) and with other applicable national legislation of countries where the organisations of the consortium are based in (hereinafter referred to as the “national data processing legislation”).

1. Controllers/Joint Controllers and Processors

The following organisations build the consortium for the implementation of the Project described in the Introduction and therefore act as Controllers when data processing is concerned in relation to the Project:

SAIA, n. o.

Sasinkova 10
812 20 Bratislava
Slovakia
website: www.saia.sk

(hereafter referred to as SAIA)

University of Vienna

Universitätsring 1
1010 Vienna
Austria
website: www.univie.ac.at

(hereafter referred to as University of Vienna)

Slovak Academy of Sciences

Štefánikova 49
81438 Bratislava
Slovakia
website: www.sav.sk

(hereafter referred to as Slovak Academy of Sciences)

Slovak University of Technology in Bratislava

Vazovova 5
81243 Bratislava
Slovakia
website: www.stuba.sk

(hereafter referred to as Slovak University of Technology in Bratislava)

Comenius University in Bratislava

Šafárikovo nám. 6
P.O.Box 440
814 99 Bratislava
website: www.uniba.sk

(hereafter referred to as Comenius University in Bratislava)

To be able to securely process the data in relation to the Project also jointly where necessary, the organisations of the Project consortium have concluded “Agreement on joint processing of personal data according to Art. 26 of the European General Data Protection Regulation 2016/679”.

All persons coming into contact with personal data within organisations of the Project consortium (in particular, employees involved in the implementation of the Project) have been properly informed about the applicable privacy policy in the personal data obtaining and processing, and are bound by confidentiality obligation regarding the data obtained in any case, unless it is in compliance with the purpose for which they have been obtained.

The organisations of the Project consortium agreed as controllers to jointly determine the range of data collected and processed for the needs of Project implementation.

An organisation of the Project consortium that primarily collects and processes the data in its role as controller may decide to involve a processor to process data on its behalf, however the organisations of the Project consortium agreed jointly that such processor shall oblige with the rules and regulations set in the GDPR and inform other organisations of the Project consortium about such situation. The information about processors contracted and used by individual organisations of Project consortium in general can be found on the websites of the respective organisations within their privacy statements.

2. Data Protection Officers

Data protection officers are established at each of the organisations of the Project consortium:

in case of SAIA, data subjects can contact the contact point at saia@saia.sk;
in case of University of Vienna, data subjects can contact the contact point at dsba@univie.ac.at;
in case of Slovak Academy of Sciences, data subjects can contact the contact point at carlis@savba.sk;
in case of Slovak University of Technology in Bratislava, data subjects can contact the contact point at dpo@stuba.sk;
in case of Comenius University in Bratislava, data subjects can contact the contact point at dpo@uniba.sk.

3. Purpose of Personal Data Processing

Organisations of the Project consortium, to be able to fulfil the obligations arising from the Grant agreement may collect and process data in order to:

successfully implement the Project,
create required relevant outcomes in line with the Project application,
provide proof of eligible costs in line with Interreg V-A Slovakia - Austria Programme terms and requirements,
make the Project and its outcomes visible to a broad public,
maintain transparency in spending of public resources,
comply with the respective national laws and regulations, incl. laws on employment, social security, book-keeping/accounting,
promote the achievements and work of the Project consortium in general.

4. Lawfulness of Personal Data Processing

Organisations of the Project consortium may process the data to fulfil the obligations arising from the Grant agreement. As a minimum requirement, the lawfulness of data processing done by the organisations of the Project consortium shall follow the rules set by GDPR (especially in the Article 6 of the GDPR).

5. Data Processed and Data Subjects

The Parties as controllers jointly determine the range of data collected and processed for the needs of Project implementation.

To successfully implement the Project, the following data may be processed jointly by the organisations of Project consortium as controllers:

details of the persons responsible for the implementation of the Project (or its activities) and of participants of Project activities, including mostly (but not exclusively) their names, gender and birth dates, institution, they are affiliated to, job position, place of origin/residence;
contact data of the persons responsible for the implementation of the Project (or its activities) and of participants of Project activities, including mostly (but not exclusively) their postal addresses, e-mail addresses, telephone numbers, as well as other contact details, which allow for electronic communication;
other data related to the implementation of the Project, especially those necessary for preparation of Project outcomes and those needed as evidence of the successful implementation of Project and its activities, including mostly (but not exclusively) activity specific data about participants of Project activities, such as data on the career pathways, personal skills, and audio-visual recordings and photographs from Project events and activities.

