Privacy statement (GDPR)

With these data protection notices, Bielefeld University fulfils its obligation to provide information in accordance with Articles 13 & 14 of the EU General Data Protection Regulation (GDPR) on the above-mentioned processing of personal data. Terms such as "personal data", "processing", "data controller", "third party", etc. are used as defined in Article 4 GDPR.

§ 1 Contact Details

Bielefeld University, a legal entity under public law established by the state of North Rhine-Westphalia (NRW), is responsible for processing the data. It is represented by its rector, Prof. Dr. Ing. Gerhard Sagerer.

§ 1.1. Contact details of the data controller
§ 1.2. Technical contact person
§ 1.2. Contact details of the data protection officer
§ 2 General information on data processing and its purpose

We process the personal data of our users only to the extent necessary to provide a functioning website and its functionalities.

The following personal data is collected and stored within the system:

Master Data

Within the scope of user authentication the following personal data is collected and processed:

  • User name
  • E-Mail

Registration of the user is required for the provision of certain content and services within nopaque.

Protocol Data

In general, when a website is visited, for technical reasons information is automatically sent from the browser to the server and stored there in access protocols. When using a web application, additional protocol data is also generated, which is necessary for tracking technical errors. This information includes:

  • IP address
  • User account
  • Complete HTTP request URL
  • HTTP action (e.g. GET: call up a page, POST: send form data)
  • Access status (HTTP status code)
  • data volume retrieved
  • Date and time of the action
  • User-Agent string

Locally logged data will be used by the development team in order to debug and improve tools. This data can only be viewed by the technical administration and by the employees responsible for the nopaque platform. Data is stored for seven days to ensure proper technical operation and to find the cause of errors and is deleted afterwards.

Logged data may be used to understand how researchers are using the nopaque platform. To be able to use the data for research purposes, we reserve the right to store it in an anonymous and aggregated form for a longer period of time (up to two years after completion of the SFB 1288 INF project).

Cookies

Browsers store so-called cookies. Cookies are files that can be stored by the provider of a website in the directory of the browser program on the user's computer. These files contain text information and can be read again by the provider when the page is called up again. The provider can use these cookies, for example, to always deliver pages in the theme selected by the user.

The storage of cookies can be switched off in the browser settings or provided with an expiry time. By deactivating cookies, however, some functions that are controlled by cookies can then only be used to a limited extent or not at all.

NOPAQUE uses cookies for the following purposes:

  • Recognition of a user during a session in order to assign personal content and other user-defined settings.
  • Login Script with ‘Remember Me’ feature allows the user to preserve their logged in status. When the user checks the Remember Me option, then the logged in status is serialized in the session and stored in cookies in an encrypted way.
Content Data

The content data includes all data that is entered or created by users themselves in the system. This data is listed here because it is assigned to individual authors and may contain personal data. This may include: uploaded files, images, texts or other media files. Please note that files and scans submitted to NOPAQUE are stored in order to allow persistent access during a work session and between work sessions.

According to § 4 paragraph 2 of the General Terms of Use for the use of NOPAQUE at Bielefeld University, the users themselves are responsible for the content they post and must comply with the legal provisions of data protection. This includes in particular the deletion of personal data that may no longer be processed.

§ 3 Legal basis of the data processing

The legal basis for the processing of personal data for user authentication is Article 6 (1) letter e GDPR. The processing is carried out within the framework of the fulfilment of the tasks of Bielefeld University in accordance with HG NRW (NRW Higher Education Act), if necessary in connection with an order of the university to be named or by a special law, e.g. University Statistics Act, State Civil Servants Act, Staff Representation Act, Equal Opportunities Act.

The collection of personal data for user authentication is based on the consent of the data subjects as stated in Article 6 (1) letter a GDPR. The legal basis for the transmission of personal data is Article 6 (1) letter c GDPR.

§ 4 Data transmissions

Your personal data, which are processed by Bielefeld University for the purposes mentioned under 2. will not be transferred to third parties.

In individual cases, data may also be legally transmitted to third parties, for example, to law enforcement authorities for the investigation of criminal offences within the framework of the Code of Criminal Procedure (StPO). If technical service providers are given access to personal data, this is done on the basis of a contract in accordance with Article 28 GDPR.

§ 5 Duration of processing / data deletion

Data processed for user authentication are deleted immediately after account deletion.

§ 6 Your rights as a data subject

As a data subject, you have certain rights under GDPR that you may assert at any time:

  • the right to access information about whether or not personal data concerning you is processed, and if so, what categories of data are being processed (Article 15 GDPR),
  • the right to demand the rectification or completion of data concerning you (Article 16 GDPR),
  • the right to erasure of your personal data in accordance with Article 17 GDPR,
  • the right to demand the restriction of the processing of your data per Article 18 GDPR,
  • the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal (Article 7 (3) GDPR),
  • the right to object to the future processing of your data in accordance of Article 21 GDPR,
  • the right to receive personal data concerning you and your account in a structured, common and machine-readable format in accordance of Article 20 GDPR.

In addition to the aforementioned rights, you have the right to lodge a complaint with the data protection supervisory authority (Article 77 GDPR); for example, the university is under the supervision of the

  • North Rhine-Westphalia State Commissioner
  • for Data Protection and Freedom of Information
  • (Landesbeauftragte für Datenschutz und
  • Informationsfreiheit Nordrhein-Westfalen)
  • Kavalleriestraße 2-4
  • 40213 Düsseldorf, German