Privacy Policy
1. Names of the controllers for the purposes of data protection legislation
Gauss Centre for Supercomputing e.V. (GCS)
Alexanderplatz 1
10178 Berlin
Deutschland
Universität Stuttgart (HLRS, Höchstleistungsrechenzentrum Stuttgart)
Nobelstr. 19
70569 Stuttgart
Forschungszentrum Jülich GmbH (JSC, Jülich Supercomputing Centre)
Wilhelm-Johnen-Straße
52428 Jülich
Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften (LRZ)
Boltzmannstraße 1
85748 Garching bei München
2. Data protection officers
Data protection officer of GCS:
Frank Rinkens
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Strasse
52428 Jülich
Deutschland
Tel.: +49 2461 61-9005
E-Mail: dsb@gauss-centre.eu
Data protection officer of Universität Stuttgart:
Datenschutzbeauftragter der Universität Stuttgart
Breitscheidstraße 2
70174 Stuttgart
Deutschland
Telefon: +49 711 685 83687
E-Mail: datenschutz@uni-stuttgart.de
Data protection officer of JSC:
Frank Rinkens
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Strasse
52428 Jülich
Deutschland
Tel.: +49 2461 61-9005
E-Mail: DSB@fz-juelich.de
Data protection officer of LRZ:
Leibniz-Rechenzentrum der Bayerischen Akademie der Wissenschaften
Datenschutzbeauftragter
Boltzmannstraße 1
85748 Garching b. München
Deutschland
E-Mail: datenschutz@lrz.de
3. Data collected when the online portal is accessed
3.1.1 Web server log files
Each time the website is accessed, the following personal data are
saved temporarily in web server log files (Responsible Authority: JSC, s. Verfahrensbeschreibung Ziffer 9 Zeile 1):
- IP address
- Date and time of query
- Time difference from GMT
- Website content
- Access status (HTTP status)
- Transmitted data volume
- Website that brought you to our website
- Web browser
- Operating system
- Language and version of browser
3.1.2 Cookies
Cookies are used to simplify authentication (login). They save a
session ID in a text file on the computer of the user of this software,
which enables their login status to be managed.
3.1.3 Login
There are several options for logging into the online portal.
All login options along with collected and processed data are
described in the following sub sections.
3.1.3.1 Email Callback
A temporary login link is sent to an email address given by the
user. By following that link the user is logged in. As part of this
procedure the email address and the initiation time of the email
callback are saved as long as the user's session is active.
3.1.3.2 eduGAIN
The eduGAIN service is a federation for single sign on for various
web services. Users are forwarded to their
home organisations for authentication. If this is successful, a
confirmation will be sent to the GCS-JARDS online portal, which is then able to
login the user. During this login procedure all personal data is
collected and processed according to the GÉANT Data Protection Code of
Conduct Version 1.0
(http://www.geant.net/uri/dataprotection-code-of-conduct/v1).
The Data Protection Code of Conduct defines rules for service
providers collecting and processing personal data in the eduGAIN
context. The user's email address used for login is saved as long as
the session is active.
3.1.3.3 JSC Account
Users can enter a JSC account and password for immediate
login. The infrastructure for these accounts is provided by Jülich
Supercomputing Centre (JSC). JSC accounts can be used for
several services offered at JSC. The online portal needs to check
account name and password to be valid. The password is deleted
immediately after validation, the JSC account along with the
connected email address are stored as long as the session is active.
3.2 Purpose, legal basis
3.2.1 The purpose of storing log files temporarily is to detect
disruptions and attacks and to deal with or avert them. The legal
basis for this is Art. 6(1)(f) of the EU General Data Protection
Regulation (GDPR). The stated purpose also includes our legitimate
interest in processing data pursuant to Art. (6)(1)(f) GDPR.
3.2.2 We use cookies to make our website more user-friendly.
The legal basis for this is Art. 6(1)(f) GDPR. The stated purpose also
includes our legitimate interest in processing data pursuant to Art.
(6)(1)(f) GDPR.
3.3 Recipient
The data defined under 3.1.1 (web server log files) will not be
transferred to government bodies or public authorities except in order
to comply with mandatory national legislation or if the transfer of
such data should be necessary in order to take legal action in cases of
attacks on our IT infrastructure.
3.4 Retention periods
3.4.1 Web server log files are deleted seven days after website
access.
3.4.2 Cookies are only stored for the duration of a browser
session. Once the user logs out of the system, the cookies are
deleted.
3.5 Failure to provide data, option to object and delete
The collection of data required for website provision and
storing of these data in log files is essential for the operation of
this website. Users who do not want their data to be processed as
described cannot use this website.
