Data reuse

Information Notice about processing of personal data within the KidneySign Project

In accordance with Article 14 of the General Data Protection Regulation (GDPR) and in application of Article 14.5b, this information notice informs about the principles of processing personal data within the KidneySign Project. Additional details can be obtained from the Data Protection Officers (DPO) of each Joint Controller or by accessing the institution website.
Institution Principal investigator Data Protection Officer (DPO)
RD-Nephrologie
Angel Argilés 
argiles [at] rd-n.org
 dpo [at] rd-n.org
Inserm
Julien Klein 
julie.klein [at] inserm.fr
 dpo [at] inserm.fr
Medical University Innsbruck
Sara Denicolo 
sara.denicolo [at] i-med.ac.at
 datenschutzbeauftragter [at] i-med.ac.at
University of Erlangen-Nürnberg
Harald Rupprecht 
harald.rupprecht [at] klinikum-bayreuth.de
 datenschutz [at] klinikum-bayreuth.de
University Hospital Aachen
Vera Jankowski 
vjankowski [at] ukaachen.de
 datenschutzbeauftragter [at] ukaachen.de
University of Skövde
Jane Synnergren 
jane.synnergren [at] his.se
 dataskyddsombud [at] his.se
  1. The Joint Controllers of the Personal Data are described in table 1 (above).

  2. Data subjects may contact the Joint Controller or its Data Protection Officer (DPO) designated in table 1 regarding personal data processing and exercise of rights related to personal data processing. The Data Protection Officers are also obliged to provide information on arrangements with the Joint Controllers.

  3. The Joint Controllers cooperate within the ERA-PerMed KidneySign Project to perform research on Personalised Medicine in Chronic Kidney Disease. The Joint Controllers process personal data to carry out the Project (clinical research) and to comply with the legal duties applicable to each Joint Controller and resulting from the applicable domestic laws.

  4. The scope and type of data processing, the objectives and methods of processing, including the involvement of the Joint Controllers in those processing as well as the categories of data recipients are described in Joint Controller Agreement.

  5. The Joint Controllers may process the collected personal data for periods required to perform the Project and obligations set forth in the consortium agreement concluded between the Joint Controllers and/or in the grant agreement concluded between each Joint Controller and National Funding Agencies.

  6. Data subjects shall be entitled to the rights available to them pursuant to applicable laws, including:

    1. to access to their personal data – which means that right to obtain from a Joint Controller a confirmation if their personal data are processed. If their data are processed, such data subjects are entitled to get access to their data and to obtain the following information: the purposes of the processing; the categories of personal data concerned; the recipients or categories of recipient to whom the personal data have been or will be disclosed, the envisaged period for which the personal data will be stored or the criteria used to determine that period; the existence of the right to have the personal data corrected, erased or to restrict the processing of personal data and the right to object to the processing of the personal data (Article 15 of GDPR);

    2. to obtain a copy of the personal data being processed (Article 15.3 of GDPR);

    3. to have incomplete personal data corrected, including by means of providing a supplementary statement (Article 16 of GDPR);

    4. to have their data deleted if a Joint Controller no longer has a legal basis to process the data or the data are no longer required to comply with the objectives of processing (Article 17 of GDPR);

    5. to have the processing restricted when: a data subject questions the accuracy of the personal data – for a period allowing the inspector to verify the accuracy of the data; the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; the Joint Controller no longer needs the personal data but they are required by the data subject for determining, pursuing and defending against any claims; the data subject has objected to processing pending verification as to whether the legitimate grounds of the Joint Controller override those of the data subject;

    6. to data portability – that is the data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a Joint Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller if the processing is based on consent of the data subject or on a contract concluded with the data subject and when the processing is carried out by automated means (Article 20 of GDPR);

    7. the right to object to processing of their personal data for legitimate objectives of the Controller on grounds relating to their particular situation, including profiling. Then the Joint Controller will have to demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims. If, following such review, the interests of the data subject override the interests of the Controller, the Controller shall be obliged to discontinue the processing of the data in connection with objectives (Article 21 of GDPR);

    8. the right to lodge a complaint with a supervisory authority if they consider that the processing of their personal data does not comply with of GDPR (Article 77 of GDPR).


  7. The sharing of personal data among Joint Controllers and with recipients listed in table 1 during the Project is required for Joint Controllers to perform their duties.

  8. The scope of processed data shall be restricted to the minimum required to perform the Project. The collected data will not be used for any other purposes than those specified in table 2.

  9. The personal data processed for the purposes specified herein may be transferred to third countries pursuant to Article 45 of GDPR – on the basis of an adequacy decision of the Commision; or pursuant to Article 46.2.c) of GDPR – on the basis of standard data protection clauses adopted by the Commission in accordance with the examination procedure in Article 93.2 or pursuant to Article 49 of GDPR. A copy of standard data protection clauses referred to in the preceding sentence shall be provided when so requested by a data subject.

Search
This website may use cookies and external scripts. More information