OpenAIRE places particular emphasis on the security of personal data and the protection of the data subject. For this reason, OpenAIRE has introduced this Personal Data Policy.
OpenAIRE offers a variety of services through OpenAIRE members, cooperating partners and other entities. All entities offering services using the OpenAIRE logo, are OpenAIRE Service providers. In order to be admitted as an OpenAIRE Service Providers they need to protect the data subject’s personal data and to ensure the application proper of the existing legal framework (in particular Regulation 2016/679 and Greek Law 3471/2006).
As a data subject, you must be aware that your personal data is collected and maintained by OpenAIRE Service Providers (henceforth OSPs) for a certain period and for specified, explicit and legitimate purposes. Personal data shall be treated fairly and in a transparent manner in accordance with the applicable legal framework and in such a way as to guarantee the key data protection principles, namely:
The personal data controllers for the purpose of the operation of the following services:
of the specified below personal data processing are as follows:
For the OpenAIRE Login:
Athena Research Center (ARC)
Artemidos 6 and Epidavrou
15125, Maroussi, Athens. Greece
tel: + 302106875300, fax: 2106854270
For the OpenAIRE Website:
OpenAIRE AMKE Artemidos 6 and Epidavrou
15125, Maroussi, Athens. Greece
tel: + 302106875300, fax: 2106854270
Henceforth, “the controllers”.
ARC will deploy the following data processors in order to perform the personal data processing for the provision of the OpenAIRE Login:
National Infrastructures for Technology and Research S.A. (GRNET)
7, Kifisias Av.
11523, Athens, Greece
ICM, University of Warsaw
26/28 Street Krakowskie Przedmieście,
00-927 Warsaw, Poland
The controllers may modify this policy to achieve a better protection of personal data by announcing any such modification through its website. Each modification will receive a version no and a date of modification. All previous versions of the personal data policy may be found at . All modification of the personal data policy shall become effective five (5) days after they have been posted on the website at https://www.openaire.eu/policies
By navigating and using these services users acknowledge that they have read, understood and unconditionally accepted this Personal Data Policy.
For any further explanation, you may contact the Data Protection Officer (DPO) of the OpenAIRE and the respective OSPs (data controllers and processors) by sending an e-mail to:
For the purposes of this Privacy Statement, the terms “processor”, “controller”, “third party”, “supervising authority”, “personal data”, “processing”, “data subject” shall have the meaning ascribed to them by applicable legislation on the protection of personal data.
In addition, for the purposes of the present, the following definitions shall also apply:
“Service” - the OpenAIRE Login online service
“User”- the OpenAIRE Login online service user, whom the data refer to, whose identity is known or may be verified, namely it may be directly or indirectly determined.
“OpenAIRE Service Providers (OSPs)” are the entities that process personal data in accordance with the OpenAIRE data protection policy for the services stipulated in this policy, as data controllers or as data processors.
This Policy does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person.
i. For the Authentication and Authorisation of OpenAIRE Login “Users”
For the sole purpose of the authentication and authorisation of the OpenAIRE Login service "Users", OSPs collect, and process – as co-processors– the following personal data:
ii. For providing the OpenAIRE Login service
iii. For communicating with OpenAIRE Login service “users”
iv. Special categories of personal data
OpenAIRE does not collect, process or gain access in any way to specific data categories, as set forth in the provisions of the legislation in force (in particular data relating to racial or ethnic origin, religion, health data, etc.). In the event that a "user" posts any such special category data on the “website” or on the OpenAIRE Login service, such data will be removed as soon as the OpenAIRE Login service support team becomes aware of it.
v. OpenAIRE website/ OpenAIRE
In relation to the web site:
We collect personal data only when you wish:
a) if you subscribe to our newsletter, your email address will be solely used for this purpose and shall not be shared with third persons. You will be able to be deleted from the newsletter anytime
b) if you contact by phone, fax or e-mail with OpenAIRE and in order to serve the purpose of communication, personal data are kept as needed to fulfill the purpose of your communication.
During your visit at our website, certain information may be automatically collected, such as the IP address of your computer, but they do not reveal identifiable elements of your physical identity, but they are used solely for statistical reasons for traffic to our web presentation. In addition, cookies are collected and processed at the time of entry.
For more information, please see the relevant Cookies policy below.
In relation to the login service:
OSPs collect and process the personal data of the “Users”, referred to herebelow, for the following purposes:
Creating statistics reports and graphics to monitor usage. Information contained in statistics reports and graphics statistics do not comprise any Users personal data.
Sending online updates to the “Users” via e-mail, only in the event of major “Service” changes requiring from “Users” to perform certain necessary actions in order to continue using the “Service” smoothly.
