Privacy Policy
Version: 1.0
Last updated: [12 February 2026]
1. Introduction
This Privacy Policy explains how personal data are collected, used, and protected when using MetaTrack, a web-based platform for storing, managing, and sharing life science data and metadata.
MetaTrack is developed and operated by ELIXIR Norway, which acts as the data controller for personal data processed through the platform.
2. Data Controller
Data controller:
ELIXIR Norway
UNIVERSITETET I BERGEN Postboks 7800 5020 BERGEN Norge
3. Personal Data We Process
MetaTrack processes a limited set of personal data necessary to operate the service:
3.1 User Account Information
- Name
- Email address
- Institutional affiliation
- User identifier (e.g. institutional login ID)
3.2 Technical and Usage Information
- Login timestamps
- IP addresses
- System logs related to authentication and access
- Basic usage metrics for service monitoring
MetaTrack does not require or intend to process sensitive personal data as defined under GDPR Article 9.
4. Purpose of Processing
Personal data are processed for the following purposes:
- To provide access to the MetaTrack platform
- To manage user accounts and permissions
- To ensure system security and integrity
- To monitor service usage and performance
- To communicate important service-related information (e.g. maintenance, incidents)
- To provide user support
Personal data are not used for profiling, marketing, or automated decision-making.
5. Legal Basis for Processing
The legal basis for processing personal data is:
- GDPR Article 6(1)(e) – processing necessary for the performance of a task carried out in the public interest (research infrastructure), and/or
- GDPR Article 6(1)(f) – legitimate interests related to secure and reliable operation of the service
Where applicable, processing may also rely on GDPR Article 6(1)(b) (performance of a contract).
6. Data Sharing and Processors
Personal data may be accessed by:
- Authorized operational staff within ELIXIR Norway
- Technical service providers acting as data processors under contractual agreements
Personal data are not shared with third parties for commercial purposes and are not transferred outside the EU/EEA unless appropriate safeguards are in place.
7. Data Retention
Personal data are retained for as long as a user has an active MetaTrack account.
User accounts may be deactivated if institutional authentication is no longer valid. In such cases:
- Personal data are retained only as required for audit, security, or legal purposes
- User-uploaded research data and metadata are governed by the Terms of Use and Data Handling Policy, not by this Privacy Policy
8. User Rights
Under the GDPR, users have the right to:
- Request access to their personal data
- Request correction of inaccurate personal data
- Request deletion of personal data, where applicable
- Object to or restrict processing
- Lodge a complaint with a supervisory authority
Requests can be submitted via support@elixir.no.
9. Security Measures
MetaTrack implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, or misuse.
Access to personal data is restricted to authorized personnel and systems required for service operation.
10. Relationship to Uploaded Data
This Privacy Policy applies only to personal data related to users and service operation.
Rules governing uploaded research data and metadata—including ownership, access control, retention, and permitted content—are defined in the MetaTrack Terms of Use and Data Handling Policy.
11. Changes to This Policy
This Privacy Policy may be updated periodically. Significant changes will be communicated through the platform or via email.
Continued use of MetaTrack after updates constitutes acceptance of the revised policy.
12. Contact
For questions regarding this Privacy Policy or the processing of personal data, please contact: support@elixir.no