Legal & Regulatory
The European Research Infrastructure Consortium (ERIC) is a specific legal form that facilitates the establishment and operation of Research Infrastructures with European interest.
The Statutes rule the governance of MIRRI, according to the regulatory requirements of the ERIC and of the legal framework of Portugal, the Statutory Seat of the RI.
The Statutes will be submitted to the EC during Spring 2021 for final approval and constitution of the MIRRI-ERIC legal entity.
MIRRI is engaged to provide as much as open and free access as financially possible, especially for Member and Observer countries. However, for sustainability reasons, free-open access will not always be implemented, in which case user fees may apply, especially for users from countries that are not contributing Members or for those following a market-driven mode of access. MIRRI-ERIC will seek funding mechanisms to reduce the cost of access for users, for example through research collaborations or transnational access supported by EU-funded projects.
For the provision of services, MIRRI relies on the commitments that the partners acquire by signing the MIRRI-ERIC Partner Charter, including the targeted accession into their catalogues of new valuable resources, the provision of TNA or the participation in clusters of expertise, following appropriate quality standards.
Microbial resources, technological services and courses can be provided on-site or remote and will follow the “European Charter for Access to Research Infrastructures”, which includes 3 modes of access: Excellence-driven, Market-driven and Technical need-driven. For the last two modes of access, a contract will be established between the User and MIRRI-ERIC, which will define the obligations and responsibilities of each party, confidentiality, and Intellectual Property management where necessary. These types of access will contribute to strengthening the innovation chain and the user has to cover the cost of the service or enter into a collaborative agreement with MIRRI, where both parties benefit from the collaboration.
The excellence-driven mode of access will be provided through open calls, where users need to fill in an application that will be evaluated based on scientific merit, type of institution (profit/non-profit) and membership (MIRRI-ERIC Member countries). Free or partially-free access will be provided to the best rated proposals.
Virtual tools, i.e. advanced data analysis, expert clusters forum, consultancy, webinars and tutorials, will require registration (registered CWE users). Depending on the type of institution (profit/non-profit), the membership status and the range of services requested, different pricing modalities will be offered to the users, with advantageous conditions to institutions from MIRRI-ERIC countries and non-profit organizations.
Scientific events organized by MIRRI-ERIC will also be subjected to fees, and discount rates will be available for users from MIRRI-ERIC countries, non-profit organizations and registered CWE users.
The Partner Charter defines criteria for the participation of microbial domain biological resource centres (mBRCs), institutions or individuals providing resources, services, training and expertise or participating in joint projects in MIRRI. Access to the document is provided here.
Adhering to the Partner Charter MIRRI Partners agree to comply with the following policies, that can be downloaded here:
- MIRRI-ERIC Data Management Policy
- MIRRI-ERIC Policy for compliance with the Convention on Biological Diversity (CBD) and the Nagoya Protocol
- MIRRI-ERIC Policy on biorisk assessment and biosecurity measures
- MIRRI-ERIC Accession Policy
- MIRRI-ERIC Policy on Intellectual Property Rights
MIRRI respects your privacy. This Privacy Statement outlines your rights to privacy and our commitment to safeguarding your personal data.
MIRRI is a European corporation, with legal entities, business processes, management structures and technical systems that cross borders. MIRRI delivers software and services to private and public businesses (Customers) in Europe as well as outside Europe. MIRRI’s head office is located in Belgium and MIRRI is subject to European privacy legislation, including the General Data Protection Regulation (GDPR).
All major decisions regarding privacy in MIRRI are made at a corporate level supervised by the Data Protection Officer (DPO).
This Privacy Statement is available on our MIRRI.org home page and at the bottom of every MIRRI related website.
How and when does the Privacy Statement apply?
This Privacy Statement applies to all business processes in MIRRI and its website, domains, cloud services. Service specific appendices will be found in the Terms of Service, data processing agreements or equivalent information for the specific service in question. Websites of customers of MIRRI that manage their website through BioloMICS are under the responsibility of the customers alone. MIRRI provides them with the latest version of the software and ensures that the latter is up to date.
The Privacy Statement provides information about data processing carried out by MIRRI when MIRRI determines the purpose and means of the processing (MIRRI act as data controller). It also provides information on data processing MIRRI do on behalf of our Customers based on their instructions (the Customer as data controller and MIRRI as data processor).
Personal data is information that can identify you as a person, such as name, an email address, street address or phone number etc. Processing your personal data is necessary for us to serve our Customers. Please do not use MIRRI Sites or our services if you do not agree with how we process personal data according to this Privacy Statement.
Whose personal data does MIRRI process?
MIRRI process personal data about contact persons or software users tied to our Customers. In addition, we process personal data about persons representing potential Customers (leads) that approach us via MIRRI Sites or other channels. Our statement in these regards is to be found in the data controller section.
We also process data on behalf of our Customers that our Customer controls. Our statement in these regards is to be found in the data processor section.
In this Privacy Statement data subjects may also be referred to as persons or you.
How does MIRRI process personal data as data controller?
When a MIRRI subsidiary determines the purpose and means of processing your personal data, this company act as data controller. This includes scenarios where MIRRI collects personal data in the context of you being a representative for a Customer or Lead, or when you are a software user.
Why we process your personal data
About Customer contacts and software users
To manage our Customer relations in general and to meet our Customer commitments, MIRRI needs information about you in your role as Customer contact person or user of a service. The purposes of processing this personal data are:
- a. Execute sales and contract process to Customers.
- b.Provide requested offers on products and services to Customers.
- c.Perform deliveries in accordance with agreements made with you or Customers.
- d.Offer support to users of our products and services.
- e.Improve and develop the quality, functionality and user experience of our products, services and MIRRI Sites.
- f.Detect, mitigate and prevent security threats and perform maintenance and debugging.
- g.Prevent abuse of our products and services.
- h.Process orders, invoicing, payments and other financial follow-up.
- i.Create interest profiles in order to promote relevant products and services.
- j.Operate user communities to educate and enable interaction between users and MIRRI.
The legal ground for processing personal data according to the above-listed purposes in letter a) to i) is mainly because MIRRI has a legitimate interest in processing your personal data from a business perspective in a manner that we believe do not conflict with your privacy rights or freedoms. The legal ground for processing personal data according to the purpose listed in letter j) is your consent.
MIRRI process personal data about Leads for marketing purposes. In order to provide targeted and relevant content to potential Customers, MIRRI builds an interest profile manually based on your expected profile as well as your response to marketing content per email. The legal grounds for such processing is mainly your consent.
You can read more about how we create such profiles, how you can adjust the profile as well as withdraw your consent in the sections below.
In order to monitor access to our premises, we process personal data about visitors. The processing is based on our legitimate interest to protect our business secrets, employees, premises and you as a visitor. You will be informed of your rights in this context when you register in our electronic visitor system.
How we collect your personal data
In general, MIRRI collects personal data directly from you or other persons linked to our Customer. These persons may be a manager or colleague. If the Customer you work for purchases MIRRI products or services, we may collect information about you.
In some cases, we may also collect information about you from other sources. These sources may be public sources or third-party social networks. MIRRI will be able to combine personal data about you obtained from one source with data obtained from another source. This gives us a complete picture of you, which also gives us the possibility of serving you in a more relevant way with a greater degree of personalisation.
Automatic data collection tools
MIRRI uses different digital tracking technologies to collect information about your movements on MIRRI Sites and when interacting with us.
If you would like to know more about cookies and how they work, please visit www.allaboutcookies.org.
- 1. Table-columns-strains_2: contains the list of columns that must be displayed (when changed by the end-user) when searching Strains_2 table views (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 2. Queries-layout-strains_2: contains the list of queries that have been done by the end-user when searching Strains_2 table views (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 3. Table-columns- strains_3: contains the list of columns that must be displayed (when changed by the end-user) when searching strains_3 table views (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 4. Queries-layout- strains_3: contains the list of queries that have been done by the end-user when searching strains_3 table views (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 5. Table-columns-Open%20collection: contains the list of columns that must be displayed (when changed by the end-user) when searching 20collection table views (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 6. Queries-layout- 20collection: contains the list of queries that have been done by the end-user when searching 20collection table views (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 7. List-display: keeps the end-user preference in terms of display format (either results in grid or results looking like a Google format) (this is there to keep the preferences of the end-users; It will not be present if the end-user has not changed this option).
- 8. SearchState: this keeps the information about the last query and the page number where the end-user was the last time he/she did a query.
- 9. ASP.NET_SessionId: this is an automatic cookie that keeps the unique session ID number to be used on the server side. This is deleted when session is finished/expired.
