sporada/nopaque
1
0
Fork 0
mirror of https://gitlab.ub.uni-bielefeld.de/sfb1288inf/nopaque.git synced 2025-10-14 02:31:58 +00:00
Code Issues Projects Releases Wiki Activity

New terms of use + privacy statement

Browse Source
This commit is contained in:
Inga Kirschnick
2023-12-20 15:37:59 +01:00
parent 5dce269736
commit cfdef8d1fa
6 changed files with 386 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

74
app/templates/main/privacy_policy.html.j2
View File

@@ -8,14 +8,14 @@
</div>
<div class="col s12">
<p>With these data protection notices, Bielefeld University fulfils its obligation to provide information in accordance with Articles 13 & 14 of the EU General Data Protection Regulation (GDPR) on the above-mentioned processing of personal data. Terms such as "personal data", "processing", "data controller", "third party", etc. are used as defined in Article 4 GDPR.</p>
<p>With these data protection notices, Bielefeld University fulfils its obligation to provide information in accordance with Articles 13 & 14 of the <b>EU General Data Protection Regulation (GDPR)</b> on the above-mentioned processing of personal data. Terms such as "personal data", "processing", "data controller", "third party", etc. are used as defined in <b>Article 4 GDPR</b>.</p>
</div>
<div class="col s12">
<div class="card">
<div class="card-content">
<span class="card-title">§ 1 Contact Details</span>
<p>Bielefeld University, a legal entity under public law established by the state of North Rhine-Westphalia (NRW), is responsible for processing the data. It is represented by its rector, Prof. Dr. Ing. Gerhard Sagerer.</p>
<p>Bielefeld University, a legal entity under public law established by the state of North Rhine-Westphalia (NRW), is responsible for processing the data. It is represented by its rector, Prof. Dr. Angelika Epple.</p>
<h6>§ 1.1. Contact details of the data controller</h6>
<ul class="browser-default">
<li>Data protection officer of the Faculty of History</li>
@@ -34,10 +34,10 @@
<ul class="browser-default">
<li>Dr. Johanna Vompras</li>
<li>Email:
<a href="mailto:johanna.vompras@uni-bielefeld.de">johanna.vompras@uni-bielefeld.de</a>
<a href="mailto:nopaque@uni-bielefeld.de">nopaque@uni-bielefeld.de</a>
</li>
<li>Web.:
<a href="https://www.uni-bielefeld.de/(en)/sfb1288/projekte/inf.html">https://www.uni-bielefeld.de/(en)/sfb1288/projekte/inf.html</a>
<a href="https://www.uni-bielefeld.de/sfb/sfb1288/projektbereiche/inf/">https://www.uni-bielefeld.de/sfb/sfb1288/projektbereiche/inf/</a>
</li>
</ul>
<h6>§ 1.2. Contact details of the data protection officer</h6>
@@ -56,40 +56,55 @@
<div class="card">
<div class="card-content">
<span class="card-title">§ 2 General information on data processing and its purpose</span>
<p>We process the personal data of our users only to the extent necessary to provide a functioning website and its functionalities.</p>
<p>The following personal data is collected and stored within the system:</p>
<p>We process the personal data of our users only to the extent necessary to provide a functioning website and its functionalities. Collecting this information enables us to better diagnose problems with the application, provide support more effectively as well as ensure the continuous functionality of the service.</p>
<p> The following (personal) data is collected and stored within the system:</p>
<h6>Master Data</h6>
<p>Within the scope of user authentication the following personal data is collected and processed:</p>
<p>Within the scope of user authentication, the following personal data is collected and processed: </p>
<ul class="browser-default">
<li>User name</li>
<li>E-Mail</li>
</ul>
<p>Registration of the user is required for the provision of certain content and services within nopaque.</p>
<h6>Protocol Data</h6>
<p>The registration of users is required for the provision of access to services within NOPAQUE. The freely selectable username and the corresponding email address is used to persistently identify you in NOPAQUE. The provided email address might be used to contact you in case we noticed some malfunction, to announce maintenance, or to spread important information regarding Nopaque. If you reset your password, Nopaque will use your email address to send you reset instructions via email. Nopaque does not show your email address and the username to other Nopaque users per default except, if user gave the permission to do so, according to <b>§ 7 paragraph 1</b> of the General Terms of Use for the use of NOPAQUE.</p>
<h6>Protocol and administrative data</h6>
<p>In general, when a website is visited, for technical reasons information is automatically sent from the browser to the server and stored there in access protocols. When using a web application, additional protocol data is also generated, which is necessary for tracking technical errors. This information includes:</p>
<ul class="browser-default">
<li>IP address</li>
<li>User account</li>
<li>Complete HTTP request URL</li>
<li>HTTP action (e.g. GET: call up a page, POST: send form data)</li>
<li>Access status (HTTP status code)</li>
<li>data volume retrieved</li>
<li>Date and time of the action</li>
<li>User-Agent string</li>
</ul>
<p>Locally logged data will be used by the development team in order to debug and improve tools. This data can only be viewed by the technical administration and by the employees responsible for the nopaque platform. Data is stored for seven days to ensure proper technical operation and to find the cause of errors and is deleted <u>afterwards</u>.</p>
<p>Logged data may be used to understand how researchers are using the nopaque platform. To be able to use the data for research purposes, we reserve the right to store it in an anonymous and aggregated form for a longer period of time (up to two years after completion of the SFB 1288 INF project).</p>
<h6>Cookies</h6>
<p>Browsers store so-called cookies. Cookies are files that can be stored by the provider of a website in the directory of the browser program on the user's computer. These files contain text information and can be read again by the provider when the page is called up again. The provider can use these cookies, for example, to always deliver pages in the theme selected by the user.</p>
<p>The storage of cookies can be switched off in the browser settings or provided with an expiry time. By deactivating cookies, however, some functions that are controlled by cookies can then only be used to a limited extent or not at all.</p>
<p>NOPAQUE uses cookies for the following purposes:</p>
<br>
<p>Protocol data will be used by the development team in order to debug and improve the included tools. This data can only be viewed by the technical administration and by the employees responsible for the NOPAQUE platform. Protocol data is not directly associated with a user account. NOPAQUE deletes all this information when it gets more than six months old.</p>
<br>
<p>Further administrative data, which is essentially needed to enable a proper user registration and user management functionalities:</p>
<ul class="browser-default">
<li>Recognition of a user during a session in order to assign personal content and other user-defined settings.</li>
<li>Login Script with Remember Me feature allows the user to preserve their logged in status. When the user checks the Remember Me option, then the logged in status is serialized in the session and stored in cookies in an encrypted way.</li>
<li>Attributes <b>member_since</b> and <b>last_seen</b>: for system cleaning purposes and detection of fake accounts</li>
<li>Attribute <b>confirmed</b>: This attribute indicates whether the account has been activated via e-mail. This type of activation ensures that the stored e-mail address actually exists.</li>
<li>Attribute <b>terms_of_use_accepted</b>: To verify that the terms of use have been accepted by the user. This attribute is set to false when the terms of use has changed. After the user has logged in again, the user is asked to accept the new terms of use.</li>
</ul>
<h6>Cookies</h6>
<p>Cookies: Browsers store so-called cookies. Cookies are files that can be stored by the provider of a website in the directory of the browser program on the user's computer. These files contain text information and can be read again by the provider when the page is called up again. The provider can use these cookies, for example, to always deliver pages in the theme selected by the user.</p>
<p>The storage of cookies can be switched off in the browser settings or provided with an expiry time. By deactivating cookies, however, some functions that are controlled by cookies can then only be used to a limited extent or not at all.</p>
<br>
<p>NOPAQUE uses <b>functionality cookies</b> which deliver certain functions and allow to remember important information and users preferences:</p>
<ul class="browser-default">
<li><b>session</b>: Recognition of a user during a session in order to assign personal content and other user-defined settings. The session cookie is deleted after closing the browser session.</li>
<li><b>remember_token</b>: Login script with remember me feature allowing the user to preserve their logged in status. When the user checks the Remember Me option, then the logged in status is serialized in the session and stored in cookies in an encrypted way.</li>
</ul>
<p>Cookies collected by NOPAQUE do not collect personal information of the users.</p>
<h6>Content Data</h6>
<p>The content data includes all data that is entered or created by users themselves in the system. This data is listed here because it is assigned to individual authors and may contain personal data. This may include: uploaded files, images, texts or other media files. Please note that files and scans submitted to NOPAQUE are stored in order to allow persistent access during a work session and between work sessions.</p>
<p>According to § 4 paragraph 2 of the General Terms of Use for the use of NOPAQUE at Bielefeld University, the users themselves are responsible for the content they post and must comply with the legal provisions of data protection. This includes in particular the deletion of personal data that may no longer be processed.</p>
<p>The content data includes all data that is entered or created by users themselves in the system. This data is listed here because it is assigned to individual authors and may contain personal data. This may include: <b>uploaded files, images, text documents, other media files</b> and <b>(interim) results</b> after data processing and computations. Please note that files and scans submitted to NOPAQUE are safely stored on the NOPAQUE server in order to allow persistent access during a work session and between work sessions.</p>
<br>
<p>According to <b>§ 4 paragraph 1 - 3</b> of the General Terms of Use for the use of NOPAQUE at Bielefeld University, the users themselves are responsible for the content they upload and must comply with the legal provisions of data protection and copyright law. This includes in particular the deletion of personal data that may no longer be processed.</p>
<h6>User-added Information (optional)</h6>
<p>NOPAQUE also stores optionally user-added personal information, like users profile information (full name, affiliation) and users added profile photo (avatar).</p>
</div>
</div>
</div>
@@ -107,9 +122,14 @@
<div class="col s12">
<div class="card">
<div class="card-content">
<span class="card-title">§ 4 Data transmissions</span>
<p>Your personal data, which are processed by Bielefeld University for the purposes mentioned under 2. will not be transferred to third parties.</p>
<span class="card-title">§ 4 Data transmissions and sharing of your data</span>
<p>Your personal data, which are processed by Bielefeld University for the purposes mentioned under <b>2 A - D</b> will not be transferred to third parties.</p>
<br>
<p>In individual cases, data may also be legally transmitted to third parties, for example, to law enforcement authorities for the investigation of criminal offences within the framework of the <b>Code of Criminal Procedure (StPO)</b>. If technical service providers are given access to personal data, this is done on the basis of a contract in accordance with <b>Article 28 GDPR</b>.</p>
<br>
<p>NOPAQUE centrally bundles sophisticated data processing functionalities related to Digital Humanities (for example: pattern recognition or text mining) on its platform which are offered by third parties on external platforms. No personal data is passed on to third parties - only content data which is sent anonymously to the APIs of the third-party tools. The results of the calculations are then sent back to NOPAQUE and saved as results in users account.</p>
<br>
<p>For personal data mentioned under <b>2 E</b> the following applies: we do not share your personal data with third parties unless you have given your consent. This consent is given if the user actively makes his profile public in NOPAQUE. As consequence, user-added information (as listed under point 2E of this declaration) and, if applicable, a listing of public corpora with metadata is then made visible to other NOPAQUE users.</p>
</div>
</div>
</div>
@@ -117,8 +137,8 @@
<div class="col s12">
<div class="card">
<div class="card-content">
<span class="card-title">§ 5 Duration of processing / data deletion</span>
<p>Data processed for user authentication are deleted immediately after account deletion.</p>
<span class="card-title">§ 5 Duration of processing of your data and data retention</span>
<p>Data processed for user authentication, all personal data and contents uploaded by the user (listed in <b>2</b>) are deleted immediately after account deletion.</p>
</div>
</div>
</div>
@@ -126,7 +146,7 @@
<div class="col s12">
<div class="card">
<div class="card-content">
<span class="card-title">§ 6 Your rights as a data subject</span>
<span class="card-title">§ 6 Your data protection rights and choices as NOPAQUE user</span>
<p>As a data subject, you have certain rights under <b>GDPR</b> that you may assert at any time:</p>
<ul class="browser-default">
<li>the right to access information about whether or not personal data concerning you is processed, and if so, what categories of data are being processed (<b>Article 15 GDPR</b>),</li>