1. Introduction
This Privacy Policy applies to the online platform titled "Citizen Science Vest," operated and managed by the West University of Timișoara. This online platform was developed under Project Code: 6/16.11.2022 titled "Career Counseling and Guidance Center for Researchers - Western Region," funded through the National Recovery and Resilience Plan, Component 9: Support for the private sector, research, development, and innovation, Investment I10: "Establishment and financial support for a national network of eight regional career guidance centres as part of the ERA TALENT PLATFORM." Open Science entails free access to publications (Open Access) and infrastructures, data, software, scientific methods, and educational resources (Open Educational Resources), as well as transparent evaluation (Open Evaluation), and citizen involvement in science (Citizen Science).
All activities involving the collection and processing of personal data within this online platform ("Citizen Science Vest") comply with the provisions of Regulation (EU) 2016/679 on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation-GDPR) and Law no. 190/2018 on measures for the implementation of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR).
To fulfil our obligations arising from the Regulation and considering that the protection of your data is a major and constant concern for us, this document has been drafted, which establishes the categories of personal data we collect, the purpose and basis of processing, where we store and to whom we transmit this data, as well as the rights you have as a data subject, implemented specifically to ensure the protection of your fundamental rights and freedoms, especially the right to the protection of personal data.
2. Terms and Definitions
Personal Data: any information relating to an identified or identifiable natural person; an identifiable natural person can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
Processing of Personal Data: any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
Data Subject: any identified or identifiable natural person whose personal data is collected and processed through this online platform and who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
Consent of the Data Subject: any freely given, specific, informed, and unambiguous indication of the data subject's wishes by which he or she, by a statement or by clear affirmative action, signifies agreement to the processing of personal data relating to him or her. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
Controller: the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
Third Party: a natural or legal person, public authority, agency, or body other than the data subject, controller, processor, and persons who, under the direct authority of the controller or processor, are authorized to process personal data. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
Profiling:
any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular, to analyze or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location, or movements. (Definition adopted from the General Data Protection Regulation (GDPR) - European Regulation 2016/679 on the protection of personal data).
1. Information Collected
We will collect personal information that you voluntarily provide, as follows: name, surname, phone number, email address, company/organization, country, county/region, city, postal code, date of birth, gender, ethnicity/nationality, level of education, income, type of residence, marital status, membership status, occupation, and religion. Each category of data will be collected for specific, explicit, and legitimate purposes, fully under the main purpose of their collection.
2. Legal basis of processing:
To ensure the principle of transparency regarding the processing of your data, we hereby communicate how we operate this processing, the purposes, and the legal basis of all these endeavours.
1). Recommendation (EU) 790/2018 on access to and preservation of scientific information states that Member States should establish and implement clear, detailed policies in their annual action plans to support the transition to Open Science.
2). The National Strategy for Research, Innovation, and Smart Specialization 2022-2027.
Under the first overall objective "Development of the research, development, and innovation system," the specific objective "Ensuring the transition to Open Science and facilitating progress in scientific research and excellence" is established.
3). Law on Higher Education no. 199/2023:
Article 109.
(1) The research, development, innovation, and artistic creation activities in higher education institutions are organized and operate based on national legislation and the policies and programs of the European Union in the field.
(2) Higher education institutions that have undertaken scientific research as their mission must establish technical-administrative structures to facilitate the management of research activities and research and development projects carried out by the institution's staff. The technical-administrative structures serve the research-involved staff and meet their requirements.
3. Purposes of collecting Personal Data
The European Commission has defined the expertise, skills, and specific competencies required for implementing open science practices in its July 2017 report, including: open-access publishing; data management and open data (research data, data production, management, analysis/use/reuse, dissemination, and shifting from "implicitly protected data" to "implicitly open data", while respecting legal constraints and other limitations); abilities and expertise to act within and beyond one's own academic and disciplinary community (skills enabling professional research conduct - research management skills, legal skills, research integrity and ethics skills); specific citizen science skills and expertise, where researchers interact with the general public to enhance the impact of science and research. All these skills are required at different levels of the research system, for researchers or technicians, as well as support and administrative staff, depending on the role these different functions play in a specific open science environment. (Text excerpted from the White Paper on the Transition to Open Science 2023-2030)
In Romania, efforts to transition to Open Science are supported through the priorities set out in the National Strategy for Research, Innovation, and Smart Specialization 2022-2027. Thus, under the first overall objective "Development of the research, development, and innovation system," the specific objective 1.2 is established: "Ensuring the transition to open science and facilitating progress in scientific research of excellence," with the following actions planned:
A1. Transition towards an open science system aims to: (1) improve accessibility and reuse of scientific research data, enhancing the visibility of scientific output; (2) achieve higher-quality results by preventing duplication, facilitating the replication of research, and combating scientific fraud; (3) promote the transition to knowledge storage in digital repositories; (4) increase transparency in the use of public funds for research; (5) stimulate research collaboration, accelerate innovation, and enhance competitiveness; (6) integrate and actively involve Romanian researchers in the European Research Area (ERA).
