Privacy statement (GDPR)

With these data protection notices, Bielefeld University fulfils its obligation to provide information in accordance with Articles 13 & 14 of the EU General Data Protection Regulation (GDPR) on the above-mentioned processing of personal data. Terms such as "personal data", "processing", "data controller", "third party", etc. are used as defined in Article 4 GDPR.

§ 1 Contact Details

Bielefeld University, a legal entity under public law established by the state of North Rhine-Westphalia (NRW), is responsible for processing the data. It is represented by its rector, Prof. Dr. Angelika Epple.

§ 1.1. Contact details of the data controller
§ 1.2. Technical contact person
§ 1.2. Contact details of the data protection officer
§ 2 General information on data processing and its purpose

We process the personal data of our users only to the extent necessary to provide a functioning website and its functionalities. Collecting this information enables us to better diagnose problems with the application, provide support more effectively as well as ensure the continuous functionality of the service.

The following (personal) data is collected and stored within the system:

Master Data

Within the scope of user authentication, the following personal data is collected and processed:

  • User name
  • E-Mail

The registration of users is required for the provision of access to services within NOPAQUE. The freely selectable username and the corresponding email address is used to persistently identify you in NOPAQUE. The provided email address might be used to contact you in case we noticed some malfunction, to announce maintenance, or to spread important information regarding Nopaque. If you reset your password, Nopaque will use your email address to send you reset instructions via email. Nopaque does not show your email address and the username to other Nopaque users per default – except, if user gave the permission to do so, according to § 7 paragraph 1 of the General Terms of Use for the use of NOPAQUE.

Protocol and administrative data

In general, when a website is visited, for technical reasons information is automatically sent from the browser to the server and stored there in access protocols. When using a web application, additional protocol data is also generated, which is necessary for tracking technical errors. This information includes:

  • IP address
  • Complete HTTP request URL
  • HTTP action (e.g. GET: call up a page, POST: send form data)
  • Access status (HTTP status code)
  • Date and time of the action

Protocol data will be used by the development team in order to debug and improve the included tools. This data can only be viewed by the technical administration and by the employees responsible for the NOPAQUE platform. Protocol data is not directly associated with a user account. NOPAQUE deletes all this information when it gets more than six months old.


Further administrative data, which is essentially needed – to enable a proper user registration and user management functionalities:

  • Attributes member_since and last_seen: for system cleaning purposes and detection of fake accounts
  • Attribute confirmed: This attribute indicates whether the account has been activated via e-mail. This type of activation ensures that the stored e-mail address actually exists.
  • Attribute terms_of_use_accepted: To verify that the terms of use have been accepted by the user. This attribute is set to false when the terms of use has changed. After the user has logged in again, the user is asked to accept the new terms of use.
Cookies

Cookies: Browsers store so-called cookies. Cookies are files that can be stored by the provider of a website in the directory of the browser program on the user's computer. These files contain text information and can be read again by the provider when the page is called up again. The provider can use these cookies, for example, to always deliver pages in the theme selected by the user.

The storage of cookies can be switched off in the browser settings or provided with an expiry time. By deactivating cookies, however, some functions that are controlled by cookies can then only be used to a limited extent or not at all.


NOPAQUE uses functionality cookies which deliver certain functions and allow to remember important information and user’s preferences:

  • session: Recognition of a user during a session in order to assign personal content and other user-defined settings. The session cookie is deleted after closing the browser session.
  • remember_token: Login script with ‘remember me’ feature allowing the user to preserve their logged in status. When the user checks the Remember Me option, then the logged in status is serialized in the session and stored in cookies in an encrypted way.

Cookies collected by NOPAQUE do not collect personal information of the users.

Content Data

The content data includes all data that is entered or created by users themselves in the system. This data is listed here because it is assigned to individual authors and may contain personal data. This may include: uploaded files, images, text documents, other media files and (interim) results after data processing and computations. Please note that files and scans submitted to NOPAQUE are safely stored on the NOPAQUE server in order to allow persistent access during a work session and between work sessions.


According to § 4 paragraph 1 - 3 of the General Terms of Use for the use of NOPAQUE at Bielefeld University, the users themselves are responsible for the content they upload and must comply with the legal provisions of data protection and copyright law. This includes in particular the deletion of personal data that may no longer be processed.

User-added Information (optional)

NOPAQUE also stores optionally user-added personal information, like user’s profile information (full name, affiliation) and user’s added profile photo (avatar).

§ 3 Legal basis of the data processing

The legal basis for the processing of personal data for user authentication is Article 6 (1) letter e GDPR. The processing is carried out within the framework of the fulfilment of the tasks of Bielefeld University in accordance with HG NRW (NRW Higher Education Act), if necessary in connection with an order of the university to be named or by a special law, e.g. University Statistics Act, State Civil Servants Act, Staff Representation Act, Equal Opportunities Act.

The collection of personal data for user authentication is based on the consent of the data subjects as stated in Article 6 (1) letter a GDPR. The legal basis for the transmission of personal data is Article 6 (1) letter c GDPR.

§ 4 Data transmissions and sharing of your data

Your personal data, which are processed by Bielefeld University for the purposes mentioned under 2 A - D will not be transferred to third parties.


In individual cases, data may also be legally transmitted to third parties, for example, to law enforcement authorities for the investigation of criminal offences within the framework of the Code of Criminal Procedure (StPO). If technical service providers are given access to personal data, this is done on the basis of a contract in accordance with Article 28 GDPR.


NOPAQUE centrally bundles sophisticated data processing functionalities related to Digital Humanities (for example: pattern recognition or text mining) on its platform which are offered by third parties on external platforms. No personal data is passed on to third parties - only content data which is sent anonymously to the APIs of the third-party tools. The results of the calculations are then sent back to NOPAQUE and saved as results in user’s account.


For personal data mentioned under 2 E the following applies: we do not share your personal data with third parties unless you have given your consent. This consent is given if the user actively makes his profile public in NOPAQUE. As consequence, user-added information (as listed under point 2E of this declaration) and, if applicable, a listing of public corpora with metadata is then made visible to other NOPAQUE users.

§ 5 Duration of processing of your data and data retention

Data processed for user authentication, all personal data and contents uploaded by the user (listed in 2) are deleted immediately after account deletion.

§ 6 Your data protection rights and choices as NOPAQUE user

As a data subject, you have certain rights under GDPR that you may assert at any time:

  • the right to access information about whether or not personal data concerning you is processed, and if so, what categories of data are being processed (Article 15 GDPR),
  • the right to demand the rectification or completion of data concerning you (Article 16 GDPR),
  • the right to erasure of your personal data in accordance with Article 17 GDPR,
  • the right to demand the restriction of the processing of your data per Article 18 GDPR,
  • the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal (Article 7 (3) GDPR),
  • the right to object to the future processing of your data in accordance of Article 21 GDPR,
  • the right to receive personal data concerning you and your account in a structured, common and machine-readable format in accordance of Article 20 GDPR.

In addition to the aforementioned rights, you have the right to lodge a complaint with the data protection supervisory authority (Article 77 GDPR); for example, the university is under the supervision of the

  • North Rhine-Westphalia State Commissioner
  • for Data Protection and Freedom of Information
  • (Landesbeauftragte für Datenschutz und
  • Informationsfreiheit Nordrhein-Westfalen)
  • Kavalleriestraße 2-4
  • 40213 Düsseldorf, German