Cookies are stored on the user's computer, which transmits them
to us. As a user, you therefore have full control over the use of
cookies - independent of the retention periods detailed here. By
changing the settings in your Internet browser, you can disable or
restrict the transfer of cookies. Cookies stored on a computer may be
deleted at any time. This can also be done automatically. Deactivating
cookies for our website could limit the range of the website's
functions.
4. Data collection during the application and review procedure
4.1 Data categories
a) Personal data
The following personal data are collected (Responsible Authority: JSC, s. Verfahrensbeschreibung Ziffer 9 Zeile 1)
and saved (Responsible Authority: GCS, HLRS, JSC und LRZ, s. Verfahrensbeschreibung Ziffer 9 Zeilen 2, 3, 4)
on the PIs and application/project contacts (hereinafter persons of contact, PCs), as
well as project partners:
- Prof./Dr./Mr/Ms, first name(s), surname
- Contact details: email address, telephone number
- Institution
- Institute
- Business address
b) Application data
The following is a sample, non-exhaustive list of data that are
collected depending on the intended use of the supercomputer:
- Details of the scientific objective of the project
- Acronym, if applicable
- Planned technical implementation of the project
- List of other project applications submitted by the PIs, PCs,
and project partners and their institutes
- Resources requested
- Specialization
- Project partners
For existing projects, additional data from the database may be
assigned to the project. The following is a sample, non-exhaustive list
of relevant data depending on the previous use of the supercomputer:
- Approved resources
- Project status
- Resources used
- Reports (status report, final report)
- Local project ID, GCS project ID/acronym, title
- Project name
- Project supervisors, employees of a GCS centre
4.2 Purpose, legal basis:
Data are collected, processed, and used for the following purposes:
- Submission of applications for computing time on GCS
resources
The legal basis for this is Art. 6(1)(b) GDPR.
- Review of applications for computing time on GCS resources
The legal basis for this is Art. 6(1)(b) GDPR.
- Setting up and implementation of computing time projects for
approved computing time applications at GCS centres
The
legal basis for this is Art. 6(1)(b) GDPR.
- Simplification of applications for extensions for future
peer-review processes for computing time
The legal basis for
this is Art. 6(1)(b) GDPR.
- Internal statistical purposes at GCS
The legal
basis for this is Art. 6(1)(f) GDPR.
- Exclusion of multiple applications
The legal basis
for this is Art. 6(1)(f) GDPR.
4.3 Recipient
Data are collected by GCS. Insofar as it is necessary to fulfil the
stated purpose, the data are transferred between GCS and the three GCS
centres as well as between the GCS centres themselves and corresponding
reviewers for the technical and scientific reviews.
Personal data will not be transferred to government bodies or
public authorities except in order to comply with mandatory national
legislation or if the transfer of such data should be necessary in
order to take legal action in cases of attacks on our IT
infrastructure.
4.4 Retention periods
To simplify applications for extensions and for quality assurance in
future peer-review processes for computing time, approved applications
are stored for a maximum of five years after project completion with
the exception of copies for archiving purposes in compliance with
universally binding legal provisions. For the purposes of a full and
reliable statement on the utilization of supercomputer resources,
project data and thus also applications for computing time must be
saved at least until the relevant computer system has been shut down.
4.5 Failure to provide data, option to object and delete
The provision of the aforementioned data is not required by law or by
contract, nor is there any legal obligation to provide the data.
However, the provision of the data is necessary for application
submission, application review, and the implementation of projects via
GCS-JARDS. This means that if GCS does not have access to the
aforementioned data, projects cannot be implemented.
5. Your rights
You have the right to receive information at any time and free
of charge on your saved data on your applications and projects, the
origin and recipients of your data, the purpose of data processing,
and the right to rectification, restriction, or erasure of data
concerning you. An exception to this is information on the names of
the technical and scientific reviewers of an application and parts of
the relevant reviews that are not intended for PIs.
Insofar as the data processing is based on consent or on a
contract, we draw your attention to it at the appropriate place.
Should the data processing be carried out by automated means, you may
have a right to data portability (Art. 20 GDPR).
You have the right to lodge a complaint with a supervisory authority if
you are of the opinion that the processing of your personal data
infringes the law.
Supervising authorities are e.g. the Landesbeauftragte für Datenschutz und
Informationsfreiheit Berlin, the Landesbeauftragte für Datenschutz und
Informationsfreiheit Baden-Württemberg, the Landesbeauftragte für
Datenschutz und Informationsfreiheit Nordrhein-Westfalen or the
Bayerische Landesbeauftragte für den Datenschutz.
6. Validity and amendments
This privacy policy has immediate effect and replaces all previous
policies. Further development may make it necessary to revise this
privacy policy. We reserve the right to amend the privacy policy at any
time with effect for the future and we advise you to inform yourself
accordingly of the applicable privacy policy. A link to this policy is
provided in the footer on the web pages concerning applications and
peer reviews for computing time.
Date: February 2022