English
Login

Legal Notices
Maintenance of legal notices

Privacy Policy for eLabFTW — Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH) — CIDS

For what purposes should personal data be processed?

The electronic lab notebook eLabFTW at TU Dresden enables the digital management of research data and their digital documentation via a web-based service. In order to use the service, the personal data listed below must be stored and processed. This personal data is processed exclusively for the purpose of providing and using the electronic lab notebook eLabFTW at TU Dresden. Members and affiliates of TU Dresden are enabled to use the electronic lab notebook eLabFTW at TU Dresden via their ZIH login in compliance with the relevant statutory and legal provisions on data protection and IT security.

Research data

The terms of use of the productive system of the electronic lab notebook eLabFTW at TU Dresden allow the administration of pseudonymized personal or otherwise protected research data of all protection classes. Users of the electronic lab notebook eLabFTW at TU Dresden are responsible for the content they post.

Who is responsible for data processing and to whom can data subjects turn?

Responsible in the sense of Art. 4 No. 7 GDPR is TUD Dresden University of Technology.

Responsible Department

Technische Universität Dresden
CIDS - Center for Interdisciplinary Digital Sciences
01062 Dresden

Tel.: +49 (0)351 463-40000
Email: servicedesk@tu-dresden.de

Data Protection Officer

Data Protection Officer of the TUD Dresden University of Technology
Mr Jens Syckor
01062 Dresden

Tel.: +49 (0)351 463-32839
Email: informationssicherheit@tu-dresden.de

What personal data is processed?

Depending on the type and scope of use of the electronic lab notebook, the following categories of personal data may be processed:

  • Master data: First name, last name, e-mail address, affiliation to force unit, affiliation to teams
  • Technical information: IP address, timestamp when entry is changed
  • Service settings
  • Usage and content data: Research equipment and research rooms

This information is collected by:

  • authentication/authorization via Shibboleth
  • Technically necessary cookies (session cookies) of the browser
  • Entering users/system administration

What is the legal basis for processing personal data?

The legal basis for data processing for the purposes stated here differs depending on the relationship of the user to the TU Dresden.

For students, Art. 6 para. 1 lit. a GDPR (consent) and § 12 para. 1 i.V.m. § 13 para. 2 SächsISichG.

For employees, Section 11 of the Saxon Data Protection Implementation Act (SächsDSDG) and Section 12 (1) in conjunction with Section 13 (2) SächsISichG apply. § 13 para. 2 SächsISichG.

How long is personal data stored?

  • Project data and documentation are stored on an ad hoc basis until they are no longer required. It is the responsibility of the team admins to determine whether this necessity still exists or whether data can be deleted.

Project data is all data that is saved in connection with a project in this ELN. Log data saves when which action was carried out.

  • Inventory data relating to user accounts is also stored in the same way as project data until it is no longer required.
  • Log data is deleted after three months unless it is anonymized.
  • Session cookies are deleted when the browser session ends.

Personal data relating to the use of the service will be deleted in accordance with Section 15 (4) of the TU Dresden IT Regulations no later than 15 months after the data subject leaves the university or in the event of revocation.

Is personal data transmitted to third parties?

Unless otherwise stipulated by law or you have expressly consented in individual cases, no personal data will be transferred to third parties.

Where is the (personal) data stored and processed?

The electronic lab notebook eLabFTW at TU Dresden stores all instance data in a MySQL database that can only be accessed by the system administrator. Files that are uploaded via the “Upload” function are stored on a group drive of the ZIH. Only the service owners of the eLabFTW service have access to this. The instance of the electronic lab notebook eLabFTW at TU Dresden runs as a virtual server in the Enterprise Cloud, provided by the ZIH. The authentication and authorization of users runs via the Shibboleth service, provided by the ZIH.

What are the basic rights of data subjects?

  • Right to voluntary nature and revocation (Art. 7 (3) GDPR)

    If the use of the services is based on consent, this consent can be revoked at any time in accordance with Art. 7 (3) GDPR with the consequence that the personal data of the person concerned will not be further processed. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

  • Right to information (Art. 15 GDPR)

    Data subjects have the right to obtain at any time information on the data processed concerning them and on the possible recipients of such data. They are entitled to receive a reply within a period of one month after submitting the request.

  • Right of correction, deletion and restriction (Art. 16 - 18 GDPR)

    The persons concerned may at any time request TUD Dresden University of Technology to correct or delete their personal data or to restrict the processing of such data.

  • Right to data transferability (Art. 20 GDPR)

    The persons concerned can demand that TUD Dresden University of Technology transfers their personal data to them in a machine-readable format. Alternatively, they may request that the personal data provided by you be transferred directly to another responsible party, as far as this is possible.

  • Right of objection (Art. 21 GDPR)

    Data subjects may object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them.

  • Right of appeal (Art. 77 GDPR)

    Data subjects can contact the Data Protection Officer of TUD Dresden University of Technology at any time and, in the case of a complaint under Art. 77 GDPR, a supervisory authority for data protection. The responsible supervisory authority for TUD Dresden University of Technology is:

    Sächsische Datenschutz- und Transparenzbeauftragte
    Frau Dr. Juliane Hundert
    Maternistraße 17
    01067 Dresden
    Email: post@sdtb.sachsen.de
    Telephone: +49 (0)351 85471-101
    www.datenschutz.sachsen.de

To exercise these rights, notification in text form (letter or email) to the controller is sufficient.