Privacy notice

Welcome to the Alzheimer Research Management System (ARMS) privacy notice. ARMS is a platform for managing incoming research grant proposal on behalf of three European Alzheimer research organizations: Fondation Vaincre Alzheimer (France), Alzheimer Forschung Initiative e.V. (Germany) and Alzheimer Nederland (the Netherlands). The ARMS website is accessible through https://www.alzheimer-research.eu/

We respect your privacy and are committed to protecting your personal data. This privacy notice aims to give you information on how we collect and process your personal data during our review of the grant request that you submitted in the ARMS website. 

 

1. IMPORTANT INFORMATION AND WHO WE ARE  

CONTROLLER  

This privacy notice is issued on behalf of Fondation Vaincre Alzheimer (France), Alzheimer Forschung Initiative e.V. (Germany) and Alzheimer Nederland (the Netherlands), who act as joint controllers for the personal data that is processed by means of ARMS, collectively referred to as “we”, “us” or “our” in this privacy notice. 

 

CONTACT DETAILS  

All data privacy issues connected to ARMS will be handled by the European Grant Manager who is responsible for the management of ARMS at any given time. If you have any questions about this privacy notice, including any requests to exercise your legal rights, please contact the European Grant Manager. The European Grant Manager legally represents each of the organizations listed above for the purpose of this privacy notice. 

European Grant Manager ARMS
Based at Alzheimer Nederland (Netherlands)
Email address: [email protected].  
Postal address: Stationsplein 121, 3818 LE Amersfoort The Netherlands

 

You have the right to make a complaint at any time to the data protection authority in your country of residence. For France this is the CNIL (https://www.cnil.fr/professionnel), for the Netherlands de Autoriteit Persoonsgegevens  (https://www.autoriteitpersoonsgegevens.nl/) and for Germany the Landesbeauftragte für Datenschutz, which is competent for the German region in which you reside (https://www.ldi.nrw.de/mainmenu_Service/submenu_Links/Inhalt2/Aufsichtsbehoerden/Aufsichtsbehoerden.php). We would, however, appreciate the chance to deal with your concerns before you approach a data protection authority.

 

CHANGES TO THE PRIVACY NOTICE AND YOUR DUTY TO INFORM US OF CHANGES  

We keep our privacy notice under regular review. This version was last updated on 28 August 2020. Historic versions can be obtained by contacting the European Grant Manager.

It is important that the personal data we hold of you is accurate and current. Please keep us informed if your personal data changes during the period of your collaboration with us.

 

2. THE DATA WE COLLECT ABOUT YOU

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data for which the identity has been removed (anonymous data). We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

 

  • Identity data includes first name, maiden name, last name and title.
  • Contact data includes email address and telephone numbers.
  • Professional data includes role and position in proposed research project, Institution and department name.
  • Research and professional experience data include your past research- and professional experience.
  • Educational history includes a historic overview of your Education.
  • Publication data includes an overview of your past publications. 

 

We also collect, use and share Aggregated data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may draw up statistics from the research grant proposals that we have granted.  

 

IF YOU FAIL TO PROVIDE PERSONAL DATA  

We need to collect the personal data that we ask from you in order to review your research grant proposal and fund your project. If you don’t provide the personal data that we request from you we cannot take your application into consideration and thereby fund your project or provide you with a research grant.

 

3. HOW IS YOUR PERSONAL DATA COLLECTED?

We collect your personal data in the following manner:  

  • Account creation. If you are the principal investigator for the proposed project, you provide us with your Identity data and Contact data when you sign up for an ARMS account;
  • Upon submitting the initial proposal (Letter of Intent) via ARMS. The principal investigator for the proposed research project provides personal data to us when an initial research grant proposal is submitted to us via ARMS. The provided personal data includes all of the categories listed above under 2. 
  • When selected to submit a full application. If the proposed project of which you are a part of is selected for a full application the principal investigator may submit additional personal data to us as part of that full application. This additional personal data may include one or more of the categories listed under 2.

 

4. HOW WE USE YOUR PERSONAL DATA

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances: 

  • Processing is necessary for the legitimate interest of the Institution on behalf of which the research grant proposal has been submitted, provided this interest is not overridden by your legitimate interest and freedoms.
  • Processing is necessary for our legitimate interest provided this interest is not overridden by your legitimate interest and freedoms.
  • Where we need to comply with a legal obligation.

 

PURPOSES FOR WHICH WE WILL USE YOUR PERSONAL DATA  

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.

