Privacy policy

The privacy and security of your personal information is very important to Euro-BioImaging. This privacy policy explains how and why your personal data is used, and what is done to make sure you can be confident about giving Euro-BioImaging your information.


Euro-BioImaging will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (2018) and national laws. Euro-BioImaging will never use your personal data commercially and will only share it with third parties that Euro-BioImaging works with, when such sharing is necessary and permitted, and always assuring the privacy and security of your data.
If you have any questions about this policy or the use of your personal data, please contact info@eurobioimaging.eu

Who and what does this policy apply to

This policy applies to the operations of the Euro-BioImaging ERIC infrastructure, and the Euro-BioImaging Web Portal and all its sub-pages under the domain eurobioimaging.eu, whenever personal data is used. This policy applies whether you are a registered user of any Euro-BioImaging services, a staff member of Euro-BioImaging Hub or Nodes, an external reviewer for Euro-BioImaging, or if you just visit the Euro-BioImaging Web Portal, or email, call or write to Euro-BioImaging*.
Euro-BioImaging is a pan-European research infrastructure that offers open access for life scientists to selected imaging facilities, called Nodes, across its member states, as well as training and image data services. Euro-BioImaging was established as an ERIC (European Research Infrastructure Consortium) in MONTH YEAR, according to European ERIC Council regulation number XXX/XXXX, implementation reference XXXX/XXXX/XX. Euro-BioImaging is lead by a Hub consisting of three members: Finland (Turku) coordinates all operations and hosts the Euro-BioImaging Web Portal, EMBL (Heidelberg) coordinates operations specific to biological imaging and Italy (Torino) coordinates operations specific to medical imaging.

What personal data does Euro-BioImaging collect and why

Euro-BioImaging collects only basic personal data (information which identifies you, or which can be identified as relating to you personally), and Euro-BioImaging only collects data that it needs to operate. Sensitive or specially protected personal data is not collected.
Basic personal data (for instance name, contact information and professional affiliation) is collected when logging in to the Euro-BioImaging Web Portal for the first time, and additional personal data (for instance research history and biography) may be collected in connection with specific activities, such as when applying for access to imaging technologies, conferences or training courses. Only personal data supplied to Euro-BioImaging directly by you is collected – personal data is not collected from other sources. Euro-BioImaging collects personal data based on legitimate interest as defined in the General Data Protection Regulation of the European Union. This legitimate interest is to manage and run the Euro-BioImaging ERIC infrastructure or informed consent.

From where does Euro-BioImaging collect personal data

Euro-BioImaging collects personal data mostly through integrated online forms on the Euro-BioImaging Web Portal, from where it is directly saved into the Euro-BioImaging database. In some cases Euro-BioImaging may use Survey Monkey forms to collect data (see “Third parties” below), and relevant data from the forms is then manually transferred to the Euro-BioImaging database.
Euro-BioImaging receives some personal data also from the user authentication services that it uses (see “Third parties” below) and in some cases also from procedures or projects where users can apply to use Euro-BioImaging services through third parties, for instance where access is applied to multiple infrastructures simultanously.
Euro-BioImaging does not collect personal information from emails or other sources, unless specifically consented by the person(s) in question.

How does Euro-BioImaging store your personal data and keep it safe

Your personal data is stored mainly in the primary Euro-BioImaging database, which is located on a server of the University of Turku in Turku, Finland, where the Euro-BioImaging Web Portal is also hosted. The database is highly secure with direct access possible only by the Euro-BioImaging Web Portal administrative staff, and the data is regularly backed up by the University of Turku. The IT staff running the server has no access to the database.
In some situations, for instance if you apply for access to imaging technologies at the Euro-BioImaging Nodes, some of your personal data may be temporarely stored also in computers and email systems used to process it. However, such storage is temporary and access to the data is password-limited to those individuals who have legitimate access to the computer or email account in question.
Some personal data may be stored also in the secondary Euro-BioImaging database, which is located on a secure computer in locked premises at the University of Turku in Turku, Finland, with regular backups taken to a local cloud service of the University of Turku and to an external hard drive stored in a locked cupboard. Only the Euro-BioImaging Web Portal administrative staff has direct access to the interim database and its backups.
Everyone in Euro-BioImaging who can access your personal data in any situation (see “Who gets to see your personal data” below) has been instructed to take care of such data with appropriate confidentiality and security, and there are procedures in place within the infrastructure for reporting any unusual activity related to personal data, such as possible security breaches.

