Privacy Notice for GCS-JARDS - Application for Computing Time

English translation of this privacy notice

For your convenience we offer an English translation of this privacy notice. Only the German version is legally binding.

Privacy Policy

1. Names of the controllers for the purposes of data protection legislation

Gauss Centre for Supercomputing e.V. (GCS)
Alexanderplatz 1
10178 Berlin
Deutschland

Universität Stuttgart (HLRS, Höchstleistungsrechenzentrum Stuttgart)
Nobelstr. 19 
70569 Stuttgart

Forschungszentrum Jülich GmbH (JSC, Jülich Supercomputing Centre)
Wilhelm-Johnen-Straße
52428 Jülich

Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften (LRZ)
Boltzmannstraße 1
85748 Garching bei München

2. Data protection officers

Data protection officer of GCS:
Frank Rinkens
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Strasse
52428 Jülich
Deutschland
Tel.: +49 2461 61-9005
E-Mail: dsb@gauss-centre.eu

Data protection officer of Universität Stuttgart:
Datenschutzbeauftragter der Universität Stuttgart
Breitscheidstraße 2
70174 Stuttgart
Deutschland
Telefon: +49 711 685 83687
E-Mail: datenschutz@uni-stuttgart.de

Data protection officer of JSC:
Frank Rinkens
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Strasse
52428 Jülich
Deutschland
Tel.: +49 2461 61-9005
E-Mail: DSB@fz-juelich.de

Data protection officer of LRZ:
Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften
Datenschutzbeauftragter
Boltzmannstraße 1
85748 Garching b. München
Deutschland
E-Mail: datenschutz@lrz.de

3. Data collected when the online portal is accessed

3.1.1 Web server log files
Each time the website is accessed, the following personal data are saved temporarily in web server log files (Responsible Authority: JSC, s. Verfahrensbeschreibung Ziffer 9 Zeile 1):
  1. IP address
  2. Date and time of query
  3. Time difference from GMT
  4. Website content
  5. Access status (HTTP status)
  6. Transmitted data volume
  7. Website that brought you to our website
  8. Web browser
  9. Operating system
  10. Language and version of browser
3.1.2 Cookies

Cookies are used to simplify authentication (login). They save a session ID in a text file on the computer of the user of this software, which enables their login status to be managed.

3.1.3 Login

There are several options for logging into the online portal. All login options along with collected and processed data are described in the following sub sections.

3.1.3.1 Email Callback

A temporary login link is sent to an email address given by the user. By following that link the user is logged in. As part of this procedure the email address and the initiation time of the email callback are saved as long as the user's session is active.

3.1.3.2 eduGAIN

The eduGAIN service is a federation for single sign on for various web services. Users are forwarded to their home organisations for authentication. If this is successful, a confirmation will be sent to the GCS-JARDS online portal, which is then able to login the user. During this login procedure all personal data is collected and processed according to the GÉANT Data Protection Code of Conduct Version 1.0 (http://www.geant.net/uri/dataprotection-code-of-conduct/v1). The Data Protection Code of Conduct defines rules for service providers collecting and processing personal data in the eduGAIN context. The user's email address used for login is saved as long as the session is active.

3.1.3.3 JSC Account

Users can enter a JSC account and password for immediate login. The infrastructure for these accounts is provided by Jülich Supercomputing Centre (JSC). JSC accounts can be used for several services offered at JSC. The online portal needs to check account name and password to be valid. The password is deleted immediately after validation, the JSC account along with the connected email address are stored as long as the session is active.

3.2 Purpose, legal basis

3.2.1 The purpose of storing log files temporarily is to detect disruptions and attacks and to deal with or avert them. The legal basis for this is Art. 6(1)(f) of the EU General Data Protection Regulation (GDPR). The stated purpose also includes our legitimate interest in processing data pursuant to Art. (6)(1)(f) GDPR.

3.2.2 We use cookies to make our website more user-friendly. The legal basis for this is Art. 6(1)(f) GDPR. The stated purpose also includes our legitimate interest in processing data pursuant to Art. (6)(1)(f) GDPR.

3.3 Recipient

The data defined under 3.1.1 (web server log files) will not be transferred to government bodies or public authorities except in order to comply with mandatory national legislation or if the transfer of such data should be necessary in order to take legal action in cases of attacks on our IT infrastructure.

3.4 Retention periods

3.4.1 Web server log files are deleted seven days after website access.

3.4.2 Cookies are only stored for the duration of a browser session. Once the user logs out of the system, the cookies are deleted.

3.5 Failure to provide data, option to object and delete

The collection of data required for website provision and storing of these data in log files is essential for the operation of this website. Users who do not want their data to be processed as described cannot use this website.

