Privacy Policy for OpenAIRE Services
v.2.7 - Date: 25.06.2025
OpenAIRE places particular emphasis on the security of personal data and the protection of the data subject. For this reason, OpenAIRE has introduced this Privacy Policy.
OpenAIRE offers a variety of services through OpenAIRE members, cooperating partners and other entities. All entities offering services using the OpenAIRE logo, are OpenAIRE Service providers. In order to be admitted as an OpenAIRE Service Provider they need to protect the data subject’s personal data and to ensure the application proper of the existing legal framework (in particular Regulation 2016/679 and the relevant national legislation).
In certain cases, your personal data may be required for the provision of an OpenAIRE service. When personal data is required for that purpose, you can find more detailed information on that in a specific privacy statement linked to the website that constitutes an integral part of this policy.
OpenAIRE Service Providers
“Service Provider”: means the OpenAIRE (Artemidos 6 and Epidavrou, 15125, Maroussi, Athens. Greece) through its Partners:
a. CONSIGLIO NAZIONALE DELLE RICERCHE (CNR), Piazzale Aldo Moro 7, Roma, 00185, Italy. Department ISTI- Istituto di Scienza e Tecnologie dell'Informazione, Via Moruzzi, 1, 56124, Pisa, Italy
b. ATHINA-EREVNITIKO KENTRO KAINOTOMIAS STIS TECHNOLOGIES TIS PLIROFORIAS, TON EPIKOINONION KAI TIS GNOSIS (ARC), Artemidos 6 and Epidavrou, 15125, Maroussi, Athens, Greece. Department Information Management Systems Institute.
c. UNIWERSYTET WARSZAWSKI (UNIWARSAW/ICM), Krakowskie Przedmiescie 26/28, Warszawa, 00927, Poland. Department Interdisciplinary Centre for Mathematical and Computational Modelling. Tyniecka 15/17, Warszawa, 02630, Poland.
d. EUROPEAN ORGANIZATION FOR NUCLEAR RESEARCH (CERN), Esplanade Des Particules 1 Parcelle, Geneva 23, 1211, Switzerland. Department Information Technology.
e. UNIVERSIDADE DO MINHO (UMINHO), Largo Do Paco, Braga, 4704553, Portugal. Department Documentation Services, Campus de Gualtar, Edifício 04, Braga, 4710057, Portugal.
f. COMMUNICATION&INFORMATIONTECHNOLOGIESEXPERTSANONYMOS ETAIREIA SYMVOULEFTIKON KAI ANAPTYXIAKON YPIRESION (CITE), Ethnikis Antistaseos 178, Kaisariani, 16122, Greece. Department R&D.
g. UNIVERSITAET BIELEFELD (UNIBI), Universitaetsstrasse 25, Bielefeld, 33615, Germany. Department Bielefeld University Library.
h. CENTRE NATIONAL DE LA RECHERCHE SCIENTIFIQUE (CNRS), Rue Michel Ange 3, Paris, 75794, France.
i. ALMA MATER STUDIORUM - UNIVERSITA DI BOLOGNA (UNIBO), Via Zamboni 33, Bologna, 40126, Italy. Department of Classical Philology and Italian Studies.
j. RUĐER BOŠKOVIĆ INSTITUTE (RBI), Bijenička cesta 54, 10000 Zagreb, Croatia. Centre for Scientific Information.
All the aforementioned partners may act either as joint controllers or as independent controllers, depending on the specific purpose and context of data processing in each applicable case. All Partners place the utmost importance on the protection of your personal data and are committed to upholding the highest standards of data privacy and security in full compliance with applicable data protection laws. Your personal data is collected and maintained by OpenAIRE Service Providers (henceforth OSPs) for a certain period and for specified, explicit and legitimate purposes. Further information about the categories of personal data collected and all relevant details can be found in the respective privacy statement for the relevant service.
Personal data shall be treated fairly and in a transparent manner in accordance with the applicable legal framework and in such a way as to guarantee the key data protection principles, namely:
● Lawfulness, fairness and transparency
● Processing within the legitimate purpose limits
● Data minimization
● Accuracy
● Storage Limitation
● Integrity and confidentiality (security)
● Accountability
This policy may be amended from time to time by announcing any such modification through OpenAIRE website. Each modification will receive a version no and a date of modification. All modification of the personal data policy shall become effective five (5) days after they have been posted on the OpenAIRE website.
By navigating and using these services users acknowledge that they have read and understood this Personal Data Policy.
For any further explanation, you may contact the Data Protection Officer (DPO) of the OpenAIRE [email: dpo@openaire.eu] and the respective data controllers that you will find in the respective privacy statement for the relevant service by sending an e-mail to the contact details mentioned in the privacy statement.
