Privacy Notice for EU Users of PARADISEC
This information applies if you are located in the European Economic Area (EEA). It supplements PARADISEC’s standard Conditions of Access by explaining how PARADISEC processes your personal data under the EU General Data Protection Regulation (GDPR).
1. Who we are
PARADISEC (Pacific and Regional Archive for Digital Sources in Endangered Cultures) — based in Australia — acts as a Data Controller in respect of your personal data when you access files through our catalog. For depositor-related personal data, PARADISEC is a Joint Controller along with the depositor, since we determine metadata publication and access policies.
2. Personal data we collect
We collect and process the following personal data from you when you access our site or files:
- Name and email address (collected at account creation and verified via email).
- Login timestamps and download logs linking your account to files accessed.
- Checkbox acknowledgement records that you have accepted the Conditions of Access.
We do not use cookies or collect IP addresses.
If you are a depositor, we additionally collect your contact details, in order to fulfill our responsibilities as Joint Controller of your data deposit. Depositor’s contact details are not made publicly accessible.
3. Why we process your data & legal bases
| Purpose | Legal Basis (GDPR Article 6) |
| To enable access to download files and metadata | Contractual necessity (account access) |
| To authenticate and verify users | Legitimate interest in preventing unauthorized use |
| To enforce Conditions of Access | Legitimate interest and record-keeping |
| To maintain catalog metadata and ingestion quality | Legitimate interest for operational necessity |
Where personal data appears in deposit metadata (e.g., depositor or speaker names), we process that as Controller under our mission to preserve and provide access to cultural heritage, often utilising archival exemptions under GDPR Article 89, with appropriate safeguards (GDPR, GDPR.eu).
4. Data retention
- Account data and logs will be retained as long as your account remains active and for 5 years after inactivity to meet operational and legal requirements.
- Consent records (Conditions of Access acknowledgments) will be retained for the duration of account activity and an additional period of 5 years.
- Metadata and archived files will be kept under preservation policy; personal data in those records may be retained indefinitely for public and research access, and may be archived under Article 89 freedom if applicable.
5. Your rights under GDPR
As an individual located in the EEA, you have rights, subject to certain limitations:
- Access: Request confirmation of processed personal data and a copy.
- Rectification: Correct inaccurate or incomplete personal data.
- Erasure (“right to be forgotten”): In certain conditions.
- Restriction: Limit the processing of your personal data.
- Objection: Object to processing based on legitimate interest.
- Data portability: Receive your personal data in a structured, machine-readable format.
To exercise any of these rights, contact us at admin@paradisec.org.au. You also have the right to lodge a complaint with a supervisory authority in your country.
6. International transfers
Your personal data is stored and processed in Australia. We rely on standard contractual clauses or other GDPR-appropriate safeguards to transfer your personal data lawfully.
7. Contact Information
For privacy or data protection queries, please contact:
Privacy Officer, PARADISEC
Email: admin@paradisec.org.au
8. Changes to this Notice
We may update this Privacy Notice from time to time. The latest version will be published in the Conditions of Access. If substantial changes are made, we will notify users accordingly.