Privacy Statement

This Privacy Policy applies to the websites at the *.dmponline.be domain (the "Websites") owned and operated by the DMPbelgium Consortium (referred to as "DMPbelgium", "us", "our" and "we"). DMPbelgium is an ad hoc consortium of research institutions in Belgium, whose mission is to support researchers at the Members with their research data management tasks.

This Privacy Policy describes how DMPbelgium collects and uses the personal data you provide through our Websites. It also describes the choices available to you regarding the use of your personal data and how you can access, update and correct your personal data. Researcher privacy is important to DMPbelgium, and we believe that following community-sanctioned privacy practices is essential to the success of DMPbelgium and the Websites it operates. This Privacy Policy explains how we conform to the Géant Code of Conduct and the GDPR.

This Privacy Policy focuses primarily on people who have created Data Management Plans or are considering creating Data Management Plans with our Websites. This Privacy Policy also covers your use of the Websites if you are only visiting. In this document we use "you" to refer to researchers, scholars, and other users of the Websites.

Our Websites may contain links to and from sites maintained by third parties. This Privacy Policy does not cover your activities on those sites, any information you may provide to those sites, or information that may be collected about you by those sites.

If you have a question about our Privacy Policy, please contact DMPbelgium at https://dmponline.be/about_us.

By using our Websites, you agree to the terms of this Privacy Policy.

1. Definitions

We use the following terms frequently in this Privacy Policy:

  • DMPbelgium: A consortium of research organizations in Belgium working together to ensure research data services, who are jointly responsible for the Websites.
  • DMPbelgium Member: A research organization in Belgium which has entered into a Consortium Agreement with the DMPbelgium Consortium.
  • Data Management Plan (DMP): Properly managing research data starts with good planning, for example by preparing a Data Management Plan. This is a document that specifies how you will handle your research data during and after a research project. International funding bodies increasingly require their researchers to produce DMPs, but preparing a plan is good practice for any research project generating data. DMPonline.be facilitates creating a DMP.
  • Account: The composite data structure (e.g. user ID, password, log files, DMPs), pertaining to a specific individual and stored in our Websites.
  • Trusted Individual: A Trusted Individual is an individual whom you have granted specific access rights to your DMP in DMPonline.be. Such rights can include editing and adding data in your DMP, inviting more Trusted Individuals, and/or updating settings for sharing your DMP.
  • BELNET: Belnet delivers internet access and services to 200 institutions and more than 740,000 end users at universities, colleges of higher education, research centres and public services in Belgium. To that end, Belnet created a 1983 km fiber network, where connections up to 100 Gbit/s are possible. The network is also connected to the commercial internet, and to European and worldwide research networks via GÉANT.
  • BELNET ID FEDERATION: Belnet unites educational and research institutions connected to the Belnet network in a common infrastructure for identities. Thus, these institutions, as Identity Providers, simplify access (e.g. single sign-on) to the online services available within the Federation for their students and employees. DMPbelgium is active within the Federation as Service Provider.
  • ORCID: ORCID is a nonprofit organization whose mission is to solve the name ambiguity problem in scholarly communication by operating an open-access registry of persistent unique identifiers for individual researchers, and an open and transparent linking mechanism with other ID schemes and research objects such as publications, grants, and patents.

2. Information We Collect and How We Collect It

DMPbelgium collects information from users of the Websites in four ways: information you directly give us; information given to us by third parties; information we collect from your use of the Websites; and information we collect from cookies, also known as tracking technologies.

2.1 Information You Give Us

You can use DMPonline to write a Data Management Plan for your research. We securely store the information you enter in these areas of our Websites for you. Therefore, to use DMPonline, you must create a DMPonline Account.

To register with DMPonline, you are not required to be affiliated with one of our Members; however, certain features (e.g. creating a new DMP) are only available to users affiliated with a Member.

If you want to create a DMPonline Account, DMPbelgium requires you to provide at minimum your email address. Additionally, you may also include additional information about yourself such as your first name and last name. DMPonline will associate your Account information (e.g., name and email address) with your activities creating and updating DMPs (with your collaborators) for your research projects.

2.2 Information Provided by Others

Trusted Individuals

Your Trusted Individuals may edit and add information in your DMPs. You may specifically designate or remove Trusted Individuals in the DMPonline Website via the Share page of your DMP.

Identity Provider

You may sign in to our Website using sign-in services from your institution if they are active as Identity Provider within the BELNET ID Federation. These services will authenticate you and validate your email address with a security token. This technical data is stored in the DMPonline system to enable you to sign in. These services are built to ensure that DMPonline cannot know your password.

Through the BELNET ID Federation, your institution provides you with the option to share certain personal information with us such as your name and email address to pre-populate your DMPonline Account.

ORCID

You may sign in to our Website using sign-in services from ORCID. These services will authenticate your identity and validate your email address with a security token. This technical data is stored in the DMPonline system to enable you to sign in. These services are built to ensure that DMPonline cannot know your password.

ORCID also provides you with the option to share certain personal information with us such as your name and email address to pre-populate your DMPonline Account. To be able to validate your email address, we request permission to read from your ORCID Record, according to the privacy preferences you set at ORCID. DMPonline will not change information in your ORCID Record.

2.3 Information DMPbelgium Collects from your Use of the Websites

DMPbelgium will collect information about your use of the Websites. We do this for a variety of reasons, including to monitor when and by whom DMP information has been changed, to help identify and block some spammers, and also to monitor traffic on the Websites.

When you access our Websites, we collect certain information using server tools, including details such as your IP address, the type and version of the Internet browser that is being used, the site from which the visitor accesses our Websites, the type of device being used (e.g. computer, smart phone, tablet), or the screen resolution; and details about usage, including page traffic. We may combine this automatically collected log information to other information we collect about you. DMPbelgium will ensure anonymization of these log data after 18 months at the latest.

2.4 Information from Cookies and other Tracking Technologies

You can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Websites, but your ability to use some features or areas of our site may be limited.

We and our service providers use cookies or similar technologies to analyze trends, administer the Websites, track users’ movements around the Websites and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual as well as aggregated basis. DMPbelgium will ensure anonymization of all data for these providers before it leaves our Websites.

3. How We Use Information We Collect

We use the information we collect only to operate, protect, evaluate and improve the Websites, and DMPonline operations generally.

We may contact you about your use of the DMPbelgium Websites:

  • As DMPbelgium Member, your research institution may contact you about your use of the DMPbelgium Websites or related matters.
  • We will use your email address to contact you with service messages related to or affecting your DMPbelgium use, including, without limitation: changes to our Privacy Policy or functionality that affects how a user manages privacy; changes to Terms and Conditions; changes to registration procedures or fields included; changes in the type of information collected. As this information may affect your visibility (privacy) settings and the functioning of DMPbelgium for you, you may not opt-out of service messages.

We may share aggregated or summarized usage data with our Members or others in the research community or publish information based on aggregated usage data so Members and others can understand how the DMPonline Websites are being used. We will only do so in a way that your personal identity is protected.

4. Choices You Have About Sharing Information

A core DMPbelgium principle is that your data is considered confidential. To that end, DMPonline allows you to control how your DMPs are shared with other DMPonline users as Trusted Individuals and how they can be exported (e.g. to be published or to be included in a grant application).

4.1 Default Settings for Sharing

Data which you have entered into a DMP may be viewed through the Websites only by you and any Trusted Individuals you designate.

DMP data is not shared with the public or with Members of DMPbelgium. When you create a DMP, you are the owner of the data in that DMP. You cannot use DMPbelgium Websites to make any element visible on the public Internet, you have to export the DMP and publish elsewhere.

4.2 Trusted Individuals

Trusted Individuals you designate, are granted access on a DMP per DMP basis. You will choose their level of access when you invite them and can change these permissions at any time. A Trusted Individual can act on your behalf in different roles:

  • Read only
  • Edit
  • Data contact
  • Principal investigator
  • Co-owner

A Trusted Individual in the role "Read only" can only view the information in your DMP.

A Trusted Individual in the roles "Edit" and "Data contact" will be able to view and contribute to your DMP.

A Trusted Individual in the roles "Co-owner" and "Principal Investigator" can view and contribute to your DMP, edit plan details, and add as well as remove other Trusted Individuals to and from your DMP.

Therefore, you should only grant Trusted Individual status to a person you trust. DMPbelgium cannot control how a Trusted Individual will interact with your DMP. You may revoke Trusted Individual status at any time via the Sharing page of your DMP.

