Privacy Policy
1. Name of the controller for the purposes of data protection legislation
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Straße
52428 Jülich
Germany
2. Data protection officer
Frank Rinkens
Forschungszentrum Jülich GmbH
Wilhelm-Johnen-Strasse
52428 Jülich
Deutschland
Email: DSB@fz-juelich.de
3. Data collected when the online portal is accessed
3.1.1 Web server log files
Each time the website is accessed, the following personal data are
saved temporarily in web server log files:
- IP address
- Date and time of query
- Time difference from GMT
- Website content
- Access status (HTTP status)
- Transmitted data volume
- Website that brought you to our website
- Web browser
- Operating system
- Language and version of browser
3.1.2 Cookies
Cookies are used to simplify authentication (login). They save a
session ID in a text file on the computer of the user of this software,
which enables their login status to be managed.
3.1.3 Login
There are several options for logging into the online portal.
All login options along with collected and processed data are
described in the following sub sections.
3.1.3.1 Email Callback
A temporary login link is sent to an email address given by the
user. By following that link the user is logged in. As part of this
procedure the email address and the initiation time of the email
callback are saved as long as the user's session is active.
3.1.3.2 eduGAIN
The eduGAIN service is a federation for single sign on for various
web services. Users are forwarded to their
home organisations for authentication. If this is successful, a
confirmation will be sent to the JARDS online portal, which is then able to
login the user. During this login procedure all personal data is
collected and processed according to the GÉANT Data Protection Code of
Conduct Version 1.0
(http://www.geant.net/uri/dataprotection-code-of-conduct/v1).
The Data Protection Code of Conduct defines rules for service
providers collecting and processing personal data in the eduGAIN
context. The user's email address used for login is saved as long as
the session is active.
3.1.3.3 JSC Account
Users can enter a JSC account and password for immediate
login. The infrastructure for these accounts is provided by Jülich
Supercomputing Centre (JSC). JSC accounts can be used for
several services offered at JSC. The online portal needs to check
account name and password to be valid. The password is deleted
immediately after validation, the JSC account along with the
connected email address are stored as long as the session is active.
3.2 Purpose, legal basis
3.2.1 The purpose of storing log files temporarily is to detect
disruptions and attacks and to deal with or avert them. The legal
basis for this is Art. 6(1)(f) of the EU General Data Protection
Regulation (GDPR). The stated purpose also includes our legitimate
interest in processing data pursuant to Art. (6)(1)(f) GDPR.
3.2.2 We use cookies to make our website more user-friendly.
The legal basis for this is Art. 6(1)(f) GDPR. The stated purpose also
includes our legitimate interest in processing data pursuant to Art.
(6)(1)(f) GDPR.
3.3 Recipient
The data defined under 3.1.1 (web server log files) will not be
transferred to government bodies or public authorities except in order
to comply with mandatory national legislation or if the transfer of
such data should be necessary in order to take legal action in cases of
attacks on our IT infrastructure.
3.4 Retention periods
3.4.1 Web server log files are deleted seven days after website
access.
3.4.2 Cookies are only stored for the duration of a browser
session. Once the user logs out of the system, the cookies are
deleted.
3.5 Failure to provide data, option to object and delete
The collection of data required for website provision and
storing of these data in log files is essential for the operation of
this website. Users who do not want their data to be processed as
described cannot use this website.
Cookies are stored on the user's computer, which transmits them
to us. As a user, you therefore have full control over the use of
cookies - independent of the retention periods detailed here. By
changing the settings in your Internet browser, you can disable or
restrict the transfer of cookies. Cookies stored on a computer may be
deleted at any time. This can also be done automatically. Deactivating
cookies for our website could limit the range of the website's
functions.
4. Data collection during the application and review procedure
4.1 Data categories
a) Personal data
The following personal data are collected and saved on the PIs and
application/project contacts (hereinafter persons of contact, PCs), as
well as project partners:
- Prof./Dr./Mr/Ms, first name(s), surname
- Contact details: email address, telephone number
- Institution
- Institute
- Business address
b) Application data
The following is a sample, non-exhaustive list of data that are
collected depending on the intended use of the supercomputer:
- Details of the scientific objective of the project
- Acronym, if applicable
- Planned technical implementation of the project
- List of other project applications submitted by the PIs, PCs,
and project partners and their institutes
- Resources requested
- Specialization
- Project partners
For existing projects, additional data from the database may be
assigned to the project. The following is a sample, non-exhaustive list
of relevant data depending on the previous use of the supercomputer:
- Approved resources
- Project status
- Resources used
- Reports (status report, final report)
- Local project ID, acronym, title
- Project name
- Project supervisors, employees of the "Earth System Modelling" project (ESM-project)
4.2 Purpose, legal basis:
Data are collected, processed, and used for the following purposes:
- Submission of applications for computing time on ESM partition
resources
The legal basis for this is Art. 6(1)(b) GDPR.
- Review of applications for computing time on ESM partition
resources
The legal basis for this is Art. 6(1)(b) GDPR.
- Setting up and implementation of computing time projects for
approved computing time applications
The legal basis for this is Art. 6(1)(b) GDPR.
- Simplification of applications for extensions for future
peer-review processes for computing time
The legal basis for
this is Art. 6(1)(b) GDPR.
- Internal statistical purposes
The legal
basis for this is Art. 6(1)(f) GDPR.
- Exclusion of multiple applications
The legal basis
for this is Art. 6(1)(f) GDPR.
4.3 Recipient
Data are collected by the ESM project.
Personal data will not be transferred to government bodies or
public authorities except in order to comply with mandatory national
legislation or if the transfer of such data should be necessary in
order to take legal action in cases of attacks on our IT
infrastructure.
4.4 Retention periods
To simplify applications for extensions and for quality assurance in
future peer-review processes for computing time, approved applications
are stored for a maximum of five years after project completion with
the exception of copies for archiving purposes in compliance with
universally binding legal provisions. For the purposes of a full and
reliable statement on the utilization of supercomputer resources,
project data and thus also applications for computing time must be
saved at least until the relevant computer system has been shut down.
4.5 Failure to provide data, option to object and delete
The provision of the aforementioned data is not required by law or by
contract, nor is there any legal obligation to provide the data.
However, the provision of the data is necessary for application
submission, application review, and the implementation of projects via
JARDS. This means that if the ESM project does not have access to the
aforementioned data, projects cannot be implemented.
5. Your rights
You have the right to receive information at any time and free
of charge on your saved data on your applications and projects, the
origin and recipients of your data, the purpose of data processing,
and the right to rectification, restriction, or erasure of data
concerning you. An exception to this is information on the names of
the technical and scientific reviewers of an application and parts of
the relevant reviews that are not intended for PIs.
Insofar as the data processing is based on consent or on a
contract, we draw your attention to it at the appropriate place.
Should the data processing be carried out by automated means, you may
have a right to data portability (Art. 20 GDPR).
You have the right to lodge a complaint with a supervisory authority if
you are of the opinion that the processing of your personal data
infringes the law. The supervisory authority
is Landesbeauftragte für Datenschutz und Informationsfreiheit
Nordrhein-Westfalen (https://www.ldi.nrw.de/).
6. Validity and amendments
This privacy policy has immediate effect and replaces all previous
policies. Further development may make it necessary to revise this
privacy policy. We reserve the right to amend the privacy policy at any
time with effect for the future and we advise you to inform yourself
accordingly of the applicable privacy policy. A link to this policy is
provided in the footer on the web pages concerning applications and
peer reviews for computing time.
Date: February 2022