English
Login

Data Protection Statements (Maintenance of data protection statements)

Privacy Policy for Demo system eLabFTW — Zentrum für Informationsdienste und Hochleistungsrechnen (ZIH) — CIDS

For what purpose will personal data be processed?

The electronic lab notebook eLabFTW at TUD Dresden University of Technology enables the digital management of research data and their digital documentation via a web-based service. In order to use the service, the personal data listed below must be stored and processed. This personal data is processed exclusively for the purpose of providing and using the electronic lab notebook eLabFTW at TUD Dresden University of Technology. Members and affiliates of TUD Dresden University of Technology are enabled to use the electronic lab notebook eLabFTW at TUD Dresden University of Technology via their ZIH login in compliance with the relevant statutory and legal provisions on data protection and IT security.

Research data

The terms of use of the demo system of the electronic lab notebook eLabFTW at TUD Dresden University of Technology prohibit the management of personal or otherwise sensitive research data. The users of the demo system of the electronic lab notebook eLabFTW at TUD Dresden University of Technology are themselves responsible for the content posted.

Who is responsible for data processing and to whom can data subjects turn?

Responsible in the sense of Art. 4 No. 7 GDPR is TUD Dresden University of Technology.

Responsible Department

Technische Universität Dresden
CIDS - Center for Interdisciplinary Digital Sciences
01062 Dresden

Tel.: +49 (0)351 463-40000
Email: servicedesk@tu-dresden.de

Data Protection Officer

Data Protection Officer of the TUD Dresden University of Technology
Mr Jens Syckor
01062 Dresden

Tel.: +49 (0)351 463-32839
Email: informationssicherheit@tu-dresden.de

Which personal data will be processed?

Depending on the type and scope of use of the electronic lab notebook, the following categories of personal data may be processed:

  • Master data: First name, surname, email address, affiliation to structural unit, affiliation to IDM groups
  • Technical information: IP address, timestamp for entry changes
  • Service settings
  • Utilisation and content data: Research equipment and research rooms

This information is collected by

  • authentication/authorisation through Shibboleth
  • Technically necessary cookies (session cookies) of the browser
  • Input of the user/system administration

What is the legal basis for the processing of personal data?

The legal basis for data processing for the purposes mentioned here is Art. 6 para. 1 lit. a GDPR, § 12 para. 1 in conjunction with § 13 para. 2 SächsISichG and the respective regulations. § Section 13 (2) SächsISichG and the respective regulations of TUD Dresden University of Technology.

How long is personal data stored?

  • Project data and documentation are stored on an ad hoc basis until they are no longer required. It is the responsibility of the team admins to determine whether this necessity still exists or whether data can be deleted. (No long-term retention periods are planned for the demo systems)

Project data is all data that is saved in connection with a project in this ELN. Log data saves when which action was carried out.

  • Inventory data for user accounts is also stored in the same way as project data until it is no longer required.
  • Log data is deleted after three months unless it is anonymised.
  • Session cookies are deleted at the end of the browser session.

The personal data relating to the use of the service will be deleted in accordance with Section 15 (4) of the TUD Dresden University of Technology IT Regulations no later than 15 months after the person concerned leaves the university or in the event of cancellation.

Will personal data be transferred to third parties?

Unless otherwise stipulated by law or you have expressly consented in individual cases, no personal data will be transferred to third parties.

Where is the (personal) data stored and processed?

The electronic lab notebook eLabFTW at TUD Dresden University of Technology stores all instance data in a MySQL database that can only be accessed by the system administrator (Peter Koban). The instance of the electronic lab notebook eLabFTW at TUD Dresden University of Technology runs as a virtual server in the Enterprise Cloud, provided by the ZIH. User authentication and authorisation is carried out via the Shibboleth service provided by the ZIH.

What are the basic rights of data subjects?

  • Right to voluntary nature and revocation (Art. 7 (3) GDPR)

    If the use of the services is based on consent, this consent can be revoked at any time in accordance with Art. 7 (3) GDPR with the consequence that the personal data of the person concerned will not be further processed. The lawfulness of the processing carried out on the basis of the consent until revocation remains unaffected.

  • Right to information (Art. 15 GDPR)

    Data subjects have the right to obtain at any time information on the data processed concerning them and on the possible recipients of such data. They are entitled to receive a reply within a period of one month after submitting the request.

  • Right of correction, deletion and restriction (Art. 16 - 18 GDPR)

    The persons concerned may at any time request TUD Dresden University of Technology to correct or delete their personal data or to restrict the processing of such data.

  • Right to data transferability (Art. 20 GDPR)

    The persons concerned can demand that TUD Dresden University of Technology transfers their personal data to them in a machine-readable format. Alternatively, they may request that the personal data provided by you be transferred directly to another responsible party, as far as this is possible.

  • Right of objection (Art. 21 GDPR)

    Data subjects may object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them.

  • Right of appeal (Art. 77 GDPR)

    Data subjects can contact the Data Protection Officer of TUD Dresden University of Technology at any time and, in the case of a complaint under Art. 77 GDPR, a supervisory authority for data protection. The responsible supervisory authority for TUD Dresden University of Technology is:

    Sächsische Datenschutz- und Transparenzbeauftragte
    Frau Dr. Juliane Hundert
    Maternistraße 17
    01067 Dresden
    Email: post@sdtb.sachsen.de
    Telephone: +49 (0)351 85471-101
    www.datenschutz.sachsen.de

To exercise these rights, notification in text form (letter or email) to the controller is sufficient.