ONTOX collect and process your data legally, honestly and transparently, in accordance with the General Data Protection Regulation (GDPR).
ONTOX limits collection of personal data to what is strictly necessary, in accordance with the principle of data minimisation. By means of this policy, ONTOX hereby gives an undertaking to data subjects to maintain a written register of the categories of processing activities performed as data processing manager or subcontractor in respect to ONTOX.
ONTOX: is a research and innovation project funded by the EU Horizon 2020 programme H2020-EU.3.1.5 (Grant agreement ID: 963845) (hereafter designated the ‘Project’).
Project Contact details:
Prof. Mathieu Vinken, Ph.D., Pharm.D., ERT
Department of Pharmaceutical and Pharmacological Sciences
Faculty of Medicine and Pharmacy
Vrije Universiteit Brussel
Consortium: Agreement of understanding between several persons, associations or companies for the purpose of cooperating to carry out one or more economic, financial, scientific or cultural operations intended to fulfil the Project. It endures as long as the activity for which it was established by its founders.
Partner(s): Persons and institutions outside the ONTOX Consortium.
Site: All the content of the different pages and services of the site, accessible using the following URL address: http://www.ontox-project.eu/
User: The person using the Site and services to which the site may give access.
Data subject: Any person whose personal data are processed by ONTOX as part of the project, whether it is a Partner, a Partner’s employee, a User or another party.
Cluster: Three projects funded by the EU Horizon 2020 programme H2020-EU.3.1.5 that forms ASPIS cluster; i.e. ONTOX (Grant agreement ID: 963845), PrecisionTox (Grant agreement ID: 965406) and RISK-HUNT3R (Grant agreement ID: 964537).
INFORMATION AND RIGHTS OF DATA SUBJECTS
ONTOX hereby informs you clearly about how it processes personal data as part of its business activity, how data are collected, used and protected. ONTOX is available to provide data subjects any information about processing carried out as part of the Project.
For any request or complaint about the processing of personal data, it is possible to contact ONTOX GDPR Officer at this e-mail address:
Dr. Danyel Jennen: firstname.lastname@example.org
In particular, any data subject has the right to ask ONTOX:
- For access to the personal data supplied;
- To correct the data;
- To object to the processing, when such processing is based on ONTOX’s legitimate interest and given the particular situation of the data subject;
- To exercise their right to portability of their information.
On the right to portability, ONTOX offers you the option to return all the personal data about a subject, at their express request. The data subject is thus guaranteed better control of their data and retains the possibility of reusing them. These data will be supplied in an open and easily reusable format, directly into the hands of the subject or other data controller when desired and when technically possible.
For it to be accepted, the request message must be accompanied by proof of identity. The data subject may authorise a person of their choice to exercise their rights, provided that this person proves their identity, that of the applicant and the extent of their authority in the form of explicit written evidence.
Any person receiving the newsletter has the option to unsubscribe, unless this person is bound to receive the aforesaid newsletter under its obligations to a Partner. ONTOX ensures an effective unsubscribe link is provided in the Project newsletter.
DATA COLLECTED AND PURPOSES OF PROCESSING
As part of carrying out the Project, the Partners transfer personal data to ONTOX making it possible to identify and contact (first & last name, business e-mail address, photograph) their employees due to their job titles or third-parties involved in the Project, such as experts (hereafter designated the ‘Partners Data’).
In this case, the Partner remains responsible for supplying the legal information to the people involved in the processing operations prior to or when the data are collected.
The purpose of processing Partners Data is:
- To compile files on members of the Consortium and people likely to contribute to the Project due to their job titles or expertise;
- ONTOX manages, monitors and guides the Project in fulfilment of its obligations to the Consortium;
- Communication on the Project;
- Sending a newsletter and information about events related to the Project;
- Compiling statistics related to the Project.
Further, as part of using the Site, ONTOX may collect the following data categories about Users of the Site directly from data subjects (hereafter designated the ‘Users Data’):
1) Identification data (first & last name, telephone number, e-mail address), relating to professional life (organisation, job title), the purpose of which is:
- To respond appropriately to persons wishing to join ONTOX by completing the Site contact form;
- Sending newsletters, as long as the User ticks the box provided to express their acceptance.