A2. Actions to encourage citizen participation. In addition to stimulating citizen involvement in shaping the strategic research agenda, projects that promote their participation in various stages of research, such as data collection, will be promoted. Moreover, methods for engaging citizens as end beneficiaries in conducting expert assessments at various levels of relevant projects will be tested.
A3. Continuing and expanding funding for exploratory and complex frontier research projects. This action aims to support and promote advanced, multidisciplinary, interdisciplinary, and
transdisciplinary scientific research, making significant progress at the frontiers of knowledge and encouraging new research methods and techniques.
As a result of these efforts towards Open Science and the Recovery and Resilience Plan, Component 9: Support for the private sector, research, development, and innovation, the online platform "Citizen Science Vest" aims to facilitate citizen science actions and promote the project in which it is implemented. It aims to bring together researchers and projects involving citizens, allowing them to actively participate in data generation, collection, and processing, as well as in the development or testing of public policies.
The "Citizen Science Vest" platform processes personal data to recruit voluntary participants for research projects. Researchers can be enrolled through the standard registration process on the platform or automatically, using institutional email addresses (@uvt.ro).
The collected information will contribute to the development of the "Citizen Science Vest" platform, optimizing and personalizing the user experience and addressing their requests.
1. Use of Personal Data
The Registration/Login or Make an Account section entails the collection of the following personal information: name, surname, and email address (which can be the institutional one for UVT members involved in research or scientific activities). For the created account, the user must choose a password of a minimum of 10 characters, including both uppercase and lowercase letters, as well as numbers. Upon completion and submission of the information, the user will receive an email to activate the account at the specified address, following which they will be notified about the activation of the user account.
By registering on the "Citizen Science Vest" online platform and creating a user account, you express your agreement to the collection and processing of the personal data you provide, under the Privacy Policy, and understand the purpose of collecting and processing this data (for creating the user account). After creating the account, the user will be able to log in by entering the email address and password in the Authentication section.
To complete the user profile and obtain the "100% Complete Profile" badge, the "Citizen Science Vest" online platform will collect the following personal information in two sections: Basic Information (name, surname, phone number, email address, company/organization, country, county/region, city, postal code, date of birth, gender) and Socio-demographic Information (ethnicity/nationality, educational level, income, type of residence, marital status, membership status, occupation/profession, and religion).
By selecting the "Save Settings" option, you acknowledge that your data will be processed under the Privacy Policy of the "Citizen Science Vest" website/online platform. Personal data transmitted through this platform is processed in a manner that ensures adequate security.
Personal data is voluntarily provided by users, representing the first step to becoming participants in research projects. Users will be notified by email from the platform when a new questionnaire is published and/or will be contacted by the researcher, depending on the compatibility of the user's profile with the study's needs. Users can request to participate in a specific study, but if their profile does not match the research criteria, the request may be rejected, and data processing will not continue. Personal data will be retained by researchers for as long as there is valid consent or until applicable law dictates otherwise.
After completing the user profile, the "Citizen Science Vest" online platform offers the possibility to explore studies and questionnaires from various fields. Users will be able to filter studies based on their interests. Users can manage their profile not only for updates to socio-demographic parameters but also to track studies they have participated in and to interact with other community members. Additionally, users/researchers can create and add studies, specifying objectives, methodology, and the number of participants needed. They will have access to a control panel to track the progress of studies, manage participants, and analyze collected data.
2. Security of your Personal Data
The security of your personal data is a priority for us. We assure you that any processing of data is done in accordance with the principles guaranteed by the Privacy Policy and in a manner that ensures the adequate security of personal data, including protection against unauthorized or unlawful processing, as well as against accidental loss, destruction, or damage, through appropriate technical and organizational measures and by implementing suitable internal data protection policies.