Cookies are stored on the user's computer, which transmits them to us. As a user, you therefore have full control over the use of cookies - independent of the retention periods detailed here. By changing the settings in your Internet browser, you can disable or restrict the transfer of cookies. Cookies stored on a computer may be deleted at any time. This can also be done automatically. Deactivating cookies for our website could limit the range of the website's functions.

4. Data collection during the application and review procedure

4.1 Data categories

a) Personal data
The following personal data are collected (Responsible Authority: JSC, s. Verfahrensbeschreibung Ziffer 9 Zeile 1) and saved (Responsible Authority: GCS, HLRS, JSC und LRZ, s. Verfahrensbeschreibung Ziffer 9 Zeilen 2, 3, 4) on the PIs and application/project contacts (hereinafter persons of contact, PCs), as well as project partners:
  • Prof./Dr./Mr/Ms, first name(s), surname
  • Contact details: email address, telephone number
  • Institution
  • Institute
  • Business address
b) Application data
The following is a sample, non-exhaustive list of data that are collected depending on the intended use of the supercomputer:
  • Details of the scientific objective of the project
  • Acronym, if applicable
  • Planned technical implementation of the project
  • List of other project applications submitted by the PIs, PCs, and project partners and their institutes
  • Resources requested
  • Specialization
  • Project partners
For existing projects, additional data from the database may be assigned to the project. The following is a sample, non-exhaustive list of relevant data depending on the previous use of the supercomputer:
  • Approved resources
  • Project status
  • Resources used
  • Reports (status report, final report)
  • Local project ID, GCS project ID/acronym, title
  • Project name
  • Project supervisors, employees of a GCS centre

4.2 Purpose, legal basis:

Data are collected, processed, and used for the following purposes:

  • Submission of applications for computing time on GCS resources
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Review of applications for computing time on GCS resources
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Setting up and implementation of computing time projects for approved computing time applications at GCS centres
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Simplification of applications for extensions for future peer-review processes for computing time
    The legal basis for this is Art. 6(1)(b) GDPR.

  • Internal statistical purposes at GCS
    The legal basis for this is Art. 6(1)(f) GDPR.

  • Exclusion of multiple applications
    The legal basis for this is Art. 6(1)(f) GDPR.

4.3 Recipient

Data are collected by GCS. Insofar as it is necessary to fulfil the stated purpose, the data are transferred between GCS and the three GCS centres as well as between the GCS centres themselves and corresponding reviewers for the technical and scientific reviews.

Personal data will not be transferred to government bodies or public authorities except in order to comply with mandatory national legislation or if the transfer of such data should be necessary in order to take legal action in cases of attacks on our IT infrastructure.

4.4 Retention periods

To simplify applications for extensions and for quality assurance in future peer-review processes for computing time, approved applications are stored for a maximum of five years after project completion with the exception of copies for archiving purposes in compliance with universally binding legal provisions. For the purposes of a full and reliable statement on the utilization of supercomputer resources, project data and thus also applications for computing time must be saved at least until the relevant computer system has been shut down.

4.5 Failure to provide data, option to object and delete

The provision of the aforementioned data is not required by law or by contract, nor is there any legal obligation to provide the data. However, the provision of the data is necessary for application submission, application review, and the implementation of projects via GCS-JARDS. This means that if GCS does not have access to the aforementioned data, projects cannot be implemented.

5. Your rights

You have the right to receive information at any time and free of charge on your saved data on your applications and projects, the origin and recipients of your data, the purpose of data processing, and the right to rectification, restriction, or erasure of data concerning you. An exception to this is information on the names of the technical and scientific reviewers of an application and parts of the relevant reviews that are not intended for PIs.

Insofar as the data processing is based on consent or on a contract, we draw your attention to it at the appropriate place. Should the data processing be carried out by automated means, you may have a right to data portability (Art. 20 GDPR).

You have the right to lodge a complaint with a supervisory authority if you are of the opinion that the processing of your personal data infringes the law. Supervising authorities are e.g. the Landesbeauftragte für Datenschutz und Informationsfreiheit Berlin, the Landesbeauftragte für Datenschutz und Informationsfreiheit Baden-Württemberg, the Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen or the Bayerische Landesbeauftragte für den Datenschutz.

6. Validity and amendments

This privacy policy has immediate effect and replaces all previous policies. Further development may make it necessary to revise this privacy policy. We reserve the right to amend the privacy policy at any time with effect for the future and we advise you to inform yourself accordingly of the applicable privacy policy. A link to this policy is provided in the footer on the web pages concerning applications and peer reviews for computing time.

Date: February 2022

English translation of this privacy notice

For your convenience we offer an English translation of this privacy notice. Only the German version is legally binding.