BioMedIT Portal data protection and privacy statement

How we collect, manage and process personal and user data in the operation of the BioMedIT Portal (https://portal.dcc.sib.swiss/)

Introduction

The BioMedIT Network is a federated secure IT infrastructure coordinated by SIB Swiss Institute of Bioinformatics and jointly deployed by the University of Basel, ETHZ and University of Lausanne (hereinafter BioMedIT Network).

SIB Swiss Institute of Bioinformatics (SIB, we or us) acts as data controller and as point of contact for data protection matters related to the BioMedIT Portal (https://portal.dcc.sib.swiss/), (hereinafter "BioMedIT Portal").

The purpose of this privacy notice on data protection (hereinafter "Privacy Notice") is to explain the measures taken in terms of personal data processing with respect to the users of the BioMedIT Portal. This Privacy Notice is intended to help You understand how we use or may use the Users’ personal data (hereinafter “User” or “You”) in the context of the BioMedIT Portal.

Please note that research data hosting and processing on BioMedIT nodes are subject to specific agreements and are not governed by this Privacy Notice. This Privacy Notice is not necessarily a comprehensive description of our data processing. It is possible that other data protection statements are applicable to specific circumstances. In particular, processing activities of personal data collected through the website www.biomedit.ch (e.g., web analytics) are governed by the separate privacy notice for the website www.biomedit.ch, accessible at the following address (https://www.biomedit.ch/home/privacy/portal-privacy.html).

By accessing and using the BioMedIT Portal, You acknowledge that You have read, understood and accepted that You are subject to all of the conditions laid down in this Privacy Notice.

Representative

On behalf of SIB:

Personalized Health Informatics Group (PHI)
Elisabethenstrasse 43
CH-4051 Basel
dcc@sib.notexisting@nodomain.comswiss

As group of SIB Swiss Institute of Bioinformatics, the PHI manages both, the SPHN Data Coordination Center and the BioMedIT project.

Personal data

Personal Data means any information concerning an identified or identifiable natural person. This concerns in particular information and information such as name, address or postal address, telephone number or email address, insofar as this contains an indication making it possible to identify the person.

Your rights

As a User, you have the following rights :

  • The right to be informed about how we collect and use data;
  • The right to access the data we hold on you;
  • The right to correct any inaccurate or incomplete data;
  • The right to have your data deleted;
  • The right to restrict processing of your data;
  • The right to obtain a copy of your data;          
  • The right to object to us using your data for a particular purpose;
  • The right to remove consent for using your data;
  • The right to object to automated decisions and profiling.

Depending on the applicable law, the above-mentioned rights may be subject to specific restriction.

Collection and processing of personal data while using the BioMedIT Portal

Insofar as it is permitted to us, we obtain personal data with respect to Users from the following third parties:

  • SWITCH, through SWITCH edu-ID;
  • Staff of the concerned research project (e.g. permission manager, data manager).

We may also process personal data communicated directly by Users, or that we collect from Users when operating our websites (primarily BioMedIT Portal), apps and other applications.

Apart from data you provided to us directly, the categories of data we receive about Users from third parties include, but are not limited to:

  • Name, email, organizational affiliation, project name
  • Permission changes (dates user accounts were added, removed from project)
  • Logs of user actions (e.g., last log in, failed authentications, etc.)

We also process personal data necessary for the display of the BioMedIT Portal on your device connected to the internet that You are using. These include:

  • the IP address,
  • the date and time of the request,
  • the type and version of the internet browser,
  • the operating system used.

Purpose of Data Processing and Legal Grounds

We primarily use collected data in order to conclude and process contracts with our partner institutions and Users, in particular in connection with services to provide to our partner institutions and Users a secure platform for research using sensitive data and the procurement of services from our suppliers and subcontractors, as well as in order to comply with our domestic and foreign legal obligations. You may be affected by our data processing in your capacity as an employee of such a partner institution.

Log files are collected for the sole purpose of administering the BioMedIT portal, simplifying and improving its management and identifying and preventing unauthorized access or other security breaches.