Subject to the processing described above may be (data subjects):

persons responsible for the implementation of the Project (or its activities), including mostly (but not exclusively) the employees of the organisations of Project consortium;
participants of Project activities, including mostly (but not exclusively) students, PhD students and staff of universities or research organisations in the academic or non-academic sector and other actors with relevance to the Project;
experts whose expertise is necessary for a successful implementation of the Project;
representatives and/or employees of universities or research organisations in academic and non-academic sector and other actors with relevance to the Project who may benefit from the Project activities and results or contribute to them.

The respective organisations of the Project consortium in their role as controllers are in charge of:

data collection and processing necessary for the implementation of Project activities that are their responsibility in accordance with the Project as well as
transfer of collected and/or processed data related to the implementation of the Project to other Project partners or to the Project coordinator to the extent necessary for the performance of their tasks or for the fulfilment of their duties within the Project.

6. Data Recipients

The organisations of the Project consortium shall not disclose any personal data to third parties (recipients) without the provision of personal data being in compliance with the purpose for which the data have been collected, or in the demonstrable interest of the data subject. The organisations of the Project consortium shall not trade with personal data (i.e., in particular, they do not buy or sell contacts or other data to other recipients, e.g. for marketing purposes) since it is not in line with the Project.

7. Transfer of Personal Data to the Recipient in the Third Countries

Pursuant to the GDPR, third countries are all the countries that are not member states of the European Union or the European Economic Area, and, thus, the GDPR does not apply to them.

The organisations of the Project consortium abstain from any data transfer to any subject outside the European Union unless it is in line with the GDPR.

8. Period for which the Personal Data will be Stored

The period for which the personal data will be stored depends on the respective applicable national legislation of the country where the respective organisation of the Project consortium is based, other applicable laws and regulations and on the Interreg V-A Slovakia - Austria Programme requirements. In all other cases the data storage period will not be longer than 10 years from the date when they were collected.

9. Rights of Data Subjects

In compliance with the GDPR, the data subject has the following rights:

right to information and access to personal data (Art. 13 – 15 of the GDPR),
right to rectification (Art. 16 of the GDPR, considering Art. 5, para. 1, letter d of the GDPR),
right to erasure (Art. 17 of the GDPR, considering Art. 5, para. 1, letter d of the GDPR),
right to restriction of processing (Art. 18 of the GDPR),
right to data portability (Art. 20 of the GDPR),
right to object (Art. 21 of the GDPR).

You can exercise your rights under the GDPR by sending an email to contact points stated under “2. Data Protection Officers”. It is recommended to send such an email to the organisation of the Project consortium that primarily collected the data from you as the data subject for the purpose of Project implementation. The Project consortium will carefully deal with such a complaint and inform you about the result of our actions in the respective case. Please note that the transfer of data via the Internet (e.g. via e-mail) may have security deficiencies and that full protection against the access of third parties to the data sent this way cannot be guaranteed. Thus, we assume no liability for damages caused by such security risks. Our websites are protected by the SSL/TLS secure connections.

You, as a data subject, are also entitled to file a complaint for the violation of your rights at the supervisory authority in the Slovak Republic, as the organisations of the Project consortium have agreed that their joint agreement on joint processing of personal data is governed by the laws of the Slovak Republic:

Office for Personal Data Protection of the Slovak Republic (Úrad na ochranu osobných údajov Slovenskej republiky), Hraničná 12, 820 07 Bratislava 27, Slovakia.

10. Mandatory Provision of Data Relating to Provision of Service

In the following case, the provision of personal data by the data subject is a prerequisite for the provision of service:

provision of data is connected with the organisation of a specific event and possibly also with the award of a “certificate” of attendance/skills, for which the person applies with binding effect, and thus creating a contractual relationship for the provision of service,
membership in the community of contacts with the aim of sharing information.

The aforementioned services cannot be provided, or the contractual relationship cannot be concluded without providing the data.

11. Automated Individual Decision-Making and Profiling

The organisations of the Project consortium do not use any means for automated decision-making or processing in its operations in relation to the Project.

Version: 15 March 2021