Privacy information
Your privacy is important to us. Our website does not track you and does not use social media plugins or pixels. We have no financial interest in your private information. Wherever feasible for a small group like ours, we prefer explicitly privacy-conscious applications and providers for processing any of our visitors' and guests' personal data.
The information on this page is intended for visitors and guests regarding our digital infrastructure. If you participate in our activities, further privacy information may apply.
"Processing" in this context refers to any operation on personal data, such as collection, storage, use, or deletion, whether by automated means or not. "Data" in this context means personal data.
- International data transfers
- Our website
- Protective measures
- Cookies
- Contact via email
- Mailing list (Sympa at UIS)
- Application form (EUSurvey)
- Online scheduling (Framadate)
- Cloud storage and online tools for collaboration and event management (Infomaniak)
- Zenodo community
- Codeberg organization
1. Information about us as data controllers
The party responsible for this website for purposes of data protection legislation is: The McDonald Institute for Archaeological Research, University of Cambridge, Downing Street, CB2 3DZ Cambridge, United Kingdom, email: md564@cam.ac.uk.
2. Your rights
You have the right
- to be informed and access your data: for us to confirm whether we are processing data of yours, information about the data being processed, information why and how that data is processed, and copies of the data.
- to rectification: to correct or complete incorrect or incomplete data.
- to object to us processing your data.
- to erasure (the "right to be forgotten"), or, alternatively, the right to restriction of processing , as specified by law.
- to data portability: to receive copies of the data concerning you and/or provided by you and to have the same transmitted to other providers and/or controllers.
- to lodge a complaint with a supervisory authority.
3. Data processing information
We delete, block or anonymise your data once the purpose for processing it no longer applies, unless legal obligations require otherwise, or unless otherwise explained below.
Legal bases include your consent, performance of a contract, legal obligations, your vital interests or another natural person's vital interests, performance of a task carried out in the public interest, or our legitimate interests or those of a third party.
International data transfers
We process data in the UK, EU, and Switzerland, all of which have mutually recognised adequate protection regimes. This allows for lawful data transfers between these jurisdictions without additional safeguards. The Global Crop Diversity Trust (Crop Trust) is a partner in this community and not subject to European Union or national data protection legislation due to its institutional status; however, it has adopted a data protection framework that offers comparable levels of protection. We also use applications and platforms operated by international organisations like CERN, and European Commission departments, to which the same principles apply.
For international data transfers by other joint or sole data controllers in their responsibility, as referenced in this document, please refer to their privacy information.
Our website
For technical reasons, certain data sent by your internet browser will be processed by our server provider, in particular to ensure a secure and stable website: these server log files record for example the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.
The data thus collected is temporarily stored, but separately from any other of your data. We and our server provider have a legitimate interest in providing a stable, functional and secure website, and in improving it. You cannot object to this data being processed.
We are hosting a static website that does not process any further data of yours.
Our server is provided by Infomaniak Network AG, Rue Eugène Marziano 25, 1227 Les Acacias, Geneva, Switzerland, and located in ISO 27001 certified data centres based in Switzerland. We work with Infomaniak Network AG on the basis of a data processing agreement (as of 06 June 2025).
Protective measures
To protect your data, our website uses SSL encryption. We also implement further technological and organisational safeguards to protect your data from destruction, loss, change, or unauthorised disclosure and access.
Cookies
Cookies are small files that your internet browser saves to your device. They are typically used to improve your web browsing experience and/or identify your device. They process certain information, for example browser data or your IP address. Session cookies are deleted upon closing your web browser, whereas persistent cookies have a variable duration.
Third parties who we work with on the basis of a data processing agreement or as a joint data controller may use both session cookies and persistent cookies, as explained in the relevant sections of this document. For cookies used by third parties who are sole data controllers as referenced in this document, please refer to their privacy information.
Many web browsers and/or flash applications allow you to control, view and erase cookies through their settings. We are not able to provide guidance on this, because the required steps depend on the specific applications you are using; please refer to their documentation. However, should you prevent cookies from being saved, our digital infrastructure may not be fully functional for you.
