Personal data provided by you.

We collect your personal data when you voluntarily provide it to us. For example, you may give us: your email address, country of residence, and areas of interest if you choose to receive newsletters, updates, or other information from us; your contact information, and any other personal data you choose to include, if you email or instant message us, or contact us through our sites; and any personal data contained in, or included with, any proposal documents, feedback, comments, photos, videos, or other information you submit via online portals. Please do not disclose more personal data than is requested or necessary.

Personal data provided of others.

Do not provide personal data about others unless you are authorized or required to do so by contract or applicable law. You may provide personal data on behalf of another person if you have provided them with a copy of this notice and any applicable supplemental privacy notice, or if the personal data is provided other legal grounds. We may ask you to provide evidence of the legal grounds for sharing personal data about others.

How we use collected information

We may use the information we receive or collect from you in accordance with applicable data protection legislation and this privacy notice for the following purposes and based on the following legal basis:

[Insert Table]

Sharing of data

We may share your personal data with our employees and affiliates (CEPI entities) who have a business need to know, our services providers (including consultants, contractors, vendors, and out-sourced service providers) to process it for us based on our instructions, and with partners that are collaborating with us to fund projects. We do not share your personal data with third-parties (including our service providers) for marketing purposes. Our affiliated companies will process your personal data to respond to your request and when doing so they will act as data controller for the processing conducted by them.

Third-party service providers are only authorised to use your personal data as necessary to provide its services to us. CEPI entities and third-party service providers may be located within or outside the EU/EEA.

We may also share personal data with government agencies or authorities, or other third-parties if and to the extent required by applicable law.

If you believe personal data you provided to us is being misused by a third party, please contact us right away.

Transfer of your personal data outside the EU/EEA

The personal data that we collect from you may be transferred to and processed by a third-party service provider established in a country outside the EU/EEA (i.e. a so-called third country), including countries which the EU Commission does not consider having an adequate level of protection for personal data. In such case we will take all necessary steps required under applicable law in order for such transfer of your personal data across borders to be compliant with applicable law. We will only transfer your personal data to a country outside the EU/EEA where; (i) the EU Commission has decided that the third country ensures an adequate level of protection, or (ii) where the transfer is being safeguarded by the use of EU model clauses in the General Data Protection Regulation (“GDPR”) or where the recipient is certified under the US-EU Privacy Shield Framework.

Protection of data

CEPI maintains appropriate technical and organisational measures in order to protect your personal data against accidental or unlawful destruction, accidental loss or alteration, unauthorised disclosure or access and any other unlawful forms of processing. CEPI also takes appropriate legal, technical and organisational measures to ensure that your personal data is treated securely and with an adequate level of protection when transferred to or shared with the above referred to third parties.

Whilst we take technical and organisational measures to safeguard the personal data that you provide to us, no transmission over the Internet can ever be guaranteed secure. Consequently, please note that we cannot guarantee the security of any personal data that you transfer over the Internet to us.

Data storage

We will keep your personal data as long as necessary for us to respond to your request or forward your request to the relevant individual, or until it is no longer needed to fulfil the purpose(s) for which it was collected or as otherwise required or permitted by law. After such time, we will either delete or anonymize your personal data or, if this is not possible, we will securely store your personal data and isolate it from any further use until deletion is possible. We may dispose of any data in our discretion without notice, subject to applicable law, or in accordance with a specific data processing agreement governing our processing of the personal data. Please contact us if you would like more details regarding our retention periods for different categories of personal data.

Technologies such as cookies are used by us and our analytics or service providers. These technologies are used e.g. in analysing trends, administering this website and tracking users’ movements around this website. A cookie is a small file of letters and numbers that we put on your computer. This helps us to provide you with a good experience while you browse and to improve the way the site works.

Cookies are set when you:

• visit the site
• sign up for newsletters 

For general information about cookies, and how to control and disable them, please visit www.allaboutcookies.org.

Cookies used on the CEPI site

has_js Records whether a browser has JavaScript enabled. cookie_agreed Records a user's cookie preference. _ga Universal Google Analytics cookie for distinguishing between users. Duration: 2 years. _gat Universal Google Analytics cookie for limiting the number of requests. Duration: 10 minutes. _utma Used to distinguish users and sessions. Updates every time data is sent to Google Analytics. Duration: 2 years from when it is set/updated. _utmz Stores information about the traffic source or campaign for use by Google Analytics. Duration: 6 months from when it is set/updated.

Learn about Google’s practices here.

Access and control your data

Generally, newsletters and updates from us will include links to access, correct, or delete your personal data and to manage any subscriptions directly. If you wish to obtain confirmation that we hold personal data about you, access, correct, or delete your personal data, withdraw any consent you previously provided to us, or object to or restrict our processing of it in any other context, please contact us. We will respond to all legitimate requests within 30 days.

Contact information

If you have any questions regarding the processing of your personal data, this Privacy Notice or otherwise have comments on CEPI’s processing of your personal data, please contact us on:

Mail:

Coalition for Epidemic Preparedness Innovations
P.O. BOX 123, Torshov
0412 Oslo, Norway

E-mail:

[email protected]