This platform adopts all necessary security measures to protect the personal information of our users. When personal data is completed on the online platform, the information will be protected both offline and online. The WEST UNIVERSITY OF TIMIȘOARA, as the administrator of the platform, employs security methods and technologies, along with applied policies to employees and work procedures, to protect the personal data collected, in accordance with applicable legal provisions.
For matters related to the protection of personal data, you can contact the data controller (UVT) and the Data Protection Officer at the email address: gdpr@e-uvt.ro.
1. User Rights
Regulation 679/2016 ensures the protection of the fundamental rights and freedoms of individuals, particularly their right to the protection of personal data. Regarding your data, you have the right to request the exercise of the following rights:
· The right to access your data: You can request to be informed of the categories of personal data being processed, the purposes of the processing, the recipients to whom the data have been or will be disclosed, the envisaged period for which the data will be stored, or, if not possible, the criteria used to determine that period; the existence of automated decision-making, including profiling.
· The right to request data rectification: If there are errors in the data being processed, you can request their correction or completion. The West University of Timișoara will communicate the rectification of data to each recipient from whom the data have been collected/processed.
· The right to request restriction of data processing: You have the right to request restriction of data processing in the following situations: if you have contested the accuracy of the data, for a period enabling us to verify the accuracy of the data; if the processing is unlawful, and you oppose the erasure of personal data and request the restriction of their use instead; if the University no longer needs the personal data for the processing, but you require them for the establishment, exercise, or defense of legal claims; if you have objected to processing pending the verification whether the legitimate grounds of the University override yours.
· The right to request data erasure: You can request the erasure of processed data if the data are no longer necessary for the purposes for which they were collected or processed if you have withdrawn your consent and if there is no other legal basis for processing if you object to the processing and there are no overriding legitimate grounds for the processing if the personal data have been unlawfully processed, if the personal data have to be erased for compliance with a legal obligation, or if the personal data have been collected about the offer of information society services.
· the right to request data transfer (data portability): You can request the transfer of your data to another controller if the processing is based on your consent and is carried out by automated means.
· The right to object to processing: You have the right to object at any time to the processing of your data for direct marketing purposes, including profiling, in which case your data will be erased.
· the right not to be subject to a decision based solely on automated processing, including profiling.
2. Implemented security measures
The connection to the online platform "Citizen Science Vest" is encrypted using a modern encryption suite. The connection utilizes TLS 1.3. There is an encrypted connection between the server where the website is hosted and the user's browser accessing this website. The website has an SSL (Secure Sockets Layer) Certificate, which secures the exchange of information over the Internet. The SSL Certificate ensures the security and confidentiality of important content, such as personal data transmitted through platform registration (creating a user account). The platform's registration/authentication session is secured.
3. Cookies modules used by the platform
To carry out information and communication activities closer to your interests through third parties, in this case, the Google advertising network, we collect an IP address, the web pages visited, the date and time they were viewed, as well as the interaction with the content of on this web domain, respectively uvt.ro. The technologies used to collect this data are cookies.This website may use both its own and third-party cookies to provide visitors with a better browsing experience and services tailored to each individual's needs and interests.
The use of cookies on this site is not strictly necessary, but some functions or content will not be available if you do not allow the use of cookies.
What are cookies?
A cookie is a small text file sent by a server to a web browser (browser) and then sent back (unmodified) by the browser each time it accesses that server. A cookie consists of 2 parts: name and content (value). The lifetime of a cookie is determined. From a technical point of view, only the web server that sent the cookie can access it again when a user revisits that website. Cookies do not require personal information to be used and, in most cases, do not personally identify Internet users.
Our website uses 2 categories of cookies:
· Session cookies
· Persistent cookies.
Session cookies are stored temporarily until the user leaves the website or closes the browser window or until they are deleted by the web server.
Persistent cookies are stored on the user's device for a predetermined lifetime. These also include cookies placed by another website, known as 'third-party cookies' (cookies placed by third parties). We use our persistent cookies to save the visitor's browsing preferences on this website.
Cookies placed by third parties can come from Google, Facebook, YouTube, etc.
The purpose of using cookies
· Visitor analysis.
· Each time a user accesses this site, the Analytics application generates a cookie. This cookie tells us if you have visited this site before and allows us to track unique users who visit us and how often they do so. As an Analytics application, we use the Google Analytics solution with the "anonymizeIp()" extension, which anonymizes all visitors' IP addresses. More details here: https://support.google.com/analytics/answer/2763052?hl=en.
