deutsch Deutsch  |  english English

Data Privacy Declaration for Users of the HLRN Systems

Version: May, 2018

The German version of this declaration is authoritative. The English version is for information and illustration purposes only.

Gender neutral people names: In the text below, gender-specific differentiation (for example, scientist, user, applicant) is omitted for reasons of easier readability in people names. Insofar as only one of the gender-specific variants is mentioned, this should in principle apply to both sexes in the sense of equal treatment.

Preamble

The North German Supercomputing Alliance (Norddeutscher Verbund für Hoch- und Höchstleistungsrechnen – HLRN), represented by its member states Berlin, Brandenburg, Bremen, Hamburg, Mecklenburg-Western Pomerania, Lower Saxony and Schleswig-Holstein, operates a distributed supercomputer system that is part of the national HPC infrastructure. The majority of HLRN's systems are used by scientists at universities and research institutes in the involved federal states and beyond.

In preparation, during and after the use of the scientific and technical services provided by the HLRN, personal data required for the provision of the services by HLRN will be collected, processed and stored. Therefore, please read this Privacy Policy carefully, especially your rights to use your personal information in Section 7.

Below we inform you about the nature, scope and purpose of the collection and use of personal data.

The personal data collected by the HLRN are stored and processed on servers at the HLRN operational sites

  • Konrad-Zuse-Zentrum für Informationstechnik Berlin (ZIB), Takustraße 7, D-14195 Berlin,
  • Georg-August-Universität Göttingen, Wilhelmsplatz 1, D-37073 Göttingen and Gesellschaft für Wissenschaftliche Datenverarbeitung mbH Göttingen (GWDG), Am Faßberg 11, D-37077 Göttingen (from June 1st, 2018), and
  • Leibniz Universität IT Services, Leibniz Universität Hannover (LUIS), Schloßwender Straße 5, D-30159 Hannover (until August 31st, 2018)

- in the following referred to as "providers".

For the providers, the processing of personal data is subject to the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Law (BDSG), the Berlin Data Protection Law (BlnDSG) and the Lower Saxony Data Protection Law (NDSG), the German Telemedia Law (TMG) and the German Telecommunication Law (TKG, esp. § 88).

This "Data Protection Declaration for Users of the HLRN Systems" can be downloaded at any time at https://www.hlrn.de/home/view/Organisation/DatenSchutzHlrnNutzer?section=en .

1. Processed Personal Data

Master Data and Project Data

For the usage of the scientific services offered by HLRN you communicate to us personal information (master data):

  • user account
  • given name, family name
  • federal state of your scientific institution (university, research institute)
  • address of your scientific institution and division
  • scientific area
  • business phone number
  • business email address
  • nationality and passport number, if you belong to an embargo country (see the current list of the relevant nationalities in the application form)
  • statement regarding the intended use of HLRN
  • hostnames of target hosts for the communication from HLRN servers (if applicable)

Usually you use the HLRN service in the context of a project reviewed by the Scientific Council (WA). For this, you communicate to us the following additional data (project master data) during the application process for using the HLRN resources:

  • project title
  • name of the principal investigator
  • extensive description of the planned scientific project
  • a summary of the project description
  • the amount of required resources (e.g. computing time, storage requirements for permanent and scratch data)

These data are stored in the HLRN project database for the content and administrative project management. This includes the preparation and execution of the review of the project proposal by the WA of HLRN, the provision of the resources granted by the WA, as well as the compilation and accounting of the used resources.

By sending the project proposal the applicant agrees to the publication of the summary of the project description together with information about the executing institution on the HLRN website and the HLRN project report. The project description can be enriched by multi-media material (images, videos) for publication.

Protocol Data of the HLRN Usage

On access to HLRN resources and usage of HLRN services certain data are automatically captured in logfiles on the HLRN servers.

Data captured on access of web pages of the HLRN website are explained on the webpage at https://www.hlrn.de/home/view/Organisation/DatenSchutzWebAuftritt .