Definitions
For the purposes of this Privacy Statement, the terms “processor”, “controller”, “third party”, “supervising authority”, “personal data”, “processing”, “data subject” shall have the meaning ascribed to them by applicable legislation on the protection of personal data.
In addition, for the purposes of the present, the following definitions shall also apply:
“Service” - the OpenAIRE services
“User”- the OpenAIRE service users, whom the data refer to, whose identity is known or may be verified, namely it may be directly or indirectly determined.
“OpenAIRE Service Providers (OSPs)” are the entities that process personal data in accordance with the OpenAIRE data protection policy acting as data controllers or as data processors, as specified in each respective privacy statement for the relevant services.
This Policy does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person.
Collected Personal Data
For the operation of OpenAIRE website the following personal data is being collected:
● email address (for newsletter)
● cookies
● other information (communication via other means with OpenAIRE)
● IP address
OpenAIRE does not collect, process or gain access in any way to specific data categories, as set forth in the provisions of the legislation in force (in particular data relating to racial or ethnic origin, religion, health data, etc.). In the event that a "user" posts any such special category data on the “website” or on the OpenAIRE services, such data will be removed as soon as the OpenAIRE service support team becomes aware of it.
For the personal data categories processed when using Open AIRE services please view the respective privacy statement for the relevant services.
Data collected from other sources
In certain cases, OpenAIRE may collect personal data not directly from the data subjects, but from third-party sources that intentionally provide such data for the purpose of receiving services from OpenAIRE. Specifically, repositories, universities, or other institutions seeking to access our services may share information about individuals affiliated with them—such as staff, collaborators, or authors who have published theses or other scientific outputs on their platforms.
In such cases, OpenAIRE requires from the aforementioned institutions to take all necessary measures to ensure that the processing of personal data complies with applicable legislation. Nevertheless, the final responsibility of the data that the aforementioned institutions make available to OpenAIRE remains with those institutions.
Purposes of collection
In relation to the web site:
We collect personal data only when you wish:
a) if you subscribe to our newsletter, your email address will be solely used for this purpose and shall not be shared with third persons. You will be able to be deleted from the newsletter anytime
b) if you contact by phone, fax or e-mail with OpenAIRE and in order to serve the purpose of communication, personal data are kept as needed to fulfill the purpose of your communication.
During your visit at our website, certain information may be automatically collected, such as the IP address of your computer, but they do not reveal identifiable elements of your physical identity, but they are used solely for statistical reasons for traffic to our web presentation. In addition, cookies are collected and processed at the time of entry.
For more information, please see the relevant Cookies policy.
For the purposes pursued by each Open AIRE service please view the respective privacy statement for the relevant services.
OSPs collect and process the personal data of “Users” solely and exclusively for the purposes mentioned in the respective privacy statement for the relevant services and only to the extent strictly necessary to effectively satisfy such purposes. These data are always relevant, reasonable and not more than those required to meet the purposes set out above. Moreover, they are accurate and, where appropriate, subject to updates. Furthermore, such data are retained only during the period required for collection and processing purposes as aforementioned, and are deleted at the end of that period.
Hyperlinks to third party sites
OpenAIRE websites may contain hyperlinks, which redirect to third websites. These websites are not subject to the monitoring of OpenAIRE and consequently, we cannot ensure that the privacy policy of the said websites is in accordance with ours. We recommend that you read carefully the policies and terms and conditions of these websites.
What are the legitimate reasons for processing your personal data?
The personal data of "Users" are processed in the context of the provision of the OpenAIRE Services and for the purposes described in this Privacy Policy and the respective privacy statement for the relevant services, in line with the need (technical and organisational) to best perform the OpenAIRE services as well as to respond to "Users" requests concerning the OpenAIRE Services.
The legal basis for processing your personal data is your consent when you wish to communicate with us, to receive newsletters from us, and the legitimate interest of OpenAIRE, in relation to all other data collected during the simple visit of the website of OpenAIRE. OpenAIRE collects and processes the personal data of visitors and users only in the fulfillment of its purposes and more precisely in order to serve the communication with you and to provide quality services. No further processing, promotion or exchange is made on personal data without your prior consent.
Access to personal data:
Access to the “Users” personal data shall be granted to the following:
To the OpenAIRE services support team, consisting of personnel engaged in a contractual relationship of either a project or an independent service agreement with OSPs.
In this case, the processing of personal data is carried out under the supervision and only at the request of OSPs, within the scope of the mission and the role of each associate. Such associates undertake to comply with the same privacy and personal data requirements as OSPs themselves in accordance with the present Policy.