How does Euro-BioImaging use your personal data

How Euro-BioImaging uses your personal data depends on the nature of your relationship with Euro-BioImaging and how you interact with the Euro-BioImaging Web Portal and various services and activities. Your personal data is used for the following purposes:

  • Administering your Euro-BioImaging user account, including ensuring the security of the Euro-BioImaging Web Portal and services, and communicating with you as required.
  • Managing your proposals and projects for accessing imaging technologing at Euro-BioImaging Nodes, including for instance reviewing your applications, arranging access visits, and communicating with you throughout the process.
  • Managing your attendance to Euro-BioImaging training courses, events, conferences and meetings, including for instance communication with you regarding confirmation of registration, clarifying further details, or resolving any issues with your participation.
  • Managing your use of Euro-BioImaging data services, in situations where such use may require personal identification or personal information (many Euro-BioImaging data services do not require this).
  • Sending you additional information on Euro-BioImaging and its services, such as a regular email newsletter, occasional questionnaires or surveys, information from the Euro-BioImaging Industry Board, or occasional other information.

Euro-BioImaging will primarily communicate with you by email, but in some cases also phone calls or regular mail may be used. When you log in to the Euro-BioImaging Web Portal for the first time, your permission for being contacted in different ways is asked. You may change these settings at any time in the Euro-BioImaging Web Portal Admin panel. Please note that if you do not give Euro-BioImaging permission to contact you, especially by email, most Euro-BioImaging services will not be available to you. However, you may separately choose for instance not to receive the newsletter or other similar emails, but allow email communication necessary for applying access to Euro-BioImaging imaging technology or training services.
Euro-BioImaging collects various statistics and other information about its operations for instance to monitor and develop its services and to report to funding agencies. However, in such statistics and reports, individual users are anonymized and identifiable personal information is not included

Terms and conditions

In addition to this Privacy Policy, Euro-BioImaging and its Web Portal have Terms and conditions, that you need to read and accept the first time you log in to the Euro-BioImaging Web Portal. In addition, your agreement to the Terms and conditions will be confirmed occasionally, for instance in conjunction with applying to use certain Euro-BioImaging services, such as access to imaging technologies at the Nodes. You may change your consent to the Terms and conditions at any time in the Admin panel of the Euro-BioImaging Web Portal, but please not that if you revoke your agreement, you will not be able to use any Euro-BioImaging services or the Web Portal. Please note that the Terms and conditions apply also when you visit the Euro-BioImaging Web Portal without logging in.

How long is your personal data stored

Euro-BioImaging stores your personal data as long as you continue using Euro-BioImaging services or otherwise being involved with the infrastructure. If you have not logged in to the Euro-BioImaging Web Portal in 5 years, your personal data will be deleted from the Euro-BioImaging database. Statistical information of e.g. your past use of Euro-BioImaging services will remain in the database, but this is anonymized general information only, necessary for producing statistics such as user numbers, and does not contain any personal data.

Who gets to see your personal data

Your personal data is accessed only on a need-to-know basis, and primarily only by the administrative staff of the Euro-BioImaging Web Portal. Depending on how you use Euro-BioImaging services, your personal data may need to be accessed also by other staff members of the Euro-BioImaging Hub, and third parties such as Euro-BioImaging Nodes, external scientific reviewers or training providers (see “Third parties” below). Euro-BioImaging does not relay your personal data to any other third parties, sell it to anyone or use it for any other purposes than running the infrastructure.

