Login Request access

ARIA Identity and Security Service Privacy Policy

The privacy and security of your personal data are very important to us. This Privacy Policy explains how and why we use your personal data, and what actions we take so that you can be confident about sharing that information with us.

This Privacy Policy applies to the personal data processed by the ARIA IDSS when you create an account or log on to the service.

WHAT IS ARIA IDSS?

The ARIA Identity and Security Service (“ARIA IDSS”) is an authentication service operated by Instruct-ERIC, the European Research Infrastructure for Structural Biology, and made available to research infrastructures all over the world (“Connected Organisations”), as an identity and security service for the access to the online services provided by those Connected Organisations. Ownership of an ARIA IDSS account allows you to log in to the different Connected Organisations, both those using the ARIA Platform or otherwise providing their online services, as applicable. These Connected Organisations include both external research organisations (“External Organisation”), and our own Instruct-ERIC website giving access to a membership platform.

The ARIA IDSS software and databases are maintained by Instruct-ERIC. Instruct-ERIC, being the data controller for the purpose of this Privacy Policy, complies with the General Data Protection Regulation (Regulation EU of 27 April 2016), and all other data protection laws of the European Economic Area (“EEA”), the laws in force in the EEA member states, and any other legal instrument for international data transfers, each as applicable, and as may be amended or replaced from time to time (“Applicable Data Protection Legislation”).

The accuracy of your information is important to us. If you change your email address, or if any of the other personal data we hold on you is inaccurate or out of date, please update your online profile on the ARIA IDSS. If you have difficulties updating your information, please contact us at support@instruct-eric.eu.

WHO ARE 'WE'?

In this Privacy Policy, whenever you see the words “we”, “us”, “our”, it refers to Instruct-ERIC, Oxford House, Parkway Court, John Smith Drive, Oxford, OX4 2JY, UK. Instruct-ERIC was established in July 2017 according to European ERIC Council regulation number 723/2009, implementation reference 2017/C 230/01.

Any questions relating to this Privacy Policy or on how we use your personal data should be sent to GDPR@instruct-eric.eu or addressed to Instruct Admin Team, Oxford House, Parkway Court, John Smith Drive, Oxford, OX4 2JY, UK.

WHAT PERSONAL DATA DO WE COLLECT?

Personal data is defined as any information or the combination of information that identifies you or can be identified as relating to you personally. For the purpose of the ARIA IDSS, we identify three categories of personal data we might collect about you.

1. CONTACT INFORMATION

In order for you to register an ARIA IDSS account, we only request the information strictly necessary for this purpose. This information consists in particular of (1) your email address, (2) first name and (3) last name, all three required for the initial identification purposes. This information may be requested directly from you or may be obtained indirectly from the organisation you choose for the purpose of logging in to the ARIA IDSS, such as your Google account or your home university account.

Upon registering an account, the ARIA IDSS will generate a randomusername by which you can be identified by Connected Organisations using the ARIA IDSS. This will be randomly generated, independent from any personal data that you have provided to us.

2. ADDITIONAL INFORMATION

In order to facilitate the transmission of your personal data to the Connected Organisations for which you might apply via your ARIA IDSS account, you will be allowed to store additional information on the ARIA IDSS. You will be free to share that additional information with the Connected Organisations on a case by case basis. This implies that the information will never be shared with the Connected Organisations unless you provide us with your explicit and specific consent regarding a particular transfer.

For this purpose, you can volunteer personal data, including your nationality, your country of residence, your employing organisation, avatar, relevant specialisations, etc. This information may be requested directly from you or may be obtained indirectly from the organisation you choose for the purpose of logging in to the ARIA IDSS, such as your Google account or your home university account.

3. TECHNICAL DATA

We collect and store full IP addresses, your browser type, operating system and the specifications of the hardware you use to access the ARIA IDSS. These data are stored within ARIA IDSS, for security reasons. The concerning data may among others be collected by automated means, such as for example cookies.