Recipients of the data
Recipients of web-site data:
The personal data of the visitors and users of OpenAIRE Website are not passed on to third party recipients. They are processed only by the authorized representatives of OpenAIRE to communicate with you.
Recipients of collected data:
OSPs do not, in any way, transfer/transmit or disclose the personal data of the "Users" to any third party business organisations, natural persons or legal entities, public authorities or agencies or any other organizations, other than those specifically referred to herein.
The OpenAIRE services may reveal the personal data of “Users” to other members of the group the “Users” have chosen to join. By joining a group managed by the OpenAIRE service, the “User” agrees that the recorded information may be disclosed to other authorised participants of the group via secured mechanisms, but only for the same purposes and only as far as necessary to provide the services.
The OpenAIRE services will release the personal data of “Users” to services available to the group(s) the “Users” choose to become members of.
The personal data of the "Users" may be communicated or transferred to government authorities and/or law enforcement officers, if that is required for the above purposes, or within the scope of enforcing a court decision or order, or for complying with a provision of law, or if so required in order to serve the legitimate interests of OpenAIRE as Data Controller, in accordance with applicable law.
For more information about recipients of data please view the respective privacy statement for the relevant services.
Time of data retention
The personal data of Open AIRE services users shall be retained no longer than it is necessary for the needs of the respective services and the audits the service is subjected to. For more details, please view the respective privacy statement for the relevant services.
Data Security
The processing of personal data by the OSPs is performed in a manner that ensures both confidentiality and security thereof. All appropriate organisational and technical measures shall be taken to safeguard data against any accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access or any other form of unfair processing. In particular:
● We use encryption (HTTPS) to keep data private while in transit. Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides a) Encryption—encrypting the exchanged data to keep it secure from droppers. b) Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected. c) Authentication—proves that your users communicate with the intended website.
● We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
Although we follow best security practices to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:
There are security and privacy limitations on the internet which are beyond our control and can have a negative impact on the confidentiality, integrity and availability of the information.
● We cannot be held accountable for activity that results from your own neglect to safeguard the security of your credentials and equipment which results in a loss of your personal data. If you feel this is not enough, then please do not provide any personal data.
Your rights
OSPs perform all necessary actions both during collection and at each subsequent processing stage of the “Users” personal data, so that each “User” is fully enabled to exercise the rights guaranteed by applicable data protection laws, namely the rights to access, rectify, erase and restrict processing, as well as the right to data portability, which are described below:
● Right of Access: The data subject has the right to request and obtain from the Controller, within a time-period of one (1) month, confirmation as to whether or not personal data concerning him or her, are being processed, and, where that is the case, access to the personal data and to certain information, as laid out by applicable law. It may also request a copy of the personal data undergoing processing as described herein by sending an email message to the addresses mentioned in the respective privacy statement for the relevant services.
For OpenAIRE website you may contact our DPO at : dpo@openaire.eu
● Right to rectification: The data subject has the right to require the Controller to rectify inaccurate personal data concerning him/her. Taking into account the purposes of the processing, the data subject is entitled to have incomplete personal data completed, including by means of providing a supplementary statement in accordance with the applicable law.
● Right to erasure: The data subject has the right to obtain from the Controller the erasure of all personal data collected and processed within the scope of the “Service”, in accordance with the applicable law.
● Right to restriction of processing: The data subject is entitled to obtain from the Controller the restriction of processing of his/her data where the accuracy of the data is questioned or where any of the other conditions set out by the applicable law, is met.
● Right to data portability: The data subject shall have the right to receive any personal data relating to him/her and which he/she has provided to the Controller in a structured, commonly used and machine readable format, as well as the right to transmit such data to another controller without objection by the controller to whom such personal data were provided in accordance with the law.
● These rights are subject to various restrictions pursuant to applicable law, including for example if the fulfillment of the data subject's request may disclose personal data of another person or in the event that OpenAIRE is required by law to retain such data.
● To exercise any of the aforementioned rights, the "User" may contact the DPO of OpenAIRE at the email address referred to hereinabove or the competent person that is stipulated in the respective privacy statement for the relevant services. OpenAIRE and OSPs reserve the right to set a reasonable charge for reasonable management costs to meet these rights.
Right to lodge a complaint
If any user considers that the protection of their personal data is in any way affected, they may contact the Personal Data Protection Authority, at the postal address of the Personal Data Protection Authority, Offices: 1-3 Kifissias Str. 115 23, Athens, tel. +30 210 6475628, e-mail complaints@dpa.gr . For more detailed information you can visit the website of DPA (dpa.gr / Individuals / Complaint to the Hellenic DPA)