4.3 Changing Settings

You can change your settings for sharing a DMP at any time. However, the new settings will only apply after you have made the change. DMPbelgium has no control over uses of data already made available via the Websites or disclosures made in places other than the Websites.

5. How We Share Information We Collect

Except as set forth in this Privacy Policy, or as required by law, DMPbelgium does not share any information about you with other parties. For example, we do not share or sell your information to marketers, advertisers or other entities.

5.1 With authenticated users of DMPonline

Your designated Trusted Individuals have access to all of the information in the DMPs you granted them access to, but not to your (entire) Account. According to the levels of access you grant them, they will be able to change the information in your DMP and/or invite further Trusted Individuals. You can change settings for sharing your DMP at any time.

5.2 With DMPbelgium Members

DMPbelgium Members cannot access any element from your DMP unless you share a DMP with their staff.

Selected admin users of DMPonline at your own institution can

  • know that you are using DMPbelgium Websites and
  • list active users' email addresses and
  • know how many DMPs you have and
  • know the time and date of your last login.

Under DMPbelgium's Consortium Agreement, Members agree not to disclose any personal or otherwise confidential data unless (i) such data is publicly available from another source, or (ii) the Member has separate agreements with you about how and to whom such data will be disclosed.

5.3 With our Contractors

We may share your information with agents or contractors (for example, BELNET is hosting DMPbelgium's servers, or a contractor may need to check backup data for inconsistencies), but only on a "need to know" basis to help us operate DMPonline, and only if the vendor agrees to maintain the confidentiality and security of your information and not to use it for other purposes. These companies are authorized to use your personal data only as necessary to provide these services to us.

5.4 Government Data Requests

If we are required by law, public safety or public policy, or by the courts, we may provide your information to regulators, enforcement agents, courts and/or other government entities. To protect the privacy interests of our users, DMPbelgium will provide only the minimum of data as we deem necessary in the situation. To the extent allowed, we will promptly provide information about any government data requests received and accounts affected to the relevant DMP owners.

5.5 International Data Transfer

Note that we store and process personal data on servers located in Belgium on the BELNET network. DMPbelgium will not transfer your personal data to facilities outside the BELNET network or share them with third parties other than described in this Privacy Policy.

Backups may be stored outside the BELNET network for added security, but not outside of Belgium.

6. Access, Review, Editing and Changing Data

You may review, delete, and edit information in your DMPs in DMPonline and change Account details. Please note that changes will be applied prospectively. For example, if you change a setting for sharing, there is no way to stop people who have previously viewed or downloaded the data from using it.

  • You only need to sign in to DMPonline to review and change information in your DMP and change your settings for sharing your DMPs. You can also select to delete a DMP entirely. This operation cannot be undone.
  • You may update your first/last name at any time using the "Edit profile" page.
  • You cannot update your email from DMPbelgium Websites as it is assigned by your Identity Provider and validated through the BELNET ID Federation and/or ORCID.
  • You cannot update your password from DMPbelgium Websites as it is a secret protected by your BELNET Identity Provider or by ORCID.
  • You may choose to deactivate your DMPonline Account from the "Edit profile" page of your Account. In the event that a DMPonline Account is canceled, we will maintain as private your DMPs for a period of 18 months, to allow you to re-claim your data in the future.
  • You may associate your DMPonline Account with ORCID or de-associate it at any time using the "Edit profile" page. As long as you are not affiliated with a Member, associating your Account with ORCID is required and cannot be undone.
  • If you discover that you accidentally have more than one DMPonline Account, you may combine the Accounts by associating both with the same ORCID.

In limited circumstances, DMPbelgium may proactively correct data in an Account where errors are a result of system errors, changed standards specifications, or other obvious errors not caused by you or your Trusted Individuals. To ensure transparency of our processes, we will post information on our websites when we make changes.

