Federated EGA Norway node

Definitions:

“The Service”: any one of the Federated EGA Norway node sites provided to you by the Elixir Norway organization and the partner organizations, including but not limited to:

• https://ega.elixir.no/
• https://ega.uio.no/

This privacy policy will explain how The Service uses the personal data we collect from you when you use our website.

Topics:

• What data do we collect?
• How do we collect your data?
• How will we use your data?
• How do we store your data?
• What are your data protection rights?
• What are cookies?
• How do we use cookies?
• What types of cookies do we use?
• How to manage your cookies
• Privacy policies of other websites
• Changes to our privacy policy
• How to contact us
• How to contact the appropriate authorities

What data do we collect?

The Service collects the following data:

• Elixir ID, read more at https://elixir-europe.org/services/compute/aai
• Information about your data uploads to The Service or data retrievals from The Service
  • Including public keys provided by you for encryption purposes

How do we collect your data?

You directly provide The Service with most of the data we collect. We collect data and process data when you:

• Sign in with "Elixir Login" button.
• Perform a dataset submission to the archive.
• Perform a dataset retrieval from the archive after access approval by the respective Data Access Committee.
• Voluntarily complete a customer survey or provide feedback on any of our message boards or via email.
• Use or view our website via your browser’s cookies.

How will we use your data?

The Service collects your data so that we can:

• Facilitate the authentication and authorization to The Service. Since the authentication and authorization to The Service is based on Elixir AAI, we need to store your Elixir ID, in order to keep you logged in.
• Keep track of which submission was performed by which user.
• Security and audit purposes to track all data transfers of files under controlled access regime due to their sensitive content (human genome phenome information).

The Service will share your data with our partner(s) in order to facilitate authentication and authorization functionality.

• Elixir AAI
• USIT

Since the authentication attempts are processed by Elixir AAI, they will have to know your Elixir ID. The way Elixir AAI handles Elixir IDs is a subject of their Privacy Policy.

Elixir ID also will be stored at the USIT premises in order to keep track of all performed data submissions.

How do we store your data?

The Service stores your authentication data (session tokens) using the browser cookies mechanism. The information about the cookies and how The Service is using them is provided below.

Elixir ID is also securely stored in the database at the USIT server. This information is stored permanently, but can be removed in accordance with the right to erasure, described below.

Additionally, Elixir ID is stored as part of the logs of The Service at the USIT-hosted web server. This information is stored for maximum 6 months following The Service's logging policies, and also can be removed in accordance with the right to erasure, described below.

As The Service depends on TSD for secure storage of deposited datasets to the archive, all dataset transfers in and out of The Service are also being logged and audited in the TSD infrastructure, as according to TSD Privacy Policy.

What are your data protection rights?

The Service would like to make sure you are fully aware of all of your data protection rights. Every user of The Service is entitled to the following:

The right to access – You have the right to request The Service for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that The Service correct any information you believe is inaccurate. You also have the right to request The Service to complete the information you believe is incomplete.

The right to erasure – You have the right to request that The Service erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that The Service restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to The Service’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that The Service transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email:

Email us at: fega-norway-support@elixir.no

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology

For further information, visit https://allaboutcookies.org.

How do we use cookies?

The Service uses cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in
• Understanding how you use our website

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

• Functionality – The Service uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

The Service website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

The Service keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 20 May 2020.

How to contact us

If you have any questions about The Service’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

Email us at: fega-norway-support@elixir.no

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that The Service has not addressed your concern in a satisfactory manner, you may use the following contacts:

• Data controller function: behandlingsansvarlig@uio.no
• Data protection officer: personvernombud@uio.no