HOW WE USE YOUR PERSONAL DATA

We never sell your personal data and we will not pass your information on to a third party, except to external service providers that help us provide ARIA IDSS, or with your explicit and specific consent to the Connected Organisations, in the manner indicated in this Privacy Policy.

We use your personal data for the following purposes:

1. IDENTIFICATION AND SECURITY

In order to provide the ARIA IDSS identification and security services in relation to you, we collect, store and process your contact information as stated above.

The processing of the contact information is necessary for the performance of the agreement you conclude with us for the provision of the identification and security services. You remain free at all times to choose whether or not you want to share your contact information. However, if you decide not to share this information with us, we will be unable to perform the necessary identification and security services and you will be unable to register an ARIA IDSS account.

2. STORING OF PERSONAL DATA

ARIA IDSS allows for you to store relevant information, including personal data, to later share this information when registering with the Connected Organisations, in particular, Instruct-ERIC services and/or services made available by External Organisations. The relevant personal data consists of the ‘2. Additional information’ as indicated above in this Privacy Policy.

The relevant personal data will only be collected based on your consent. You are free to revoke at any time, any consent you have given to us in the manner set out below under the title ‘Your data protection rights’. Please note that if you have consented to transfer any of these data to a Connected Organisation but later remove the data from ARIA IDSS it will not necessarily lead to the automatic removal of the data held by the applicable Connected Organisations.

3. FACILITATING THE TRANSFER OF PERSONAL DATA

When you access a Connected Organisation that uses ARIA IDSS as its identification and security service, for example when registering for a specific project or service, the Connected Organisation might prompt you with a request for relevant personal data stored on the ARIA IDSS. The relevant personal data refers to both the ‘1. Contact information’ and the ‘2. Additional information’ that you have chosen to store on the ARIA IDSS.

The requested personal data will be made clear to you at the moment of accessing the Connected Organisation and you will be asked to grant your explicit and specific consent before any data can be transferred by us to the applicable Connected Organisation. Your consent will only be relied on for the transfer to the specifically selected Connected Organisation, meaning that your consent will be asked for all subsequent transfers to other Connected Organisations you wish to connect your ARIA IDSS account to.

4. ESSENTIAL SYSTEM NOTIFICATIONS

We may additionally contact you with essential system notifications, including notifications regarding any changes to this Privacy Policy, ARIA IDSS service maintenance and availability information, etc. We will normally contact you for this purpose via the email address you provided us with when registering your ARIA IDSS account. We might occasionally contact you via other means of communication such as a notification banner on the ARIA IDSS.

For the purpose of providing you with essential system notifications, we base ourselves on our legitimate interest to keep you informed regarding the functioning of the ARIA IDSS.

5. DEVELOPMENT AND UPDATES

We collect and process technical data based on our legitimate interest to deliver and improve our security services in relation to you and the applicable Connected Organisations. This data is processed and stored for the purposes of detecting and preventing unauthorised system access and ensuring system security.

YOUR DATA PROTECTION RIGHTS

Under the Applicable Data Protection Legislation, you are entitled to exercise certain rights in relation to your personal data stored and processed by us.

If you would like further information on your rights or wish to exercise them, please write us at Instruct Admin Team, Oxford House, Parkway Court, John Smith Drive, Oxford, OX4 2JY, UK, or contact us at GDPR@instruct-eric.eu. We ask of you to properly identify yourself when exercising your data protection rights in order to enable us to execute your request within the provided delays.

The exercise of your rights is free and will be executed within one (1) month of the receipt of your request to exercise your rights. This delay may be extended with an additional two (2) months for a total delay of three (3) months, should your request prove to be particularly complex. If we decide to extend the delay, you will always be informed of this decision in due time.

In those cases where we deem your request to exercise your rights manifestly unfounded or excessive, we reserve the right to charge you an administrative fee for the execution of your request or to refuse to act on your request. You will always be informed within the abovementioned timeframe of one (1) month of our decision.

