System Privacy and Legal Statement

Statement
  1. Introduction
  2. Why do we process your data?
    2.1. Purpose of the processing
    2.2. Lawfulness of the processing
  3. Which data do we collect and process?
  4. How long do we keep your data?
  5. How do we protect your data?
  6. Who has access to your data and to whom is it disclosed?
    6.1. Sharing of Your Information
    6.2. Future Sharing of Your Information
    6.3. EU-US and Swiss-US Privacy Shield Frameworks
  7. What are your rights and how can you exercise them?
  8. Notices for BFgo Users
    8.1. Providing Others' Personal Data
    8.2. User Responsibilities
  9. Contact information
Annex 1: Data Maintained per CRA and Process
Annex 2: List of Belmont Forum Members and Partners per CRA
Annex 3: BFgo System Support Contractor EU-US and Swiss-US Privacy Shield Certification

1. Introduction

The Belmont Forum is a multinational partnership organization that supports international projects through Collaborative Research Actions (CRAs), international calls for proposals that result in synchronized funding support from a variety of resource and funding partners. This Belmont Forum Grant Operations (BFgo) Privacy Statement explains the reason for the collection and processing of your personal data, the way we protect the personal data provided and what rights you may exercise in relation to your data (the right to access, rectify, block etc.).

The Belmont Forum is committed to protecting and respecting the privacy of Applicants, Reviewers, and Awardees. The evaluation of proposals, management of funded actions as well as the design, monitoring, evaluation, and learning in CRAs require the processing of personal data, including those of persons in the European Union. Therefore this privacy statement and associated policies are designed to be compliant with the EU's General Data Protection Regulation (2016/679) (GDPR).

This Privacy Statement concerns the processes associated with (1) application submission, (2) application review and (3) awardee reporting through the BFgo system. BFgo is supported by a U.S. National Science Foundation (NSF) contractor, Lux Consulting Group, Inc. The data input by users from all over the globe are received directly into servers in the USA, which are maintained by Amazon Web Services using industry best practices for data security. The Belmont Forum is hereby making the benefits of these GDPR compliant policies available to all users regardless of geographic location.

BFgo maintains data related to CRAs and associated processes in Annex 1. Changes to this Annex do not constitute a change to the BFgo Privacy and Legal Statement.

2. Why do we process your data?

2.1 Purpose of the processing

The data provided to us and the purpose of our processing these data are different for (1) application submission, (2) application review (3) awardee reporting or (4) Monitoring and Evaluation and Learning (MEL) roles. The purpose of processing the data for each of these roles are as follows:

  1. Application Submission (by Applicants): The data you provide as an Applicant in your application forms are collected to allow the Belmont Forum, reviewers, and funders to:
    • communicate with you about the application process
    • evaluate your proposal and/or organisation
    • award funding if your application is successful
    • analyse and describe our applicant pool
    • improve our communications with potential future applicants in future CRAs
  2. Application Review (by Potential Reviewers and Reviewers): The data you provide as a potential reviewer or reviewer allows us to:
    • communicate with you about the review process
    • assign applications for your review
    • collect your evaluation of those applications
    • collect your feedback on the review process
  3. Awardee Reporting (by Awardees): The data you provide as an awardee is used to:
    • communicate with you about the awarded project
    • perform monitoring, evaluation, and learning activities among awardees
    • analyse and describe our applicant pool in Belmont Forum performance reports
    • improve our communications with future awardees in future CRAs
  4. Monitoring Evaluation and Learning (MEL) Management (by Belmont Forum and funder managers): The data you provided as a Belmont Forum or funding agency manager are used to:
    • communicate with you about the MEL process
    • help us assign you an appropriate role in the system
    • give you access to the appropriate data to perform your functions.

2.2 Lawfulness of the processing

The Belmont Forum and the NSF contractor supporting the BFgo system have a legitimate interest in processing these data to meet obligations laid down by law in funding countries, including European Union Member countries, meeting obligations to which the Belmont Forum is subject, and the necessity for the performance of a contract to which the data are subject. (This basis is described in GDPR 2016/679 §40.) The organizations providing resources and funding for the CRAs are subject to obligations laid down by law for the application, review, and award processes and the Belmont Forum and the NSF contractor processing is directly linked to these obligations.

