Through this website and the services in its subdomains and third-party services, CESSDA collects personal identification information from its users, as specified below.
CESSDA is committed to protecting any personal data, limiting any collection to what is strictly necessary by legitimate interest or by consent, and complying with the General Data Protection Regulation (GDPR) as implemented in Norwegian law.
Types of Data collected
IP address and browser/device information
In order to create usage statistics to analyse and improve its website and services, CESSDA processes your IP address, certain elements of your browser/device configuration (such as screen size, browser type, operating system and device type) and your approximate location, if available.
The analytics tool we use is called Matomo and is maintained by CESSDA and Matomo Cloud/InnoCraft Ltd. Your IP address is anonymised, and your full IP address is not stored. Usage information is aggregated and not identifiable on an individual basis and is not sent to third parties, apart from the exceptions named in this policy.
The legal basis for collecting this information is our legitimate interest to analyse usage in order to operate, maintain and improve our website. This data is processed by Open Concept AS and Matomo Cloud/InnoCraft Ltd.
Note that disabling cookies completely may impact the behaviour and functionality of other websites.
If you sign up for the newsletter, you give CESSDA consent to record and use your email address in order to send you regular newsletters. The data processor for this service is MailerLite. You may withdraw your consent and unsubscribe at any time by clicking the unsubscribe link in any received newsletter.
“Report a Problem”
When submitting a problem report or feature request through the respective buttons on CESSDA Services, CESSDA collects the information you enter, including your name and e-mail address if you provide it. The legal basis is the legitimate interest to provide user support and the user consent implied by submitting the entered data. The data processor for this service is Atlassian.
When registering for conferences or events, CESSDA stores the data of participants, usually including name, email address and institutional affiliation and position, required to organise the event. This data is stored on CESSDA's GSuite Business. The data processor for this service is Google.
Webinars and online meetings
When registering for webinars and/or participating in online trainings and meetings, data is processed though the respective web conferencing solution. The data processor is Uninett AS.
When signing the CESSDA Contributor License Agreement, your name, email address and institutional affiliation. The legal basis of this collection and processing is the legitimate interest to allow code contributions, usually as part of their work, and keep track of Intellectual Property. The data is used to decide about access to CESSDA source code repositories. The data processors for these services are Google and Atlassian.
The names, usernames and mail addresses of editors and maintainers of the CESSDA website and the CESSDA services are kept by CESSDA ERIC. The legal basis of this collection and processing is the legitimate interest of allowing them to edit the CESSDA website and the carry out their work in maintaining the functionality and the content provided through CESSDA services.
Where data is stored
All usage data is stored within the EEA. The website and analytics software are running on a server in Germany, the core CESSDA services are running in a Google data centre in Belgium. Data stored by third parties is covered by appropriate data processing agreements.
As part of CESSDA’s ongoing work, access to data collected by CESSDA ERIC can be given to CESSDA Service providers, as defined in Annex 1 of the CESSDA Statutes.
Duration of storage
Personal data is only stored as long as it is necessary to provide a requested service dependent on this data (such as email address for the newsletter or account information for CESSDA services). Identifiable IP addresses are not stored.
Your rights under the GDPR
The General Data Protection Regulation (GDPR) establishes a number of rights for individuals concerning their personal data, such as the right to information about what personal data is kept, to have it corrected or erased, and to protest against its processing.
Access to personal data
You may make a Subject Access Request to CESSDA ERIC, which will be responded to within one month. The response will indicate if CESSDA ERIC possesses any personal data about you, and if so will include a description of your data, any recipients of it, and a copy of your data.
Right to rectification and erasure
You have the right to correct any inaccurate personal data held by CESSDA ERIC. You also have the right to request erasure of any data that is no longer necessary for the purpose for which it was collected.
Right to restriction of processing and withdrawal of consent
You have the right to restrict the processing of your personal data or object to the processing of your data. You also have the right to withdraw previously given consent to process personal data.
If you wish to withdraw consent for the processing of your personal data or otherwise restrict or object to the processing of your personal data please contact CESSDA ERIC (contact info below).
Rights to data portability
You have the right to receive your personal data that CESSDA ERIC holds by consent in a structured, commonly used and machine-readable format and have the right to transmit that data to another controller without hindrance from CESSDA ERIC.
All inquiries relating to personal data maintained by CESSDA should be directed to firstname.lastname@example.org. You may also contact us by phone or postal mail (contact info below).
Owner and data controller
The owner, data controller and data processor (except where otherwise noted) for websites under the cessda.eu domain is:
Ph. (+47) 401 00 964
Should you wish to report a complaint about CESSDA ERIC’s data processing which has not been addressed in a satisfactory manner, you may contact the Norwegian Data Protection Authority:
Pb 458 Sentrum
0105 Oslo, Norway
Ph. +47 22 39 69 00