In addition, in line with applicable law and where appropriate, we may process your personal data and personal data of third parties for the following purposes, which are in our legitimate interest, such as:

  • providing and developing our products, services and websites, apps and other platforms, on which we are active;
  • asserting legal claims and defense in legal disputes and official proceedings;
  • prevention and investigation of criminal offences and other misconduct (e.g. monitor activities in our secure spaces and ensure a high level of compliance and security);
  • ensuring our operation, including our IT, our websites, apps and other appliances;

If you have given us your consent to process your personal data for certain purposes, we will process your personal data within the scope of and based on this consent, unless we have another legal basis, provided that we require one. Consent given can be withdrawn at any time, but this does not affect data processed prior to withdrawal.

Access to Personal Data by third parties

In the context of the BioMedIT Portal activities and in line with the purposes of the data processing set out above, we share Users’ personal data with:

  • the BioMedIT Network partner institutions (SIB, University of Basel, ETHZ and University of Lausanne), to the extent it is necessary to provide Users with the services offered by the BioMedIT Portal;
  • staff members within a research project a user is an affiliate of .

We may also share Users’ personal data to third parties, insofar as such a transfer is permitted and we deem it appropriate, in order for them to process data for us or, as the case may be, their own purposes. In particular, the following categories of recipients may be concerned: 

  • Users’ affiliation institutions, in particular in the event of violation of our rules of use or security;
  • our service providers (such as e.g. external IT providers);
  • dealers, suppliers, subcontractors and other business partners;
  • domestic and foreign authorities or courts;
  • other parties in possible or pending legal proceedings;

together Recipients.

Recipients are usually located within Switzerland. However, they may also be located in any country worldwide. In particular, you must anticipate your data to be transmitted abroad if the project leader or other key staff (Data Managers, Permission managers etc.) of the project you are involved in is located abroad.

If a recipient is located in a country without adequate statutory data protection, we require the recipient to undertake to comply with data protection, unless the recipient is subject to a legally accepted set of rules to ensure data protection and unless we cannot rely on an exception. An exception may apply for example in case of legal proceedings abroad, but also in cases of overriding public interest or if the performance of a contract requires disclosure, if you have consented or if data has been made available generally by you and you have not objected against the processing.

Cookies

We do not use cookies other than those essential to display the BioMedIT Portal website.

Data retention

We process and retain your personal data as long as required for the performance of our contractual obligation and compliance with legal obligations or other purposes pursued with the processing, i.e. for the duration of the entire contractual relationship (from the initiation, during the performance of the contract until it is terminated) as well as beyond this duration in accordance with legal retention and documentation obligations. Personal data may be retained for the period during which claims can be asserted against Us or insofar as We are otherwise legally obliged to do so or if legitimate interests require further retention (e.g., for evidence and documentation purposes). As soon as your personal data are no longer required for the above-mentioned purposes, they will be deleted or anonymized, to the extent possible.

Security

We have implemented standard security measures (of a technical and organizational nature) in accordance with standard regulations, taking into account the risks involved in protecting information from any accidental or intentional manipulation, loss, destruction or communication, or from all non-authorized access.

Data Protection Officer and European representative

If you have any questions or a request in relation to the processing of your personal data by SIB, You can contact Us at the following address: dcc@sib.notexisting@nodomain.comswiss. You can also contact SIB’s Data Protection Officer (DPO): dpo@sib.notexisting@nodomain.comswiss.

To comply with the General Data protection Regulation (2016/679) We have appointed a European representative. If you wish to contact them, their details are as follows:

Bird & Bird GDPR Representative Services SRL

Avenue Louise 235

1050 Bruxelles

Belgium

Eurepresentative.notexisting@nodomain.comSIB@twobirds.notexisting@nodomain.comcom

Reservation of modifications

This Privacy Notice may require periodic updates, including as part of the evolving regulatory framework for data protection. We invite You to check this page regularly to make sure You have read the latest version.

Last update: 14  November 2023

Place of jurisdiction and applicable law

The legal relationship between You and Us with regard to accessing and using the BioMedIT Portal and any resource connected to it is governed by Swiss substantive law, excluding international private law regulations. Any dispute, controversy, or claim arising out of, or in relation to, this Privacy Notice shall be submitted to the exclusive jurisdiction of the competent Courts of the Canton of Vaud, Switzerland.

Effectively as of: 14 November 2023

We use cookies to help give you the best experience while browsing our website and to collect visitor statistics. By using the BioMedIT website, we assume that you agree to their use.
Read our privacy statement.