- 10. last-query-layout-Open%20collection and similar, contain the last query done by the end-user on the Open%20collection table view. This is used when first reloading the page. It is replaced each time there is a query done.
- 11. _utma, _utmb, _utmc, _utmd, etc are Google analytics cookies to analyze web traffic (see https://helpful.knobs-dials.com/index.php/Utma,_utmb,_utmz_cookies).
Cookies mentioned in the last point are Google analytics cookies that are IP anonymized which means that we cannot trace single users. See below for more information.
No other cookies than the ones mentioned above are used on our websites.
Google cookies and technologies
Google Analytics: These cookies allow us to see information on user website activities including, but not limited to page views, source and time spent on a website. The information is depersonalized and is displayed as numbers, meaning it cannot be traced back to individuals. This will help to protect your privacy. Using Google Analytics, we can see what content is popular on our websites.
You can prevent the information generated by the Google cookie about your use of our Sites from being collected and processed by Google in the future by downloading and installing Google Analytics Opt-out Browser Add-on for your current web browser. This Add-on is available at http://tools.google.com/dlpage/gaoptout.
What personal data we process
The type of personal data that MIRRI process about you may be:
- Basic contact details such as name, address, telephone number and email.
- Employment information such as employer, title, position including preferences and interests in professional context.
- Feedback, comments or questions about MIRRI or concerning our products and services.
- Content you have uploaded such as photos.
- Unique user information such as login ID, username and password. Passwords are encrypted (one way encryption) and cannot be decrypted. No non-encrypted version of the passwords are stored.
- Financial information for invoice purposes.
- Other personal data contained in your profile that you have freely given away on third party social networks such as LinkedIn etc.
As data controller, MIRRI does not process sensitive personal data about you. MIRRI is not reselling personal data to any third parties.
How we share your personal data
Outside MIRRI Group
MIRRI may share your personal data with external third parties in the following contexts:
MIRRI user communities
If you make a post, comment or similar on MIRRI user communities or other forums on the MIRRI website, such information can be read and used by anyone with access to such forums and used for purposes over which neither MIRRI nor you have control. MIRRI is not responsible for any information you submit on such forums or MIRRI website. MIRRI will not post any comment, testimonial or similar made by you without your prior consent.
The police and other authorities may demand the handover of personal information from MIRRI. In these cases, MIRRI will only hand over the data if there is a court order etc. to do so.
In connection with mergers, acquisitions or divestiture of all or parts of MIRRI‘s business, the acquiring entity, as well as its consultants, would obtain access to data managed by the MIRRI entity/entities involved and this may in some cases include personal data. In such cases, external parties would enter into an NDA with MIRRI.
What are your rights?
Right to opt-out of marketing communications
You have the right to opt-out of receiving marketing communications from MIRRI and may do so by either:
(a) Following the instructions for opt-out in the relevant marketing communication,
(b) Change preferences under the account settings section if you have an account with MIRRI.
(c) Contacting us via e-mail on info@MIRRI.org
Please note that even if you opt-out from receiving marketing communications, you may still receive administrative communications from MIRRI, such as order confirmations and notifications necessary to manage your account or the services provided to Customers.
You have the right to access your personal data by requesting an overview of the personal data we process about you and you may have a right to download such data. You also have the right to request that MIRRI corrects inaccuracies in your personal data. If you have an account with MIRRI on the website, this can usually be done through the appropriate “your profile” section on the MIRRI website.
Further, you have a right to request deletion of personal data, and to restrict or object to our processing of your personal data according to this Privacy Statement or other service specific terms.
Please use info@MIRRI.org to file all requests as mentioned in this section.
How does MIRRI protect and store personal data?
How we keep your personal data secure
MIRRI takes the trust you, and our Customers, place in us very seriously. MIRRI is committed to preventing unauthorized access, disclosure or other deviant processing of personal data. MIRRI shall ensure the confidentiality of personal data we process, maintain the personal data integrity and secure its availability according to applicable privacy legislation.
As part of our commitments, we utilize reasonable and appropriate organizational, technical and physical procedures and measures to safeguard the information we collect and process, taking into account the type of personal data and risk posed to you and our Customers upon breach. Since root causes for privacy breaches are most likely to be found internally, we believe that building a strong corporate culture where respect for and awareness around privacy among our employees are fundamental to ensure lawful processing and protection of your data. The following measures are of particular importance in this regard:
- Data Protection Officer acting as advisor in private policy related matters has been appointed and controls in privacy matters.
