PANDEVITA DASHBOARD AND MOBILE APP

PANDEVITA DASHBOARD AND MOBILE APP

Privacy Policy

PandeVITA is a research project -“PandeVITA: Pandemic Virus Trace Application for the Effective Knowledge Transfer Between Science and Society Inside the Quadruple Helix Collaboration”- which is funded by the European Union under Horizon 2020 Research and Innovation program under grant agreement No 101006316. PandeVITA aims to create a platform, a dashboard and a smartphone app for a more efficient knowledge transfer between society and science in pandemic crises on a global level. PandeVITA app is a pandemic simulator mobile application. Users are placed in a gamified environment that simulates a pandemic situation. This app uses contact tracing technology (GPS tracking and low energy Bluetooth) to detect whether a user has come in contact with a virtual virus or another infected user. In the game, users gain points while they stay healthy within the app and lose points when they are infected. Additionally, there are vaccination and mask distribution destinations on the game map that allow the user to accumulate immunity points that would decrease their chances of getting infected. Moreover, pandemic related news and information that is published on PandeVITA’s web dashboard are shared with the app users in stories format. The PandeVITA dashboard is a powerful web-based tool which aims is to facilitate the knowledge transfer among quadruple helix systems and provide access to reliable and verified information. This tool offers (1) COVID-19 parameters evolution, (2) COVID-19 restrictions (3) socioeconomic parameters evolution, (4) Twitter analysis study during the 2 first waves, (5) generation, verification and access to reliable articles, (6) COVID-19 FAQs, (7) Official communication sand (8) access to PandeVITA application statistics and data. In the PandeVITA environment, users can use the app or the dashboard for the registration, using the same account for the two tools. In these tools, users can be registered with four possible roles, mapped with quadruple helix users:

● Academia (Science): Represent the research value, contributing to the development of an academic field and will have additional permissions to manage articles/news.

● Industry (Economy): Represent the business value, this user will have available the general information presented to all users.

● Public authority (Politics): Represent the political value and will have additional permissions to manage official documents.

● Other (Media and culture-based public): Represent the societal value, this user will have available the general information presented to all users.

Additionaty, in the PandeVITA dashboard non-registered users will be able to visualize all general information (reliable news; official communications; progress of the pandemic situation; PandeVITA pandemic studies and frequently asked questions and answers), but with limited features. Pursuant to the General Data Protection Regulation (GDPR), the dashboard shall process your personal data (e-mail, username, institution, user ID, ORCID if apply and user location when permissions are granted) when you sign up the website, as explained above. We respect your concerns about privacy and appreciate your trust and confidence in us.

What is the purpose of the PandeVITA app and dashboard?

The purpose of the app is to assess the effectiveness of including gamification elements in CTAs (contact tracing app), facilitate the citizen knowledge transfer and also evaluate citizens’ pandemic knowledge in pandemic situations. The current app will be used in research activities within the quadruple helix concept and focus group studies. The dashboard is a knowledge based for pandemic related information. For this purpose, the users from the different quadruple helix systems can disseminate information -in news format- through the dashboard. To ensure the reliability of this information, academic users (scientists) will be in charge of verifying and approving the published articles. If an article is rejected, it will not be available for the other quadruple helix users. Additionally, users can register to this dashboard to access to the latest information, official statements, FAQs, statistics and restrictions about the COVID-19 pandemic and to charts with the socioeconomic evolution.

Which personal data of the user is collected through the app and dashboard?

For the registration in both tools, e-mail, username, and the alphanumeric auto generated user ID are stored. The username can consist of the users’ real name, but it is only requested to use a nickname. For the users who are academicians the ORCID no is also requested during the registration process. In the dashboard, all the users that create news and public authority users that create official documents should also include the name of the institution they are affiliated with, during these processes. In addition, the application accesses the user’s location for the application’s functionalities (radar and CTA simulation), but it is not stored in the application or PandeVITA backend database. The application uses GPS and other means, e.g. device sensors and nearby Wi-Fi networks for user location. The location data might be used by Google and Apple respectively according to their privacy policies.

What is the purpose behind the collection of users’ personal data?

The username is a nickname used by the PandeVITA dashboard and app to identify the user and the user ID is a unique identifier, to identify a user at platform level. The ORCID no is requested to ensure the veracity of academy users. Email address is only required to provide the users the possibility of recovering their password or removing all their associated data from the PandeVITA platform in a secure way. In the dashboard, the institution of the users who create content is required to ensure the reliability of the generated content. Finally, the location of the user is not persistently saved by the application- or on the platform; it is only used by the application locally to show viruses, masks and vaccines simulated (not real) around the user in the close vicinity and is deleted thereafter.

How is the personal data of the user used?

In the dashboard, the username and institution will be shown in the news section to offer reliability to the reader and to the other academia users that should approve or reject the article. In the app, the usernames and scores of the players and teams are visible to all users on the scoreboard. When the user belongs to a team, the teammates can also see the usernames. The username included in the register is also used to create the player profile in the app (playername, score, number of recent contacts, game status - healthy/unhealthy -, collected mask amounts, collected vaccines amounts, team membership). Furthermore, if the user grants the permissions of accessing to their location, the app will access (but not store) the user location to show the simulated viruses, masks and vaccinnes, that users can collect in the game, near to the user. The user ID is not visible in the PandeVITA tools, it can be only accessed by making HTTP requests, but a user will not be able to get the association user ID - username/email from other users through HTTP requests. The relationship between all the users IDs and the real users is only available at platform level (accessible by admin users) and it is used to identify users, associate data and make requests. On the other hand, the email is necessary for recovering the password and requesting account deletion. Atthe end of the project, the personal data (e-mail, username, institution, ORCID) will be removed from databases. As mentioned in the next sections, at the end of the project, all the personal data which are processed as written above (except username and institution in approved news) will be erased, and the pseudo-anonymized data will be used for research purposes (e.g. analyzing the effectiveness of CTAs (Contact Tracing App) for cultivating pandemic friendly behavior for the user, evaluate the news with more impact or understand which are the more relevant functionalities in the dashboard).

What are the technical measures taken for data protection?

The infrastructure of the PandeVITA Platform, which includes the servers and databases where the user’s data is processed and stored, is a multilayered platform. At the data layer, the data are protected by RBAC (Role Based Access Control) mechanism, so user data is only accessible by the user himself. When the Project is finished, personal data (e-mail, username, institution, ORCID no and and the association email and user name with user ID) will be erased and only pseudo-anonymized data can be used later for research activities. Who do we share your information with? Personal data (e-mail, username, institution, ORCID no, user ID) will not be shared with anyone. Only data processor and data controller can reach them, if there is a need.

Where do we process your information? Our servers are located in Spain, a member of EU where GDPR is binding. Thus, personal data (e-mail, username, institution, ORCID no, user ID) are protected within all security measures.

How long do we keep your information?

Most of the data generated through the dashboard and the app - and the personal data (e-mail, username, institution, ORCID no, user ID) - can be deleted at any time by the user. However, the validated articles, which also include the institution and the username will not be deleted, unless an email is sent by the creator specifying the desire to delete all their associated articles and the data will be stored till the end of the project.

How are the data with expired lifetime deleted?

After the end of the project all the personal data mentioned above (e-mail, username, institution, ORCID no) will be removed from the database, and only pseudo-anonymized data will be available. Below is the detailed information that will be maintained (pseudo-anonymized) or erased after the end of the project: The Profile (email, username, user ID, country and role), the pending and rejected news will be removed, so after the profile deletion is not possible to associate any information collected, which include the user ID, with the real user. In the case of the approved articles (title, description, topic, content producer’s username, institution, link, date, comments, views and favourites), they will be maintained, since they do not contain any explicit personal data and they offer very valuable information for future analysis to understand the users’ interests. The Official documents (country, institution, link to the official document, date) and the sessions (user ID and date) will be also maintained. The official documents only include the link to the official document and the institution and in the case of the sessions, although they include the user ID, without the profile, it is impossible to identify a user. Furthermore, the player (score, number of recent contacts, game status (healthy/unhealthy), collected mask amounts, collected vaccine amounts, quiz answers), quiz questions and answers collected through the app will also be mantained.

How can I exercise my rights over my information?

The app and dashboard comply with General Data Protection Regulation (GDPR) in all its activities which aims to empower individuals and give them control over their personal data.

How to get in touch with us

In case of any question about privacy policy, you may contact us via. contact@pandevita.eu

Language

Except as otherwise prescribed by law, in any conflictor inconsistency between the English version and local language version of this privacy policy, the English version shall be valid.

How will you be notified about changes?

If any significant changes are done in this privacy policy, the updated policy will be posted here.

Contact Information

Data Controller: PredictBY (Barcelona/Spain) | Email: contact@pandevita.eu This Legal Disclosure applies also to our social media channels: https://www.instagram.com/pande_vita/ https://www.facebook.com/Pandevita-333092851302941/ https://www.linkedin.com/company/pandevita https://twitter.com/pande_vita

Users from Turkey

In Turkey data are protected and processed under Personal Data Protection Code (“DPC”) No: 6698, and related regulations. In accordance with Article 9 of the DPC, your personal data may be transferred abroad (Spain) as taking all security measures.