Responsible party for processing according to GDPR/DSGVO

The responsible party within the meaning of the General Data Protection Regulation and other data protection laws applicable in the Member States of the European Union and other provisions of a data protection nature is:

SB Science Management UG (haftungsbeschränkt)

Muthesiusstr.11

12163 Berlin Germany

E-mail: info[at]sb-sciencemanagement.com

Phone: +49 30 6322 8660

The data protection officer is Susanne Hollmann. If you have any questions about this privacy notice, please contact the data controller using contact information above.

E-mail: datenschutz[at]sb-sciencemanagement.com.

In case of question or issues in context with contractual services your contact is: Babette Regierer

E-mail: info[at]sb-sciencemanagement.com

Registration on our website

If the data subject uses the possibility to register on the website of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data will be stored exclusively for internal use by the controller. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

During registration, the IP address of the user as well as the date and time of registration are stored. This serves to prevent misuse of the services. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.

The registration of data is necessary for the provision of content or services. Registered persons have the option of having the stored data deleted or modified at any time. The person concerned can obtain information about their stored personal data at any time. This document consists of two parts: Part 1 refers to the General terms and condition (AGB) in context with services we provide, part 2 refer to our privacy policy and the protection of your personal data

Newsletter

With your express consent, we will also use the personal data stored by us to inform you about our products, services, or events. You can subscribe to our newsletter using the subscription form on our website, where will we collect your personal data (e-mail address). We will send you information via e-mail only if you have given your express consent to this in writing or in the double opt-in process.

Generally, SBSM respects your privacy and is committed to protecting your personal information. We fully comply with the General Data Protection Regulation of the European Union. Our Privacy Policy provides information about the processing and protection of your personal data.

Please note that this document only relates to data collected through our website www.sb-sciencemanagement.com and the platforms used for stakeholder engagement activities such as stakeholder mapping and categorization, and not to any related websites linked to these websites. Platforms used are selected according to the requirements given by GDPR and our data privacy policy.

What data do we collect?

Data collection will include your approach to and use of our website and the platforms used for our newsletter, surveys and questionnaires (www.sb-sciencemanagement.com, https://www.rapidmail.com/ (https://www.rapidmail.com/data-protection) , QUESTIONSTAR https://www.questionstar.com/ (https://www.questionstar.com/help/privacy-policy/ )

• Data collected for stakeholder mapping includes names, e-mail, phone contact, area of expertise/profession, gender, age, nationality, and information connected to their position/role (name of workplace, responsibilities, experience etc.). Data collected will enable us to keep in contact for follow up surveys, questionnaires, the invitation to participate in workshops or to send targeted information.
• Technical data, including your IP address, browser type and version, time zone setting and location, browser plug-ins, operating system, and other technology on the devices you use to access the platforms used for surveys and questionnaires. This includes information about how you use the platforms.

How do we collect data?

As you interact with our platforms for surveys, we automatically collect technical data and usage data by using cookies or server logs (details see https://www.rapidmail.com/data-protection, https://www.questionstar.com/help/privacy-policy/)

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer, if you agree. Cookies contain information that is transferred to your computer’s hard drive.

Questionstar and rapid mail websites uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our surveys and questionnaires and allows us to improve and adjust the content of them. By continuing to browse these, you are agreeing to the use of cookies.

We use only strictly necessary cookies. These cookies are required for the operation of the platforms.

Please note that third parties also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. You block cookies by activating the setting on your If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

How will we use data?

We will process your personal data based on your consent.

To be able to maximise our projects and activities impact it is essential to be able to communicate, link and exchange information with you and other representative from different priority groups and groups of interest. Therefore, we need name and contact information to get and stay in touch with them. Data will be used for targeted information exchange and targeted involvement in workshops, round table talks, co-creation events, invitations to participate questionnaires, interviews and surveys, and DELPHI studies.

Only a minimum amount of personal data enabling us to generate a stakeholder map and to categorise individuals into priority groups. The data collection will comply with Article 5 EU GDPR "Principles relating to processing of personal data ensuring data minimisation. The map will give us an overview on different types of representatives important for the EU project OXIPRO (www.oxipro.eu) and enable specific and targeted dissemination and communication activities. In addition, with the map we will be able to identify and extract only those data needed to run workshops, surveys, and other activities in contexts with consumer habits, perception and preferences and willingness-to-pay with regards to biotechnology for tailormade applications. The map will thus limit and minimise the use of data.

