EUCAIM Open Call - Privacy Policy

Information on data protection

1. For what purposes do we collect your personal information?

We will process your data in order to assess your application to the EUCAIM Open Call.

2. Who is the data controller?

EIBIR gemeinnützige GmbH

Am Gestade 1, 1010 Vienna, Austria
Phone: +43 1 533 40 64 – 20

Managing Director: Mr. Peter Baierl

Registered Office: Vienna FN 275330 y HG Wien

Place of Jurisdiction: Vienna, Austria

Sales Tax Identification Number: UID: ATU62615557

How can you contact EIBIR?

If you have any questions or queries about how we handle data, you can contact EIBIR by email through  [email protected], or by post using the aforementioned postal address.

By what right or legal basis does EIBIR at the EUCAIM project process your personal information?

Your data is processed by virtue of:

Performance of a contract (6.1. b) GDPR)

Who are the recipients of your personal data?

  • Members of the consortium (a list is available here)
  • European Commission for auditing purposes
  • Press releases and social networks for dissemination purposes
  • Our processors:
    • JotForm
      • JotForm Subprocessors
    • SimplyCRM
      • SimplyCRM Subprocessors



Subprocessing Activities

Amazon Web Services Inc.


Cloud Service Provider

Google Cloud EMEA Limited


Cloud Service Provider

Google LLC

United States

Cloud Service Provider

Digital Ocean

United States

Cloud Service Provider

Are data transferred to a non-EU Country?

The processing of personal data will be held on JotForm and SimplyCRM premises. It is based on a Standard Contractual Clauses adopted by the European Commission. These Standard Clauses has been set out in the Annex of Commission Implementing Decision (EU) 2021/914 of 4 June 2021 for the transfer of personal data to processors established in third countries which do not ensure an adequate level of data protection, as well as any modified clauses, described in the UK Addendum, set out by the United Kingdom pursuant to UK GDPR, the UK Data Protection Act 2018 (and regulations made thereunder), the UK Privacy and Electronic Communications Regulations 2003.

JotForm as processor informs that the information that is collected by their customers may be disclosed to and stored on servers (and backups) which are provided by Google Cloud Platform (GCP) and by Amazon Web Services (AWS). This may include overseas disclosures to cloud providers based in the United States of America. The providers ensure a high standard of security based in certifications including ISO27001 and SOC 2 which evidence high standards of information security management.
SimplyCRM as a processor exclusively secure data centers located in Europe (Frankfurt, Germany and Amsterdam, Netherlands).

How long do we keep/storage your data?

The data will be stored for the period necessary for the administrative management of the call. This may be the following

  • The life cycle of the project.
  • For the legal periods of limitation of liability.
  • Up to five years after the end of the project for audit purposes by the European Commission.
  • Information of public interest or historical interest may be stored and published indefinitely.


The information shall be kept suitably blocked for such additional periods as may be necessary for the prescription of possible legal liabilities including those arising from audits of the Project.

How do we protect the security of your information?

JotForm, one of our service providers, applies strict security measures, including a protected 256 bit SSL connection that uses a SHA256 Certificate. Submissions are encrypted with high-grade RSA 2048 at the user’s computer, then transferred and stored securely on our servers. All data is securely stored in the EU, with a redundant application and data servers in active-active configuration, and all data is replicated on an hourly basis for backup purposes. This provides platform-level redundancy in addition to the redundancy obtained with multiple servers within a single platform. All data remains in-region, so EU data always resides in the EU. Safeguards are in place to detect common attacks, such as SQL injection and cross-site scripting. PCI scans are regularly performed to detect any kind of vulnerability in our publicly available interfaces. Each quarter, internal and external Approved Scanning Vendor (ASV) tests are performed for PCI. In addition to these PCI scans, penetration tests are performed periodically.

SimplyCRM, one of our service providers, uses data centers that are certified in the international standard ISO/IEC 27001:2013. By achieving compliance with this globally recognized information security controls framework, audited by a third-party, they have demonstrated a commitment to protecting sensitive customer and company information. The ISO/IEC 27001:2013 certificate can be viewed here.

How can you exercise your rights?

In order to maintain control over your data at all times, you have the right to access your personal information, as well as the right to request the rectification of inaccurate data or, where appropriate, to request its erasure or deletion. In certain circumstances, and for reasons relating to your particular situation, you may object to the processing of your data. Similarly, you may exercise the right to restrict the processing of your personal information, requesting its retention, as well as the portability of your data.

The exercise of rights is personal and therefore we need to identify you unequivocally. You can exercise your rights in two ways:

  1. By sending an e-mail message.
    • To do so, please use this address: [email protected]. Please note that we can only deal with requests made from e-mail accounts provided in our databases after the identification of its owner.
  2. Physically by writing to the address of the data controller. In this case, you must provide supporting documentation:
    • Proof of the identity of the person concerned by means of any valid document, such as identity card or passport.
    • Name and surname of the person concerned or, where appropriate, of the person representing him/her, and the document proving such representation.
    • The request you are applying for.
    • Documents supporting the request you are making, if applicable.
    • In case of rectification or erasure, indication of the data to be rectified or erased and the reason for the rectification or erasure.
    • Address for delivery to you the information or notification.
    • Date and signature of the applicant.

Who guarantees your rights and to whom can you complain?

If you wish to lodge a complaint or obtain further information about the regulation of the processing of personal data the competent authority is Austrian Data Protection Authority.

Join the EUCAIM Consortium

Open Call for New Beneficiaries

We’re inviting new partners to enhance our pan-European infrastructure for cancer images and artificial intelligence.

Whether you’re a data holder with valuable cancer images or an innovator developing AI tools for precision medicine, this is your chance to contribute to a groundbreaking project.

Apply by 10 June 2024!

Open Call Webinar

We recently hosted a webinar with more details for prospective applicants to the open call. A recording is available.

Our open Call for new collaborators
launches in April 2024

Opportunities for data holders & AI developers to contribute await! Let‘s join forces to enhance cancer diagnosis and treatment

Be the first to know and apply!

March 14, 10:00-11:30 aM CET



Explore the potential for AI-driven cancer care advancements!
Learn how to access and utilize our federated cancer image repository. The webinar is for AI Innovators & Data Providers interested in the platform and will feature an introduction to EUCAIM & Cancer Image Europe and a demonstration of data exploration & access.

Survey Invitation

Join Leading Experts In Shaping AI In Cancer

EUCAIM is looking for your feedback! We have recently published a Stakeholder Survey in order to reach out to potential end-users and stakeholders. We believe that your insights could significantly contribute to understanding the expectations of potential users and identifying the essential aspects that stakeholders find crucial for future engagement and collaboration with the platform.

Therefore, we would like to invite you to participate in the Stakeholder Survey about the Cancer Image Europe platform.

Completing the survey will take approximately 10 minutes. Your participation is crucial to the success of this project, and we deeply appreciate your expertise in shaping the future of cancer imaging and treatment.