protonmail-verification=b75cd457bf1b40b74b4827e4c6e319fc096789b3
top of page
markus-spiske-iar-afB0QQw-unsplash.jpg

privacy notice

Our project Remote Ethnography of Xinjiang Uyghur Autonomous Region (REMOTE XUAR) is committed to protecting privacy and ensuring the security of personal data. In adherence to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation, GDPR), we present this privacy notice to outline the conditions under which personal data are processed, i.e. the principles guiding the collection, storage, use, dissemination or otherwise making available, and safeguarding of personal data within our research project.

 

​

1. ​Personal Data Controllers and Contact Details

 

As this project is run by three partner institutions, the project involves so-called joint controlling which refers to a situation where multiple entities jointly determine the purposes and means of processing personal data, together called the Joint Controllers. In this context, the following institutions are jointly responsible for the processing of personal data:

 

Joint Controller 1: Palacký University Olomouc (UP)

​

  • Representative: Prof. MUDr. Martin Procházka, Rector

  • Contact Details: KÅ™ížkovského 511/8, CZ-779 00 Olomouc, Czech Republic

  • Information on data protection available at Data protection

 

Joint Controller 2: The Université libre de Bruxelles (ULB)

​

  • Representative: Prof. Annemie Schaus, Rector

  • Contact Details: Avenue Roosevelt 50, 1050 Brussel, Belgium

  • Information on data protection available at Mentions légales (in French only)

 

Joint Controller 3: Julius-Maximilians-Universität Würzburg (WU)

​

 

​

2. Data Protection Officers (DPOs)

 

Each joint controller has appointed a Data Protection Officer who is responsible for overseeing compliance with data protection laws and ensuring the protection of personal data. The DPOs are available to address any questions or concerns data subjects may have regarding the processing of their personal data.

 

Data Protection Officer for Joint Controller 1 (UP):

​

  • Name: Dominika MoÅ¥ková

  • Contact Details: dpo@upol.cz

 

Data Protection Officer for Joint Controller 2 (ULB):

​

  • Name: Virginie Grégoire

  • Contact Details: rgpd@ulb.be

 

Data Protection Officer for Joint Controller 3 (WU):

​

​​

​

​3. Purposes and Legal Bases of Processing

 

The Joint Controllers carry out educational, scholarly, research and development, artistic and other creative activities as part of their function and purpose set out in relevant national laws, such as the Act No. 111/1988 Coll., on Higher Education (UP), Decree of 7/11/2013 defining the landscape of higher education and the academic organization of studies (ULB), Bayerisches Hochschulinnovationsgesetz (BayHIG) (WU).

 

We collect and process personal data for the following research purposes:

​

  • Data collection using remote ethnography methods,

  • Sharing within the research group,

  • Store, disseminate (share) and discuss the remote ethnographic results and data within approved parties with non-commercial legitimate interest that shall apply data protection measures

 

and with appropriate safeguards in place under the legal bases of:

 

  • Personal data – Art. 6(1)(e) of GDPR, processing is necessary for the performance of a task carried out in the public interest (academic research),

  • Personal data of special categories – Art. 9(2)(j) of GDPR, processing is necessary for scientific or historical research purpose.

 

Information about collecting and processing personal data of our data subjects is available on this website and kept up to date.

 

 

4. Recipients of Personal Data

 

Under the legal bases and the purposes of the processing of the personal data, we may share personal data of data subjects (participants) with the following categories of recipients:

​

  • Public authorities (including EU institutions and bodies),

  • Researchers and research support staff participating in the project,

  • Competent staff of the Controllers,

  • A storage and service provider of a data repository,

  • Other subcontractors (also placed under confidentiality obligations),

  • Other third parties which we are obliged to share the personal data with according to applicable laws and the Grant agreement, or we have consent of data subjects for it, and/or those who have been approved by the Project Steering Committee and have legitimate interest in compliance with the above-mentioned purposes and their fulfilment while ensuring an adequate level of protection of natural persons’ data.

 

 

5. Data Transfers

 

If applicable, we may transfer personal data of data subjects outside the European Economic Area. The data may be transferred to recipients located in other countries, whose groups are described in Art 4 above.