- Privacy courses that are mandatory for all employees are given by our DPO.
- Data processing agreements with subcontractors that process data on behalf of MIRRI.
- Assess the use of encryption and pseudonymisation as risk mitigating factors.
- Limiting access to personal data to those that need access to fulfil obligations according to law or service agreement etc.
- Manage systems that detects, restores, prevents and reports privacy incidents.
- Premises protected by access control and video surveillance systems (at datacenters).
- The MIRRI servers are stored in OVH high security datacenters where access is strictly monitored. Every datacenter room is fitted with a fire detection and extinction system, as well as fire doors and complies with the APSAD R4 rule. OVH guarantees that the servers are constantly maintained and are 24 hours a day and 365 days a year supervised. For more detailed information, see https://www.ovh.com/world/about-us/security.xml.
How long we store your personal data
MIRRI will only retain your personal data for as long as necessary for the stated purpose, while also taking into account our need to answer queries or resolve problems and to comply with legal requirements under applicable laws.
This means that MIRRI may retain your personal data for a reasonable period after you and our Customer’s last interaction with us. When the personal data that we collected are no longer required we erase them. We may keep personal data for historical purposes (ie to keep track of previous users or customers).
How does MIRRI protect and store personal data as data processor?
MIRRI provides many different services to its Customers. Some of our services involve processing of the Customers’ data, hereunder their personal data. The purposes of processing are determined by our Customers not by MIRRI. Making the Customer the data controller. MIRRI does, in such cases, act as data processor and process the data on behalf of and according to instructions given by the Customer. The relation between the Customer as data controller and MIRRI as data processor shall be regulated by a data processing agreement.
Customer and MIRRI obligations
When the Customer acts as data controller the Customer shall, according to applicable privacy legislation, ensure the legal grounds for processing the personal data. Further, the Customer shall assess and establish ownership to the risks posed to data subjects by processing their personal data. Another important aspect of the Customer’s duty as data controller is to comply with the information duty towards data subjects.
MIRRI is a natural part of the Customers duties as data controller, in the sense that MIRRI’s services constitutes parts of the processing of personal data that the Customer must ensure are compliant with applicable privacy legislation. Thus, when MIRRI processes personal data on behalf of its Customers, we must do so in accordance with privacy legislation applicable for data processors.
In short, the Customer and MIRRI are obligated to cooperate to ensure privacy for data subjects. MIRRI shall provide the information necessary for the Customer to be compliant with applicable privacy legislation.
In what manner does MIRRI use subcontractors?
MIRRI uses subcontractors to process personal data and may export your or our Customers data outside the EU in this regard. These subcontractors are typically IT specialists.
When using subcontractors, MIRRI will enter into a data processing agreement (DPA) with subcontractors in order to safeguard your privacy rights and to fulfil our obligations towards our Customers. When subcontractors are located outside the EU, MIRRI ensures legal grounds for such international transfers on behalf of you or our Customers, hereunder using the EU Model Clauses.
MIRRI relies on some external third parties to support our business processes and to provide our services. These third parties mainly include but are not limited to:
– Securex processing data of employees for the payment of wages
– Google (US), office automation and file storage solution
– OVH Datacenters for the IT related matters (data storage, access, etc)
More information on MIRRI’s subcontractors is provided in the MIRRI Trust Center, in the service specific terms or in a dedicated data processing agreement. In any case, you are always welcome to request an overview and more detailed information on MIRRI’s subcontractors, hereunder documentation of legal grounds for international transfers mentioned above.
Changes to this Statement
If we modify our Privacy Statement, we will post the revised statement here, with an updated revision date. We encourage you to review the Statement regularly. If we make significant changes to our Statement that materially alter our privacy practices, we may also notify you by other means, such as sending an email or posting a notice on our corporate website and/or social media pages prior to the changes taking effect.
The last update of this Privacy Statement was May 23rd, 2018.
How to contact us
We value your opinion. If you have any comments or questions about our Privacy Statement, any unresolved privacy or data use concerns that we have not addressed satisfactorily, or concerning a possible breach of your privacy, please send them to info@MIRRI.org. You can also send it in writing to MIRRI, Data Protection Officer.
We will handle your requests or complaints confidentially. Our representative will contact you to address your concerns and outline the options regarding how these may be resolved. We aim to ensure that complaints are resolved in a timely and appropriate manner.