Please note that exercising your right to rectification, right to erasure, right to restrict the processing of your right to object to processing in relation to us, will not necessarily result in the same effect with any of the External Organisations you have linked your ARIA IDSS account to. You will need to contact the applicable External Organisation directly to make any of the aforementioned requests, as the concerning External Organisation will be considered a separate controller of such information.

Keep in mind that the data protection rights may not apply or not apply in the same manner to you if you are based outside the European Economic Area (EEA) or may be limited in some circumstances by local legal requirements including the Applicable Data Protection Legislation. However, we strive to maintain the standards set out in the Applicable Data Protection Legislation and this Privacy Policy for all personal data we process.

1. WITHDRAWAL OF CONSENT

You have the right to withdraw your consent at any time where you have previously given us your consent for such processing. Withdrawing your consent will not impact the validity of the lawful processing activities performed on your personal data before exercising your right of withdrawal.

Please note that, should you decide to unlink your ARIA IDSS account from the Connected Organisations by simply withdrawing your consent, this will result in the connection between both services being severed. Consequently, the Connected Organisation will be unable to draw new data from the ARIA IDSS. However, your personal data stored and processed on the service managed by the Connected Organisations will remain unaltered unless you take further action regarding your personal data. Furthermore, all the processing activities as set out in this Privacy Policy will continue as stated.

2. RIGHT OF ACCESS

You are entitled to request a copy of the data we process and hold on you. If we process and/or hold personal data about you, you will receive a copy of the information in an understandable format together with an explanation of why and how we hold and use it. 

Additionally, you can ask to receive information regarding the recipients or categories of recipients to whom your personal data has been disclosed, including any recipients from third countries, meaning countries outside the EEA. For the personal data sent to third countries, you will be entitled to receive information regarding the appropriate safeguards we have taken in order to ensure the security of your data. For more information regarding the transfer of your personal data to third parties and/or third countries, we refer to the relevant sections below.

3. RIGHT TO RECTIFICATION

You have the right to ask us to correct your personal data. This includes the right to have us correct spelling mistakes, change an address, email addresses, phone numbers, etc.

Additionally, depending on the purposes of the processing, you have the right to complete any incomplete information we process or hold on you.

You are also able to perform the aforementioned actions yourself on the profile management pages on the ARIA IDSS.

Please note that any rectification of your data on the ARIA IDSS might not lead to the same effect on services provided by the Connected Organisations.

4. RIGHT TO ERASURE

You have the right to request the deletion of a part or the whole of the personal data we process or hold on you, including your ARIA IDSS account. We can object to the deletion if the processing of your data is necessary for the exercise of our freedom of expression or information, to comply with legal obligations, for reasons of public interest or for the establishment, exercise or defence of legal claims, whenever applicable.

Should you decide to exercise your right to permanently delete your ARIA IDSS account, you will no longer be able to log in to the ARIA IDSS or access the other services it provides. Furthermore, you might lose access to the historical record of any proposals that you may have submitted to any Connected Organisations, previously accessible via your ARIA IDSS account.

You are able to delete your account directly, using the profile management pages of the ARIA IDSS. After deletion, the ARIA IDSS will retain the permanent randomly generated username to prevent its reassignment following account deletion.

Please note that deleting your ARIA IDSS account does not necessarily delete all the personal data you have released to the Connected Organisations. We have put in place the appropriate measures in order to inform the Connected Organisations of your exercise of the right to erasure. However, if you subsequently wish to delete personal data from such a Connected Organisation, you will need to contact that service directly to make this request.

If the Connected Organisation is Instruct-ERIC you can make a combined request for deletion of all the information we hold on you, including the ARIA IDSS information and the information we hold on you as a Connected Organisation, by contacting us via the contact information we provided in the general part of this section.

