Follow us on X
Follow us on Linkedin
Real-world-data enabled assessment
for health regulatory decision-making

Privacy Policy

1. An overview of data protection

General

The following gives a simple overview of what happens to your personal information when you visit our website. Personal information is any data with which you could be personally identified. Detailed information on the subject of data protection can be found in our privacy policy found below.

Data collection on our website

Who is responsible for the data collection on this website?

The data collected on this website are processed by the website operator. The operator's contact details can be found in the website's required legal notice.

How do we collect your data?

Some data are collected when you provide it to us. This could, for example, be data you enter on a contact form.

Other data are collected automatically by our IT systems when you visit the website. These data are primarily technical data such as the browser and operating system you are using or when you accessed the page. These data are collected automatically as soon as you enter our website.

What do we use your data for?

Part of the data is collected to ensure the proper functioning of the website. Other data can be used to analyze how visitors use the site.

What rights do you have regarding your data?

You always have the right to request information about your stored data, its origin, its recipients, and the purpose of its collection at no charge. You also have the right to request that it be corrected, blocked, or deleted. You can contact us at any time using the address given in the legal notice if you have further questions about the issue of privacy and data protection. You may also, of course, file a complaint with the competent regulatory authorities.

Analytics and third-party tools

When visiting our website, statistical analyses may be made of your surfing behavior. This happens primarily using cookies and analytics. The analysis of your surfing behavior is usually anonymous, i.e. we will not be able to identify you from this data. You can object to this analysis or prevent it by not using certain tools. Detailed information can be found in the following privacy policy.

You can object to this analysis. We will inform you below about how to exercise your options in this regard.

2. General information and mandatory information

Data protection

The operators of this website take the protection of your personal data very seriously. We treat your personal data as confidential and in accordance with the statutory data protection regulations and this privacy policy.

If you use this website, various pieces of personal data will be collected. Personal information is any data with which you could be personally identified. This privacy policy explains what information we collect and what we use it for. It also explains how and for what purpose this happens.

Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible.

Notice concerning the party responsible for this website

The party responsible for processing data on this website is:

European Research and Project Office GmbH
Heinrich-Hertz-Allee 1
66386 St.Ingbert

Represented by:
Jörg Scherer

Telephone: +49 6894 388 130
Email: contact-us@eurice.eu

The responsible party is the natural or legal person who alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).

Revocation of your consent to the processing of your data

Many data processing operations are only possible with your express consent. You may revoke your consent at any time with future effect. An informal email making this request is sufficient. The data processed before we receive your request may still be legally processed.

Right to file complaints with regulatory authorities

If there has been a breach of data protection legislation, the person affected may file a complaint with the competent regulatory authorities. The competent regulatory authority for matters related to data protection legislation is the data protection officer of the German state in which our company is headquartered. A list of data protection officers and their contact details can be found at the following link: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html.

Right to data portability

You have the right to have data which we process based on your consent or in fulfillment of a contract automatically delivered to yourself or to a third party in a standard, machine-readable format. If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

SSL or TLS encryption

This site uses SSL or TLS encryption for security reasons and for the protection of the transmission of confidential content, such as the inquiries you send to us as the site operator. You can recognize an encrypted connection in your browser's address line when it changes from "http://" to "https://" and the lock icon is displayed in your browser's address bar.

If SSL or TLS encryption is activated, the data you transfer to us cannot be read by third parties.

Information, blocking, deletion

As permitted by law, you have the right to be provided at any time with information free of charge about any of your personal data that is stored as well as its origin, the recipient and the purpose for which it has been processed. You also have the right to have this data corrected, blocked or deleted. You can contact us at any time using the address given in our legal notice if you have further questions on the topic of personal data.

3. Data protection officer

Statutory data protection officer

We have appointed a data protection officer for our company.

Verimax GmbH
Warndtstraße 115
66127 Saarbrücken

Telephone: +49 89 800 65 78 0
Email: dsb.eurice@verimax.de

4. Data collection on our website

Cookies

Some of our web pages use cookies. Cookies do not harm your computer and do not contain any viruses. Cookies help make our website more user-friendly, efficient, and secure. Cookies are small text files that are stored on your computer and saved by your browser.

Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognize your browser when you next visit the site.

You can configure your browser to inform you about the use of cookies so that you can decide on a case-by-case basis whether to accept or reject a cookie. Alternatively, your browser can be configured to automatically accept cookies under certain conditions or to always reject them, or to automatically delete cookies when closing your browser. Disabling cookies may limit the functionality of this website.

Cookies which are necessary to allow electronic communications or to provide certain functions you wish to use are stored pursuant to Art. 6 paragraph 1, letter f of GDPR. The website operator has a legitimate interest in the storage of cookies to ensure an optimized service provided free of technical errors. If other cookies (such as those used to analyze your surfing behavior) are also stored, they will be treated separately in this privacy policy.

Server log files

The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:

  • Browser type and browser version
  • Operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of the server request
  • IP address

These data will not be combined with data from other sources.

This constitutes a justified interest pursuant to Art. 6 (1) (f) GDPR.

5. Registration for REALM Events

As a participant in the REALM Academy Workshop: Multi-Stakeholder Insights for Evaluating Medical AI, this information is provided to you by EURICE, the project's main partner responsible for communication activities. You are receiving this information as EURICE processes your personal data as a data controller within the communication activities of the Horizon Europe project “REALM” (Grant Agreement No. 01095435) according to Article 13 GDPR. This Privacy Notice and Consent Information for Workshop Registration conveys important information about our privacy practices and your rights as it relates to your personal data. We encourage you to read this notice carefully and contact us in case of any questions.

P7-EURICE is required by law to protect your personal data. This notice explains how we process (e.g. collect, store, protect, delete) your personal data. We will process any personal data about you in accordance with this notice and with applicable law.

1. WHO ARE WE?

The institution responsible for the processing of your personal data according to the data protection regulations is:

European Research and Project Office GmbH
Heinrich-Hertz-Allee 1
66386 St. Ingbert
Germany
Represented by:
Jörg Scherer
Telephone: +49 6894 388130
E-mail: contact-us@eurice.eu

A data protection officer has been appointed for our company:
Verimax GmbH
Warndtstr. 115
66127 Saarbrücken
Germany
Telephone: +49 89 80065780
E-mail: dsb.eurice@verimax.de

WHY DO WE PROCESS YOUR DATA (PURPOSE OF PROCESSING) AND WHAT IS THE LEGAL BASIS?

The REALM Academy workshop aims to bring together regulators, HTA bodies, software manufacturers, researchers, and other stakeholders involved in the medical software evaluation process, providing an opportunity to exchange perspectives and co-design solutions for collaborative evaluation of medical AI. We process your registration data, i.e. surname, name, email address, function, organisation, the group that best describes your role within the Workshop for the organization and implementation of the workshop (communication, participation, invitations).

2. LEGAL BASIS OF DATA PROCESSING

The processing of your personal data, i.e. pictures or name and email address, if you agree, that we may also contact you about future related events, is in accordance with Art. 6, para. 1, letter a) GDPR on the basis of your consent.

Your registration data is processed for the purpose of the initiation, performance and conclusion of a contract and the related secondary obligations (Art. 6 para. 1b GDPR). These data are processed with the purpose of identifying you as a participant to the REALM Academy Workshop.

3. PERSONAL DATA

We process your personal data, i.e.,

  • Surname, Name
  • Email address
  • Function
  • Organisation
  • the group that best describes your role

according to Art. 4 no. 1 GDPR, which we receive from you within the scope of your participation to the REALM Academy Workshop.

We will process your pictures taken during the Workshop only if you have explicitly consented to this. The participation in the workshop is possible regardless of whether you provide your consent in this regard.

4. WHO WILL RECEIVE MY DATA?

Within the European Research and Project Office GmbH, your data will be transferred to those persons that need the data to fulfil their contractual obligations (e.g., the Project Manager and the Communication Manager of the project). We will involve our Affiliated Partner RISE based in Croatia (Research and Innovation Services d.o.o., Ulica Republike Austrije 33, 10 000 Zagreb, Croatia)
In addition, we will transmit your personal data to other recipients outside the European Research and Project Office GmbH to fulfil our contractual and legal obligations. This includes:

  • hosting provider for the project website
  • project participants that are working on the REALM project:
    • Project Coordinator P1 – University of Maastricht
    • P2 - COMUNICARE SOLUTIONS
    • P3 - METAMIND INNOVATIONS IKE
    • P4 - TRAQBEAT TECHNOLOGIES IDIOTIKI KEFA
    • P5 - UNIVERSITE DE LIEGE
    • P6 – VITO (VLAAMSE INSTELLING VOORTECHNOLOGISCH ONDERZOEK N.V.)
    • P8 - UNIWERSYTET WARSZAWSKI
    • P9 - UCZELNIA LAZARSKIEGO
    • P10 - YAGHMA B.V.
    • P11 - EXUS SOFTWARE MONOPROSOPI ETAIRIA PERIORISMENIS EVTHINIS
    • P12 - VIRTUAL PHYSIOLOGICAL HUMAN INSTITUTE FOR INTEGRATIVE BIOMEDICAL RESEARCH VZW
    • P13 - UNIVERSITEIT ANTWERPEN
    • P14 - THE CHANCELLOR, MASTERS AND SCHOLARS OF THE UNIVERSITY OF OXFORD
    • P15 - UNIVERSITY OF BRISTOL
  • funding agency
  • policy makers
  • general public
  • external auditors
  • social media channel - LinkedIn

