DATA CONTROLLER
In accordance with current regulations, hereby the data subject is informed that the provided personal data will be processed by the owner of the website Fundación Científica de la Asociación Española Contra el Cáncer (hereinafter "FCAECC"), whose contact details are as follows:
- NIF: G-28655033
- Registered office: Calle Teniente Coronel Noreña, 30, 28045, Madrid (Spain).
- Email: dpo_fc@aecc.es
This website operates on Fundación Científica AECC Grant Management System (GMS), hereinafter ""Platform", is a website owned by FCAECC that allows its users, whether individual researchers, research centers, administrative, evaluators, among other profiles, (hereinafter "Users"), centrally track applications and projects submitted, managed and evaluated by the Users.
It is FCAECC's commitment to respect the privacy of the Users and the protection and security of the personal data of those who, like you, access this Platform. Therefore, through this document, we inform you about the way in which your data is collected, treated, and protected through the platform.
PURPOSES AND LEGITIMACY
The data contained in this Platform will be processed with the sole purpose of managing, through its different profiles and functionalities, the different procedures of the activities related to the Research Project, administrative and economic management, evaluation process, communications, etc., that affect each User, in accordance with the contractual relationship that the User has with FCAECC.
This implies carrying out the following general purposes:
- To manage the registration and participation of the Users in the Platform, based on the express consent of the user.
- To maintain the profile of the Users accessible in the Portal. The basis for processing will be the contractual relationship between the User and FCAECC.
- To manage the participation of the Users in the actions related to the Application. The basis for processing will be the contractual relationship between the User and FCAECC.
- To inform about projects, services, events in which FCAECC participates or organises, unless otherwise indicated or the interested party exercises his/her right to oppose to the sending of the same to the address dpo_fc@aecc.es, being the legitimate interest of FCAECC the basis of the treatment.
- To control the accesses of the Users to the Platform, as well as to give them access to the different services that the Platform provides for each User, being the legitimate interest of the FCAECC the basis of the treatment.
- To carry out surveys of quality and satisfaction of the Users, of the Platform with purpose to be able to optimise and to do modifications of improvement of the service. The basis for processing will be the legitimate interest of FCAECC.
- To carry out anonymous statistical reports regarding the access habits and the activity developed by the Users in the Platform, being the basis for processing the legitimate interest of FCAECC.
- To carry out operations of internal solutions, data analysis, research, development, and improvement of the service through the channel of improvements. The basis for processing will be the legitimate interest of FCAECC.
- To comply with the Law based on FCAECC’s legal obligations.
If you proceed to register as part of the Research Team, which includes the Applicant, Collaborator, Claim Submitter, Grant Manager and Research Center Manager if applicable, in addition to the purposes provided, your data may be used for the following purposes:
- To manage the submissions to the different Application, including the evaluation, the adjudication, and the supervision of the different projects. The basis for processing will be the contractual relationship between the User and FCAECC.
- To manage the economic and scientific monitoring of the assigned projects. The basis for processing will be the contractual relationship between the User and FCAECC.
- To manage the direct communication between the members of the Research Team, by the means provided in the Platform. The basis for processing will be the contractual relationship between the User and FCAECC.
- To carry out statistical reports on the monitoring and management of the applications submitted. The basis for processing will be the legitimate interest of FCAECC.
In the development of the indicated purpose, each category of users of the Platform will develop the corresponding functionalities and activities, according to their association with the FCAECC.
The main ones are:
1. Applicant / Collaborator / Grant Manager
- To manage his/her personal data and those of his/her Research Centre as a legal entity, if applicable.
- To manage the adjudication and follow-up of the awarded projects.
- To maintain the data on the platform: information about the center, information about the users, academic management, financial management, etc.
- Access to the research project submitted and its follow-up.
- Access to the different communication functionalities
- Access to the Project evaluations, as well as to the informative material.
2. Claim Submitter
- Access to the follow-up of the adjudicated project.
- Management of his/her personal data.
- Access to the different communication functionalities.
- Management of the financial follow-up of the adjudicated project, presentation, and management of financial documentation.
3. Grant Research Center
- Management of his/her personal data and those of his/her Research Center as a legal entity, if applicable.
- Management of the submissions for specific applications for Research Centers and follow-up of selected ones.
- Maintenance of the information related to the Center: financial-legal data of the Center, data of the authorised users.
- Access to the information of the submissions and the users associated to the Center.
- Access to the different communication functionalities.
4. Reviewer
- Management of evaluations of his/her assigned projects.
- Management of his/her personal data.
- Limited access to the Projects that have been assigned to the User for his/her evaluation
- Access to the personal data of the Research Team associated with the assigned Project
- Access to the different communication functionalities
5. Mentor
- Management of the tutoring of the assigned Projects.
- Management of his/her personal data.
- Limited access to the Projects he/she has been assigned to as a mentor
- Access to the personal data of the Research Team associated with the assigned Project Access to the different communication functionalities
6. Patient
- Management the evaluations of his/her assigned projects.