5. RIGHT TO RESTRICT THE PROCESSING

You have the right to restrict our processing of your personal data. Please note that in exercising this right the relevant personal data will remain in our possession, but we will not be able to further process it.

6. RIGHT TO OBJECT TO THE PROCESSING

In those cases where we process and collect your personal data based on our legitimate interest, you have the right to object to our processing of such data. Please note that if you decide to exercise your right to object to our processing of your personal data, we have the right to provide you with our legitimate grounds in order to continue the processing of your data. Our decision to continue the processing of your personal data does not preclude you from filing a complaint at the relevant data protection authority as set out further below.

7. RIGHT TO DATA PORTABILITY

You are entitled to receive the personal data we process or hold on you in a structured, commonly used and machine-readable format. Furthermore, you have the right to have these personal data transmitted to another data controller, unless we consider this action not to be technically feasible.

RETENTION PERIOD

Your personal data are only processed for as long as needed to achieve the purposes which are described above or, when we asked for your consent, up until such time where you withdraw your consent. In this section we provide you with the information you need to assess how long we will keep your personal data identifiable. As a general rule, we will de-identify or delete your personal data when they are no longer necessary for the purposes outlined above or when the retention period as explained in this article has expired. However, we cannot de-identify or delete your personal data if there is a legal or regulatory obligation or a judicial or administrative order that prevents Instruct-ERIC from de-identifying or deleting them.

All personal data we collect through the creation of an ARIA IDSS account will be stored and processed at least for as long as your ARIA IDSS account remains active.

All personal data we collect through our interactions with you via the website, phone, e-mail and other digital communication channels are stored and processed for as long as required to communicate with you, but also to keep a historical archive of our communications. This allows us to revert back to earlier communications if you return to us with new questions, requests, remarks or other input.

All personal data we collect in the context of a contractual relationship with you or the organization you represent, we will keep for the duration of the contractual relationship and at least until 7 years thereafter. 

We retain the technical data for the period of time necessary for the purposes set out above, including to investigate issues relating to the ARIA IDSS service. We delete any unused technical data collected and processed after 180 (one hundred eighty) days.

 

 

TRANSFERS OF DATA TO THIRD PARTIES

Your personal data processed under this Privacy Policy can be shared with the Connected Organisations, including the Instruct-ERIC services and the services organised by the External Organisations. As indicated above, this information is only shared on the basis of your consent.

For the functioning of the ARIA IDSS services, we can additionally share your personal data with external service providers acting as our processors for the purpose of storage, security and identification. We will always make sure that the appropriate safeguards are put in place in relation to these external service providers, in order to ensure the safe transfer and storage of any personal data you make available to us through the ARIA IDSS service. We specifically make use of Amazon Web Services (AWS) in order to host our ARIA IDSS.

Your personal information can be shared with judicial or administrative authorities or any other authorities or third parties, regardless of their qualification under the applicable national law, if the transfer of personal data is necessary or obligatory to fulfil any legal obligations imposed on us by any applicable laws and regulations.

Please contact us, should you require more information regarding the third-party recipients, so that we can help you, however possible.

 

INTERNATIONAL DATA TRANSFERS

1. WITHIN THE INSTRUCT-ERIC FRAMEWORK

The personal data we collect from you via the ARIA IDSS can be transferred to or be stored at Instruct-ERIC physical locations which might be established both inside and outside the EEA for the processing purposes as set out in this Privacy Policy.

Furthermore, when subscribing to the Instruct-ERIC services, offered as a Connected Organisation, by giving your explicit consent to share your personal data, the applicable personal data might be shared with services or projects taking place in associated countries, not forming part of the EEA but part of Instruct-ERIC, or international organisations part of the Instruct-ERIC framework.

For a full and updated list of our Instruct-ERIC locations over the world, our associated country members of the Instruct-ERIC framework, including the members qualifying as an international organisation, please see https://instruct-eric.eu/countries or contact us at GDPR@instruct-eric.eu.

