Skip to main content

GDPR

Privacy Notice — Open Steel Surface Inspection Data Repository


1. Introduction

This Privacy Notice explains how your personal data is collected, processed, and protected in the context of the Open Steel Surface Inspection Data Repository (“Repository”), developed as part of an EU-funded research project supporting innovation and open science in the steel industry.

The Repository is coordinated by the project consortium, composed of European research and industrial partners, and managed by CETIC (Centre of Excellence in Information and Communication Technologies), acting as data controller for the purposes of this activity.

The consortium is committed to ensuring that all personal data is processed in compliance with the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and applicable national legislation.

Data Controller:
CETIC – Centre of Excellence in Information and Communication Technologies
Avenue Jean Mermoz 28, 6041 Charleroi, Belgium
Email : contact@cetic.be

Data Protection Officer (DPO):
Email : dpo@cetic.be

2. Purpose of Data Processing

The Repository provides open access to datasets related to steel surface inspection and AI-based quality control.
The purpose of collecting personal data is to:

  • Enable registration and verification of users accessing the datasets
  • Confirm acceptance of the dataset license terms (CC BY-SA 4.0)
  • Facilitate communication with users regarding dataset updates or research collaboration opportunities
  • Distribute a feedback questionnaire to gather information on dataset use and impact
  • Support EU project reporting and scientific dissemination activities
  • Ensure responsible use of shared data and track community engagement

Personal data is not used for commercial purposes or shared with third parties outside the project consortium.

3. Legal Basis for Processing

Personal data is processed in accordance with:

  • Article 6(1)(a) – Consent: Users voluntarily register and agree to the processing of their data.
  • Article 6(1)(e) – Task carried out in the public interest: Processing supports scientific research and innovation funded by the European Union.
  • Article 89(1) – Safeguards for research: Personal data is processed using appropriate technical and organizational safeguards that protect individual rights and privacy.

4. Categories of Personal Data Collected

When registering for access to the Repository, the following data may be collected:

  • Full name
  • Institutional affiliation and role
  • Professional email address
  • Country or region
  • Intended dataset use (optional)
  • Responses to the post-registration feedback questionnaire

No sensitive data (as defined by Article 9 GDPR) is collected.

5. Data Retention

Personal data will be stored only as long as necessary to fulfill the purposes outlined above, typically for the duration of the EU-funded project and required reporting period (up to five years after project completion).

After this period, all personal data will be securely deleted or fully anonymized.
Anonymized or aggregated statistics may be retained for research and project impact reporting in accordance with Article 89 GDPR.

6. Data Sharing and Transfers

Personal data will only be shared with:

  • Authorized members of the project consortium responsible for dataset management, reporting, or scientific analysis
  • The European Commission or related funding bodies for audit or impact assessment purposes, if required

Data will not be transferred outside the European Economic Area (EEA) unless appropriate safeguards are in place, consistent with Chapter V of the GDPR.

7. Your Rights under GDPR

You have the following rights regarding your personal data:

  • Access – Request a copy of your data and details of processing
  • Rectification – Correct inaccuracies in your data
  • Erasure – Request deletion of your data (“right to be forgotten”)
  • Restriction or objection – Limit or object to processing
  • Portability – Receive your data in a machine-readable format
  • Withdraw consent – Withdraw your consent at any time without affecting prior lawful processing

To exercise your rights, please contact: dpo@cetic.be

If you believe your data protection rights have been violated, you may also contact your national Data Protection Authority (DPA) or the Belgian Data Protection Authority (APD/GBA).

8. Security Measures

The consortium implements appropriate technical and organizational measures to protect personal data, including:

  • Secure, encrypted communication channels
  • Access control and authentication procedures
  • Data pseudonymization where feasible
  • Regular audits and adherence to EU cybersecurity standards

9. Updates to This Privacy Notice

This Privacy Notice may be updated periodically to reflect legal or project changes.
The most recent version will always be available on the Repository website.

Last updated: November 2025