Privacy Policy

How we handle your data on the Data Driven Models platform.

Data Driven Models is a research platform operated by Blekinge Institute of Technology (BTH), Sweden, as part of the CiSMA project funded by the European Union under Horizon Europe (Grant Agreement No. 101177798). We are committed to protecting your privacy and processing personal data in accordance with the EU General Data Protection Regulation (GDPR, Regulation 2016/679).

Last updated: March 2026

1. Data Controller

The data controller for this platform is:

2. Data We Collect

2.1 Authentication Data

If you create an account or are granted access, we store:

  • Username and email address
  • Hashed password (we never store plaintext passwords)
  • Role assignment (Admin, Researcher, Viewer)

This data is necessary for providing secure, role-based access to the platform (legal basis: legitimate interest under GDPR Art. 6(1)(f)).

2.2 Contact Form Submissions

When you submit the contact form, we collect:

  • Name, organisation, and email address
  • Subject and message content

This information is used solely to respond to your enquiry (legal basis: consent under GDPR Art. 6(1)(a)). We do not use it for marketing or share it with third parties.

2.3 Cookies

This site uses essential cookies only for:

  • Session management — maintaining your login state
  • Cookie consent — remembering your cookie preference

We do not use any tracking, analytics, or advertising cookies. No data is shared with third-party analytics or advertising services.

3. What We Do Not Collect

  • We do not use Google Analytics or any third-party tracking tools
  • We do not serve advertising or use advertising cookies
  • We do not sell, trade, or rent personal data to third parties
  • We do not profile users or make automated decisions based on personal data

4. Data Storage and Security

All data is stored on a secured virtual private server hosted within the European Union. Access to the server and database is restricted to authorised project personnel. We use industry-standard security measures including encrypted connections (HTTPS/TLS), hashed passwords, and JSON Web Token (JWT) based authentication.

5. Data Retention

Account data is retained for the duration of the research project and deleted within 12 months after the project concludes, unless longer retention is required for research integrity or legal compliance. Contact form submissions are retained only as long as necessary to respond to your enquiry.

6. Your Rights Under GDPR

Under the General Data Protection Regulation, you have the right to:

  • Access — request a copy of the personal data we hold about you
  • Rectification — request correction of inaccurate data
  • Erasure — request deletion of your personal data ("right to be forgotten")
  • Restriction — request limitation of processing of your data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interest
  • Withdraw consent — where processing is based on consent, you may withdraw it at any time

To exercise any of these rights, contact us at shafiqul.islam@bth.se. We will respond within 30 days.

7. Supervisory Authority

If you believe your data protection rights have not been adequately addressed, you have the right to lodge a complaint with the Swedish Authority for Privacy Protection (IMY):

8. Changes to This Policy

We may update this privacy policy to reflect changes in our practices or legal requirements. Any changes will be posted on this page with an updated revision date. We encourage you to review this page periodically.