Privacy policy

Which of my data will be collected?

 

Only data will be collected that will enable the staff of the STARFISH project partners to perform the tasks specified in the funding agreement. This applies in particular to training, workshops, lectures and learning processes, as well as evaluation studies of the STARFISH project.

 

A rigorous discussion was held within the STARFISH consortium to limit the amount and type of data collected to a reasonable minimum. Among these are:

  • Personal data (Anonymous. Personal identifiers are kept, as far as possible, separate from other data)
  • Structured and unstructured notes taken by researchers, trainers and experts during the project (used in the delivery of the project to each participant; evidence of participant interventions; allowing seamless transfer of information from one phase to the next)
  • Written and spoken statements (e.g. In interviews – only with explicit consent).
  • Implemented questionnaires and surveys for evaluation and quality assurance studies.
  • Photographs and video clips (used for (a) the STARFISH project, (b) personal recollections, and for (c) documentation, dissemination and promotion of the STARFISH project.

 

Legal basis / legal compliance

 

In accordance with GDPR – the Data Protection Act, the STARFISH project collects and processes the described types of user data

 

_with your consent;

_so that we can communicate with you and inform you about the STARFISH project,

_in the legitimate interest of conducting promotional, dissemination, quality assurance and research activities in accordance with the grant agreement.

 

A data protection impact assessment is currently being conducted by each of the STARFISH project partners.

 

What will happen to the data collected in the STARFISH project?

 

All personal data will be pseudonymized and, where possible, anonymized in accordance with the GDPR and the ethical guidelines for this set by the STARFISH consortium. Your data will be indicated by a unique participation number and every effort will be made to keep separate identifiers such as your name or email address. The data will only be available to a small group of STARFISH partner employees who have signed a data protection statement.

 

The STARFISH consortium takes a proactive approach to privacy. We do not use profiling or automated decision-making processes. The STARFISH consortium organizations undertake to treat your personal data absolutely confidentially, using it only for the statutory non-commercial purposes of the STARFISH project in accordance with the funding agreement. This applies in particular to the design, conduct and evaluation of training, workshops, lectures and learning processes, as well as evaluation studies of all phases of STARFISH.

 

Anonymous research findings will be summarized in project reports, journal articles, presentations and other academic and public research outputs. Citations or key findings will always be anonymous in any formal results, unless we have prior and explicit written permission to attribute by name.

 

Photography and video

 

Whenever individuals can be identified from their image, data protection laws apply. In such situations, the rights of individuals to collect and use their images must be respected – they must be informed when their image is recognized or captured, and a legal basis must be found before the image is used in any way.

 

Photographs of individuals and posed groups: When taking photos of a particular person you may want to publish online, you can use “legitimate interest,” “consent” and “contractual obligation” as a legal basis. Remember that consent can be withdrawn at any time and you will have to respond accordingly.

 

Crowd photos: if crowd photos are taken at an event and the person cannot be identified, then it is not necessary to have a legal basis for taking, displaying or publishing the photo. This applies to all people, students and employees whose images are incidental details, for example, in crowd scenes at matinees, conferences and on campus in general. If the photos are taken at a conference where individuals are likely to be identified even in crowd scenes, then the legal basis is “legitimate interest.” We monitor where your photos are used and store them for up to ten years.

 

How will my data be stored and processed?

 

The official organizations of the STARFISH consortium will only store, process and use personal data for the statutory purposes of non-commercial activities within the scope of the STARFISH project and in accordance with the European General Data Protection Regulation (GDPR).

 

Organizations forming the STARFISH consortium are implementing specially designed policies to prevent unauthorized or inappropriate access to this information. All raw electronic data will be stored on the password-protected and restricted-access STARFISH platform. Printed documents (e.g., signed documents, paper surveys) will be securely stored by a staff member of an STARFISH partner (specific to your country).

 

Data retention

 

The STARFISH Consortium will retain raw personal data (e.g., real names, recordings of interviews) only as long as necessary, i.e., until the end of the STARFISH project funding period.

 

Appropriately anonymized and processed data sets will be retained after the end of the STARFISH project funding period for data sharing – or a similar GDPR-compliant data depository – for future ethically approved research.

 

Sharing of data with third parties

 

Internal data sharing (i.e., within one STARFISH partner organization) and external data sharing (i.e., between STARFISH partner organizations) of participants’ personal data is kept to a minimum and constantly checked for necessity and proportionality, and is only carried out for the purpose of fulfilling the non-commercial activities specified in the STARFISH project funding agreement.

 

STARFISH partner organizations use internal and external partners to communicate and promote their activities on behalf of STARFISH. Therefore, your personal data/image may be shared with partner agencies involved in promoting innovative education. Your image may also be used on third-party platforms where the STARFISH project has a presence. If your image is used online, this will inevitably be subject to international data transfer, and we may also share your photo data with agencies (e.g. Facebook) operating outside of Europe. If you provide personally identifiable information, we will seek your permission to publish this identifying personal information.

 

Requests from police or law enforcement agencies: The STARFISH Consortium is not legally obligated to provide information to the police unless it receives a court order. However, STARFISH partner organizations usually choose to disclose information where the police or other law enforcement agencies can demonstrate that failure to release may jeopardize the prevention/detection of a crime or the apprehension/prosecution of criminals.

 

Data controller

 

For data collected on the STARFISH project, ProSea is the data controller (as defined in the EU General Data Protection Regulation (Regulation (EU) 2016/679).

 

Who can I contact with questions and complaints?

 

If you have any questions or concerns about participating in STARFISH or about research in the STARFISH project, please contact ProSea through tamarantimailspammer@prosea.info. For general information on the use and protection of data by ProSea visit: www.prosea.info

 

If you wish to make a formal complaint about the study, please contact ProSea at tamarantimailspammer@prosea.info. In your communication, please include the title of the project and detail the nature of your complaint.

 

Updates to the document

 

In the event of changes to STARFISH that affect the processes outlined in this Security and Information Breach Notice to Participants, this document will be updated and all current STARFISH participants will be notified.