The German version of this declaration is authoritative. The English version is for information and illustration purposes only.
Gender neutral people names: In the text below, gender-specific differentiation (for example, scientist, user, applicant) is omitted for reasons of easier readability in people names. Insofar as only one of the gender-specific variants is mentioned, this should in principle apply to both sexes in the sense of equal treatment.
The North German Supercomputing Alliance (Norddeutscher Verbund für Hoch- und Höchstleistungsrechnen – HLRN), represented by its member states Berlin, Brandenburg, Bremen, Hamburg, Mecklenburg-Western Pomerania, Lower Saxony and Schleswig-Holstein, operates a distributed supercomputer system that is part of the national HPC infrastructure. The majority of HLRN’s systems are used by scientists at universities and research institutes in the involved federal states and beyond.
Below we inform you about the nature, scope and purpose of the collection and use of personal data.
The personal data collected by the HLRN are stored and processed on servers at the HLRN operational sites
– in the following referred to as “providers”.
For the providers, the processing of personal data is subject to the applicable data protection regulations, in particular the EU General Data Protection Regulation (GDPR), the Federal Data Protection Law (BDSG), the Berlin Data Protection Law (BlnDSG) and the Lower Saxony Data Protection Law (NDSG), the German Telemedia Law (TMG) and the German Telecommunication Law (TKG, esp. § 88).
This “Data Protection Declaration for Users of the HLRN Systems” can be downloaded at any time at this web page.
For the usage of the scientific services offered by HLRN you communicate to us personal information (master data):
Usually you use the HLRN service in the context of a project reviewed by the Scientific Council (WA). For this, you communicate to us the following additional data (project master data) during the application process for using the HLRN resources:
These data are stored in the HLRN project database for the content and administrative project management. This includes the preparation and execution of the review of the project proposal by the WA of HLRN, the provision of the resources granted by the WA, as well as the compilation and accounting of the used resources.
By sending the project proposal the applicant agrees to the publication of the summary of the project description together with information about the executing institution on the HLRN website and the HLRN project report. The project description can be enriched by multi-media material (images, videos) for publication.
On access to HLRN resources and usage of HLRN services certain data are automatically captured in logfiles on the HLRN servers.
Data captured on access of web pages of the HLRN website are explained on the webpage at user-portal/data-privacy-website
Protocol data of HLRN users contain among others the following information:
The providers do not match connection and usage data with other compiled data, so no backtracking to a person is possible.
The processing of the data described in section 1 is necessary for the operation of HLRN according to Art. 6 (1) lit. b and c GDPR.
Account, given and family names, phone numbers and email addresses are needed for contact and for the scientific and technical support enabling a save and optimal usage of the HLRN resources (HPC consultancy). These personal data serve to record and process your HLRN resource usage, e.g. used computing time (system monitoring, accounting).
Master data and project master data are stored beyond the end of project for comparison with other project proposals (continuation proposals, avoidance of multiple proposals etc.), for resource-usage statistics, and to implement access policies during restauration of old research data of a user (see also section 5.). For this, only resources at the provider sites are used. Parts of the project data including the project ID are published at projects/list-of-projects.
The agreement to the publication of these data is part of the application process and has been granted by the applicant.
The connection data including the account serve as access control to and monitoring of the HLRN resources.
By using our HLRN webform at https://www.hlrn.de/home/view/Service/ErrorReport you provide account, name and email address, such we can assist you solving your issues.
HLRN operates a ticket system by which users can report problems to the HLRN Support Team. The ticket system joins your master data for display in the web browser.
The nationality is required to check the access rights in the context of legal and contractual regulations for using high-performance computers.
The providers of the HLRN resources strive to protect HLRN resources and their users against unauthorized access to or unauthorized modification, transfer or damage of data. To assure this we have implemented the following technical and organizational measures:
Offices in charge according to Art 13. GDPR “Informationspflicht bei Erhebung von personenbezogenen Daten bei der betroffenen Person” are:
The Data Protection Officers at the provider institutions care for the compliance with the principles of data privacy. Questions about data privacy should be directed to the Data Protection Officers of the respective provider:
The providers of the HLRN resources are only responsible for protecting the operational data. Operational data are the user’s master data, project data, connection data, and resource-usage data. Data that the user stores on HLRN resources for his research purposes (so-called payload data or research data) are subject to his individual responsibility. The HLRN providers expressly note that storing and processing of research data with personal information on HLRN resources is prohibited.
We absolutely recommend considering working with anonymized personal information. Should storing and processing of personal information be part of a planned research project, please contact HLRN Account Administration (see Section 9. “Information”) at least 6 months in advance by postal letter.
Your personal data are collected, processed and used solely to ensure the operation of HLRN resources.
For the review process by the Scientific Council (WA) personal data (given name, family name, business phone number and email address, address of your institution, scientific area) are transferred to external reviewers of the WA. The list of members of the WA can be found at https://www.hlrn.de/home/view/Organisation/WA .
For the period of time for storing personal data the following statements apply:
For users from so-called embargo countries (see section 1) the communication of personal data (usually first and family names, nationality, passport number) to the manufacturer of the HLRN system is required according Art. 49 (1) lit. c GDPR.
Personal data are communicated to governmental institutions and authorities only in the context of mandatory national legislation or where disclosure is required by law enforcement in the event of attacks on the providers’ IT infrastructure.
According to the EU GDPR each person affected, i.e. you as a user of HLRN, has
Should you want to make use of your right to block, delete or correct incorrect data or should you want information about personal data stored at HLRN, please contact HLRN User Administration (see Section 8 “Information”) by postal letter.
After activation of your user account by the HLRN administration you can view and modify your data at the HLRN Service Portal (https://zulassung.hlrn.de).
Konrad-Zuse-Zentrum für Informationstechnik Berlin (ZIB)
The applicant will be informed and, if necessary, asked for permission, if HLRN plans to process collected data for other purposes.
Version: August 2019