OSPs collect and process the personal data of “Users” solely and exclusively for the purposes mentioned above and only to the extent strictly necessary to effectively satisfy such purposes. These data are always relevant, reasonable and not more than those required to meet the purposes set out above. Moreover, they are accurate and, where appropriate, subject to updates. Furthermore, such data are retained only during the period required for collection and processing purposes as aforementioned, and are deleted at the end of that period.
The personal data of "Users" are processed in the context of the provision of the OpenAIRE Login Service and for the purposes described in this Privacy Statement, in line with the need (technical and organisational) to best perform the OpenAIRE Login service as well as to respond to "Users" requests concerning the OpenAIRE Login Service.
The legal basis for processing your personal data is the consent upon the visit of this Website in relation to the personal data collected from cookies and the legitimate interest of OpenAIRE, in relation to all other data collected during the simple visit of the website of OpenAIRE. OpenAIRE collects and processes the personal data of visitors and users only in the fulfillment of its purposes and more precisely in order to serve the communication with you and to provide quality services. No further processing, promotion or exchange is made on personal data without your prior consent.
Access to the “Users” personal data shall be granted to the following:
To the OpenAIRE Login service support team, consisting of personnel engaged in a contractual relationship of either a project or an independent service agreement with OSPs.
The processing of OpenAIRE Login service “users” personal data by the aforementioned, is carried out under the supervision and only at the request of OSPs, within the scope of the mission and the role of each associate. Such associates undertake to comply with the same privacy and personal data requirements as OSPs themselves in accordance to the present Personal Data Statement.
Recipients of web-site data:
The personal data of the visitors and users of OpenAIRE Website are not passed on to third party recipients. They are processed only by the authorized representatives of OpenAIRE to communicate with you.
Recipients of collected data:
OSPs do not, in any way, transfer/transmit or disclose the personal data of the "Users" to any third party business organisations, natural persons or legal entities, public authorities or agencies or any other organizations, other than those specifically referred to herein.
The OpenAIRE Login service may reveal the personal data of “Users” to other members of the group the “Users” have chosen to join. By joining a group managed by the OpenAIRE Login service, the “User” agrees that the recorded information may be disclosed to other authorised participants of the group via secured mechanisms, but only for the same purposes and only as far as necessary to provide the services.
The OpenAIRE Login service will release the personal data of “Users” to services available to the group(s) the “Users” choose to become members of.
The personal data of the "Users" may be communicated or transferred to government authorities and/or law enforcement officers, if that is required for the above purposes, or within the scope of enforcing a court decision or order, or for complying with a provision of law, or if so required in order to serve the legitimate interests of OpenAIRE as Data Controller, in accordance with applicable law.
The personal data of OpenAIRE Login service users shall be retained no longer than it is necessary for the needs of the service and the audits the service is subjected to. More specifically:
Categories of personal data collected
Time period and place of personal data retention
IP address, “Service” Use timestamp
18 months in the OpenAIRE Login service database and log files
Kept in the OpenAIRE Login service database as long as the “User” is active in the OpenAIRE Login service. This data can be removed earlier on request
18 months in the OpenAIRE Login log files.
Will be removed from the OpenAIRE Login database 18 months following the removal of the “User” account record
For the duration of the service provision
The processing of personal data by the OSPs is performed in a manner that ensures both confidentiality and security thereof. All appropriate organisational and technical measures shall be taken to safeguard data against any accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access or any other form of unfair processing.
Although we follow best security practices to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:
There are security and privacy limitations on the internet which are beyond our control and can have a negative impact on the confidentiality, integrity and availability of the information.
Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.
OSPs perform all necessary actions both during collection and at each subsequent processing stage of the “Users” personal data, so that each “User” is fully enabled to exercise the rights guaranteed by applicable data protection laws, namely the rights to access, rectify, erase and restrict processing, as well as the right to data portability, which are described below:
If any user considers that the protection of their personal data is in any way affected, they may appeal to the Personal Data Protection Authority, at the postal address of the Personal Data Protection Authority, Offices: 1-3 Kifissias Str. 115 23, Athens, tel. +30 210 6475628, e-mail .
During users’ navigation on this website, OpenAIRE may collect identification data of users, by using cookies.
Cookies are short software code texts, which are sent from OpenAIRE server and are stored at your terminal (“browser”). Their basic function is to communicate to us data from your browser. Cookies are either "Temporary" (session cookies) or persistent. Temporary cookies are automatically deleted when you close your browser, while persistent cookies remain stored in your terminal until they expire.