Keeping your personal data up to date

The accuracy of your information is important to Euro-BioImaging. If you change your email address, or if any other information is inaccurate or out of date, please update your online profile, by visiting the Admin panel of the Euro-BioImaging Web Portal.

Use of cookies

When you visit some pages on the Euro-BioImaging Web Portal, your computer may be issued with a small file (cookie) for the purposes of managing and improving the services on the portal. The cookies that Euro-BioImaging uses do not contain any personally identifying information. You can set your browser to refuse cookies or warn you before accepting them, but please note that some cookies are essential for the operation of the Euro-BioImaging Web Portal.

Your IP address

Euro-BioImaging uses anonymized IP addresses for Google Analytics (see “Third parties” below). Euro-BioImaging may also collect full IP addresses in the Web Portal or server logs for security reasons, as a legitimate interest for instance for the purposes of detecting and preventing unauthorized system access.

Third parties

In some cases some of your personal data will be relayed to third parties that are essential for the operation of Euro-BioImaging, or such third parties may relay personal data to Euro-BioImaging. These third parties are described below. Please note that all third parties only see data which are relevant to them, for instance regarding access proposals assigned to them. No third party has direct access to the Euro-BioImaging databases. Please also note that in some situations your personal information may also be relayed to outside of the EEA (for instance some of the external scientific reviewers reside outside the EEA), and therefore leave the EU GDPR jurisdiction. All reasonable steps will be taken to ensure that your data is treated securely and in accordance with this privacy policy in all situations.

Euro-BioImaging Nodes

Access to imaging technologies in Euro-BioImaging takes place at imaging facilities called Nodes. As part of the normal evaluation procedure, Euro-BioImaging technology access proposals are reviewed by the Node(s) access is being applied to, and the designated contact persons at the Nodes access the proposals through the Euro-BioImaging Web Portal. The Nodes are not legally part of Euro-BioImaging ERIC, but all Nodes have signed a Service Level Agreement with Euro-BioImaging, stating that they will maintain confidentiality of any data they receive, and do not distribute any data beyond the personnel required to handle the user access visits in practice. All Nodes have also declared to adhere to the General Data Protection Regulation of the European Union. Note that this Privacy policy applies only to data relayed through the Euro-BioImaging Web Portal, not to possible direct communication between users and the Nodes, even if that communication takes place via the messaging tools of the Euro-BioImaging Web Portal.

External scientific reviewers

As part of their normal evaluation procedure, Euro-BioImaging technology access proposals are reviewed by external scientific reviewers, who access proposals assigned to them through the Euro-BioImaging Web Portal. The reviewers are not part of Euro-BioImaging ERIC, but all reviewers have signed a declaration of compliance with Euro-BioImaging Conflict of Interest and Non-Disclosure Rules, stating that they will maintain confidentiality of the proceedings and associated materials, they will not disclose information related to the review, and they will destroy any documentation they might have upon completing the review.

Euro-BioImaging training providers

Euro-BioImaging offers numerous training courses to which you can apply through the Euro-BioImaging Web Portal, similarly as you apply to access to imaging technologies at the Nodes. The training coordinator of Euro-BioImaging and the training providers of courses you have applied to have access to some of your personal data, as part of the procedure for accepting your application and arranging the practicalities of the training. The training providers have signed an agreement with Euro-BioImaging, stating that they will maintain confidentiality of any data they receive, and do not distribute any data beyond the personnel required to handle the training activity in practice. All training providers have also declared to adhere to the General Data Protection Regulation of the European Union. Note that this privacy policy applies only to data relayed through the Euro-BioImaging Web Portal, not to possible direct communication between users and the training providers, even if that communication takes place via the messaging tools of the Euro-BioImaging Web Portal. Note also that Euro-BioImaging may also list and advertise other courses and events on the Euro-BioImaging Web Portal, for which the application/registration procedure does not go through the Web Portal. This Privacy policy does not apply in such cases, and Euro-BioImaging has no control over personal data possibly given by you to such external training providers.

