Privacy Policy

Introduction

This Privacy Policy describes how MIRA (Modular Interoperable Research Attribution) Workshop ("we", "us", or "our") collects, uses, and protects your personal information when you use our website and apply to participate in our workshop. We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller

The data controller for your personal information is SciOS, facilitated through the MIRA Workshop.

Information We Collect

1. Application Information

When you submit a workshop application, we collect:

• Personal information: name, email address, organization, role/title
• Classification selections and custom classifications
• Work examples: descriptions, roles, and optional URLs
• Essay responses to application questions (up to 200 words each)
• Role-specific questionnaire responses based on your classifications
• Logistics information: availability confirmation, travel requirements, dietary restrictions

2. Account Information (Accepted Participants Only)

If you are accepted and create an account, we collect:

• Email address and password (encrypted)
• Name and organization
• Profile information you choose to add

3. Cookies and Technical Data

We use cookies for:

• Authentication and session management (essential cookies)
• Maintaining your login state

We do not use tracking, analytics, or advertising cookies.

How We Use Your Information

We use your personal information for the following purposes:

• Processing and reviewing workshop applications
• Communicating application status and decisions
• Facilitating the voting process among review committee members
• Creating participant accounts for accepted applicants
• Workshop logistics and coordination
• Sending workshop-related communications

Legal basis: Processing is based on your explicit consent (application submission) and our legitimate interests in organizing the workshop.

Who We Share Your Data With

Internal Access

• Workshop administrators and review committee members can view applications
• Admin voting and internal comments are visible only to administrators

Third-Party Services

• Supabase: Database and authentication provider (see: Supabase Privacy Policy)
• Resend: Email delivery service (see: Resend Privacy Policy)
• Vercel: Hosting provider (see: Vercel Privacy Policy)
• Vercel Analytics (Optional): Anonymized website analytics, only if you consent (see: Vercel Analytics Privacy)

We do not sell, rent, or share your personal information with third parties for marketing purposes.

Data Retention

• Pending applications: Until the application deadline + 90 days
• Rejected applications: 90 days after decision (or immediate deletion upon request)
• Accepted participants: Workshop completion + 2 years for archival purposes
• Withdrawn applications: Immediately deleted upon request

You may request earlier deletion of your data at any time by contacting us.

Your Rights Under GDPR

You have the following rights regarding your personal data:

To exercise any of these rights, please contact us at contact@scios.tech. We will respond to your request within 30 days.

Cookies

Essential Cookies (Always Active)

These cookies are required for the website to function properly and cannot be disabled:

• Authentication cookies: To maintain your login session (Supabase)
• Consent cookies: To remember your cookie preferences (localStorage)

Analytics Cookies (Optional - Requires Your Consent)

With your explicit consent, we use Vercel Analytics to understand how visitors use our website:

• Page views: Which pages are visited and how often
• Geographic location: Country/region level only (not precise location)
• Device information: Browser type and device category
• Session duration: How long visitors spend on the site

You can manage your analytics cookie preferences at any time by clearing your browser's localStorage or revisiting the cookie consent banner.

Data Security

We implement appropriate technical and organizational measures to protect your personal data:

• Encryption in transit (HTTPS/TLS)
• Encryption at rest (database encryption)
• Password hashing using industry-standard algorithms
• Role-based access control (Row Level Security)
• Regular security updates and monitoring

International Data Transfers

Your data may be transferred to and processed in countries outside the European Economic Area (EEA), including the United States. We ensure adequate protection through:

• Use of services with Standard Contractual Clauses (SCCs)
• GDPR-compliant data processing agreements with service providers

Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the effective date. Your continued use of our services after changes constitutes acceptance of the updated policy.

Complaints

If you believe your data protection rights have been violated, you have the right to lodge a complaint with your local data protection authority.

Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us: