Privacy Policy for the Daphona Portal

Daphona Portal can be accessed via the portal: https://tmatrix.scc.kit.edu/ .

1. Personal Data

If you use the service of Daphona Portal, we will process your personal data. According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data are all data relating to an identified or identifiable natural person.

2. Controller

Controller of the data processing on this website according to Art. 4, par. 7 GDPR as well as other data protection regulations:

• Karlsruhe Institute of Technology (KIT)
• Kaiserstraße 12
• 76131 Karlsruhe
• Germany
• Phone: +49 721 608-0
• Fax: +49 721 608-44290
• E-mail: info@kit.edu

The Karlsruhe Institute of Technology is a corporation governed by public law, represented by its acting president Prof. Dr. Jan Hesthaven.
Our Data Protection Officer can be contacted at datenschutzbeauftragter@kit.edu or by ordinary mail with “Die Datenschutzbeauftragte” (the data protection officer) being indicated on the envelope.

3. Data Processing

When you login to the service, we collect the following personal data from your remote identity provider (Helmholtz Authentication and Authorisation Infrastructure):

• email address
• full name
• user unique identifier
• username
• last login
• accepted user policies
• date of registration

In addition the service automatically collects the following log information, for example: IP address, computer type, screen resolution, OS version, domain name, location, date and time of the visit, page(s) visited, time spent on a page. Some of this information is provided directly by the user's browser, the remainder is obtained through cookies and tracking technologies. In case you upload data the association between you and your datasets is stored. The personal data retrieved from the external identity provider is necessary to map you to the Daphona Portal account, contact you and provide a comfortable interface. Your name and email address is only visibe to the Daphona Portal team in order to process your requests.
When you log in to the service we store a cookie on your device. Cookies are small text files stored in your computer system by the browser used by you, through which we (the server of our website) obtain certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make internet offers more user-friendly, more effective, and quicker. It is distinguished between session cookies (transient cookies) and permanent (persistent) cookies.
Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to our website. Session cookies are deleted when you log out or close the browser.
We use session cookies exclusively. We do not use any persistent cookies or flash cookies.
You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of this website may be limited.

4. Legal Basis

The legal basis for the processing is Art. 6, par. 1, clause 1, (b), clause 3, (b) GDPR in conjunction with Section 4 Landesdatenschutzgesetz Baden-Württemberg (State data protection act of the state of Baden-Württemberg).
The legal basis for the information you provide voluntarily is your consent in accordance with Art. 6, par. 1, clause 1, (a) GDPR. The consent is voluntary. There are no disadvantages if it is denied or withdrawn.

5. Data Storage

Your personal data will be stored at the Data Controller's site for as long as necessary to provide the service and there are statutory storage requirements. After expiry of the statutory retention periods your data will be deleted unless you have expressly consented to any further use of the data. In general, the data is deleted after one month.

6. Scientific data submission via the website

The website of Daphona Portal contains a web application to submit scientific datasets to be stored in the Daphona Portal database. During upload of datasets, the personal data transmitted by the data uploader are automatically stored. Such personal data are stored for the purpose of processing or contacting the data owner.
To successfully submit scientific datasets to Daphona Portal, the data uploader has to provide some additional personal data (e.g., name of authors and co-authors) to allow correct citation of those datasets in the scientific community. This information will be made available to the public after the submission process through dataset metadata (in XML or JSON format and via the Daphona Portal website). This is a requirement of scientific publishing. Scientific data publications including the aforementioned personal data may be consumed by third parties (e.g., libraries, data portals) using Daphona Portal's metadata and data services.
By submitting scientific data to Daphona Portal, the data uploader agrees with publishing those datasets in the public interest, for scientific or historical research purposes or for statistical purposes according to Art. 9(2) lit. j GDPR and Art. 89 GDPR.

7. Your Rights

Personal data can be accessed and reviewed in your account settings. To rectify the data released by Daphona Portal, please update them at Daphona Portal portal.
To request an account deletion, please contact the Daphona Portal Team under https://tmatrix.scc.kit.edu/ and provide your email address and your full name.
According to Art. 7 par. 3 GDPR you have the right to withdraw your consent at any time with effect for the future. The withdrawal may also refer to parts of your consent.
In Addition you have the following rights:

• Right of access (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to object to data processing (Article 21 GDPR)

You have the right to complain about the processing of your personal data by us with a supervisory authority (Art. 77 GDPR).
In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Art. 12, par. 5 GDPR).
In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Art. 12, par. 6 GDPR).