· You can refuse the use of cookies by Google Analytics by downloading and installing the module Google Analytics Opt-out Browser Add-on. (https://tools.google.com/dlpage/gaoptout?hl=ro)
· More details about Google Analytics here: https://www.google.com/analytics/
· Running and analyzing online advertising campaigns.
· The Western University of Timișoara can run online advertising campaigns through the platforms offered by Google and Facebook. These platforms store cookies that allow us to measure the effectiveness of our online advertising campaigns and to display on other sites advertisements adapted to the assumed interests of visitors.
· The inclusion of multimedia content.
· Some pages of the website may include images and videos from the YouTube platform. If cookies are blocked on this site, that content will not be displayed.
A visit to this website may place cookies for:
· Site performance cookies
· Visitor analysis cookies
· Cookies for geotargeting
· Registration cookies
· Session cookies
· Cookies for advertising
· Advertiser cookies
Cookies placed by the Google services used:
· Google conversion tracking is a Google analytics service designed to measure the effectiveness of our online advertising campaigns through Google AdWords. In this context, Google sets a cookie on the computer/mobile device of the visitor when he accesses a Google ad and reaches our website. These cookies are not associated with personal identification. With the help of Google Conversion Tracking, we can identify that someone clicked on our advertisement and was thus redirected to our page. The data collected with Google Conversion Tracking is used exclusively to compile statistics on the effectiveness and improvement of our online advertising campaigns through Google AdWords.
· Google Remarketing. Through these technologies, users who have already visited our web pages can be approached again with targeted advertising on the other pages of Google's partner network.
If you do not wish to receive interest-based advertising, this can be turned off by visiting this page: https://adssettings.google.com
Additional information and information on opting out of Google advertising services are available here: https://www.google.com/policies/technologies/ads/
Performance cookies
This type of cookie remembers the user's preferences on this site so that it is no longer necessary to set them each time the site is visited (Ex: the list of recently viewed products, the user's currency preferences, the type of terminal used - desktop or mobile, the number of products added to the shopping cart, etc.).
Cookies for geotargeting
These cookies are used to determine which country you come from, are completely anonymous and are only used to target content (eg storing the country code, following automatic IP detection).
Cookies for registration
These cookies store the specific data of a specific user (user code, email address, preferences for retaining login data in the account). When you register on this site, we generate a cookie that tells us whether you are registered or not. Our servers use these cookies to show us the account you are registered with and to show you account information.
Session cookies
The session cookie is automatically generated when accessing the website and is used for the management of web applications (HTTP protocol, filling out certain forms, interacting with certain elements on the website, etc.). This cookie is automatically deleted when the browser is closed.
Other third-party cookies
On some pages, third parties may set their anonymous cookies, to track the success of an application, or to customize an application. These cookies may come from third parties such as Web Analytics services (Ex: Google Analytics), advertising (Ex: AdSense), social media platforms (Ex: Facebook), customer advice chat applications, etc.
Due to the way of use, this site cannot access these cookies, just as third parties cannot access the cookies held by this site. For example, when you share an article using the social network button on this site, that social network will record your activity.
What type of information is stored and accessed through cookies?
Cookies store information in a small text file that allows a website to recognize a browser. The web server will recognize the browser until the cookie expires or is deleted. The cookie stores important information that improves the Internet browsing experience (Ex: language settings in which a website is accessed; keeping a user logged in to the webmail account; online banking security; and keeping products in the shopping cart).
Why are Internet Cookies Important?
Cookies are central to the efficient functioning of the Internet, helping to generate a user-friendly browsing experience tailored to each user's preferences and interests. Refusing or disabling cookies may make some sites unusable.
Rejecting or deactivating cookies does not mean that you will no longer receive online advertising - but only that it will no longer be able to take into account your preferences and interests, highlighted by your browsing behaviour.
Examples of important uses of cookies (which do not require the authentication of a user through an account):
· Content and services adapted to user preferences – categories of news, weather, sports, maps, public and government services, entertainment sites and travel services.
· Offers tailored to user interests – password retention, language preferences (Ex: display of search results in Romanian).
· Retention of child protection filters on Internet content (family mode options, safe search functions).
· Limiting the frequency of serving ads - limiting the number of times an ad is shown to a specific user on a site.
· Providing more relevant advertising to the user.
