ClimeFish collects and processes personal data according to the EU’s General Data Protection Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
This privacy statement explains
- why we collect your personal data
- how we collect, handle and make sure your personal data is protected
- how that information is used
- what rights you have in relation to your personal data
Why do we collect and process your data?
ClimeFish collects and uses your email address to send you the regular newsletter of the ClimeFish project. The processing operation consists of collecting and maintaining an email database on MailChimp.
Which personal data do we collect and process?
The ClimeFish project collects the email address of voluntary subscribers to our newsletter. Subscription is available by means of the website or an existing newsletter. The following data is collected:
- Your email address
- IP address
- Date and time of subscription
On what legal ground(s) do we process your personal data
We process your personal data (i.e. email address) because it is necessary to send the newsletter, and because you have given consent for us to process this data by means of subscribing.
How long do we keep your personal data?
Your personal data is only kept until the end of the project (February 2020) or even earlier if you choose to subscribe. This can be done via a clearly desplayed unsubscribtion link at the bottom of each newsletter.
How do we protect and safeguard your personal data?
The registered data is stored on servers run by MailChimp. The information is not shared outside this server. To protect your personal data, only authorised staff in the project’s communication management have access to the server. For MailChimp server security and policies, see MailChimp legal policies.
Who has access to your personal data and to whom is it disclosed?
Access to your personal data is provided to the ClimeFish staff responsible for carrying out this operation. ClimeFish uses MailChimp. It is not excluded that MailChimp staff may have access to the data. All processing operations are carried according to the General Data Protection Regulation (‘GDPR’ Regulation (EU) 2016/679).
What are your rights and how can you exercise them?
You have specific rights as a ‘data subject’ under Chapter III (Articles 12-23) of Regulation (EU) 2016/679, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.
You have the right to object to the processing of your personal data, which is lawfully carried out pursuant to Article 21.
You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.
You can exercise your rights by contacting the Data Controller, or in case of conflict the Data Protection Officer. Their contact information is given under Heading 9 below.
Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description in your request.
The Data Controller
If you would like to exercise your rights under Regulation (EU) 2016/679, or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, please feel free to contact the the Data Protection Officer for ClimeFish Dr. Petter Olsen (NOFIMA).
The project coordinator Prof. Michaela Aschan (UiT) is a member of the Norwegian National Research Ethics Committee and thereby oversees the adherence to ethical principles. You can also get in touch with her.