The data collected from registered and non-registered users of the CS TRACK project fall within the scope of the standard operation of research projects funded under H2020.
The research team uses this information to guide its work in communicating and creating a community of interest in Citizen Science. The authors of the entries and information published both on the website and on the Community Platform are responsible for the data on individuals that may contain or appear in their communications.
The researchers of the CS TRACK project comply with industry standards of data privacy, specifically the provision of the European Union’s General Data Protection Regulation (GDPR) for “data subject rights” which include (a) notice of breach; (b) right of access; (c) right to be forgotten; (d) data portability; and (e) privacy by design. The GDPR also allows for the recognition of the “public interest in the availability of the data”, which is of relevance to those involved in maintaining, with the greatest possible integrity, the public record of scholarly publications.
Who is responsible for the data?
- The person responsible for the processing is the IP of the Ciberimaginario Research Group of the Rey Juan Carlos University.
- Contact: firstname.lastname@example.org
What information do we collect and for what purpose do we process your data?
- Send communications about the results of the project and the activity of the community.
- Guide users on models of community participation.
- Improve the retrieval of information and content of interest by users through the collection of aggregated data on their behaviour on Community Platform.
- Manage the correspondence with the users of the community of interest.
- Send information and informative communications related to the scientific research, the areas of interest and focus of the project through various means, including the project newsletter, managed by means of the external application Mailchimp.
- To carry out statistical studies related to the areas of interest and the focus of the project.
How long do we keep your data?
The personal data provided will be deleted at the end of the project and the deletion is made in accordance with the provisions of Regulation EU 2016/679 of the European Parliament and of the Council of 27 April 2016, (Art 17, 1a)
What is the legitimacy for the processing of your data?
The legal basis for the processing of your data is the provision of information service on the Community Platform and/or consent of the person concerned
In order to send you newsletters via the e-mail address you provide in order to contact you personally or to recognise you on your next visit, we rely on your informed consent.
The treatment of the information that our cookies collect is based on the informed consent that you give us, in accordance with current legislation.
To which recipients will your data be communicated?
Data may be shared with CS Track project partners on an anonymous, aggregated basis, with appropriate exceptions, such as community publication metrics.
Personal metadata linked to the publication of an article (authors’ names, professional affiliation, country) are deposited and distributed, associated with those of the public content of the publication.
The data will not be transferred or sold, nor will they be used for purposes other than those established here.
Is there an obligation to provide data or any consequences it not doing so?
Failure to provide the data explicitly requested will prevent registration and participation on the community platform, sending messages and exploring the results of the project.
How do we protect your data?
The CS Track project’s website and community platform use information security techniques generally accepted in the industry, such as firewalls, access control procedures and cryptographic mechanisms, all with the aim of preventing unauthorized access to data. To achieve these purposes, the user accepts that the provider obtains data for the purposes of the corresponding authentication of access controls. All information is always transmitted via secure communication protocol (https, SSL), so that no third party has access to the information transmitted electronically.
All personal data is stored securely in accordance with the general EU data protection regulation (Regulation (EU) 2016/679) (GDPR).
What are your rights when you provide us with your data?
Data subjects have the right to access their personal data, as well as the right to request that inaccurate data be corrected or, where appropriate, that it be deleted. The deletion of the minimum data required to be registered on the platform (username, first name and surname, and e-mail) will result in the effective removal of the user profile from the platform.
You have the right to file a complaint with the Control Authority – Spanish Data Protection Agency.
How to exercise your rights?
Right to withdraw consent: You have the right to withdraw your consent sending a request or message to the address email@example.com
Right to complain to the Control Authority: Spanish Data Protection Agency (AEPD), www.agpd.es
Cookies will only store the information necessary to make the platform usable by activating basic functions such as page navigation and access to secure areas of the site. The platform could not function properly without these cookies. Some of these will be:
- Request Verification Token. It will help prevent cross-site request forgery (CSRF) attacks. Session expiration, type http.
- Session Id: Keeps user statuses on all page requests. Session expiration, type http.
- Auth. Identifies the user and allows authentication with the server. Session expiration, type http.
- Consent. Stores the user’s cookie consent status for the website and platform domain. 1-year shelf life, http type.
- Identification. Identifies the user’s session. Persistent expiration, html type.
- Funt. It serves to calculate load balancing, web content delivery and DNS server connection for web operators. Session expiration, type http.
- Session. Keeps user statuses on all page requests. Session expiration, type http.
- loggedin. Records whether a user is online, making it inaccessible some parts of the platform, based on the user’s connection status. 1-year shelf life, http type.
The following will be used for preference setting:
- Userlang. Remembers the language selected by a user to display a web page. Expiration of 1 year, type http.
The following ones will be used for the analysis of the statistics:
- _ga [x4]. Records a unique ID that is used to generate data
- statistics about how the visitor uses the website. Expiration of 2 years,
- type http.
- gid [x4]. Records a unique identification that is used to generate data
- statistics about how the visitor uses the website. Expiration of 1 year,
- type http.
- _sid. Unique ID identifies the user on recurring visits. Persistent, type html.
- _currentTime [x2] Records the date and time of the user’s last visit to the
- website. Session expiration, html type.
- _sid. Unique ID identifies the user on recurring visits.
Web metrics analysis
The website’s servers will automatically detect the IP address and domain name used by the user. An IP address is a number that is automatically assigned to a computer when it connects to the Internet. All this information is recorded in a server activity file that allows subsequent processing of the data in order to obtain only statistical measurements that allow us to know the number of page impressions, the number of visits made to the web services, the order of visits, the point of access, etc. For this purpose, both internal WordPress analytical systems and the external service of Google Analytics are used.