Protocol data of HLRN users contain among others the following information:

  • connection data:
    • IP addresses and/or hostnames of the access hosts
    • date and time (time stamp) of the access
  • usage data:
    • account, kind and duration of the HLRN resource usage (system monitoring)
    • account in data of system activities and state in case of errors (system dumps)
  • project-related data:
    • personal data that you agree to communicate to us in web forms
    • type of the used web browser and operating system (if communicated by the web browser)

The providers do not match connection and usage data with other compiled data, so no backtracking to a person is possible.

2. Legal Basis and Usage of the Data

The processing of the data described in section 1 is necessary for the operation of HLRN according to Art. 6 (1) lit. b and c GDPR.

Account, given and family names, phone numbers and email addresses are needed for contact and for the scientific and technical support enabling a save and optimal usage of the HLRN resources (HPC consultancy). These personal data serve to record and process your HLRN resource usage, e.g. used computing time (system monitoring, accounting).

Master data and project master data are stored beyond the end of project for comparison with other project proposals (continuation proposals, avoidance of multiple proposals etc.), for resource-usage statistics, and to implement access policies during restauration of old research data of a user (see also section 5.). For this, only resources at the provider sites are used. Parts of the project data including the project ID are published at https://www.hlrn.de/home/view/Service/Projects .

The agreement to the publication of these data is part of the application process and has been granted by the applicant.

The connection data including the account serve as access control to and monitoring of the HLRN resources.

By using our HLRN webform at https://www.hlrn.de/home/view/Service/ErrorReport you provide account, name and email address, such we can assist you solving your issues.

HLRN operates a ticket system by which users can report problems to the HLRN Support Team. The ticket system joins your master data for display in the web browser.

The nationality is required to check the access rights in the context of legal and contractual regulations for using high-performance computers.

3. Security Measures

The providers of the HLRN resources strive to protect HLRN resources and their users against unauthorized access to or unauthorized modification, transfer or damage of data. To assure this we have implemented the following technical and organizational measures:

  • Access to HLRN resources is SSL-encoded, only.
  • Connection to the HLRN Service Portal is SSL-encoded, only.
  • The providers of HLRN resources regularly check their systems at their respective sites regarding the implemented practices for collecting, storing and processing user data, including physical security measures against unauthorized access to systems.
  • The providers of HLRN resources at their respective sites restrict access to personal data to a narrowly-defined circle of employees of the respective provider and the HLRN bodies. These persons compellingly need to know these data for processing and are subject to confidentiality obligations.

4. Offices in Charge of Data Privacy

Offices in charge according to Art 13. GDPR "Informationspflicht bei Erhebung von personenbezogenen Daten bei der betroffenen Person" are:

  • For HLRN systems operated at location Berlin:
    Konrad-Zuse-Zentrum für Informationstechnik (ZIB)
    Takustraße 7
    D-14195 Berlin

  • For HLRN systems operated at location Göttingen:
    Georg-August-Universität Göttingen
    Wilhelmsplatz 1
    D-37073 Göttingen

  • For HLRN systems operated at location Hannover:
    Leibniz Universität Hannover
    Leibniz Universität IT Services (LUIS)
    Schloßwender Straße 5
    D-30159 Hannover

The Data Protection Officers at the provider institutions care for the compliance with the principles of data privacy. Questions about data privacy should be directed to the Data Protection Officers of the respective provider:

  • for the Konrad-Zuse-Zentrum für Informationstechnik ZIB:
    z. Hd. Datenschutzbeauftragter
    Konrad-Zuse-Zentrum für Informationstechnik Berlin
    Takustraße 7
    D-14195 Berlin
    E-Mail: datenschutz@zib.de

  • for the Georg-August-Universität Göttingen:
    z. Hd. Datenschutzbeauftragter
    Georg-August-Universität Göttingen
    Platz der Göttinger Sieben 6
    D-37073 Göttingen
    E-Mail: datenschutz@uni-goettingen.de

