Last revised: September 2023
The Luxembourg Institute of Science and Technology (hereafter “LIST”, “We”) is committed to ensure the highest standards of data protection in compliance with the applicable legislation, notably with reference to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter “GDPR”).
The present document aims at illustrating which personal data we collect and/or process about you as a research participant in the context of research activities carried out by LIST, which are your rights in relation to said activities and how to contact us.
Please kindly note that this Privacy notice should be read in conjunction with the research project’s privacy notice or participants’ information sheet (hereafter “information sheet”), that has been provided to you in the framework of the specific research Project you take part in.
The present notice is directed to the participants (hereafter “participant”, “you”, “data subject”) to the research project(s) for which LIST either acts as Coordinator or partner.
LIST has its registered office at 5, Avenue des Hauts-Fourneaux L-4362 Esch-sur-Alzette, Luxembourg.
Depending on the project, LIST may either act as Data Controller (determining the means and purposes of the processing of your personal data alone) or Joint Controller (deciding these aspects alongside with other partners to the project). In few cases, LIST may qualify as Data Processor, which means that it will collect and/or process personal data on behalf of the Data Controller.
The categories of personal data we collect about you may vary greatly depending on each research projects and its objectives.
In some cases, and if necessary for the research project, we may collect and/or process special categories of personal data, meaning information about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union memberships, genetic or biometric data used for identification purposes, data concerning your health or your sexual orientation. Due to the sensitive nature of these data, additional security and technical measures are put in place to make sure that data are handled in accordance with all the relevant legal requirements.
In general, information about the categories of personal data collected and/or processed in the framework of a specific research project are included in the information sheet.
We collect and/or process your personal data to fulfil the research objectives that are mentioned in the information sheet that has been provided to you.
Your data are exclusively processed in accordance with LIST’s internal policies and procedures on personal data and ethics. In addition to this, LIST will collect and/or use only data that are essential to perform the research tasks.
The applicable data protection legislation establishes that personal data can only be processed if supported by a valid legal basis (which are listed and identified by art. 6 and 9 of the GDPR). The relevant legal basis for the project you are involved in is normally mentioned on the information sheet.
As a matter of principle, the following legal basis may be applicable to LIST’s research projects:
We pledge to ensure that your personal data remains securely stored and only accessible to those individuals or legal entities on a justified need to know basis.
Your personal data may be shared with and/or made accessible to:
We will not transfer your personal data outside of the European Economic Area without having informed you via the information sheet and having put in place all the necessary requirements established by the applicable data protection legislation.
LIST will only retain your personal for a period of time that is strictly necessary for the purposes for which we collect your data and to comply with a legal or regulatory obligation to which LIST is subject.
Please note, however, that in research projects our funders normally establish contractual obligations that mandate the retention of data after the project for the purposes of audits. In addition to that, we must retain research data to demonstrate we have followed good principles of research integrity even after the termination of projects, particularly because publication activities are often performed later in time.
We have put in place the following security measures:
With regards to your personal data collected and processed by LIST, you may exercise at any time the following rights:
Please kindly note that your rights are not absolute and they may be withheld in accordance with applicable data protection laws and the peculiarities of each research project.
You may exercise any of these rights by contacting our Data Protection Officer (DPO) by filling the online form.
LIST may make changes to this privacy notice from time to time, to reflect our current privacy practices or to comply with changes in the applicable data protection legislation. We encourage you to regularly visit this page in order to remain informed on any update.