5. TRANSMISSION TO A THIRD COUNTRY OR INTERNATIONAL ORGANIZATION

Please note that your personal data is being transferred United Kingdom. The processing of personal data the United Kingdom will take place on the basis of the Commission Decision of 28 June 2021. Such a Decision confirms that a country situated outside the EU offers an adequate level of data protection.

The transmission of your data is not repeated, mass or structural and is carried out according to the tasks established within the Grant Agreement and Consortium Agreement.

To reach broader public and to promote our project activities we also use the services of LinkedIn, whose server is situated outside the EU.

There is a specific data privacy notice applicable for the data subjects situated in the EU, but it cannot be excluded that personal data will be transferred outside of the EU. LinkedIn stores personal data on its servers in the US, so data flows from the EU to the US and back.

LinkedIn is certified under the EU-U.S. DPF. For further information regarding data processed by LinkedIn, see LinkedIn’s privacy policy

In the context of the use of social media accounts, we are controllers within the meaning of Art. 4 No. 7 GDPR together withLinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland, for the operation of our LinkedIn profiles In this context, your data may be transferred to the USA. The recipients mentioned above are certified under the EU-US Data Privacy Framework, so that this is a GDPR-compliant third country transfer to a country with an adequacy decision. The EU-US Data Privacy Framework was adopted by the European Commission on 10 July 2023 and US is considered as offering adequate protection of data protection within the meaning of Art. 45 GDPR.

Please note that data on the Internet can be accessed anywhere in the world, including in unsecure third countries where there is no adequate level of data protection. We therefore expressly point out that digital images, for example on our website, can be accessed worldwide and that further use by third parties cannot be ruled out.

Please note that our project websites are also accessible to search engines. You must therefore expect that your name and image may also be found by search engines or accounts of third-parties.

Content can also be searched for and reshared on social media services. The providers of the relevant social media services are primarily responsible for this.

FOR HOW LONG ARE MY DATA STORED AND WHERE?

Periods for retention result from the applicable Horizon Europe provisions. In accordance thereto, the data must be retained for up to five years after receipt of the project’s final payment, according to Art. 20.1 GA and the REALM Data Sheet, Point 6. Appropriate technical and organisational measures have been identified and implemented together with EURICE’s Data Protection Officer. EURICE and host provider of the project’s website are in Germany and the data is stored in Germany as well. RISE, EURICE’s Affiliated entity, is in Croatia, therefore in Europe as well.

6. WHICH DATA PROTECTION RIGHTS DO I HAVE?

Each individual has the right to withdraw consent in accordance with Art. 7 (3) GDPR, the right of access in accordance with Art. 15 GDPR, the right to rectification in accordance with Art. 16 GDPR, the right to erasure (right to be forgotten) in accordance with Art. 17 GDPR, the right to restriction of processing in accordance with Art. 18 GDPR, the right to data portability in accordance with Art. 20 GDPR as well as the right to object in accordance with Art. 21 GDPR. Limitations in accordance with §§ 34 and 35 of the German Federal Data Protection Act apply to the right to access and the right to erasure. In addition, individuals have a right to lodge complaints with the data protection supervisory authority about the processing of personal data by us. (Art. 77 GDPR in conjunction with § 19 BDSG).

We do not process data that is based on automated decision-making including profiling within the meaning of Art. 22 GDPR.

The competent supervisory authority is
Unabhängiges Datenschutzzentrum Saarland
Die Landesbeauftragte für Datenschutz und Informationsfreiheit
Fritz-Dobisch-Straße 12
66111 Saarbrücken
Germany
Phone: +49 681 94781-0
Poststelle@datenschutz.saarland.de

Please do not hesitate to contact us at dataprotection@eurice.eu if you have any questions regarding this information sheet.

Am I obliged to provide my data?

Providing your personal data within the scope of registering for and participating in events relating to the REALM project is voluntary. However, if you do not provide your data (with your registration), we cannot register you as participant to the event.

Using your pictures within the scope of internal and external communication activities relating to “PROJECT REALM” (GA no. 01095435), e.g. for the publication on the project website, in project promotional and publicity material or in the context of press work, is voluntary. If the consent is not given, there will be no disadvantages.