Last updated: April 2026
1. Introduction
The Data Controller of the BIO-RED Open Innovation Platform is CoLab AccelBio where multiple consortium partners jointly determine the purposes and means of processing, they act as Joint Controllers in accordance with Article 26 GDPR.
2. Data Controller
The Data Controller for this platform is CoLab AccelBio. For data protection inquiries, please contact our Data Protection Contact (DPC) at admin@bio-red.eu.
3. Data We Collect
- Account information: name, email address, professional details, phone number, profile photo
- Organization information: name, type, country, competencies, technology domains and submitted partnership opportunities
- Users information: name, email address, professional details, phone number, profile photo
- Usage data: interactions with platform features, login timestamps, activity logs
- Communications: messages sent through the chat system
4. Data Sharing and Sub-processors
Personal data may be processed by authorised service providers acting as data processors under Article 28 GDPR. These providers support hosting, infrastructure management, communication services and platform security.
5. Automated Decision Making
The platform does not use automated decision-making or profiling that produces legal or similarly significant effects within the meaning of Article 22 GDPR.
6. Legal Basis for Processing
We process your data based on: (a) your explicit consent; (b) the performance of a contract; (c) legitimate interests in operating the platform; and (d) compliance with legal obligations.
7. Your Rights
Under GDPR, you have the right to:
- Access your personal data
- Rectify inaccurate data
- Request erasure ("right to be forgotten")
- Restrict processing
- Data portability
- Object to processing
- Withdraw consent at any time
8. Data Retention
Personal data is retained for the duration of your account and deleted within 30 days of account deletion, unless longer retention is required by law. Chat messages exchanged with other users are retained for the other participant; the deleted user's identifiers are removed (anonymised) within 30 days of account deletion.
9. Cookie Policy
This Platform uses essential cookies that are strictly necessary for the operation of the site, together with one preference-category item (firebaseLocalStorageDb) used to support in-chat notifications. We do not use any advertising, analytics, or tracking cookies.
Cookies We Use
- Consent cookie (CookieConsent, HTTP cookie, 1 year): stores your cookie-consent state for this domain so the Platform remembers your preferences across sessions.
- Firebase activity signal (firebase-heartbeat-database, IndexedDB, persistent): records periodic signals from the Firebase SDK to detect spam and support Platform security.
- Firebase local storage (firebaseLocalStorageDb, IndexedDB, persistent): stores the Firebase authentication token locally and supports in-chat notifications so the Platform can alert you when a reply is received.
Purpose of Cookies
These cookies and equivalent local-storage items are used to provide core Platform functionality: recording your cookie-consent choice, authenticating you across requests via the Firebase SDK, detecting spam and supporting Platform security, and enabling in-chat reply notifications.
Managing Cookie Preferences
The strictly-necessary cookies cannot be selectively disabled without affecting the operation of the site. The preference-category item (firebaseLocalStorageDb) requires your consent and may be accepted or declined through the cookie consent banner presented on first visit; you may withdraw consent at any time via the same mechanism. Declining or withdrawing consent for this item may disable in-chat reply notifications. You may also configure your browser settings to block or delete cookies at any time; doing so may prevent you from using certain features of the Platform, including signing in to your account.
Consent and Lawful Basis
The strictly-necessary cookies (CookieConsent and firebase-heartbeat-database) are deployed on the basis of the "strictly necessary" exemption under Article 5(3) of the ePrivacy Directive and do not require separate consent. The preference-category item (firebaseLocalStorageDb) is deployed only after the user has given informed consent through the cookie consent banner, in accordance with Article 5(3) of the ePrivacy Directive and Article 6(1)(a) GDPR.
| Name | Category | Description | Duration |
|---|---|---|---|
| CookieConsent HTTP Cookie | Necessary | Stores the user's cookie consent state for the current domain. Allows the website to remember consent preferences across sessions. | 1 year |
| firebase-heartbeat-database #firebase-heartbeat-store IndexedDB | Necessary | Used to detect spam and improve website security. Records periodic signals from the Firebase SDK for activity monitoring. | Persistent |
| firebaseLocalStorageDb #firebaseLocalStorage IndexedDB | Preferences | Facilitates the notification function within the chatbox, allowing the website's support team to notify the user when a reply has been given. Stores the Firebase authentication token locally. | Persistent |
10. Contact
For privacy-related inquiries, please contact the Data Protection Contact at admin@bio-red.eu.
Co-funded by the European Union. Views and opinions expressed are those of the authors only and do not necessarily reflect those of the European Union.