- Home
- Users & Science
- General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
ESRF User Portal Privacy Statement
The User Portal and the GDPR
On 25 May 2018, the EU General Data Protection Regulation (GDPR) came into force, replacing the 1995 EU Data Protection Directive. The GDPR strengthens the rights that individuals have regarding personal data relating to them and means there is one set of data protection rules for all organisations operating in the EU, wherever they are based.
We are committed to GDPR compliance and remain committed to providing robust privacy and security protections across our systems.
Use of your personal data
We use the personal data provided by you when you register for an account in the User Portal for the purposes of administering your proposal, experiment and/or visit and operating the facility for the benefit of the user community. This includes organisation of site entrance, onsite restaurant use, travel and accommodation where relevant, and reimbursement of costs, where relevant. It also includes using your email address to send you important information concerning the operation of the facility, as well as to inform you about user-specific ESRF events and relevant recruitment announcements, and to enquire about your use of the ESRF facilities.
We also use the data to create the statistics and reports that are required of us by our contracting parties to meet our obligations for public accountability and the dissemination of information. Occasionally we share anonymised data with similar scientific bodies to help develop strategy across the light sources community.
Within specific working groups, e.g. the Beam Time Allocation Panels, we share contact details (names, addresses and e-mails) between the members of the working group to facilitate communication.
Your IP address is stored in our log files to prevent and detect inappropriate use of our systems and to follow up on technical issues.
High level metadata will be published as part of our open data policy.
We don’t sell your data to third parties. Your data may be shared with other organisations outside of the ESRF, only to enable administration and delivery of the services you request. For example we will share information with taxis, hotels, airlines etc. as is necessary to deliver the travel and accommodation services you request.
Your account
The data are stored electronically.
You must only register an account for yourself and should not share your password. You must ensure that the details provided by you on registration or at any time are correct and complete. You must keep your personal details up-to-date by updating your contact details when you move institutes or departments.
You may modify your personal data at any time in your account information. You may also erase non-mandatory data from your account at any time. Accounts will be automatically deactivated if no activity is registered for a continuous 3-year period, but you may also choose to deactivate your account yourself at any time (see next section).
You have the right to request a copy of the personal data provided by you and held by us at any time. You may download this information from the “Mandatory data” tab of your account.
Account Deactivation and Erasure of Data
Accounts may be deactivated at any time by revoking consent to this privacy statement in the User Portal.
If you deactivate your account, you will no longer be able to avail of the services provided by the User Portal and you will be removed from any unfinalised proposals, experiments and event registrations. We will, however, still use part of your account information to process and report on already existing proposals, experiments, visits and user demographics as required by our funding bodies, and to publish the high level metadata required as part of our open data policy. Data not required for these purposes will be deleted.
Your account will be automatically deactivated if no activity is registered for a continuous 3-year period (no login by the user).
Once an account has been deactivated, to avail again of the services provided by the ESRF you will need to create a new account and contact the ESRF User Office to link the new account with your previous proposals and experiments.
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. In the ESRF User Portal, cookies are used to store session IDs, to help you customise your screens and to import data from external systems (e.g. publication data from the library database).
Consent
Please indicate your consent to use the User Portal by selecting the appropriate reply in the “Mandatory data” tab of your User Portal account. Disagreement will result in the deactivation of your account or in the non-creation of a new account.