 

The transfer of data is based on the European Commission’s adequacy decision or standard contractual clauses, whereby recipients of personal data agree to comply with the data protection requirements outlined in the clauses.

 

At the moment, in the research team we cooperate with researchers outside EU. They come into contact with personal data of data subjects which may fall into categories listed in Art 7 and they process the data in the form of collecting, transcribing, translating and/or analyzing.     The cooperation is subject to appropriate safeguards as required by GDPR.

​

 

6. Additional Information for Fair and Transparent Processing

 

Data Storage Period: The length of time for which we keep personal data of data subjects will depend on a number of factors including the importance of the data, the funding requirements, the nature of the project and its purpose. Personal data will be stored for as long as is strictly necessary in relation to the personal data processing activity in question and shall be disposed of at the end of that period. For this project, the personal data will be stored for the lifetime of the project and the project archive, when possible, and in any case at least for 5 years in compliance with the standard time-limits after the project end as defined by the Grant agreement concluded between the European Research Executive Agency and the Joint Controllers mentioned above.

 

Data Subject Rights: Data subjects have the following rights regarding the processing of their personal data, as outlined in GDPR:

 

  • Right of Access (Article 15): Data subjects have the right to obtain confirmation as to whether or not personal data concerning them are being processed, and, where that is the case, access to the personal data and respective information about the processing.

  • Right to Rectification (Article 16): Data subjects have the right to obtain the rectification of inaccurate personal data concerning them.

  • Right to Erasure (‘Right to be Forgotten’) (Article 17): Under certain circumstances, data subjects have the right to obtain the erasure of their personal data.

  • Right to Restriction of Processing (Article 18): Data subjects have the right to obtain the restriction of processing of their personal data under certain circumstances.

  • Right to Object to Processing (Article 21): Under certain circumstances, data subjects have the right to object, on grounds relating to their particular situation, at any time to processing personal data concerning them.

  • Right to Lodge a Complaint with a Supervisory Authority (Article 77): If data subjects believe that the processing of their personal data infringes GDPR, they have the right to lodge a complaint with a supervisory authority.

 

Exceptions: Data Subject Rights in Scientific Research Context

​

In the context of scientific research purposes, certain data subject rights under GDPR may be subject to exemptions or restrictions provided in Article 89 to balance the interests of scientific research with data protection. These exemptions or restrictions apply when it would make it impossible or seriously hinder achieving the objectives of processing personal data. These exceptions are set out in the relevant national laws, such as the Act No. 110/2019 Coll., on the processing of personal data, The Belgian law of July 30, 2018 on the protection of individuals with regard to the processing of personal data, DSGVO, BayDSG.

 

 

7. Categories of personal data

 

We may process both personal data provided directly by individual natural persons (based on the legal bases of processing), or data provided or obtained in accordance with legal regulations from other entities or from other sources, and other personal data generated as part of processing activities and necessary for their provision. This may include the following categories of personal data:

 

  • Identification data

  • Contact and geolocation data

  • Descriptive audiovisual data

  • Work and educational data

  • Financial data

  • Family and social networks data

  • Special categories of personal data

 

In certain instances, we may collect and process personal data that has not been directly provided to us by data subjects, but we collect them from various sources including interviews, administrative documents, textual or audio-visual materials provided by other people, but always strictly in accordance with the principle of data minimization and strictly in compliance with the requirements laid down by law.

Additionally, we may obtain or collect personal data from publicly accessible sources, such as publications, databases, social media platforms. We ensure that personal data obtained from publicly accessible sources is processed in accordance with applicable data protection laws and regulations.

 

 

8. Data Protection

 

The personal data contained in the research material is processed in the following secure manner using:

​

  • Hardware or software encryption

  • Physically and digitally secured storages

  • Access control, i.e., only persons who are authorized to access and use the data,

  • Password protection

  • Pseudonymization or anonymization (if possible)

  • Encrypted backups

 

 

9. Further Processing

 

If we intend to further process personal data of data subjects for a purpose other than that for which they were collected, we will provide the data subjects with the following information prior to such processing:

 

  • The purpose of the further processing.

  • Any relevant further information as required by Article 13(3) of GDPR.

 

 

For any questions or concerns regarding our research and data processing practices, please contact us at:

​

bottom of page