Privacy Notice for Data Derived from the English as a Lingua Franca in Academic Settings (ELFA) Corpus

1. Introduction
This Privacy Notice concerns the processing of personal data contained in the corpus obtained from the Language Bank of Finland (Kielipankki) used in this research, for which the rightsholder is Anna Mauranen. In accordance with the requirements of the Language Bank, the CLARIN RESTRICTED END-USER LICENSE, and the General Data Protection Regulation (GDPR), this notice outlines the purposes, legal basis, and conditions under which personal data is processed.

2. Data Controller
The controller of the personal data processed in this project is Ben Amiel
Address: Noordeinde 2E, 2311CD Leiden, Netherlands
Email: ben@academicunion.eu

3. Purpose of Processing
Personal data is processed solely for purposes intended to further research, knowledge, and insight, as can be seen in the research plan submitted to the Language Bank of Finland. Broadly, the research relates to non-native English speakers and linguistic phenomena during academic presentations. This use is compatible with the original purpose of the data as defined in the resource-specific license and data protection terms.

No part of the processing of any data for this research is to be used for profit.

4. Legal Basis for Processing
The processing of personal data in this project is based on Article 6(1)(e) GDPR – processing is necessary for the performance of a task carried out in the public interest. The body of literature in which this data has already been integrated, and the aim of building on such scholarship, both evince that the processing of the relevant personal data has a legal basis. Where necessary, Article 6(1)(a) GDPR (consent) may apply.

5. Description of Personal Data Processed
The data originates from the ELFA Corpus (English as a Lingua Franca in Academic Settings), available via the Language Bank of Finland. The resource includes transcribed academic speech and associated audio files, featuring speakers from diverse linguistic backgrounds. The corpus contains personal data and is labeled +PRIV in its license. No data has been collected directly from data subjects by the data controller.

6. Recipients of Personal Data
Personal data will not be disclosed to third parties, in strict compliance with the +NORED condition.

7. International Transfers
The data is not transferred outside the European Economic Area (EEA), unless explicitly permitted under the license terms and provided adequate safeguards in accordance with Chapter 5 GDPR are ensured.

8. Retention Period
Personal data will be retained only for the duration of the approved research purpose as specified in the research plan. After the lawful purpose ceases, all personal data will be irreversibly deleted in compliance with the +PRIV license condition and GDPR Article 5(1)(e).

9. Data Subject Rights
Data subjects have the right to access, rectify, restrict, or object to the processing of their data as outlined in GDPR Articles 15–21. Queries relating to personal data used in this project should be addressed to the Language Bank of Finland, which may forward them to the data controller.

10. Safeguards and Anonymization
During the research, appropriate technical and organizational measures are implemented to ensure data confidentiality and integrity, in line with GDPR Article 32. Any samples published in research outputs shall be anonymized. All measures, like pseudonymization, and any identifiers are generalized to prevent re-identification. All published excerpts will respect the privacy of the individuals represented in the corpus.

11. Publication of Privacy Notice
This privacy notice is published online and is accessible at: academicunion.eu/elfa-privacy-notice. This satisfies the requirement under the Language Bank guidelines and ensures transparency under GDPR Articles 12–14.

12. Contact and Complaints
For questions or concerns about this notice or the processing of your data, please contact the controller (Section 2). You also have the right to lodge a complaint with the competent data protection authority in your country of residence, place of work, or where the alleged infringement occurred. For example, in Finland, the supervisory authority is the Data Protection Ombudsman (tietosuoja.fi). In the Netherlands, it is the Data Protection Authority (autoriteitpersoonsgegevens.nl).