There is NO disclosure of e-mail addresses to third parties but to those third parties who have a business need to know and who have signed a data transfer agreement in context with the project OXIPRO (www.oxipro.eu). They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

If the data collected are not in context with OXIPRO your e-mail addresses are only used for internal purposes. Technical data and usage data will be used for statistical analysis identification, categorisation, and mapping of stakeholders for further engagement activities.

How will we store data?

During its collection, the raw personal data will be stored on the company’s password protected storage platform (Hetzner/Nextcloud) where no other than SBSMs team members will have access to. SBSM will only provide partners within OXIPRO access to personal data if the information has been generated by SBSMs activities within OXIPRO and if the information is needed to perform tasks which are directly connected to the results of T1.1 and according to Directive 95/46/EC (General Data Protection Regulation) Article 30, 31 and 32. SBSM is using a highly secure cloud service and uses a tool such as DataVaccinator to pseudonymise personal data of individuals. By this we fulfil highest data security standards in line with EU GDPR and EU Cybersecurity Package. Members of the consortium, which are depending on the information and data collected will receive access to the data after they have signed a Data Transfer Agreement which ensure its responsive and GDPR conform use during project implementation.

Data Security

We have put in place appropriate security measures to prevent the data collected from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees and other third parties who have a business need to know and who have signed a data transfer agreement. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. The data protection officer will notify you and any applicable regulator of a breach where we are legally required to do so. If you suspect any misuse or loss or unauthorised access to your data, please let us know immediately by contacting the data protection officer.

How is data shared?

In principle, all personal data collected in context with SBSMs activities will be pseudonymized. Individual data will be stored separately from information about age, gender, profession, nationality etc. that no conclusions about the individual can be made. Tasks that are dependent on receiving personal data will be given access to the complete dataset after signing in a Data transfer agreement. We do not share personal data with organisations outside the OXIPRO consortium and SBSM in general unless we are legally required to do so. We will never sell or rent personal data to third parties. Personal data will also not be shared with third parties for commercial purposes. Data collected from the stakeholder mapping will form the basis of other tasks within OXIPRO. These data will be shared following Directive 95/46/EC and only after signing a Data Transfer Agreement. Data will only be shared within EU and Norway. Although not a member of the EU, Norway is a member of the European Economic Area (EEA). The GDPR was incorporated into the EEA agreement and became applicable in Norway on 20 July 2018. Norway is thus bound by the GDPR in the same manner as EU Member States.

Registration on our website

If the data subject uses the possibility to register on the website of the controller by providing personal data, the data in the respective input mask will be transmitted to the controller. The data will be stored exclusively for internal use by the controller. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

During registration, the IP address of the user as well as the date and time of registration are stored. This serves to prevent misuse of the services. The data is not passed on to third parties. An exception to this is if there is a legal obligation to pass on the data.

The registration of data is necessary for the provision of content or services. Registered persons have the option of having the stored data deleted or modified at any time. The person concerned can obtain information about their stored personal data at any time.For OXIPRO: personal data provided by participants will be presumed accurate and up to date. For data collected via the partners they will take care that data kept up to date by the respective interviewing project members collecting the information.

In addition, a mechanism will be established to permit participants to modify any inaccuracy in their personal data for the runtime of the project’s activities. The purpose of the data collection is restricted to the lifetime of the project and its included activities (surveys, questionnaires, or workshops). Thus, it will not be necessary to update data once the project has finished, and there will not be a continuous interaction. If there are no retention obligations and personal data is no longer required for the purpose for which it was collected, the data will be deleted (§17 1a GDPR). Personal data will also be deleted if an individual asks for unsubscription. Data will be kept for as long as necessary and legally required, but no longer than maximum 1 year after OXIPRO is completed.

Routine erasure and blocking of personal data

The data controller processes and stores personal data of the data subject only for as long as is necessary to achieve the purpose of the storage. Storage may take place beyond this if this has been provided for by the European or national legislator in Union regulations, laws, or other provisions to which the controller is subject. As soon as the storage purpose ceases to apply or a storage period prescribed by the regulations expires, the personal data is routinely blocked or deleted.

What is the legal basis for processing this data?

The legal bases for processing personal data falls under EC GDPR regulation, article 6

What are your data protection rights?

You have rights under data protection laws in relation to your personal data, as follows:

• Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
• Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
• Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
• Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Complaints

For complaints about the way we process your data and your rights with regards to your data, please contact the data protection officer.

You also have the right to lodge a complaint with a supervisory authority.

Updates

This privacy notice might be updated to reflect changes to our data practices or the legislation that governs them. Significant changes to our privacy policy will be announced. There have been no updates to this privacy policy since publishing this version.