Privacy Policy

SDU RIO Analytics Lite Privacy Policy

v1.1 - Date: 19.04.2021


For the purposes of this Privacy Policy, the terms “processor”, “controller”, “third party”, “personal data”, “processing”, “data subject” shall have the meaning ascribed to them by the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679 and Directive 95/46/EC).

In addition, for the purposes of the present, the following definitions shall also apply:

“User”- the individual using SDU-Lite online service, who coincides with the data subject.

“Service provider” - the University of Southern Denmark (henceforth SDU)

“SDU-Lite” - the means by which the Personal Data of the User is collected and processed.

“Service” - the service provided by SDU as described in the relative terms (if available) and on this website/application.


SDU provides free online services on the SDU-Lite platform. SDU places particular emphasis on the security of personal data and the protection of the data subject. For this reason, SDU has introduced this Personal Data Policy for SDU-Lite.

This privacy policy will explain how SDU uses the personal data SDU-Lite collects from the User.

As a data subject, you must be aware that your personal data is collected and maintained by SDU-Lite for a certain period and for specified, explicit and legitimate purposes. Personal data shall be treated fairly and in a transparent manner in accordance with the applicable legal framework and in such a way as to guarantee the key data protection principles, namely:

  • Lawfulness, fairness and transparency
  • Processing within the legitimate purpose limits
  • Data minimization
  • Accuracy
  • Storage Limitation
  • Integrity and confidentiality (security)
  • Accountability

Data Controllers and Processors:

The personal data controllers for the purpose of the operation of the following services:

  1. SDU-Lite Login service: SDU-Lite Login service uses the ORCID SSO & ORCID Public API. SDU-Lite Login uses ORCID Profile public information to allow user access to SDU-Lite services.
  2. SDU-Lite Website:

of the specified below personal data processing are as follows:

For the SDU-Lite Login:


10411 Motor City Dr #750, Bethesda, MD 20817, United States

ORCID Privacy Policy:

Contact ORCID:

For the SDU-Lite Website:

University of Southern Denmark

Campusvej 55, 5230 Odense, Denmark


Henceforth, “the controllers”.

The controllers may modify this policy to achieve a better protection of personal data by announcing any such modification through its website. Any modification of the present Privacy Policy will take immediate effect after its publication on SDU-Lite.

By navigating and using SDU-Lite, the User acknowledges that they have read, understood and unconditionally accepted this Privacy Policy.

For any further explanation, you may contact the Data Protection Officer (DPO) of the University of Southern Denmark and the respective data controllers and processors by sending an e-mail to:

  1. For ORCID:
  2. For SDU-Lite:

What data do we collect?

SDU-Lite collects, processes and stores the following data from the User:

  • Personal identification information visible to “everyone” on the User ORCID profile (First Name, Last name, email address associated with public ORCID profile, ORCID number)
  • ORCID employment data if it is visible to “everyone” on your ORCID profile (current employer)
  • SDU-Lite-computed data related to the User research field and based on their public ORCID profile
  • Service usage data
  • Cookies

In addition, SDU-Lite processes the following data:

  • Publications (“works”) that are visible to “everyone” in the User ORCID profile

SDU-Lite does not collect, process or gain access in any way to specific data categories, as set forth in the provisions of the legislation in force (in particular data relating to racial or ethnic origin, religion, health data, etc.). In the event that a "User" sends such special category data when providing feedback or answering a customer survey, it will be removed or deleted as soon as the SDU-Lite support team becomes aware of it.

How do we collect your data?

SDU-Lite receives most of the User indirectly from the following sources:

  • Information visible to “everyone” from ORCID public profile

For more information on your ORCID public profile and how to manage the visibility and sharing of the information on your ORCID profile, you can visit the ORCID Privacy Policy webpage.

The User may also directly provide SDU-Lite with data when the User:

  • Use our website.
  • Voluntarily complete a customer survey or provide feedback on any of our contact forms, message boards or via email.
  • Use or view our website via your browser’s cookies.
  • Request direct registration to our services as an alternative to ORCID SSO.

What do we use your information for?

Any of the information SDU-Lite collects from the User may be used in one of the following ways:

  • Manage the User account.
  • To personalize the User experience — User data helps us to provide the User with more services and better respond to the User individual needs.
  • To improve SDU-Lite website — SDU-Lite continually strives to improve its site offerings based on the information and feedback received from the Users.
  • To send emails and provide User support — The email address provided by the User may be used to send information, notifications requested by the User about changes to the User account, respond to inquiries, and/or other requests or questions.
  • To improve User support — User data helps us to more effectively respond to the User customer service requests and support needs.

If you agree, SDU-Lite may share (or sell) anonymized processed data and usage data with third parties.

How do we store your data?

SDU-Lite relies on Microsoft Azure Web Cloud services to securely store and process your personal data. Your personal data is stored and processed on a dedicated Azure data center set in Western Europe, abiding by EU laws.

Microsoft Corporation

One Microsoft Way, Redmond, WA 98052-6399, United States

Contact: @AzureSupport

What is our data retention policy?

SDU-Lite will keep your personal data for as long as you use SDU-Lite services. If the user does not connect at least once within six months, the user account will be flagged as “inactive”. The User will then be notified by email to either connect to its account to keep it active or discard the email notification. If the User discards the email notification, the User personal data will be deleted and the User usage data will be anonymized within a period of one month following the notification.

The rights of Users

Users may exercise certain rights regarding their Data processed and stored by SDU-Lite.

In particular, Users have the right to do the following:

  • Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
  • Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
  • Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
  • Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
  • Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
  • Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.

Details about the right to object to processing.

Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Service Provider or for the purposes of the legitimate interests pursued by the Service Provider, Users may object to such processing by providing a ground related to their particular situation to justify the objection.

Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn whether the Service Provider is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.

How to exercise these rights

Any requests to exercise User rights can be directed to SDU or SDU-Lite through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.

Do we use cookies?

This website uses first party cookies for operational purposes (to authenticate on this site) and third-party cookies to measure audiences.

You can review our Cookies Policy to find out more on how we use cookies and how you can change your settings.

Occasionally, at our discretion, we may include or offer third party products or services on our site. These third party sites have separate and independent privacy policies. We therefore have no responsibility or liability for the content and activities of these linked sites. Nonetheless, we seek to protect the integrity of our site and welcome any feedback about these sites.

Online Privacy Policy Only

This online privacy policy applies only to information collected through our site and not to information collected offline.

By using our site, you consent to the present privacy policy.


Consent for the processing and use of personal data is voluntary and can be revoked at any time with effect for the future. The revocation must be made in writing via SDU-Lite contact form.