 

Purpose/Activity

Type of data

Lawful basis for processing including basis of legitimate interest

To enable our contact with a principal investigator on a research grant proposal.

(a) Identity

(b) Contact

Necessary for our legitimate interests (to enable communication in relation to a proposal).

To enable our review of the initial research grant proposal (Letter of Intent).

  1. Identity 
  2. Contact data
  3. Professional data
  4. Research and professional experience data 
  5. Educational history 
  6. Publication data 

Necessary for our legitimate interests (to enable review of the proposal and decision on which proposals/research projects to fund)

To enable our review of the second and final research grant proposal (full application).

  1. Identity 
  2. Contact data
  3. Professional data
  4. Research and professional experience data 
  5. Educational history 
  6. Publication data 

Necessary for our legitimate interests (to enable review of the proposal and decision on which proposals/research projects to fund)

To maintain an archive on all refused and granted proposals.

  1. Identity
  2. Contact data
  3. Professional data
 

Necessary for our legitimate interests (to enable communication in relation to a proposal and evaluation of future funding strategies).

 

CHANGE OF PURPOSE  

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. 

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

 

5. RECIPIENTS OF YOUR PERSONAL DATA

We may share your personal data with the parties set out below for the purposes set out in the table above.

  1. European Grant Manager.
  2. Members of the scientific advisory board of each of our three organizations (our internal research grant proposal reviewers).
  3. External third parties that we may request to participate in reviewing your grant proposal. 
  4. Our hosting party for the ARMS website.

 

We require all parties to respect the security of your personal data and to treat it in accordance with the law.

6.  INTERNATIONAL TRANSFERS

We do not transfer your personal data outside the European Economic Area (EEA).

 

7. DATA RETENTION

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

Details of retention periods for different aspects of your personal data are set out in the table below. At the end of the stated retention period the data will not be deleted but will be anonymized. You may however request erasure at any time (please also refer to your legal rights set out in section 10).

 

Personal data contained in

 

Retention period

Rationale for retention period

Creation of the account in ARMS

  1. Identity
  2. Contact
  3. Professional data

The retention period will depend on the type of user account. User accounts will be deleted in case of prolonged inactivity of which the duration is specified below. In each case before deletion a warning will be sent to the account owner, requesting an active denial of deletion. Should no such denial be sent the account will be suspended.


Applicant:

In case of a rejection of the application the account will be deleted if it is inactive for more than two years after the rejection.




In case of the grant is awarded the account will be deleted if it is inactive for two years after the completion of the project.









The retention period is dependent on the type of account as the frequency of account usage is different amongst the users. For this reason, deletion of the account can be disruptive of the activities of the account holder if all retention periods would be the same.






When the research proposal is rejected the applicant might wish to apply the following year in the new cycle. Should the applicant not apply that year and inactivity lasts until the following cycle the account will be suspended.


During the project the awardee cannot re-apply and the account will therefore be inactive. After the project the awardee cannot in some cases apply for the duration of one year. For this reason, the account should stay active for the duration of the grant plus another two years to allow for a new application or if not used to be deleted.

Application

  1. Identity
  2. Contact
  3. Professional data
  4. Research and professional experience data 
  5. Educational history 
  6. Publication data 

Applications that are awarded will be archived for the duration of the grant/project and prolonged with two years after finalization of the project.





Applications that are denied will be upon deletion of the account of the applicant (after 2 years of inactivity).

The project descriptions are necessary for the organizations whilst the project lasts. In some cases the researcher cannot re-apply in the year after the finalization of the project and will re-apply the year after this. If not the account can be deleted.  


Should the applicant re-apply the following year it is important for the organizations to know that he/she applied in the past, but if the applicant no longer applies, retention of the application is not necessary.

 

8. DATA BREACHES

When there is a data breach and we need to notify you any communication to you will be conducted by and under the authority of the European Grant Manager. He/she will liaise for that purpose with the data protection officers of each of the organizations listed above. 

 

9. AUTOMATED DECISION MAKING

We are not conducting any automated decision making through ARMS.

 

10. YOUR LEGAL RIGHTS

Under certain circumstances, you have rights under data protection laws in relation to your personal data. You have the right to:

Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios:

  • If you want us to establish the data’s accuracy.
  • Where our use of the data is unlawful, but you do not want us to erase it.
  • Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims.
  • You have objected to our use of your data, but we need to verify whether we have overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.

 

WHAT WE MAY NEED FROM YOU  

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

 

TIME LIMIT TO RESPOND  

We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.