Privacy Statement

1. Name of the Service

CitiObs Application (the "App"), a Citizen Observatory application registered as an Operator with the AUTHENIX Authorization Server, developed within the CitiObs project (EU Horizon Europe Grant Agreement No. 101086421).

2. Data Controller

Data Protection Officer (if applicable): [DPO Name and Contact Details]

3. Jurisdiction

[Operator Country – Region] (e.g., Germany – Bavaria)

4. Description of the Service

The App enables citizens to contribute environmental observations (primarily air quality data) using low-cost sensors and wearable devices, and to access aggregated environmental information from multiple Citizen Observatories. The App connects to the following components:

• AUTHENIX: For federated user authentication via trusted Identity Providers, respecting privacy and personal information as per GDPR.
• OGC SensorThings API (STA+): For standardised data exchange, supporting data ownership, licensing, and traceability of citizen contributions.
• ValAir Toolkit: For automated remote validation and quality assessment of sensor data.
• VirtualAir: A web aggregation service providing a unified view of data from multiple Citizen Observatories.

5. Legal Basis for Processing

The processing of Personal Data is based on the following legal grounds under the GDPR:

• Consent (Art. 6(1)(a) GDPR): Your explicit consent given at the time of login through your Identity Provider and when authorising the App to access your profile information via AUTHENIX.
• Legitimate interest (Art. 6(1)(f) GDPR): Processing necessary for the legitimate interests of the CitiObs project in conducting citizen science research, ensuring data quality, and supporting evidence-based policy-making, provided these interests are not overridden by your fundamental rights.
• Performance of a task in the public interest (Art. 6(1)(e) GDPR): Where applicable, the processing supports publicly funded research activities under the EU Horizon Europe programme.

6. Categories of Personal Data Collected

6.1 Data Received from AUTHENIX

The App receives Personal Data brokered by AUTHENIX from your Identity Provider, limited to the OpenID Connect scopes authorised during registration:

Scope	Data Provided
openid	A user cryptonym (pseudonymous identifier), generated only if a subject identifier was received from the Identity Provider.
profile	Name, family name, given name, middle name, nickname, preferred username, profile URL, picture, website, gender, birthdate, timezone, locale, and update timestamp.
email	Email address and email verification status.
idp	Identity Provider origin, identifier, name, and country.

6.2 Data Collected Directly by the App

• Observation Data: Environmental measurements including sensor readings (e.g., particulate matter, NO₂, O₃), timestamps, and geolocation coordinates.
• User Annotations: Qualitative feedback, event annotations, and quality assessments you provide about observations.
• Device Metadata: Information about sensors or devices used (model, calibration status, firmware version).
• Usage Data: IP address, browser type, and access timestamps, collected automatically for security and operational purposes.
• Notification Preferences: Rules and conditions you define for receiving environmental alerts.

7. Purpose of Processing

Your Personal Data is processed for the following purposes:

• Authenticating and identifying you as a contributor to the Citizen Observatory.
• Attributing Observation Data to your identity in compliance with STA+, enabling data provenance, licensing, and proper credit.
• Validating and quality-assessing sensor data using the ValAir toolkit and community-based methods.
• Aggregating environmental data across Citizen Observatories for visualisation, research, and policy support.
• Providing personalised environmental alerts and notifications based on your defined rules.
• Maintaining two-way communication and feedback loops regarding data quality and usage.
• Ensuring the security and proper functioning of the App.

8. Data Sharing and Recipients

Your data may be shared with the following categories of recipients:

• CitiObs Consortium Partners: Research institutions participating in the CitiObs project, bound by the Consortium Agreement and applicable data protection obligations.
• Other Citizen Observatories: Through interoperable APIs (STA+) for data aggregation and cross-observatory analysis.
• Open Data Infrastructures: Anonymised or aggregated datasets may be published through GEOSS, the Copernicus in-situ component, and EOSC, in accordance with FAIR data principles.
• European Commission / REA: As required under the Grant Agreement for auditing, monitoring, and evaluation.

9. Transfer of Data Outside the EU/EEA

The App is primarily operated within the European Union. Should any transfer of Personal Data outside the EU or EEA become necessary, such transfers will only take place in compliance with Chapter V of the GDPR, using appropriate safeguards such as Standard Contractual Clauses or adequacy decisions.

In line with AUTHENIX policy, all Operators (including this App) are contractually bound to comply with GDPR standards or higher, even if located outside the EU or EEA.

10. Data Retention

• Authentication Data (from AUTHENIX): Stored only for the duration of your active session. Processing history is retained for a maximum of 30 days unless you delete it earlier.
• Observation Data: Retained for the duration of the CitiObs project and as necessary for ongoing research, subject to your right to erasure.
• Usage/Technical Data: Retained for up to 12 months for security purposes, then deleted or anonymised.
• Anonymised/Aggregated Data: May be retained indefinitely for scientific research and open data purposes, as it no longer constitutes Personal Data.

Data will only be retained for as long as necessary for the stated purposes, in accordance with the data minimisation principle.

11. Your Rights

Under the GDPR, you have the following rights:

To exercise any of these rights, contact the Data Controller above. You may also manage active sessions and revoke App authorizations at authenix.eu/authorizedapps.

12. Security Measures

Appropriate technical and organisational measures are in place to protect your Personal Data:

• All communications are encrypted using HTTPS (TLS).
• Access to Personal Data is restricted to authorised personnel on a need-to-know basis, bound by confidentiality obligations.
• Authentication is managed through AUTHENIX's federated identity brokering, avoiding the need for the App to store passwords.
• Privacy by design and privacy by default principles are implemented throughout the architecture.
• Regular security assessments and data protection impact assessments are conducted as required.

13. Data Protection Code of Conduct

The Personal Data processed by this service is protected in accordance with the GÉANT Code of Conduct for Service Providers, a common standard for the research and higher education sector.

14. Minors

The CitiObs project may engage participants under the age of 18. In such cases, consent for the processing of Personal Data will be obtained from the minor's legal guardian, in compliance with Article 8 of the GDPR and applicable national legislation. Particular care is taken to ensure that minors and their guardians understand the nature and extent of data collection.

15. Right to Lodge a Complaint

If you believe your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority in your country of residence, your place of work, or the country where the alleged infringement occurred.

16. Changes to This Privacy Statement

We may update this Privacy Statement from time to time to reflect changes in our practices or applicable legislation. Material changes will be communicated through the App or via email. The effective date will be updated accordingly.

17. Contact

For any questions or concerns regarding this Privacy Statement: