From 49325ad2b895c511c5158c3400e3d3bcec9529de Mon Sep 17 00:00:00 2001 From: Stephan Porada Date: Mon, 3 Aug 2020 10:23:11 +0200 Subject: [PATCH] Add GDPR statment and links --- web/app/main/views.py | 6 +- web/app/templates/auth/register.html.j2 | 3 +- web/app/templates/main/privacy_policy.html.j2 | 140 +++++++++++++++++- web/app/templates/main/terms_of_use.html.j2 | 8 +- web/app/templates/nopaque.html.j2 | 3 +- 5 files changed, 151 insertions(+), 9 deletions(-) diff --git a/web/app/main/views.py b/web/app/main/views.py index 0ea71e55..15009e42 100644 --- a/web/app/main/views.py +++ b/web/app/main/views.py @@ -58,9 +58,11 @@ def poster(): @main.route('/privacy_policy') def privacy_policy(): return render_template('main/privacy_policy.html.j2', - title='Privacy policy') + title=('Information on the processing of personal' + ' data for the nopaque platform (GDPR)')) @main.route('/terms_of_use') def terms_of_use(): - return render_template('main/terms_of_use.html.j2', title='General Terms of Use of the platform nopaque') # noqa + return render_template('main/terms_of_use.html.j2', + title='General Terms of Use of the platform nopaque') # noqa diff --git a/web/app/templates/auth/register.html.j2 b/web/app/templates/auth/register.html.j2 index f0920190..af8a0b95 100644 --- a/web/app/templates/auth/register.html.j2 +++ b/web/app/templates/auth/register.html.j2 @@ -16,7 +16,8 @@

Register

Simply enter a username and password to receive your registration email. After that you can start right away.

-

It goes without saying that the General Data Protection Regulation applies, only necessary data is stored.

+

It goes without saying that the General Data Protection Regulation applies, only necessary data is stored.

+

Please also read our terms of use before signing up for nopaque!

diff --git a/web/app/templates/main/privacy_policy.html.j2 b/web/app/templates/main/privacy_policy.html.j2 index 44e97e7d..22c23421 100644 --- a/web/app/templates/main/privacy_policy.html.j2 +++ b/web/app/templates/main/privacy_policy.html.j2 @@ -1,9 +1,147 @@ {% extends "nopaque.html.j2" %} {% block page_content %} +
+

With these data protection notices, Bielefeld University fulfils its obligation to provide information in accordance with Articles 13 & 14 of the EU General Data Protection Regulation (GDPR) on the above-mentioned processing of personal data. Terms such as "personal data", "processing", "data controller", "third party", etc. are used as defined in Article 4 GDPR.

+
-

Privacy policy

+
+
+
+ § 1 Contact Details +

Bielefeld University, a legal entity under public law established by the state of North Rhine-Westphalia (NRW), is responsible for processing the data. It is represented by its rector, Prof. Dr. Ing. Gerhard Sagerer.

+
§ 1.1. Contact details of the data controller
+ +
§ 1.2. Technical contact person
+ +
§ 1.2. Contact details of the data protection officer
+ +
+
+
+
+
+
+ § 2 General information on data processing and its purpose +

We process the personal data of our users only to the extent necessary to provide a functioning website and its functionalities.

+

The following personal data is collected and stored within the system:

+
Master Data
+

Within the scope of user authentication the following personal data is collected and processed:

+
    +
  • User name
    • +
  • E-Mail
    • +
+

Registration of the user is required for the provision of certain content and services within nopaque.

+
Protocol Data
+

In general, when a website is visited, for technical reasons information is automatically sent from the browser to the server and stored there in access protocols. When using a web application, additional protocol data is also generated, which is necessary for tracking technical errors. This information includes:

+
    +
  • IP address
    • +
  • User account
    • +
  • Complete HTTP request URL
    • +
  • HTTP action (e.g. GET: call up a page, POST: send form data)
    • +
  • Access status (HTTP status code)
    • +
  • data volume retrieved
    • +
  • Date and time of the action
    • +
  • User-Agent string
    • +
+

Locally logged data will be used by the development team in order to debug and improve tools. This data can only be viewed by the technical administration and by the employees responsible for the nopaque platform. Data is stored for seven days to ensure proper technical operation and to find the cause of errors and is deleted afterwards.

+

Logged data may be used to understand how researchers are using the nopaque platform. To be able to use the data for research purposes, we reserve the right to store it in an anonymous and aggregated form for a longer period of time (up to two years after completion of the SFB 1288 INF project).

+
Cookies
+

Browsers store so-called cookies. Cookies are files that can be stored by the provider of a website in the directory of the browser program on the user's computer. These files contain text information and can be read again by the provider when the page is called up again. The provider can use these cookies, for example, to always deliver pages in the theme selected by the user.

+

The storage of cookies can be switched off in the browser settings or provided with an expiry time. By deactivating cookies, however, some functions that are controlled by cookies can then only be used to a limited extent or not at all.

+

NOPAQUE uses cookies for the following purposes:

+
    +
  • Recognition of a user during a session in order to assign personal content and other user-defined settings.
    • +
  • Login Script with ‘Remember Me’ feature allows the user to preserve their logged in status. When the user checks the Remember Me option, then the logged in status is serialized in the session and stored in cookies in an encrypted way.
    • +
+
Content Data
+

The content data includes all data that is entered or created by users themselves in the system. This data is listed here because it is assigned to individual authors and may contain personal data. This may include: uploaded files, images, texts or other media files. Please note that files and scans submitted to NOPAQUE are stored in order to allow persistent access during a work session and between work sessions.

+

According to § 4 paragraph 2 of the General Terms of Use for the use of NOPAQUE at Bielefeld University, the users themselves are responsible for the content they post and must comply with the legal provisions of data protection. This includes in particular the deletion of personal data that may no longer be processed.

+
+
+
+
+
+
+ § 3 Legal basis of the data processing +

The legal basis for the processing of personal data for user authentication is Article 6 (1) letter e GDPR. The processing is carried out within the framework of the fulfilment of the tasks of Bielefeld University in accordance with HG NRW (NRW Higher Education Act), if necessary in connection with an order of the university to be named or by a special law, e.g. University Statistics Act, State Civil Servants Act, Staff Representation Act, Equal Opportunities Act.

+

The collection of personal data for user authentication is based on the consent of the data subjects as stated in Article 6 (1) letter a GDPR. The legal basis for the transmission of personal data is Article 6 (1) letter c GDPR.

+
+
+
+ +
+
+
+ § 4 Data transmissions +

Your personal data, which are processed by Bielefeld University for the purposes mentioned under 2. will not be transferred to third parties.

+

In individual cases, data may also be legally transmitted to third parties, for example, to law enforcement authorities for the investigation of criminal offences within the framework of the Code of Criminal Procedure (StPO). If technical service providers are given access to personal data, this is done on the basis of a contract in accordance with Article 28 GDPR.

+
+
+
+ +
+
+
+ § 5 Duration of processing / data deletion +

Data processed for user authentication are deleted immediately after account deletion.

+
+
+
+ +
+
+
+ § 6 Your rights as a data subject +

As a data subject, you have certain rights under GDPR that you may assert at any time:

+
    +
  • the right to access information about whether or not personal data concerning you is processed, and if so, what categories of data are being processed (Article 15 GDPR),
    • +
  • the right to demand the rectification or completion of data concerning you (Article 16 GDPR),
    • +
  • the right to erasure of your personal data in accordance with Article 17 GDPR,
    • +
  • the right to demand the restriction of the processing of your data per Article 18 GDPR,
    • +
  • the right to withdraw your consent at any time. The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal (Article 7 (3) GDPR),
    • +
  • the right to object to the future processing of your data in accordance of Article 21 GDPR,
    • +
  • the right to receive personal data concerning you and your account in a structured, common and machine-readable format in accordance of Article 20 GDPR.
    • +
+

In addition to the aforementioned rights, you have the right to lodge a complaint with the data protection supervisory authority (Article 77 GDPR); for example, the university is under the supervision of the

+
    +
  • North Rhine-Westphalia State Commissioner
    • +
  • for Data Protection and Freedom of Information
    • +
  • (Landesbeauftragte für Datenschutz und
    • +
  • Informationsfreiheit Nordrhein-Westfalen)
    • +
  • Kavalleriestraße 2-4
    • +
  • 40213 Düsseldorf, German
    • +
+
+
+
{% endblock %} diff --git a/web/app/templates/main/terms_of_use.html.j2 b/web/app/templates/main/terms_of_use.html.j2 index 0ad687f8..9e3593f0 100644 --- a/web/app/templates/main/terms_of_use.html.j2 +++ b/web/app/templates/main/terms_of_use.html.j2 @@ -20,10 +20,10 @@
§ 2 Right of use

(1) The nopaque platform is available to users exclusively for the purposes of teaching and research. Any other use, especially for business, commercial is not permitted. The following groups shall be entitled to use the nopaque platform:

-

- - students, teaching staff and employees at Bielefeld University
- - external researchers from outside the University Bielefeld -

+

 

(2) The use of the system is free of charge.

 

diff --git a/web/app/templates/nopaque.html.j2 b/web/app/templates/nopaque.html.j2 index 19acfa16..a9b589b1 100644 --- a/web/app/templates/nopaque.html.j2 +++ b/web/app/templates/nopaque.html.j2 @@ -217,7 +217,8 @@
Legal Notice