Contact via email
If you contact us via email, the data you provide will be used for the purpose of processing your request. We have to process this data to answer your enquiry in full or at all. Your data will be deleted once we can reasonably conclude that we have fully answered your enquiry, the information will not be required for future communication with you, and there are no further legal reasons to process your data.
Mailing list (Sympa at UIS)
We offer a mailing list for informing anyone who is interested about our community's activities and for enabling discussion among the mailing list's members, subject to moderation.
If you register for our community's mailing list, its provider and/or owners will process your email address, along with the IP address of your computer, the date and time of your registration, and your use of the service. Optionally, you may also provide your name. During the registration process, you are asked for your consent to participate in this mailing list. The data collected will be used exclusively to manage the mailing list and will not be passed on to third parties, subject to legal obligations. Naturally, it will be processed so long as you remain a member of the mailing list.
You are also invited to submit emails to be sent via the mailing list. Please remember - as with any mailing list - that any data you include with such an email will be shared among all list members, where we have no influence on it.
You may unsubscribe from the mailing list with future effect at https://lists.cam.ac.uk/sympa/signoff/ucam-seeds4tomorrow. Alternatively, you may email the mailing list's owners with your unsubscription request from the email address you have registered. Your name and email address will then be deleted from the mailing list server.
The mailing list uses the open source Sympa mailing list management software. For further information about Sympa see https://www.sympa.community.
The mailing list is provided by University Information Services (UIS), University of Cambridge, Roger Needham Building, 7 JJ Thomson Avenue, Cambridge CB3 0RB, United Kingdom. When you subscribe to and/or use the mailing list, responsibility for relevant data processing lies with UIS. For further information about website privacy at UIS, including information on exercising your rights as a data subject, see https://help.uis.cam.ac.uk/policies/privacy-and-cookie-policies.
According to information from UIS, it uses data centres based in the United Kingdom for hosting its mailing lists, operated by Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. Microsoft Corporation's European address for data protection purposes is Microsoft EU Data Protection Officer, One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521, Ireland.
Sympa requires a session cookie to function properly.
Application form (EUSurvey)
You may apply to join our community via an online form we offer. Alternatively, you may send us an email with the required information. For reference, you can download a pdf of the empty form from https://ec.europa.eu/eusurvey/runner/seeds4tomorrow-v1.
We require this information to process your application. If you subsequently join the community, we will process the data you have provided in your application for the purpose of the usual organisational and administrative process, naturally in compliance with further legal obligations. If we do not invite you to join the community, we will delete the data you have submitted six months after we have notified you of our decision. We will not delete the data, however, if we have a legitimate interest in storing the data for legal reasons, until any legal action is concluded.
Our online application form uses the open source EUSurvey software. For further information about this software see https://github.com/EUSurvey.
Our EUSurvey online application form is operated by the European Commission's Department for digital services (DG DIGIT), 1049 Bruxelles/Brussel, Belgium, in the European Commission's data centre based in the European Union. For the privacy policy for websites managed by the European Commission see https://commission.europa.eu/privacy-policy-websites-managed-european-commission_en. We work with EUSurvey on the basis of a data processing agreement (as of 06 June 2025).
EU Survey uses session cookies to ensure reliable communication between the client and the server. It also uses persistent cookies for anonymous usage statistics and for storing preferences.
EUSurvey uses local storage to backup your input to a form. This is in case the server is not available during submission, your computer is switched off accidentally, etc. The local storage contains the IDs of the questions and the draft answers. Once you have submitted your answers to the server or have saved a draft on the server, the data is removed from the local storage. You may opt out of this feature on the form's page with the checkbox 'Save a backup on your local computer (disable if you are using a public/shared computer)'. In that case, no data will be stored on the computer you use.
Online scheduling (Framadate)
For organising meetings and events, we may share a link to a form with you to enquire about your time and/or date preferences. You will be asked for your name and your choices among the times offered. Naturally, we will receive the information you enter into the form and process it to organise the meeting or event. Use of this form is not required for participating in our meetings or events, i.e., use is based on your consent. However, if you opt out, you may not get a say in the time and/or date of the meeting or event. These surveys are permanently deleted 180 days after we finish using them, i.e., normally after the event or meeting concludes.