  • for the Leibniz Universität Hannover:
    z. Hd. Datenschutzbeauftragter
    Leibniz Universität Hannover
    Königsworther Platz 1
    D-30167 Hannover
    E-Mail: datenschutz@uni-hannover.de

5. Differentiation to User-Managed Data – Research Data with Personal Information

The providers of the HLRN resources are only responsible for protecting the operational data. Operational data are the user’s master data, project data, connection data, and resource-usage data. Data that the user stores on HLRN resources for his research purposes (so-called payload data or research data) are subject to his individual responsibility. The HLRN providers expressly note that storing and processing of research data with personal information on HLRN resources is prohibited.

We absolutely recommend considering working with anonymized personal information. Should storing and processing of personal information be part of a planned research project, please contact HLRN Account Administration (see Section 9. "Information") at least 6 months in advance by postal letter.

6. Transfer, Storing, and Deletion of Personal Data

Your personal data are collected, processed and used solely to ensure the operation of HLRN resources.

For the review process by the Scientific Council (WA) personal data (given name, family name, business phone number and email address, address of your institution, scientific area) are transferred to external reviewers of the WA. The list of members of the WA can be found at https://www.hlrn.de/home/view/Organisation/WA .

For the period of time for storing personal data the following statements apply:

  • All user data (master data) and project master data are stored for the duration of HLRN operation.
  • Users can communicate arising problems to HLRN Support via the HLRN ticket system. Data in the HLRN ticket system are stored similar to a shared email folder for the duration of HLRN operation.
  • User account, federal state, scientific area and project membership are stored for the collection of statistical data about the differentiated resource consumption (accounting) and for the purpose of reporting to HLRN bodies and funding agencies for the service life of a HLRN system (typical 5-6 years).
  • Connection data is anonymized after a year for later analysis of attacks on the HLRN IT infrastructure and for statistical purposes.
  • Hostnames of target hosts for the communication from HLRN servers to the outside are managed by the HLRN user.

For users from so-called embargo countries (see section 1) the communication of personal data (usually first and family names, nationality, passport number) to the manufacturer of the HLRN system is required according Art. 49 (1) lit. c GDPR.

Personal data are communicated to governmental institutions and authorities only in the context of mandatory national legislation or where disclosure is required by law enforcement in the event of attacks on the providers’ IT infrastructure.

7. Your Rights as HLRN User

According to the EU GDPR each person affected, i.e. you as a user of HLRN, has

  • the right to information (Art. 15),
  • the right to correction (Art. 16),
  • the right to deletion (Art. 17),
  • the right to restriction of processing (Art. 18),
  • the right to data transfer (Art. 20) and
  • the right of appeal to the competent supervisory authority (Art. 77).

Should you want to make use of your right to block, delete or correct incorrect data or should you want information about personal data stored at HLRN, please contact HLRN User Administration (see Section 8 "Information") by postal letter.

After activation of your user account by the HLRN administration you can view and modify your data at the HLRN Service Portal (https://zulassung.hlrn.de).

8. Information

c/o HLRN-Nutzerverwaltung
Konrad-Zuse-Zentrum für Informationstechnik Berlin (ZIB)
Takustraße 7
D-14195 Berlin

9. Change of Our Data Privacy Policy

This data privacy policy is valid from May 25th, 2018 and replaces all prior declarations. HLRN reserves the right to adapt this declaration to developments and legal requests. We recommend that you revisit the latest privacy policy if necessary.

The applicant will be informed and, if necessary, asked for permission, if HLRN plans to process collected data for other purposes.

Version: May 2018

Last modification: WolfgangBaumann - 17 Aug 2018 23:20 / 10 months, 1 week, 3 days ago. (Version: 7)

 
Norddeutscher Verbund für Hoch- und Höchstleistungsrechnen
Back to top of page