3. Which data do we collect and process?

The data we collect and process are different for (1) application submission, (2) application review (3) awardee reporting and (4) MEL roles. The purpose of processing the data for each of these roles through the BFgo system are as follows:

  1. Application Submission (provided by Consortium Lead): The data subjects are
    • Consortium Leads and other Principal Investigators (PIs): Email Address, First Name, Family Name, Title, Funding Agency, Organization**, Department, Position, Area(s) of Research, Academic Discipline(s), Gender, Year of Ph.D., Curriculum Vitae, and, a list of other personnel represented by the PI
    • Other Team Members: Family Name, First Name, Title, Funding Agency, Organization**, Department, Academic Level, Year of Highest Academic Degree, Gender, and Curriculum Vitae
    • Collaborators: Email, Family Name, First Name, Title,  Funding Source, Organization**,  Department, Gender, and Curriculum Vitae
    • Stakeholder Representatives: Email, Family Name, First Name, Title, Organization**, Department, Gender.

  2. Application Review (provided by Review Coordinator, Potential Reviewers, and Reviewers): The data subjects are:
    • Potential Reviewer Contact Information (provided by the Review Coordinator): Email, First Name, Family Name
    • Evaluation, Scoring, and Summary Data (provided by the reviewer): Scores, written evaluations, and written summaries.

  3. Awardee Reporting (provided by Consortium Lead): The data subjects are: Personnel (including Consortium Lead, Partner PI's, Other Team Members, In-Kind Collaborators, Fully Self-Financed Collaborators, Stakeholder Representatives, Postdocs, Graduate Students, Undergraduate Students, Senior Personnel, and Contractors) : Email, First Name, Family Name, Phone, Open Researcher and Contributor ID (ORCID), Organization**,  Gender, Identification of Underrepresented group in Science, Academic Level, Academic Discipline(s), Areas of Expertise, Project Role(s).
     
  4. Monitoring Evaluation and Learning (MEL) Management: The data subjects are: MEL Users: Email address, First Name, Family Name

**In all cases above, "Organization" information includes the organization's name, website, email, phone, fax, Twitter handle, street address, city/town, state, country, and postal code.

The Belmont Forum and the NSF contractor supporting the BFgo system will not collect or process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, data concerning a natural person's sex life or sexual orientation, ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings. (These are "special categories" of data under GDPR Article 9 and Swiss-U.S. Privacy Shield and are not collected or processed by the Belmont Forum or the NSF contractor supporting the BFgo system.)

4. How long do we keep your data?

Personal data and reviewer data related to unsuccessful applications are kept for up to 10 years after the closure of the call for which the data have been collected or updated, or, concerning calls with multiple cut-offs, for up to 10 years after the date of the cut-off following the submission of the application. This applies also to data contained in previous outdated versions of applications and in withdrawn proposals.

Information on awardees receiving funding through a CRA, personal data (in electronic and/or any other format) are retained for 10 years after the closing of the action.

Anonymized data can be retained for a longer period and further processed for historical, statistical, or scientific purposes.

5. How do we protect your data?

All data in BFgo are stored on the BFgo support contractor's servers or those of their vendor, Amazon Web Services. The operations of these services comply with industry best practices and the appropriate U.S. government's Federal Information Security Act (FISMA) provisions.

6. Who has access to your data and to whom is it disclosed?

6.1. Sharing of Your Information

Your data will be accessible to Belmont Forum staff and contractors, resource and funding organizations and their contractors, partner organisations and contractors, and the contractor supporting the BFgo system. (BFgo is supported by a U.S. National Science Foundation (NSF) contractor, Lux Consulting Group, Inc.) Additionally, data in applications will be accessible by application reviewers solely for the purpose of providing their review.

BFgo maintains a list of Belmont Forum members and partners for each CRA in Annex 2. Changes to this Annex do not constitute a change to the BFgo Privacy and Legal Statement.

6.2. Future Sharing of Your Information

We do not currently share your personal information with companies, organizations, or individuals outside of Belmont Forum staff and contractors, resource and funding organizations and their contractors, partner organisations and contractors, and the contractor supporting the BFgo system. If the need arises, we may share your information in the following cases:

Future Sharing with your consent
We'll share personal information outside of Belmont Forum when we have your consent. We'll ask for your explicit consent to share any sensitive personal information.

Future Sharing for external processing
We would provide personal information to our affiliates and other trusted businesses or persons to process it for us, based on our instructions and in compliance with our Privacy Policy and any other appropriate confidentiality and security measures.