The online scheduling application uses the open source Framadate software. For further information about the software see https://framagit.org/framasoft/framadate.
The online scheduling application is operated by Association Framasoft, c/o Locaux Motiv, 10 bis, rue Jangot, 69007 Lyon, France. We do not share your data with Association Framasoft. Where you provide it with your data, it acts as the sole data controller. For further information about website privacy at Association Framasoft, including information on exercising your rights as a data subject, see https://framasoft.org/en/cgu.
To host its online scheduling application, Association Framasoft uses ISO 27001 certified data centres based in the European Union, operated by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
Cloud storage and online tools for collaboration and event management (Infomaniak)
Cloud storage is a service for uploading data via the internet and storing it on the servers of a cloud provider, for example for storing and managing documents, content or information, for backup security storage and other archiving, as well as for sharing with specific recipients or publishing documents, content or information.
We have a legitimate interest in efficiently and securely managing data to enable our community and its activities. Alternatively, we may need to do so to perform a contract. We process your data in cloud storage and, accordingly, in online tools for collaboration and event management so long as it is required for your participation in the community's activities, and subject to any subsequent legal obligations.
The online tools enable for instance collaboration on documents and files, transfer of files and information, and online meetings, as well as ticketing, access control, and guest management.
You may object to our processing your data in cloud storage or opt out of using these online tools for collaboration and event management, subject to the performance of contracts and any legal obligations. However, as a result, we will delete your respective data, and your participation in our community may be limited.
Our cloud storage and online tools for collaboration and event management wherein we may process data are provided by Infomaniak Network AG, Rue Eugène Marziano 25, 1227 Les Acacias, Geneva, Switzerland, and hosted in ISO 27001 certified data centres based in Switzerland. For further information about privacy at Infomaniak Network AG, please see https://www.infomaniak.com/en/legal/confidentiality-policy. We work with Infomaniak Network AG on the basis of a data processing agreement (as of 06 June 2025).
For information about cookies used by Infomaniak, please see its policy at https://www.infomaniak.com/en/legal/policy-use-cookies.
Zenodo community
We maintain a Zenodo community to curate and compile deposits to Zenodo relevant to our work. That Zenodo community may also accept third-party contributions; we do not take responsibility for any data included with such deposits.
Zenodo is a long-term public archive for research outputs. Deposits would remain with Zenodo, even if our Zenodo community were deleted. It is not normally possible to remove data included with deposits from Zenodo after submission.
If you participate in our work and have a user account with Zenodo, we may invite you to join our Zenodo community. However, participation is voluntary, i.e, based on your consent. The owners and managers of our Zenodo community do not have access to user accounts, nor do they influence how Zenodo uses the data therein; they can only see data that you have made publicly visible. Our Zenodo community's owners and managers merely manage invitations for existing user accounts to the Zenodo community, their roles within the Zenodo community, and their visibility on the Zenodo community's membership list. Our Zenodo community can only make your user account visible on that membership list, if you have set the account's visibility to public. We reserve the right for our Zenodo community owners and managers to remove user accounts from the Zenodo community or to change their roles, which will not otherwise affect your user account with Zenodo; vice versa, you may remove your account from the Zenodo community at any time by following Zenodo's instructions at https://help.zenodo.org/docs/communities/manage-members/leave-community/#leave.
We do not share your data with Zenodo for the purposes of managing our Zenodo community. Where you provide your data to Zenodo, for example by visiting its pages and downloading items from the platform or managing a user account, it acts as the sole data controller. For further information, including information on exercising your rights as a data subject at Zenodo, see https://about.zenodo.org/privacy-policy.
Zenodo is operated by CERN, Esplanade des Particules 1, 1217 Meyrin, Switzerland. For details on CERN's privacy framework see https://privacy.web.cern.ch. CERN's data centres are primarily based in Switzerland, with deposited data files replicated in the European Union.
