Privacy Protection
Privacy
We appreciate your visit to our website and your interest in our institution. In doing so, we respect your privacy and ensure the protection of your personal data by processing your personal data in accordance with the content of this privacy policy and applicable data protection laws. You can visit our website without telling us who you are. In order to display our website, you are only required to provide the data transmitted by your browser to our server (see “log files”). Further personal data from you will only be stored if you voluntarily enter them on the website or use corresponding functions, e.g. when entering data via our contact forms.
Contact forms/ Registration for events
You have the possibility to contact us on our website. For this purpose, it is necessary to provide your name and e-mail address. The provision of further data is not required for the processing of your request, but may be conducive to further processing.
As a rule, the data will be processed with your consent pursuant to Art. 6 (1) p. 1 lit. a DSGVO for the purpose of responding to your request. The granting of consent is voluntary and can be revoked at any time with effect for the future.
If you use a contact form to register for an event, we process the data provided as well as the date and time of entry for the purpose of registration and implementation of the event on the basis of Art. 6 (1) p. 1 lit. b DSGVO.
A processing of your data for further purposes as well as a transfer of the data to third parties will not take place, unless this is required within the lawful framework for the fulfillment of your request or you have expressly consented.
Log files
Each time you access our site, we collect the following information about your computer: your computer’s IP address, your browser’s request, and the time of that request. We also collect the status and the amount of data transferred as part of this request, as well as product and version information about the browser used and the operating system of your computer. We also record the website from which our site was accessed. The IP address of your computer is only stored for the time of your use of the website and then immediately deleted or anonymized by shortening. The remaining data is stored for a limited period of time. We use this data for the operation of our website, in particular to detect and eliminate website errors, to determine the utilization of the website and to make adjustments or improvements (legal basis: Art. 6 para. 1 p. 1 lit. f DSGVO).
Fanpages
In order to provide customers, partners or other interested parties with up-to-date information and to get in touch with them, we operate so-called “fan pages” on the following social networks in addition to our own website: Twitter and YouTube
The data processing takes place through the provider of the social media platform. Data processing outside the European Union cannot be ruled out. The provider of the platform may provide us with aggregated usage data, but we do not have access to personal data if you only visit the fan page.
The legal basis for data processing is Art. 6 (1) lit. f DSGVO. In the case of consent in the form of an opt-in (“tick box”, “activate button”) or any other form of obtaining consent, the legal basis is Art. 6 (1) lit. a DSGVO. Consent can be revoked at any time without giving reasons to the person to whom it was given, with effect for the future. Since the data processing is carried out by the provider of the platform, we recommend that you contact the respective provider of the platform for your rights to information, correction, deletion, data portability and objection relating to your visit to our Fanpage. Of course, we will support you in exercising your rights if necessary. In addition, cookies may be set on your terminal device. Information on the cookies used on the fan pages can be found on the privacy statements of the provider of the platform. You can find further information under the following links:
- Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland; https://twitter.com/privacy.
- YouTube: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; https://www.google.com/policies/privacy/partners/?hl=de.
Data recipient
In general, we only grant access to your data to bodies that need to work with your data (“need-to-know principle”) and have a legal basis for the processing or a permission standard permits this. This may also include service providers and vicarious agents who act on behalf of the company and/or have been obligated to process the data confidentially. A data transfer to locations outside the EU/EEA will only take place in compliance with appropriate guarantees pursuant to Art. 44 et seq. DSGVO take place.
Revocation of consents
If you have given us consent, e.g. in the context of an inquiry via our contact form or in another context, you can revoke this consent at any time with effect for the future.
Your rights
You have the following rights with respect to us regarding personal data concerning you:
- Right to information on whether we process data about your person. If we process data about your person, you have the right to obtain information about the nature and circumstances of the data processing (Art. 15 GDPR),
- Right to rectification of inaccurate data (Art. 16 DSGVO) or right to deletion of your data, provided that the requirements of Art. 17 (1) DSGVO are met,
- Right to restriction of processing (Art. 18 GDPR),
- Right to object to processing under the above conditions (Art. 21 GDPR),
- Right to data portability under the conditions of Art. 20 DSGVO.
You also have the right to complain to a data protection supervisory authority about our processing of your personal data.
Responsible
National Research Data Infrastructure (NFDI) e.V.. , Albert-Nestler-Str. 13, 76131 Karlsruhe; E-Mail: info[at]nfdi.de
Contact details data protection officer
E-mail: dsb[at]nfdi.de or at our postal address with the addition “the data protection officer”.
Data privacy | Applications
Information for applicants according to Art. 13, 14 of the General Data Protection Regulation (DSGVO)
Compliance with data protection regulations is a high priority for the Verein Nationale Forschungsdateninfrastruktur (NFDI) e.V. We would like to inform you below about the processing of your personal data in connection with your application to NFDI.
I. Person in charge
The responsible party according to Article 4, Paragraph 7 of the General Data Protection Regulation (DSGVO) is:
National Research Data Infrastructure (NFDI) e.V.
Albert-Nestler-Str. 13
76131 Karlsruhe
Further information on the responsible party can be found in the imprint.
II. purpose of processing and legal basis
In the context of the application process, we process personal data that we either receive from you (e.g. contact data, data from application letters, CVs, certificates, other documents, etc.), or receive from third parties at your instigation.
We process your personal data in accordance with the provisions of the European Data Protection Regulation (DSGVO) and the German Federal Data Protection Act (BDSG) for the purpose of assessing your suitability and conducting the application process.
III. Recipients or Categories of Recipients of Personal Data.
Within NFDI, only those persons entrusted with the preparation and implementation of the application process will receive your data.
IV. Duration of storage of personal data
We process your personal data for the duration of the application process.
If the application procedure ends with a rejection, the personal data will be deleted no later than six months after the conclusion of the application procedure. This does not apply insofar as the processing is necessary in individual cases for the assertion, exercise or defense of legal claims beyond this period or legal provisions require a longer storage period.
If an employment relationship, training relationship or internship is established following the application procedure, the data will be included in the personnel file and further processed there in accordance with the statutory provisions.
V. Data subject rights
The website is protected by appropriate security measures against loss, misuse or unauthorized changes. These include
– Provision of data via encrypted connections
– Protection of hardware and software by firewall systems,
– regular security tests,
– regular data backups and
– Access and access controls.
We strive to protect your personal data to the best of our ability in accordance with the provisions of the relevant data protection laws. However, absolute protection of your data transmitted to us cannot be guaranteed. The transmission of data is therefore at your risk.
In your own interest, act carefully and responsibly when you are online and make sure that your personal information is not accessible to unauthorized third parties.
VI. your rights
1. right to information (art. 15 DSGVO)
Upon request, we will inform you in writing or, if you wish, electronically, whether and, if so, which personal data we have stored about you.
2. right to rectification (Art. 16 DSGVO)
If you discover errors in the personal data we have stored about you, you have a right to correction. This right also concerns necessary updates due to changes that have occurred to your personal data.
3. right to blocking or deletion (Art. 17 DSGVO).
You have the right to have your personal data stored by us deleted or blocked, provided that none of the reasons listed in Article 17 (3) a-e DSGVO contradict your request.
4. right to restriction of processing (Art. 18 DSGVO).
You have the right to restrict the processing of your personal data stored by us if the conditions of Art. 18 (1) DSGVO apply.
5. right to data portability (Art. 20 DSGVO).
You also have the right to receive the personal data concerning you that you have provided to us in a structured, common and machine-readable format.
6. right to object (Art. 21 DSGVO).
Furthermore, you have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art. 6(1)(e) or (f) DSGVO.
To exercise your rights, please contact us informally by e-mail or by post at one of the addresses below and describe your request as precisely as possible. If necessary, we will ask you for further information in order to verify your request.
National Research Data Infrastructure (NFDI) e.V.
Staff
Albert-Nestler-Strasse 13
76131 Karlsruhe
E-mail: bewerbung(at)nfdi(dot).de
The address of the data protection officer is:
E-mail: dsb(at)nfdi(dot)de.
In addition, you have the right to lodge a complaint with the competent supervisory authority.
VIII. Automated decision making
The provision of personal data is necessary for the legitimacy of the selection procedure to be carried out. The absence of relevant personal data in the application documents may result in non-inclusion in the award of the position.
VIII. Automated decision-making
We do not use automated decision-making in accordance with Art. 22 DSGVO as part of the application process.
Privacy Notice for Online Meetings, Conference Calls and Webinars of Nationale Forschungsdateninfrastruktur (NFDI) e.V. via Zoom and BBB
We would like to inform you below about the processing of personal data in connection with the use of the Zoom video conferencing system.
Purpose of processing
We use the Zoom video conferencing system (hereinafter “Zoom”) to conduct conference calls, online meetings, video conferences and/or webinars (hereinafter: “Online Meetings”). Zoom is a service provided by Zoom Video Communications, Inc. (hereinafter: “Provider”), which has its registered office in the USA.
Responsible
The responsible party for data processing directly related to the conduct of online meetings is the National Research Data Infrastructure (NFDI) e.V. association.
Note: To the extent that you access the Zoom website, the Zoom provider is responsible for data processing. However, calling up the website is only necessary for using Zoom in order to download the software (“Zoom app”).
You can then use Zoom if you enter the respective meeting ID and, if applicable, further access data for the meeting directly in the Zoom app.
If you do not want to or cannot use the Zoom app, then the basic functions are also available via your web browser by calling up a corresponding page on Zoom’s web server.
Type and scope of data processing
When using Zoom, various types of data are processed. The scope of the data also depends on the data you provide before or when participating in an online meeting. To participate in an online meeting or to enter the “meeting room”, you must at least provide information about your name. It is advisable to enter your name correctly, especially if there are a large number of participants. Otherwise, we recommend that you provide as little personal data as possible.
The following personal data may be processed:
User:in details: first name, last name, phone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional).
Meeting metadata: Topic, description (optional), participant IP addresses, device/hardware information, start and end time of the video conference.
In addition, if dialing in with the telephone: information on the incoming and outgoing call number, country name. If necessary, further connection data such as the IP address of the device can be stored.
Video and audio data: In order to enable the display of video and the playback of audio, data from the microphone of your terminal device and from any video camera of the terminal device are processed accordingly for the duration of the meeting. You can turn off or mute the camera or microphone yourself at any time via the Zoom applications or web browser.
For recordings (optional): files containing all video, audio, and presentation information from the online meeting. If we want to record online meetings, we will transparently inform you in advance and – if necessary – ask for your consent. The fact of recording will also be displayed to you in the Zoom app. By turning off the camera and/or microphone, you can also determine yourself whether and in what form you want to appear in a recording.
We strongly recommend using recordings only in absolutely necessary cases. In these cases we recommend local storage on systems of Nationale Forschungsdateninfrastruktur (NFDI) e.V.
Text data: You may have the option to use the chat, question or poll functions in an online meeting. The text entries you make are processed to the extent necessary to display them in the online meeting and, in exceptional cases, to log them for a follow-up of the online meeting. If we want to store text data for subsequent processing, we will inform you transparently in advance and – if necessary – ask for your consent.
This applies accordingly to webinars.
If you participate in online meetings, Zoom’s provider will store data on this (meeting metadata, telephone dial-in data, questions and answers in webinars where applicable, survey function in webinars).
Automated decision-making within the meaning of Art. 22 DSGVO is not used.
Legal basis for data processing
Insofar as personal data of employees of Nationale Forschungsdateninfrastruktur (NFDI) e.V. are processed, Section 26 BDSG and Art. 6 (1) lit. f) DSGVO are the legal basis for data processing. In these cases, our interest is in the effective conduct of online meetings.
Furthermore, the legal basis for data processing when conducting online meetings is Art. 6 (1) lit. b) DSGVO, insofar as the meetings are conducted in the context of contractual relationships.
If there is no contractual relationship, the legal basis is Art. 6 para. 1 lit. f) DSGVO. Here, too, our interest is in the effective conduct of online meetings.
Recipients/disclosure of data
Personal data processed in connection with participation in online meetings is generally not passed on to third parties unless there is a legal basis for doing so.
Other recipients: the provider of Zoom necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with the provider.
Duration of data storage
Your data will only be stored by Zoom for as long as is necessary for the above-mentioned purposes. This does not apply if, in derogation thereof, a longer storage or retention period is required by law or is necessary for legal enforcement within the statutory limitation periods. Insofar as data is only still retained for the aforementioned purposes, data access is limited to the extent necessary for this purpose.
The data specified above will be processed for as long as it is necessary for the performance of the online meetings and related services.
The communication-related metadata will be deleted as soon as the storage is no longer necessary for the provision or maintenance of the service.
In case of recording, the audio and video transmission data and optionally the messages in the chat, question or survey function are stored and remain stored beyond the duration of the meeting. Recordings stored on the provider’s cloud servers are automatically deleted after 30 days at the latest. In case of local storage on systems of Nationale Forschungsdateninfrastruktur (NFDI) e.V., the data will only be stored to fulfill the respective purpose and as long as necessary for that purpose. In reports and in the provider’s dashboard, the data is deleted after 12 months.
Data processing outside the European Union
Zoom is a service provided by a provider from the USA. Processing of personal data thus also takes place in a third country. We have configured Zoom in such a way that the data traffic when conducting an online meeting, such as image, sound, call content, is stored or processed in the European Union (EU). Meeting metadata is also processed outside the EU, in particular US servers. We have concluded an order processing agreement with the provider of Zoom, which complies with the requirements of Art. 28 DSGVO. An appropriate level of data protection, i.e. a level comparable to the European standard, is ensured by concluding the so-called EU standard contractual clauses and by technical security measures. These are, in particular, password-protected meeting rooms with entry control, the selection of European data centers of the provider for the storage of data generated during the conduct of meetings, and end-to-end transport encryption of all data traffic.
Status: May 2021
For more information on data protection and your rights, please see our privacy policy