· Measurement, optimization and analytics features - such as confirming a certain level of traffic on a website, what type of content is viewed and how a user arrives at a website (Ex: through search engines, directly, from other websites- uri etc.). The websites carry out these analyses of their use to improve the sites for the benefit of the users.
Security and privacy issues
Cookies are NOT viruses! They use plain text formats. They are not made up of pieces of code so they cannot be executed or auto-run. Consequently, they cannot be duplicated or replicated to other networks to run or replicate again. Since they cannot perform these functions, they cannot be considered viruses. Cookies can still be used for negative purposes. Because they store information about users' preferences and browsing history, both on a particular site and across multiple sites, cookies can be used as a form of Spyware. Many anti-spyware products are aware of this fact and constantly mark cookies for deletion during anti-virus/anti-spyware deletion/scanning procedures.
In general, browsers have integrated privacy settings that provide different levels of cookie acceptance, validity period and automatic deletion after the user has visited a certain site.
Other security issues related to cookies
Since the protection of identity is very valuable and represents the right of every Internet user, it is advisable to know what possible problems cookies can create. Because through them information is constantly transmitted in both directions between the browser and the website, if an attacker or unauthorized person intervenes during the data transmission, the information contained in the cookie can be intercepted. Although very rare, this can happen if the browser connects to the server using an unencrypted network (Ex: an unsecured WiFi network).
Other cookie-based attacks involve missetting cookies on servers. If a website does not require the browser to use only encrypted channels, attackers can use this vulnerability to trick browsers into sending information over unsecured channels. Attackers then use the information to gain unauthorized access to certain websites. It is very important to be careful in choosing the most suitable method of personal information protection.
Tips for safe and responsible browsing, based on cookies
Due to their flexibility and the fact that most of the most visited sites and the largest platforms use cookies, they are almost unavoidable. Disabling cookies will not allow the user access to the most widespread and used sites including YouTube, Gmail, Yahoo and others. Here are some tips that can ensure that you browse without worries but with the help of cookies:
· Customize your browser cookie settings to reflect a comfortable level of cookie security for you.
· If you don't mind cookies and you are the only person using the computer, you can set long expiration periods for storing your browsing history and personal access data.
· If you share computer access, you may consider setting your browser to delete individual browsing data each time you close the browser. This is an option to access sites that place cookies and delete any visit information when you close the browsing session.
· Install and constantly update your antispyware applications.
Many spyware detection and prevention applications include the detection of site attacks. Thus, it prevents the browser from accessing websites that might exploit browser vulnerabilities or download dangerous software. Make sure your browser is always up to date. Many of the cookie-based attacks are carried out by exploiting the weak points of old versions of browsers.Cookies are everywhere and cannot be avoided if you want to enjoy access to the best and biggest sites on the Internet - local or international. With a clear understanding of how they work and the benefits they bring, you can take the necessary security measures so that you can surf the Internet with confidence.
How do I stop cookies?
Disabling and refusing to receive cookies may make certain websites impractical or difficult to visit and use. Also, refusing to accept cookies does not mean that you will no longer receive/see online advertising.
It is possible to set the browser so that these cookies are no longer accepted or you can set the browser to accept cookies from a specific site. But, for example, if you are not registered using cookies, you will not be able to leave comments.
All modern browsers offer the possibility to change cookie settings. These settings are usually found in your browser's "options" or "preferences" menu. To understand these settings, the following links may be useful, otherwise, you can use the "help" option of your browser for more details.
· Cookie settings in Internet Explorer
· Cookie settings in Firefox
· Cookie settings in Chrome
· Cookie settings in Safari
For the settings of cookies generated by third parties, you can also consult the website:
· http://www.youronlinechoices.com/ro/
Useful Links
If you want to find out more information about cookies and what they are used for, we recommend the following links:
· Microsoft Cookies Guide
· All About Cookies
· http://www.youronlinechoices.com/ro/
1. Modification of the Privacy Policy
The online platform "Citizen Science Vest" reserves the right to modify the Terms and Conditions, as well as this Privacy Policy, at any time. Users will be notified of such changes.
To stay informed about the latest updates and modifications, please periodically visit this web page. The privacy policy may be updated due to changes in personal data protection legislation or changes in the structure of the online platform "Citizen Science Vest."
If you have any questions or concerns regarding the information presented in this Privacy Policy or regarding how we process your data, you can contact us at the email address citizenscience@e-uvt.ro.