- Management of his/her personal data
- Limited access to the material assigned for the evaluation
PERSONAL DATA
The categories of data to be processed will be determined, in each case, by the Forms and profiles that appear on the Platform and will be determined, in each case, by the functionalities of the User and by the authorisations established by the FCAECC for each User profile.
Identification details: Name and surname, National Identity Card, image.
Data of personal and social characteristics: Date of birth, Place of birth, Nationality and Gender.
Contact details: Telephone number, e-mail address, postal address.
Academic and professional data: CV, academic background, certifications and qualifications, work experience, current position in the organisation/research institute.
Economic and bank data: Bank account number, economic and fiscal documents
The Personal Data requested in each Form are mandatory, except for those where expressly indicated otherwise, so that the refusal to provide them will mean the impossibility of providing the service.
The data of the different categories of Users will be kept until you request their cancellation, oppose or revoke your consent or if applicable, except for those for which there is a legal obligation to keep them for a longer period. In any case, data relating to the billing or evidence of legal obligations will be kept for the legally required time of 10 years. Likewise, in the event of having data that, due to their nature, are subject to specific regulations, they will be kept for the time established therein.
RECIPIENTS
The personal data of a User may be accessed and processed by those other Users who require it, according to their profile, and who have expressly been granted permission to do so, in accordance with the different functionalities of the Platform (for example, to allow communications between FCAECC, Applicants, Collaborators, Grant Manager, Claim Submitter and Research Center Manager, between FCAECC and the reviewers, to allow the Reviewers and Patients access to the documentation related to the Applicant Projects assigned to them, as well as to the profiles of the Applicants and Collaborators linked to those projects, etc. These accesses and communications will rely on the Applications in which the Research Projects are presented, which will be informed to the Users in the legal bases applicable to the corresponding Application.
In addition to the aforementioned, the data may be transmitted to a third party in the following cases:
- In cases where it is provided for by law, to public administrations (for example, courts, security forces, the tax authorities, etc.).
- In the cases established in certain Applications, to the Spanish Research Agency (AEI) for the external evaluation of the projects. All this, without using these data for own purposes, being at any time FCAECC the Data Controller
- To authorised members of the Research Center to which the User belongs, for better knowledge and management if required.
- To the banks and financial entities involved in the processing of payment in cases where payments are made.
- To the providers of FCAECC, being such access necessary for the adequate fulfilment of the legal obligations and/or of the above-mentioned purposes. All this, without these suppliers using the data for their own purposes, being at all times FCAECC the Data Controller.
In case that through the Platform data of third parties are facilitated, as it happens in the case of the Applicants and Research Center Manager with respect to the Collaborators, Grant Manager and Claim Submitters, the above mentioned Users demonstrate to be legally legitimised to do it or, in his case, to have the consent of the affected ones, committing to transfer to these, holders of the above mentioned data, the information contained in the present Policy of Privacy and exempting FCAECC of any responsibility in this sense. However, FCAECC may carry out the necessary verifications to confirm this fact, adopting the corresponding due diligence measures, in accordance with the data protection regulations.
USER RIGHTS
At any time and free of charge, the User may exercise the rights recognised by the Data Protection regulations:
- To withdraw the consents granted.
- Access his/her personal data.
- Rectify inaccurate or incomplete data.
- Request the removal of their data when, among other reasons, the data are no longer necessary for the purposes they were collected.
- Obtain from FCAECC the limitation of the data processing when any of the conditions stated in the data protection regulations are fulfilled.
- Request the portability of his/her data.
- Oppose the processing of his/her data
Also, when the user considers that the FCAECC has violated the rights recognised by the applicable Data Protection regulations, he or she may file a complaint with the Spanish Data Protection Agency or contact the FCAECC using the contact details set out in this document.
To exercise these rights against the FCAECC, it will be necessary to contact the FCAECC by post or e-mail at the addresses indicated above, indicating the right or rights he or she wishes to exercise and his or her status as a User of the Platform. FCAECC will study the request to give the user an answer as soon as possible. Please note that the above rights can only be exercised in the cases provided under Data Protection regulations.
INTERNATIONAL DATA TRANSFERS
For the correct development of the contractual relationship of the Users with FCAECC it is absolutely necessary that the processing of personal data is carried out, partially or totally, outside the national territory. In the case of processing outside the territory, an adequate level of protection will be guaranteed in accordance with the applicable legislation, either because the country of destination offers such guarantee, or because the person or entity in charge of the processing has contractually committed to it.
In any case, we inform the user that the Platform is hosted on the systems of a provider whose servers are located in AWS EU Frankfurt (Germany) and guarantees the compliance with the highest standard of data protection in accordance with European regulations.
SECURITY MEASURES
The data stored will be kept in systems that guarantee maximum confidentiality and security of the information, in accordance with the provisions of the applicable regulations, adopting for this purpose the necessary technical and organisational measures to avoid its alteration, loss, treatment or unauthorised access, taking into account the state of technology, the nature of the data and the risks to which it is exposed.
Last updated: 30 May 2020