7. Email deactivated by the Identity Provider

A DMPonline Account that was created when you were still affiliated with an Identity Provider is maintained as is when the institution deactivates your email address, according to the following:

  • DMP data, settings sharing, and Trusted Individual designations remain as set by you before being deactivated by the Identity Provider.
  • If you granted access to your DMP(s) to one or more Trusted Individuals, such persons may continue to view and edit the DMP data as per the permission levels you selected.
  • If you linked your DMPonline Account with ORCID, you may continue to manage the data as before, using your ORCID to sign in.
  • If your Identity Provider reassigns your deactivated email to another person, they are assumed by DMPbelgium to rightfully take over the management of your existing DMPonline Account and the associated DMPs. You, the new DMPonline Account holder and Trusted Individuals for any of the DMPs may request that DMPbelgium splits up the Accounts.
  • No indication is made by DMPbelgium to highlight DMPs of deceased persons, though Trusted Individuals, at their discretion, could use existing fields to provide this detail, if desired, for example, including such information in the DMP description, or after the person’s name.
  • If DMPbelgium is contacted to remove or correct data for someone who is deceased, the requestor will be referred to the DMP's Trusted Individual(s), or, if needed, the request will be handled by DMPonline admin users.

8. Account Deactivated by DMPbelgium

Your DMPonline Account can be deactivated by DMPbelgium:

  • If you have not created any DMPs and the Identity Provider has deactivated your email.
  • If you have not signed in to DMPonline Websites for at least 100 months.

We will retain your information for as long as your Account is active, or as needed to provide you with our services, including reactivation. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

9. Transparency & Complaints

This Privacy Policy is governed by and any disputes shall be resolved under the laws and courts of Belgium.

If you have any concerns or claims with respect to our Privacy Policy or any other issue relating to our Websites, please contact DMPbelgium at https://dmponline.be/about_us. We will investigate and attempt to resolve any complaints and disputes regarding our processing of personal data.

DMPbelgium provides Websites for an audience of researchers and does not offer services directed to children. Should a child whom we know to be under 16 send personal data to us, we will delete that information immediately. Parents may also contact us (details at https://dmponline.be/about_us) to request removal of any personal data about a minor.

We will review your concerns and will respond to your request within a reasonable timeframe. DMPbelgium reserves the right (but shall not be required) to remove or hide from the Website and its servers any DMP data that violates the privacy, publicity or other rights of any person, is the subject of a dispute, or for any other good cause, including without limitation, in any situation in which DMPbelgium is advised by legal counsel that the retention of such data poses a legal risk to DMPbelgium.

If you are not able to resolve your concerns through DMPbelgium’s internal mechanism, under GDPR, you have the right to lodge a complaint with DPA, the Belgian Supervisory Authority.

10. Information Security

We are committed to protecting the Websites and our users from unauthorized access or unauthorized alteration, disclosure or destruction of personal data in the Websites or which we otherwise hold. For example:

  • We store information about you in a data center with restricted access, and we use a variety of technical security measures to secure your data. We also use secure socket layer (SSL) technology and intrusion detection and virus protection software.
  • We periodically review our information collection, storage and processing practices, including physical security measures.
  • We restrict access to personal data to DMPonline admin users, contractors and agents who need to know that information to manage the Websites and who are subject to confidentiality obligations.
  • We restrict access to information marked as shared with other users to (i) Trusted Individuals granted permissions by you, and (ii) DMPonline admin users, contractors, and agents with a need to know to manage the Websites and who are subject to confidentiality obligations.
  • All passwords are protected by a salted hash, and passwords and security tokens are not visible by DMPonline admin users, contractors or agents, or even you.

Despite these measures, we cannot guarantee that unauthorized persons will not be able to hack our system or otherwise defeat our security measures.

Your access to our services is password protected. To maintain the security of your data (or of information in another person’s DMP that you are authorized to view), please keep your username(s) and password(s) strictly confidential and do not disclose them to anyone. We also recommend that you sign out of your Account at the end of each session. You may also wish to close your browser window when you have finished your work, especially if you share a computer with someone else or are using a computer in a public place. You will be solely responsible for any action, activities, and access to our Websites that were taken through your username and password, and that occurred before you notified us of their loss.

If you have any questions about security on our Websites, please contact DMPbelgium at https://dmponline.be/about_us.

11. Changes to this Policy

We may change our Privacy Policy from time to time. We will post any changes to this Privacy Policy on this page. Your continued use of the Websites will be deemed conclusive acceptance of modifications. Please check this Privacy Policy from time to time for changes. We will not reduce your rights under this Privacy Policy with respect to data previously added without your consent.

If in our discretion we think that any changes are significant, we will take additional steps to inform you (for example, by posting a notice of changes on our Websites and/or by sending you an email to inform of such changes) prior to the change becoming effective and obtain your consent through an opt-in mechanism (for example, by having you agree to the changes the next time you log onto the Websites or clicking an "I consent" button in an email).