We ensure that the appropriate safeguards necessary for the safety and security of your personal data are in place for all personal data processed and transferred within the Instruct-ERIC framework, including at our facilities outside the EEA. Instruct-ERIC has concluded the necessary agreements with its members to ensure appropriate safeguards necessary for the safety and security of your personal data. These agreements include the standard data protection clauses adopted by the European Commission.

2. EXTERNAL ORGANISATIONS

Your personal data might be shared with External Organisations offering services on the ARIA platform, established in a country located outside the EEA. As set out above, this personal data will only be transferred based on your explicit and specific consent. For the purpose of transferring this personal data, we make certain that the appropriate safeguards are put into place in order to ensure that the level of protection provided by the Applicable Data Protection Legislation is guaranteed. This is done by sharing your personal data only with External Organisations established in third countries which have been deemed to provide an essentially equivalent protection of your personal data by the European Commission or, where applicable, by concluding an agreement containing the standard contractual clauses drafted by the European Commission.

3. EXTERNAL SERVICE PROVIDERS

Lastly, your information might also be shared with external service providers located outside the EEA in order for ARIA IDSS to be able to perform the processing activities set out above in the most secure manner possible. This is done by only sharing your personal data to external service providers established in third countries which have been deemed to provide an essentially equivalent protection of your personal data by the European Commission or, where applicable, by concluding an agreement containing the standard contractual clauses drafted by the European Commission. These external service providers will wherever possible be considered data processors of ARIA IDSS.

For an updated list of external service providers located in countries outside the EEA, we invite you to contact us via the contact information provided above.

DATA SECURITY

We protect your personal data by providing the appropriate technical and organisational security measures to minimise the risk of data loss, misuse, unauthorised access, unauthorised disclosure or unauthorised alteration. For this purpose, we use, among others, firewalls, data encryption procedures, internal authorisation procedures in order to receive access to your ARIA IDSS account, etc.

These measures are under constant revision and will be updated regularly in order to provide the necessary guarantees.

 

AMENDMENTS

We may update this this Privacy Policy from time to time. But when we do, we’ll let you know one way or another. Sometimes, we’ll let you know by revising the date at the top of the Privacy Policy that is available on our website or through our applications or other tools. Other times, we may provide you with additional notice (such as adding a statement to our website’s homepage or providing you with an email notification). Modified versions will have immediate effect, unless stated otherwise.

WHAT TO DO IF YOU ARE NOT HAPPY

The Applicable Data Protection Legislation gives you the right to file a complaint with your local supervisory authority (depending on your place of residence, your place of employment or the place of infringement on data protection law) or with the lead Supervisory Authority being the Information Commissioner’s Office (ICO). You can contact the ICO if you have any questions about Data Protection or wish to file a complaint against Instruct-ERIC. You can contact them using their helpline 0303 123 113 or at www.ico.org.uk.

However, we would appreciate it if, prior to filing any complaint, you contact us in order for us to assist you however possible with your requests or concerns.

USE OF COOKIES ON ARIA IDSS

When you log in using ARIA IDSS, your computer may be issued with a small file (a "cookie") for the purpose of managing and improving the services on the website.

You can set your browser to refuse cookies or warn you before accepting them. However, some cookies may be essential to the operation of the site and if you refuse such cookies, then some or all of the website may not work properly or may be unavailable to you. For example, if you refuse to accept the website authentication cookies you may not be able to log into ARIA IDSS.

For an up-to-date list of cookies, please refer to our cookie policy at https://instruct-eric.eu/aria-idss-cookie-policy.

 

ARIA IDSS Privacy Policy version 1.0 updated 11 May 2020

 

COUNTRIES

17COUNTRIES
CENTRES

11CENTRES
FACILITIES

23FACILITIES
SERVICES

81SERVICES
USERS

9384 USERS

PUBLICATIONS

1929 PUBLICATIONS