Future Sharing for legal reasons
We will share personal information outside of Belmont Forum if we have a good-faith belief that access, use, preservation, or disclosure of the information is reasonably necessary to:

  • Meet any applicable law, regulation, legal process, or enforceable governmental request.
  • Enforce applicable Terms of Service, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security, or technical issues.
  • Protect against harm to the rights, property or safety of Belmont Forum, our users, or the public as required or permitted by law.

6.3. EU-US and Swiss-US Privacy Shield Frameworks

The BFgo system is supported by Lux Consulting Group, Inc, (Lux) a Maryland USA corporation under a contract with the National Science Foundation, which is a U.S. Federal Government agency. Per their Privacy Shield certification and the letter provided in Annex 3, Lux complies with the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Lux has certified that it adheres to the Privacy Shield Principles and this BFgo Privacy and Legal Statement. Lux remains responsible for any of your personal information that is shared under the Privacy Shield Onward Transfer Principle with third parties for external processing on our behalf, as described in the "Who has access to your data and to whom is it disclosed?" section. To learn more about the Privacy Shield program, and to view Lux's certification, please visit the Privacy Shield website.

Lux is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles.

7. What are your rights and how can you exercise them?

You are entitled to access your personal data and rectify/block or erase them in case the data are inaccurate or incomplete. You can exercise your rights by emailing help@bfgo.org. In case of conflict, you can contact the Belmont Forum at info@belmontforum.org. Each will reply to requests within 60 days.

8. Notices for BFgo Users

8.1 Providing Others' Personal Data

Do not provide personal data about others unless you are authorized or required to do so by contract or applicable law.

8.2 User Responsibilities

BFgo system users must comply with this statement and may not take any actions to subvert the processes associated with this statement. Those with access to these data are reminded of their obligation to process the personal data provided to them only for the purposes for which they were transmitted.

9. Contact information

If you have comments or questions, any concerns or complaints regarding the collection and use of your personal data, please feel free to contact the Belmont Forum at info@belmontforum.org. Persons in European Union Member countries may also contact their National Data Commissioner or other national office responsible for GDPR compliance.

If you have an inquiry regarding Lux's privacy practices in relation to its Privacy Shield certification, we encourage you to contact them at it@luxcg.com.

 

Annex 1: Data Maintained per CRA and Process

CRA Shortname* Application
Receipt 		Application
Review 		Awardee
Reporting
Freshwater2012     X
Coastal2012     X
Food2013     X
Arctic2014 X X X
Biodiversity2014 X X X
Climate2015 X X X
Mountains2015 X X X
Nexus2016     X
T2S2016 X X X
Biodiversity2017     X
SEI2018 X X X
Oceans2018 X X X
Disaster2019 X X X
Arctic2019 X X X
Climate2019 X X X

*Full project names and descriptions are available at www.belmontforum.org.

 

Annex 2: List of Belmont Forum Members and Partners per CRA

CRA Shortname* Member and Partners
Freshwater2012 The French National Research Agency (ANR), The Commonwealth Scientific and Industrial Research Organisation (CSIRO), German Research Foundation (DFG), São Paulo Research Foundation (FAPESP), Japan Society for the Promotion of Science (JSPS), Ministry of Earth Sciences (MoES), Natural Environment Research Council (NERC), Economic and Social Research Council (ESRC), Biotechnology and Biological Sciences Research Council (BBSRC), National Research Foundation (NRF), Natural Sciences and Engineering Research Council of Canada (NSERC), National Science Foundation (NSF), Russian Foundation for Basic Research (RFBR)
Coastal2012 The French National Research Agency (ANR), The Commonwealth Scientific and Industrial Research Organisation (CSIRO), German Research Foundation (DFG), São Paulo Research Foundation, (FAPESP), Japan Society for the Promotion of Science (JSPS), Ministry of Earth Sciences (MoES), Natural Environment Research Council (NERC), National Research Foundation (NRF), National Science Foundation (NSF), Russian Foundation for Basic Research (RFBR)
Food2013 The French National Research Agency (ANR), The Commonwealth Scientific and Industrial Research Organisation (CSIRO), São Paulo Research Foundation (FAPESP), Japan Science and Technology Agency (JST), Ministry of Agriculture and Rural Development (MOARD), Ministry of Earth Sciences (MoES), Natural Environment Research Council (NERC), Biotechnology and Biological Sciences Research Council (BBSRC), Economic and Social Research Council (ESRC), National Research Foundation (NRF), National Science Foundation (NSF), Research Promotion Foundation (RPF), Swiss National Science Foundation (SNSF), Teagasc Executive Unit for Financing Higher Education, Research, Development and Innovation (UEFISCDI), Wageningen University and Research Centre (WUR)
Arctic2014 The French National Research Agency (ANR), Federal Ministry of Education and Research (BMBF), Bureau of Ocean Energy Management (BOEM), Department of Earth System Science and Environmental Technologies of the National Research Council (CNR-DTA), Centre National de la Recherche Scientifique (CNRS), Japan Science and Technology Agency (JST), Ministry of Earth Sciences (MoES), NordForsk Natural Sciences and Engineering Research Council of Canada (NSERC), National Science Foundation (NSF), National Natural Science Foundation of China (NSFC), The Icelandic Centre for Research (RANNIS), Research Council of Norway (RCN), Russian Foundation for Basic Research (RFBR), Social Sciences and Humanities Research Council (SSHRC)
Biodiversity2014 The French National Research Agency (ANR), The Commonwealth Scientific and Industrial Research Organisation (CSIRO), German Research Foundation (DFG), São Paulo Research Foundation (FAPESP), Ministry of Education, Culture, Sports, Science and Technology (MEXT), Japan Science and Technology Agency (JST), Ministry of Earth Sciences (MoES), National Research Foundation (NRF), National Science Foundation (NSF), National Natural Science Foundation of China (NSFC), Research Council of Norway (RCN)
Mountains2015 The French National Research Agency (ANR), Federal Ministry of Science, Research and Economy (BMWFW), Department of Earth System Science and Environmental Technologies of the National Research Council (CNR-DTA), German Research Foundation (DFG), São Paulo Research Foundation (FAPESP), National Science Foundation (NSF), National Natural Science Foundation of China (NSFC)
Nexus2016 Arts and Humanities Research Council (AHRC), Engineering and Physical Sciences Research Council (EPSRC), Economic and Social Research Council (ESRC), InnovateUK, Academy of Finland (AKA), The French National Research Agency (ANR), Slovenian Research Agency (ARRS), Federal Ministry of Education and Research (BMBF), European Commission (EC), São Paulo Research Foundation (FAPESP), The Foundation for Science and Technology (FCT), Austrian Research Promotion Agency (FFG), Formas Federative Research Structure (FRS), National Fund for Scientific Research (FNRS), Research Foundation – Flanders (FWO), Innovation Fund Denmark (IFD), Innoviris Japan Science and Technology Agency (JST), Ministry of Science, Technology and Productive Innovation (MINCyT), Ministry of Education, University and Research (MIUR), Ministry of Science and Technology (MOST), National Science Centre (NCN), Netherlands Research Agency (NWO), National Science Foundation (NSF), Qatar National Research Foundation (QNRF), Research Council of Lithuania (RCL), Research Council of Norway (RCN), Research Promotion Foundation (RPF), Swedish Energy Agency, Tekes, The Scientific and Technological Research Council of Turkey (TÜBÄ°TAK), Executive Unit for Financing Higher Education, Research, Development and Innovation (UEFISCDI), State Education Development Agency (VIAA), VINNOVA
T2S2016 Academy of Finland (AKA), The French National Research Agency (ANR), Slovenian Research Agency (ARRS), German Aerospace Center (DLR), European Commission (EC), Economic and Social Research Council (ESRC), São Paulo Research Foundation (FAPESP), Luxembourg National Research Fund (FNR), National Fund for Scientific Research (FNRS), Research Foundation – Flanders (FWO), Irish Research Council (IRC), International Social Science Council (ISSC), Japan Science and Technology Agency (JST), Ministry of Science and Technology (MOST), NordForsk, National Science Foundation (NSF), The Netherlands Organisation for Scientific Research (NWO), Research Council of Norway (RCN), Swiss National Science Foundation (SNSF), Swedish Research Council (VR)
Biodiversity2017 FWF Austria, BELSPO, FRS-FNRS, Bulgarian National Science Foundation (BNSF), FAPESP, FRQ Canada, NSERC, ETAG Estonia, AKA Finland, ANR France, DFG, DLR-PT, Irish EPA, PASRES, RCL Lithuania, RCN, NCN Poland, UEFISCDI Romania, SAS Slovakia, MINECO Spain, FORMAS Sweden, SNSF Switzerland, NWO, TÜBITAK, NSF
SEI2018  
Oceans2018 SIDA, DOST Philippines, NSF, KAUST Saudi Arabia, FORMAS, JST, NRF, FAPESP,
Disaster2019 Ministry of Science and Technology (Most),Japan Science and Technology Agency (JST), Qatar National Research Fund (QNRF), National Science Foundation (NSF)
Arctic2019 Natural Sciences and Engineering Research Council of Canada (NSERC), Danish Agency for Science and Higher Education (DAFSHE), National Research Agency (ANR), Icelandic Center for Research (RANNIS), Japan Science and Technology Agency (JST), Netherlands Polar Programme (NPP) of the Netherlands Organization for Scientific Research (NWO), Research Council of Norway (RCN), Russian Foundation for Basic Research (RFBR), Swedish Research Council for Environment, Agricultural Sciences and Spatial Planning (FORMAS), National Science Foundation (NSF)
Climate2019 Ministry of Science and Technology (MoST), PASRES, Academy of Finland (AKA), Research Council of Norway (RCN), The Swedish Research Council for Health, Working Life and Welfare (Forte) and Welfare in collaboration with Swedish Research Council (Vetenskapsradet), The Scientific and Technological Research Council of Turkey (TUBITAK), UK Research and Innovation (UKRI), National Oceanic and Atmospheric Administration (NOAA), National Science Foundation (NSF)