Any data collection form states the objectives of gathering these data (purposes) and if these data are compulsory or optional to administer the request. This Confidentiality Policy is freely accessible to the User, who should read it before sending their data to ONTOX.
2) ONTOX follows a standard procedure of using log files. These files log visitors when they visit websites. The information collected by log files includes internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks.
The information is used for analysing trends, administering the site, tracking users’ movement on the website, and gathering demographic information.
ONTOX uses the Google Analytics solution, which uses internal cookies to generate reports on Users’ interactions with the Site. The cookie records information about browsing on the service (pages, date and time viewed).
If the User doesn’t want cookies to be used on their computer, most browsers allow cookies to be disabled through settings options and it is possible to refuse to have cookies saved on their computer. However, in this case, the User is informed that certain services may no longer work correctly.
RECIPIENTS OF DATA
ONTOX complies with the legal rules that prevent, limit or govern the distribution of information or data.
Personal data are collected by ONTOX for internal use only. Under no circumstances will these data be sold, transferred or communicated to third parties under conditions not specified herein.
Based on legal obligations, the personal data of data subjects may be disclosed pursuant to a law, a regulation or in accordance with a decision by a competent regulatory or legal authority. The personal data collected may be added to ONTOX’s database. It may be passed to third parties after being anonymised, solely for statistical purposes.
If your personal data are communicated to a third party (e.g. as a part of ASPIS cluster collaboration), ONTOX will ensure that the third party is bound to apply conditions of confidentiality at least identical to those herein.
The Website uses Social Plugins (Plugins) of different social networks like Twitter/LinkedIn/Facebok/YouTube, which are marked by their logos. When you open a site with these plugins, browser data are transferred to the owners of those social networks. Thus, they are informed that you have opened the respective site. If the User is logged in to one or several of these social networks, these data can be linked to his/her account. The IP address may be logged without being a member of a social network or logging into a network.
Please note that data processing takes place outside the European Union. We have no influence over and take no responsibility for the volume of data transferred through social plugins.
For more information, please look up the data security policies of the respective network:
By logging out of networks before surfing or using privacy protecting software, you can limit the amount of data transferred.
STORAGE OF DATA
Personal data processed are not stored longer than necessary to fulfil the obligations defined by the Consortium. Beyond this period, the data will be anonymised and stored solely for statistical purposes and will not be used in any other way whatsoever.
More generally, data purging procedures are implemented to plan their effective deletion as soon as the storage or archiving duration necessary to fulfilling the predetermined or required purposes is reached.
Any person not actively involved in relation to the processing purposes described over a three-year period will have their data deleted.
Cookies are stored for a maximum period of 13 months after they are first saved on the User’s computer, corresponding to the validity period of User consent to use these Cookies. The lifetime of cookies is not extended by each visit. The User’s consent must therefore be renewed at the end of this period.
In the context of its involvement in the Project, ONTOX may chose one or more subcontractor(s) to undertake specific activities where personal data are processed; these subcontractors are subject to the conditions of this Policy.
ONTOX ensures that any subcontractor or subsequent subcontractor provides adequate contractual guarantees regarding the use of appropriate technical and organisational measures to protect the data of data subjects.
PROCEDURES IN CASE OF SECURITY BREACH DETECTED BY ONTOX
ONTOX undertakes to implement all appropriate technical and organisational measures using physical and logistical security resources to guarantee an adequate security level to meet risks of accidental unauthorised or illegal access, disclosure, alteration, loss or destruction of the personal data collected.
However, ONTOX cannot guarantee that all risks of data misuse are eliminated.
In the event that ONTOX were to become aware of illegal access to personal data stored on its servers or those of its contractors, or unauthorised access resulting in the risks identified above being realised, ONTOX undertakes to:
- Notify the person affected by the incident as quickly as possible, if this meets a legal requirement;
- Investigate the causes of the incident;
Take the necessary reasonable measures to reduce the negative effects and harm that could arise from the aforesaid incident.
CROSS-BORDER AND NON-EU PROCESSING, CONTROL AUTHORITY
ONTOX performs cross-border processing of personal data. ONTOX has partners located in different countries of the European Union. In such cases, ONTOX undertakes to apply the GDPR transfer rules.