Privacy Policy

Who we are

COVINFORM is an EU-funded research project (Grant Agreement No. 101016247) which started in November 2020 and ends in October 2023. The COVINFORM consortium partners, as listed here, are joint data controllers responsible for the collection and use of your personal information. For further information, we can be contacted at

Scope of this Privacy Notice

This Privacy Notice aims at informing website visitors, our partners, and other stakeholders about how we process personal data. We are committed to processing personal data responsibly, securely, and proportionally throughout our activities.

The personal data we collect

While using our project website, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personal identifiable information may include, but is not limited to:

  • Contact details (e.g., Email address, affiliation, job title, work and mobile telephone numbers, work and personal email and postal address);
  • Personal information (e.g., age, gender, nationality);
  • Cookies and Usage Data;
  • Technical information associated with the device you use, such as your IP-address, browser type, geographical location and operating system;
  • Information concerning your browsing behaviour, such as how long you visit, what links you click on, what pages you visit and how many times you visit a page.

When you fill out a contact form on our website, register for our newsletter or contact us in another way, we collect:

  • Basic identity information you provide to us (such as your name, your e-mail address);
  • The content of your communication and the technical details of the communication itself (with whom you correspond at our end, date, time, etc.);
  • Your choice to receive our newsletter;
  • Any other personal data you choose to provide to us.

We receive all personal data mentioned above directly from you. It may happen that we receive additional information about your surfing behaviour from partners such as Google. If you require more information about the personal data these parties process about you and make available to others, you are kindly requested to consult their respective privacy policies.

The lawful bases for processing your personal data

We process personal data on the following bases:

  • Consent: when you provide us with your personal data directly, for example when you subscribe to our newsletter;
  • Legal obligations: We may process personal data in order to meet any legal obligation requiring us to do so, e.g., reporting to the European Commission;
  • Legitimate interests: We process personal data when it is necessary for us to achieve the following legitimate interests: Enhancing our research delivery; and Undertaking dissemination activities.

How we secure your personal data when we process it

We have put appropriate technical and organisational security policies and procedures in place to protect personal data (including sensitive personal data) from loss, misuse, alteration or destruction. We aim to ensure that access to your personal data are password protected. We encrypt all data stored at our central location and data are restricted only to those who need to access it. Those individuals who have access to the data are required to maintain the confidentiality of such information. We install and regularly update all security and anti-virus software in use on all of our systems. Please be aware that the transmission of data via the Internet is not completely secure. Whilst we do our best to try to protect the security of your personal data, we cannot ensure or guarantee the security of your data transmitted to our site.

See also Data Security

What we do with your personal data

COVINFORM uses the collected data for various purposes:

  • To provide and maintain the Service;
  • To notify you about changes to our Service;
  • To allow you to participate in interactive features of our Service when you choose to do so:
  • To provide customer care and support;
  • To provide analysis or valuable information so that we can improve the Service;
  • To monitor the usage of the Service;
  • To detect, prevent and address technical issues.

Location and transfer of your personal data

We process your personal data within the European Economic Area (EEA). However, in order to process your personal data for the purposes outlined in Article 3 above, we may also transfer your personal data to third parties who process on our behalf outside the EEA, namely the US. We transfer personal data to reputable third-party service providers, most importantly Google, and MailChimp, situated both inside and outside the EEA. Please refer to their websites for further information about their personal data handling. Each organisation is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.

Each such partner outside the EEA that processes your personal data will be bound to observe adequate safeguards with regard to the processing of your personal data. Such safeguards will be the consequence of:

The recipient country having legislation in place which may be considered equivalent to the protection offered within the EEA.

Do we use cookies?

Our website does use cookies. Where cookies are used, a statement will be sent to your browser explaining the use of cookies. To learn more, please refer to our cookie policy.

Your data protection rights

You have the following rights in relation to your personal data that we process. You can exercise your rights by emailing us at, including:

  • Right to withdraw consent: You can withdraw your consent that you have previously given to one or more specified purposes to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent. It may mean we are not able to provide certain products or services to you and we will advise you if this is the case.
  • Right of access: You can ask us to verify whether we are processing personal data about you, and if so, to have access to a copy of such data.
  • Right to rectification and erasure (right to be forgotten): You can ask us to correct our records if you believe they contain incorrect or incomplete information about you or ask us to erase your personal data after you withdraw your consent to processing or when we no longer need it for the purpose it was originally collected.
  • Right to restriction of processing: You can ask us to temporarily restrict our processing of your personal data if you contest the accuracy of your personal data, prefer to restrict its use rather than having us erase it, or need us to preserve it for you to establish, exercise, or defend a legal claim. A temporary restriction may apply while verifying whether we have overriding legitimate grounds to process it. You can ask us to inform you before we lift that temporary processing restriction.
  • Right to data portability: In some circumstances, where you have provided personal data to us, you can ask us to transmit that personal data (in a structured, commonly used, and machine-readable format) directly to another company.
  • Right to object: You can object to our use of your personal data for direct marketing purposes, including profiling or where processing has taken the form of automated decision making. However, we may need to keep some minimal information (e.g., email address) to comply with your request to cease marketing to you.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information or to exercise any of your other rights. This helps us to ensure that personal data is not disclosed to any person who has no right to receive it. No fee is required to make an initial request unless your request is clearly unfounded or excessive. Depending on the circumstances, we may be unable to comply with your request based on other lawful grounds.

How long do we retain personal data?

We retain personal data to provide our services, stay in contact with you and to comply with applicable laws, regulations and professional obligations that we are subject to. Unless a different time frame applies as a result of business needs or specific legal, regulatory, or contractual requirements, we retain personal data for a period of 12 months after the research project ends. However, please note that we have an obligation to retain data concerning European Union research projects (H2020, Action Grants, FP7, etc.) for up to 10 years after the end of the project (unless further retention is requested by auditors), and the retention period of HMRC-related data, which is 7 years. As the records and documentation containing personal data have been collected within the delivery of an EC project, the Commission/Agency will process it in compliance with Regulation No 45/2001 (archived for at least 5 years after the balance is paid unless there are ongoing procedures such as audits, investigations or litigations, in which case the evidence must be kept until these end, even if this is longer than five years). After the expiry of the retention period, and unless further legitimate grounds for retention arise, we will dispose of personal data in a secure manner.

Does this website link to others?

Our websites may contain links to other sites, including the sites of the consortium partners that are not governed by this Privacy Notice. Please review the destination websites’ privacy policies before submitting personal data on those sites. Whilst we try to link only to sites that share our high standards and respect for privacy, we are not responsible for the content, security, or privacy practices employed by other sites.

Do we change this Privacy Notice?

We review this Privacy Notice and will post any updates to it on this webpage. This Privacy Notice was last updated on November 12th,  2020.

Contact us

If you have any concerns as to how your data is processed, you can contact us per email at