Privacy Notice for JARDS - Application for Data Projects

English translation of this privacy notice

For your convenience we offer an English translation of this privacy notice. Only the German version is legally binding.

Privacy Policy

1. Name of the controller for the purposes of data protection legislation

Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Straße
52428 Jülich
Germany

2. Data protection officer

Frank Rinkens
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Strasse
52428 Jülich
Deutschland
Email: DSB@fz-juelich.de

3. Data collected when the online portal is accessed

3.1.1 Web server log files
Each time the website is accessed, the following personal data are saved temporarily in web server log files:
  1. IP address
  2. Date and time of query
  3. Time difference from GMT
  4. Website content
  5. Access status (HTTP status)
  6. Transmitted data volume
  7. Website that brought you to our website
  8. Web browser
  9. Operating system
  10. Language and version of browser
3.1.2 Cookies

Cookies are used to simplify authentication (login). They save a session ID in a text file on the computer of the user of this software, which enables their login status to be managed.

3.1.3 Login

There are several options for logging into the online portal. All login options along with collected and processed data are described in the following sub sections.

3.1.3.1 Email Callback

A temporary login link is sent to an email address given by the user. By following that link the user is logged in. As part of this procedure the email address and the initiation time of the email callback are saved as long as the user's session is active.

3.1.3.2 eduGAIN

The eduGAIN service is a federation for single sign on for various web services. Users are forwarded to their home organisations for authentication. If this is successful, a confirmation will be sent to the JARDS online portal, which is then able to login the user. During this login procedure all personal data is collected and processed according to the GÉANT Data Protection Code of Conduct Version 1.0 (http://www.geant.net/uri/dataprotection-code-of-conduct/v1). The Data Protection Code of Conduct defines rules for service providers collecting and processing personal data in the eduGAIN context. The user's email address used for login is saved as long as the session is active.

3.1.3.3 JSC Account

Users can enter a JSC account and password for immediate login. The infrastructure for these accounts is provided by Jülich Supercomputing Centre (JSC). JSC accounts can be used for several services offered at JSC. The online portal needs to check account name and password to be valid. The password is deleted immediately after validation, the JSC account along with the connected email address are stored as long as the session is active.

3.2 Purpose, legal basis

3.2.1 The purpose of storing log files temporarily is to detect disruptions and attacks and to deal with or avert them. The legal basis for this is Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR). The stated purpose also includes our legitimate interest in processing data pursuant to Art. (6)(1)(f) GDPR.

3.2.2 We use cookies to make our website more user-friendly. The legal basis for this is Art. 6(1)(f) GDPR. The stated purpose also includes our legitimate interest in processing data pursuant to Art. (6)(1)(f) GDPR.

3.3 Recipient

The data defined under 3.1.1 (web server log files) will not be transferred to government bodies or public authorities except in order to comply with mandatory national legislation or if the transfer of such data should be necessary in order to take legal action in cases of attacks on our IT infrastructure.

3.4 Retention periods

3.4.1 Web server log files are deleted seven days after website access.

3.4.2 Cookies are only stored for the duration of a browser session. Once the user logs out of the system, the cookies are deleted.

3.5 Failure to provide data, option to object and delete

The collection of data required for website provision and storing of these data in log files is essential for the operation of this website. Users who do not want their data to be processed as described cannot use this website.

Cookies are stored on the user's computer, which transmits them to us. As a user, you therefore have full control over the use of cookies - independent of the retention periods detailed here. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies stored on a computer may be deleted at any time. This can also be done automatically. Deactivating cookies for our website could limit the range of the website's functions.

4. Data collection during the application and review procedure

4.1 Data categories

a) Personal data
The following personal data are collected and saved on the PIs and application/project contacts (hereinafter persons of contact, PCs), as well as project partners:
  • Prof./Dr./Mr/Ms, first name(s), surname
  • Contact details: email address, telephone number
  • Institution
  • Institute
  • Business address
b) Application data
The following is a sample, non-exhaustive list of data that are collected depending on the intended use of the supercomputer:
  • Details of the scientific objective of the project
  • Acronym, if applicable
  • Resources requested
  • Project partners
For existing projects, additional data from the database may be assigned to the project. The following is a sample, non-exhaustive list of relevant data depending on the previous use of the supercomputer:
  • Approved resources
  • Project status
  • Local project ID, acronym, title
  • Project name
  • Project supervisors, employees of JSC

4.2 Purpose, legal basis:

Data are collected, processed, and used for the following purposes:

  • Submission of applications for data projects on JSC resources
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Review of applications for data projects on JSC resources
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Setting up and implementation of approved data project applications at JSC centres
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Simplification of applications for extensions for future peer-review processes
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Internal statistical purposes at JSC
    The legal basis for this is Art. 6(1)(f) GDPR.

4.3 Recipient

Data are collected by Jülich Supercomputing Centrs (JSC).

Personal data will not be transferred to government bodies or public authorities except in order to comply with mandatory national legislation or if the transfer of such data should be necessary in order to take legal action in cases of attacks on our IT infrastructure.

4.4 Retention periods

To simplify applications for extensions and for quality assurance in future peer-review processes, approved applications are stored for a maximum of five years after project completion with the exception of copies for archiving purposes in compliance with universally binding legal provisions. For the purposes of a full and reliable statement on the utilization of supercomputer resources, project data and thus also applications must be saved at least until the relevant computer system has been shut down.

4.5 Failure to provide data, option to object and delete

The provision of the aforementioned data is not required by law or by contract, nor is there any legal obligation to provide the data. However, the provision of the data is necessary for application submission, application review, and the implementation of projects via JARDS. This means that if JSC does not have access to the aforementioned data, projects cannot be implemented.

5. Your rights

You have the right to receive information at any time and free of charge on your saved data on your applications and projects, the origin and recipients of your data, the purpose of data processing, and the right to rectification, restriction, or erasure of data concerning you. An exception to this is information on the names of the technical and scientific reviewers of an application and parts of the relevant reviews that are not intended for PIs.

Insofar as the data processing is based on consent or on a contract, we draw your attention to it at the appropriate place. Should the data processing be carried out by automated means, you may have a right to data portability (Art. 20 GDPR).

You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data infringes the law. The supervisory authority responsible for JSC is Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (https://www.ldi.nrw.de/).

6. Validity and amendments

This privacy policy has immediate effect and replaces all previous policies. Further development may make it necessary to revise this privacy policy. We reserve the right to amend the privacy policy at any time with effect for the future and we advise you to inform yourself accordingly of the applicable privacy policy. A link to this policy is provided in the footer on the web pages concerning applications and peer reviews for data projects.

Date: February 2022

English translation of this privacy notice

For your convenience we offer an English translation of this privacy notice. Only the German version is legally binding.