Codeberg organization
We maintain a Codeberg organization to collaborate on files or code and make them available publicly.
Codeberg is a software development platform powered by the open source Forgejo software. For further information about the software see https://forgejo.org.
If you participate in our work and have a user account with Codeberg, we may invite you to join our Codeberg organisation and teams. However, participation is voluntary, i.e., based on your consent. The owners and administrators of our Codeberg organization and teams do not have access to user accounts, nor do they influence how Codeberg uses the data therein; they can only see data that you show other Codeberg members in your profile. They merely add existing user accounts to our Codeberg organization or remove them, manage their roles and access rights within the Codeberg organization, and control whether their membership is visible or hidden. A Codeberg organization's membership list will also show whether you have set up two-factor authentication for your Codeberg account; we strongly encourage you to do so, to secure your account and the work on Codeberg that you collaborate in. For information on setting up two-factor authentication with Codeberg, see https://docs.codeberg.org/security/2fa. We reserve the right for the owners and administrators to remove user accounts from the Codeberg organization or to change their roles, which will not affect your user account outside of our Codeberg organization; vice versa, you may leave the Codeberg organization at any time by following Codeberg's instructions at https://docs.codeberg.org/collaborating/create-organization/#people.
We do not share your data with Codeberg for the purposes of managing our Codeberg organisation. Where you provide your data to Codeberg, for example by visiting its pages and downloading items from the platform or managing a user account, it acts as the sole data controller. For further information, including information on exercising your rights as a data subject at Codeberg, see https://codeberg.org/Codeberg/org/src/commit/4d7d0703dfd497a7be1e3c826abcbec5b3fee401/PrivacyPolicy.md.
Codeberg is operated by Codeberg e.V., Arminiusstraße 2 - 4, 10551 Berlin, Germany. It is primarily hosted on Codeberg e.V.'s own hardware based in the European Union. For certain tasks Codeberg uses resources operated for instance by netcup GmbH, Daimlerstraße 25, 76185 Karlsruhe, Germany and Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany, in ISO 27001 certified data centres that are also based in the European Union.
We maintain an online presence on LinkedIn to present our community and to communicate about our activities. LinkedIn is a service of LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland, a subsidiary of LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA. Interacting with our LinkedIn online presence is entirely optional, i.e., based on your consent, and entirely independent from any other engagement with our community or work.
In connection with our LinkedIn page, LinkedIn requires that we have an agreement in place as joint data controllers specifically regarding anonymised aggregated data LinkedIn provides us with by default (as of 06 June 2025): if you are logged into a LinkedIn account and interact with our LinkedIn page, LinkedIn will process data that you have provided to LinkedIn for a summary it shows us ("Page Insights"); via this means, LinkedIn does not provide us with data on individuals or enable us to link back to an individual user. LinkedIn takes responsibility for the provision of that summary. For the agreement, see https://www.linkedin.com/legal/l/page-joint-controller-addendum (as of 06 June 2025). Beyond that summary, we are only able to see data that you or LinkedIn have made publicly visible; that includes for example any interaction with further LinkedIn content of ours.
To provide us with that summary, LinkedIn uses both session cookies and persistent cookies. For further information about these cookies, other cookies and similar technologies that LinkedIn uses, please see LinkedIn's cookie policy at https://www.linkedin.com/legal/cookie-policy. We have no influence on tracking technologies that LinkedIn uses. To avoid tracking by LinkedIn, we recommend engaging with our community by other means.
Interacting with our online presence on LinkedIn might cause user data to be processed outside the European Union, Switzerland and the UK, particularly in the USA. We do not have access to affected user data, nor do we influence how LinkedIn processes it.
We do not share your data with LinkedIn. In particular, we do not use the LinkedIn Insight Tag or LinkedIn plugins on our website. We also do not use Lead Gen Forms on our LinkedIn page, and we do not accept applications via LinkedIn. Where you share data with LinkedIn, LinkedIn acts as the sole data controller. For further details, including information on exercising your rights as a data subject at LinkedIn, see https://www.linkedin.com/legal/privacy-policy.
Last updated 7 June 2025