*Full project names and descriptions are available at www.belmontforum.org.

 

Annex 3: BFgo System Support Contractor EU-US and Swiss-US Privacy Shield Certification

Lux Consulting Group, Inc.
8403 Colesville Rd. Suite #1100
Silver Spring, MD 20910.

November 2, 2018

To Whom It May Concern,

Lux Compliance with BFgo System Privacy and Legal Statement EU-US and Swiss-US Privacy Shield Frameworks

Lux Consulting Group, Inc. (Lux) supports the Belmont Forum Grant Operations (BFgo) system under a contract with the National Science Foundation. Lux hereby certify and affirms compliance with the BFGo System Privacy and Legal Statement and the EU-US and Swiss-US Privacy Shield Frameworks as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union member countries and Switzerland, respectively. Lux remains responsible for any personal information that is shared under the Privacy Shield Onward Transfer Principle with third parties for external processing on our behalf, as described in the "Sharing your information" section.

In particular, Lux shares your data with other parties involved in the review and processing of the application, award, and monitoring of your grant. This includes national governments, funding agencies, program staff, application reviewers, and program evaluators. Lux does not share your data for commercial purposes and we do not use your data for a purpose materially different from the purpose(s) for which it was originally collected or subsequently authorized by you.

You can exercise right to opt-out of sharing with third parties by emailing it@luxcg.com with the subject line "OPT-OUT OF SHARING", your name, the program/opportunity name, and application number or project name in the body of your email.

If you choose to opt-out of sharing your data with Lux or third parties, please be advised that this will prevent your further use of this system, it may also affect compliance with national government agencies' rules, evaluation of your application, and/or the conditions of your award. Lux does not monitor or enforce compliance with national government, funding agency, or program rules, but will inform these parties that an opt-out and anonymization has occurred for your application or awarded opportunity, so they may follow up as required and appropriate. Lux will reply to requests within 60 days.

In compliance with the Privacy Shield Principles, Lux commits to resolve complaints about our collection or use of your personal information. EU and Swiss individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Lux at: it@luxcg.com.

Lux has further committed to cooperate with the panel established by the EU data protection authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU and Switzerland.

To learn more about the Privacy Shield program, and to view Lux's certification, please visit the Privacy Shield website at https://www.privacyshield.gov/welcome. Lux's certification is listed at this Privacy Shield website maintained by the U.S government at https://www.privacyshield.gov/list.

Lux is subject to the investigatory and enforcement powers of the US Federal Trade Commission (FTC). In certain circumstances, the Privacy Shield Framework provides the right to invoke binding arbitration to resolve complaints not resolved by other means, as described in Annex I to the Privacy Shield Principles at https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

Please email it@luxcg.com with any questions.

Sincerely,

Leonard Boyd. President and CEO, Lux Consulting Group, Inc.