Personal Data Protection in the SciLifeLab Serve web portal and its services
In compliance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, further in this text referred to as ‘GDPR’), SciLifeLab Data Centre at Uppsala University informs the entities on terms and conditions under which personal data in providing SciLifeLab Serve services are processed. Data subjects are natural persons using the SciLifeLab Serve services.
- The controller of the personal data as defined by GDPR is Uppsala University, SciLifeLab Data Centre, Dept. of Immunology, Genetics and Pathology, Husargatan 3, 751 08 Uppsala, Sweden (further in this text referred to as "SciLifeLab Data Centre").
- The SciLifeLab Serve web portal and its services is a public web portal providing services to entities which conform to the Terms and conditions for the access. By accessing SciLifeLab Serve, the entity (and through it individual natural persons – for instance employees and students, i.e. data subjects under GDPR) gains access to a unique portfolio of information and communication technology services supporting data access requests.
- As regards the access to the services of SciLifeLab Serve, the services are two-fold: services the access to which does not require authentication and authorisation; and services the access to which requires authentication and authorisation. To access the services requiring authentication and authorisation, an user account needs to be created.
- As regards the access to the services of SciLifeLab Serve the access to which requires authentication and authorisation, the following personal data are being processed: name, surname, e-mail, institutional affiliation.
- As regards the access to the services of SciLifeLab Serve the access to which does not require authentication and authorisation, the following personal data are being processed: IP address (and other identifiers enabling the identification of the communication source and target) and other unique identifiers applied by individual services of SciLifeLab Serve.
- The processing of personal data is first launched upon the first use of any SciLifeLab Serve’s service. Non-anonymous personal data such as name, surname and e-mail are stored over the entire period of usage of SciLifeLab Serve’s services. For security reasons (in particular in order to prevent any duplicity of user account identities) and for accounting and reporting reasons personal data including name, surname and e-mail are also stored after the services of SciLifeLab Serve are no longer used. The data controller defines the technical and organisations terms and conditions for securing personal data so that their integrity and confidentiality is not breached.
- Personal data defined as traffic and location data, such as IP address (and other identifiers enabling the identification of the communication source and target) and other unique identifiers applied by individual services of SciLifeLab Serve will be kept for at most 18 months.
- Personal data relating to information about the usage of SciLifeLab Serve resources are stored for the period for which they are deemed necessary for the provision and improvement of the service.
In case of SciLifeLab Serve services, personal data are being processed for the purpose of:
- provision of own service comprising the need to authenticate and authorise the user;
- ensuring the actual provision of SciLifeLab Serve service;
- service monitoring;
- optimisation of partial tasks and the services as such;
- drafting annual reports, monitoring reports, project result summaries and other similar documents.
- delivering service announcements to the users.
In case of SciLifeLab Serve services, personal data may be shared with:
- organisational units (sections or departments) within SciLifeLab, which might also entail units at Karolinska institutet, Kungliga Tekniska Högskolan and Stockholms universitet, for reasons specified in art. 10.
- personal data defined as traffic and location data, such as IP address (and other identifiers enabling the identification of the communication source and target) and other unique identifiers applied by individual services of SciLifeLab Serve may be shared with network and service administrators of the entities connected to SciLifeLab Serve and members of security teams within the process of addressing traffic issues and security incidents.
- Other entities provided data subject’s personal data have been rendered anonymous or have undergone pseudonymisation.
Access to the services of SciLifeLab Serve may only be granted once the conditions set in the relevant rules of SciLifeLab Serve services have been met and the consent to personal data processing provided. Legal grounds allowing for processing personal data are as follows:
- contractual obligation, for providing the service;
justified interest of the controller, including in particular:
- fraud prevention;
- sharing personal data within a business group for internal administrative purposes;
- ensuring network and information security, consisting among others in preventing unauthorised access to electronic communication network and services, proliferation of malicious codes and mitigating attacks, and damage on computer and electronic communication systems.
- The data subject may exercise his/her rights in accordance with GDPR. Data subjects should claim their rights from the relevant personal data collector. You can obtain more detailed information about the processingof your particular personal data and apply for a register extract by contacting the SciLifeLab Data Centre at email@example.com. You can also contact Uppsala University’s data protection officer at firstname.lastname@example.org.
We want to inform you that whenever you visit SciLifeLab Serve, we collect information that your browser sends to us which includes: the website from which you visited us from, the parts of SciLifeLab Serve you visit, the date and duration of your visit, your anonymised IP address, information from the device (device type, operating system, screen resolution, language, country you are located in, and web browser type) you used during your visit, and more. We process this usage data in Matomo Analytics (hosted on SciLifeLab servers and operated solely by SciLifeLab) for statistical purposes, to improve SciLifeLab Serve and to recognize and stop any misuse.