User authentication and authorization services

Euro-BioImaging uses authentication and authorization infrastructure (AAI) provided by external partners, in order to enable users to login with their existing credentials, without needing separate user IDs and passwords for the Euro-BioImaging Web Portal. Currently, Euro-BioImaging AAI services are provided by Elixir AAI. In the future, they may be provided by Life Science AAI, which is still under development, but may already occasionally be tested on the Euro-BioImaging Web Portal. Only minimal personal data (name, institutional affiliation and email address) is exchanged between Euro-BioImaging and Elixir AAI or Life Science AAI during the authentication process. Elixir AAI and Life Science AAI both adhere to the General Data Protection Regulation of the European Union.

Survey Monkey

Euro-BioImaging sometimes uses Survey Monkey forms to collect information that may also contain personal data. A Business Associate Agreement has been signed with Survey Monkey, in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), for Protected Health Information. This ensures that all information sent through Survey Monkey will remain confidential and secure, with Survey Monkey themselves having no access to it. For added security, all information sent through Survey Monkey will be manually and permanently deleted from Survey Monkey as soon as it has received by Euro-BioImaging. Survey Monkey adhere to the General Data Protection Regulation of the European Union.

Other third parties

Euro-BioImaging also works together with several other third parties in the development and running of its services. However, none of these third parties have access to any personal data or the Euro-BioImaging databases. These other third parties include:

  • Google Analytics is used to collect standard internet log information, such as visitor numbers and behavior patterns. The information is processed in a way that does not identify anyone, and no attempt is made to find out the identities of those visiting the Euro-BioImaging Web Portal.
  • The Euro-BioImaging Web Portal is developed in collaboration with Instruct-ERIC, and it is partly based on the ARIA portal of Instruct-ERIC. However, Euro-BioImaging runs its own instance of the ARIA code and uses its own separate databases, and Instruct-ERIC and ARIA developers have no access to Euro-BioImaging personal data or the other way around.
  • Euro-BioImaging also collaborates with the Open Microscopy Environment developers at the University of Dundee in the development of data services, but this collaboration involves only research data, no personal data.
  • University of Turku IT services host the Euro-BioImaging Web Portal, primary database and Euro-BioImaging email addresses and mailing lists.

Your data protection rights

Where Euro-BioImaging is using your personal data on the basis of consent, you have the right to access your data and to correct your data if it is incorrect, and the right to withdraw that consent at any time, in the Admin panel of the Euro-BioImaging Web Portal. (You might no longer be able to use some Euro-BioImaging services.) Where Euro-BioImaging is using your personal data on the basis of legitimate interest, based on your user account of the Euro-BioImaging Web Portal, you have the right to request that your account is terminated and your personal data deleted. (You would no longer be able to log in to the Euro-BioImaging Web Portal or use any Euro-BioImaging services that require login.) You are entitled to request a copy of the data Euro-BioImaging holds on you. In your request, you would need to provide adequate information to confirm your identity. If Euro-BioImaging holds personal information about you, you will be provided with a sufficient copy of the information in an understandable format, together with an explanation of why Euro-BioImaging has this information and how it is being used. Once Euro-BioImaging has all the information necessary to respond to your request, you will receive the information within one month. This timeframe may be extended to up to three months if your request is particularly complex. If you would like further information on your rights or wish to exercise them, please write to us at POSTAL ADDRESS or contact us at info@eurobioimaging.eu.

Changes to this policy

This policy may be updated from time to time. After each update, the new version will be published on the Euro-BioImaging Web Portal. You should check this page occasionally to ensure that you are happy with the current version of this policy. You may be notified of changes to this policy in the News section of the Euro-BioImaging Web Portal, or by email.

What to do if you are not happy or something is unclear

In the first instance, please talk to us at Euro-BioImaging directly so that we can hopefully resolve any problem or query. The easiest method is to first email info@eurobioimaging.eu, and then we can see how to best take your issue further.