3. Description of the Categories of Personal Data
The aim here is to describe the types of data (categories) that the project will collect from data subjects, and what specific purpose each one will fulfil. Whereas the general purpose of the project has been already explained in step 1, here you will describe each type of processed data, and will explain why each one of them is needed – you will provide their specific purposes.
For example, you may need to collect an individual’s email address because you will send them a gift for having completed a survey. Likewise, you may need to collect their age, gender, weight, because that information will be necessary to provide context to the survey responses.
| Description | Justification | Comments | |
| Email address | Necessary to send a gift certificate by email | Email information is stored separately and unlinked to survey responses | |
| age, gender, weight. | Necessary to provide context to the survey responses. |
Some data categories, when they all together fulfil the same purpose, can be bundled and listed all together as a single entry. For example, a name (identifying) and home address (contact) are necessary to invite data subjects to the study. Data may also be used for more than one purpose. For example, in addition to send invitations to participants, an address may also be used to link a participant to a specific geolocation.
| Description | Justification | Comments | |
| Name & address | Necessary to send invitations by post |
Name & address is processed separately to research data. Pseudonyms are used instead of names to identify participants | |
| address (4-digit postcode) |
Necessary to link a participant to a specific geolocation. | Only the four digit postcode information, extracted from the address, is used for locating the geolocation of the individual |
|
| Interview audio recordings |
Necessary to transcribe interview and conduct coding analysis. | Audio recordings are deleted after transcription |
|
| Information about the interactions, collaborations, and networks of data subjects within entrepreneurial ecosystems | Understanding the relationships and networks of data subjects provides insights into the dynamics and interconnectedness of entrepreneurial ecosystems | Data subjects’ interactions and networks will be discussed in aggregate, without revealing specific details that could readily identify individuals |
Special categories of personal data
This type of personal data is in principle prohibited to process, unless one of the GDPR Art. 9(2) exceptions apply. Of the exceptions listed there, explicit consent (Art. 9(2)(a)), data manifestly made public (Art. 9(2)(e)) and necessary for scientific purposes (Art. 9(2)(j)), would be the more appropriate ones to use for most research projects.
Special categories of personal data include the following types of data:
- Racial or ethnic origin;
- Political opinions;
- Religious or philosophical beliefs;
- Trade union membership;
- Genetic data;
- Biometric data for the purpose of uniquely identifying a person;
- Health data;
- Data about sexual behavior or sexual orientation
When a special category of personal data is included in the table, it must be indicated in the comments how one of the listed exceptions is applied.
| Description | Justification | Comments | |
| information about individuals’ sexual orientation, gender identity, preferences, behaviors, and any related activities or expressions | Understanding the sexual orientation and behaviors of participants is crucial for contextualizing their experiences within the LGBTQIA+ community and their activism for the preservation of cruising places. It provides insights into how individuals navigate their sexual identities, negotiate public spaces, and advocate for their rights | During the interview, before asking for this sensitive data, participants are directly asked for their explicit consent, which is collected orally on the spot. Participants are reassured that they can withhold any information they don’t want to share | |
| information about participants’ public activities, interactions, social status, and political affiliations. | Understanding participants’ public activities, social networks, and affiliations helps contextualize their experiences and sheds light on the broader socio-political landscape influencing their activism. | Participants are asked for their explicit consent as described above |
Previous: Description of Data Subjects | Next: Description of the Processing of Personal Data
- Description of the Project’s Purpose
- Description of Data Subjects
- Description of the Categories and Purposes of Personal Data
- Description of the Processing of Personal Data
- Description of Information Provided to Data Subjects
- Description of How Data Subjects Can Exercise Their Data Subject Rights
- Description of Lawful Basis for Processing
- Description of Measures to Ensure Compliance By Processors and/or Joint Controllers
- Description of Planned Transfers of Personal Data to Other Countries Outside the EU
- Obtaining, Consulting, and Dealing with Data Subjects’ Views of the Processing
- Preliminary Risk Assessment