Privacy Policy
Last updated: 05 May 2026
This Privacy Policy explains how personal data is processed through the EUnetCCC WP8 website. The website supports Work Package 8 - Network Activities within the Joint Action European Network of Comprehensive Cancer Centres (EUnetCCC).
1. Controller and Contacts
The WP8 website is operated for EUnetCCC WP8 by Oslo University Hospital CCC, the WP8 lead institution.
| Controller | Oslo universitetssykehus HF / Oslo University Hospital CCC |
|---|---|
| Postal address | Postboks 4950 Nydalen, 0424 Oslo, Norway |
| DPO | Marit Larsen Haarr, Data Protection Officer for Helse Sor-Ost |
| Privacy contact | personvern@ous-hf.no |
| Switchboard | +47 91 50 27 70 |
| WP8 website contact | contact@wp8.eunetccc.eu |
| General EUnetCCC contacts |
Coordination Team:
EUnetCCC@institutcancer.fr Communication Team: communication.eunetccc@ulsalg.min-saude.pt |
2. Data We Process
Depending on how you use the website, we may process:
- Technical data such as IP address, user agent, request time, pages requested, and security logs.
- Cookie consent records, including a hashed IP address, user agent, selected preferences, action, version, and timestamp.
- Contact form data such as name, email address, organisation, message, and attachments if provided.
- Mailing list data such as name, email address, organisation, EUnetCCC/WP8 affiliation, selected tasks, and comments.
- WP8 content submission data, including contact details, text, links, uploaded media or files, submission status, and review feedback.
Please do not submit patient information, health data, or other special category data unless this has been explicitly requested and an appropriate legal basis and safeguards are in place.
3. Purposes and Legal Bases
| Purpose | Legal basis |
|---|---|
| Operating, securing, and maintaining the website. | Legitimate interests - GDPR Art. 6(1)(f). |
| Storing cookie consent choices and audit records. | Legal obligation and legitimate interests - GDPR Art. 6(1)(c) and Art. 6(1)(f). |
| Responding to contact requests. | Legitimate interests - GDPR Art. 6(1)(f). |
| Managing mailing list subscriptions and sending WP8 updates. | Consent - GDPR Art. 6(1)(a). |
| Collecting and reviewing WP8 content submissions from task representatives. | Performance of project collaboration tasks and public interest where applicable - GDPR Art. 6(1)(b) and Art. 6(1)(e). |
| Measuring aggregated website usage with Google Analytics. | Consent - GDPR Art. 6(1)(a). |
4. Cookies and Analytics
Strictly necessary cookies are used for session handling and CSRF protection. Analytics cookies are off by default and Google Analytics is loaded only if you consent. You can change your choice at any time using the footer link "Cookie preferences" or by visiting the Cookie Policy.
5. Data Sharing and Processors
Personal data may be accessible to:
- Authorised WP8 staff and relevant EUnetCCC project partners where needed for the purpose of the submission or request.
- Technical providers that host, secure, maintain, or deliver the website and email services.
- Google Analytics, only after analytics consent has been given.
- Mailchimp, if EUnetCCC uses it outside this website for newsletter delivery.
- Public authorities where disclosure is required by law.
We do not sell personal data. Where processors are used, processing should be governed by appropriate data processing terms. Some providers may process data outside the EEA; where this happens, appropriate transfer mechanisms such as adequacy decisions, Data Privacy Framework participation, or Standard Contractual Clauses should be used where applicable.
6. Retention
| Data category | Retention |
|---|---|
| Mailing list subscribers | Until unsubscribe, plus up to 30 days in backups. |
| Contact requests | Up to 6 months after the last response, unless longer retention is needed for follow-up or legal reasons. |
| WP8 content submissions, text, links, and media | 3 years from submission, or for the duration of WP8 plus 1 year where needed for project reporting and continuity. |
| Saved draft submissions | Up to 6 months from last activity. |
| Cookie consent audit records | 13 months. |
| Server access and security logs | Up to 6 months, unless needed longer for security investigation or legal requirements. |
7. Your Rights
Subject to the conditions in the GDPR, you may request:
- Access to your personal data - Art. 15.
- Rectification of inaccurate or incomplete data - Art. 16.
- Erasure - Art. 17.
- Restriction of processing - Art. 18.
- Data portability - Art. 20.
- Objection to processing - Art. 21.
- Not to be subject to solely automated decisions with legal or similarly significant effects - Art. 22.
- Withdrawal of consent at any time where processing is based on consent - Art. 7.
To exercise your rights, contact personvern@ous-hf.no or contact@wp8.eunetccc.eu. We may need to verify your identity before responding.
8. Complaints
You have the right to lodge a complaint with a supervisory authority, including the authority in the place where you live, work, or where you believe an infringement occurred.
Norwegian Data Protection Authority (Datatilsynet)
P.O. Box 458 Sentrum, NO-0105 Oslo, Norway
Phone: +47 22 39 69 00
Website: https://www.datatilsynet.no
Romania - Autoritatea Nationala de Supraveghere a Prelucrarii Datelor cu Caracter Personal (ANSPDCP)
B-dul G-ral. Gheorghe Magheru 28-30, Sector 1, 010336 Bucharest, Romania
Email: anspdcp@dataprotection.ro
Website: https://www.dataprotection.ro
9. Changes
We may update this Privacy Policy to reflect legal, technical, or operational changes. Updates are published on this page.