Privacy Statement

The Deutsches GeoForschungsZentrum (GFZ) takes the protection of your personal data very seriously. It commits to protecting the privacy of all persons using its website, and treating any submitted personal data as confidential. The data is used solely for the stated purpose, and is not forwarded to third parties.

Name and address of controller: The data controller as defined in the General Data Protection Regulation, the national data protection laws of other EU member states, and other data protection regulations is:

Name and address of data protection officer: The controller's data protection officer is:

General information on data processing

Scope of personal data processing

In general, the GFZ only processes personal data collected from users insofar as this is necessary to provide a functional website with the relevant content and services. As a rule, personal data provided by users is only processed with the respective user's consent. Exceptions apply in cases where the user's prior consent cannot be obtained on factual grounds and statutory regulations permit the processing of personal data. This system by no means store any data in the context of its normal operation with exception of the system logs (see next section). Users are always redirected to an Identity Provider hub called (B2ACCESS) hosted by EUDAT at Forschungszentrum Juelich. Users have the option to register themselves locally or through their home institutions. In the former case, the Privacy Statement can be found at

https://b2access.eudat.eu/unitygw/VAADIN/files/data-privacy-statement.html

The data received from these systems are digitally signed, sent to the user and instantaneously removed from our system.

The name of users could be visible to some Network Managers within B2ACCESS in order to update access control lists to restricted datasets.

Generation of log files. Description and scope of data processing

Every time our website is accessed, our system automatically collects data and information from the accessing computer system. The following information is stored in the web server's log files:

• the client's IP address
• the user's ID, if the request requires the user to register
• the date and time of the request
• the client's specific request, including the HTTP method, HTTP protocol version, and the path of the resource requested
• the status code sent back to the client by the server
• the size of the resources requested
• the URL of the website from which the user accessed the current web page or file
• the client program identifier

This data is also stored in our system's log files. However, it is not stored together with other personal data collected from the user.

Use of Cookies

Description and scope of data processing

This website uses cookies. Cookies are text files stored in the user's web browser or by the web browser on the user's computer system. Whenever a user accesses a website, a cookie can be stored on that user's operating system. This site uses uses cookies to make the website more user-friendly. Some elements on this website require the accessing browser to be identified after the user has moved to another web page.

Web analysis by Matomo (formerly PIWIK)

Scope of personal data processing

The GFZ uses the open source software tool Matomo (formerly PIWIK) to analyse the browsing behaviour of its website users. The software stores a cookie on the user's computer (see above for information about cookies). The following data is stored whenever individual pages on the website are accessed:

• Two bytes of the IP address of the user's accessing system
• The web page accessed
• The website from which the user reached the web page accessed (referrer)
• The sub pages retrieved from the main web page
• The time spent on the web page
• The frequency with which the web page is accessed

The software runs solely on the website servers. This is the only place where the user's personal data is stored. This data is not forwarded to any third party. The software is configured in such a way as to prevent IP addresses from being stored in full; instead, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This ensures that the truncated IP address can no longer be identified with the accessing computer. "Do not track" is also taken into account if the browser sends this.

Purpose of data processing

Processing personal data enables us to analyse the browsing behaviour of our users. Evaluations of the data collected allow the GFZ to compile information about the use of individual components on the website. This helps us to continue improving our website and make it more user-friendly. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 no. 1 lit. f GDPR. The user's interest in the protection of his/her personal data is duly taken into account by anonymising the IP address.

Storage period

The data is erased as soon as we no longer need it for recording purposes.

Your rights as a user

As a user, you are entitled to ask for information regarding your stored personal data and the purpose for this storage. You can also have incorrect data amended, or arrange for the deletion of data whose storage is prohibited or which is no longer required. We welcome privacy-related information, requests or suggestions.

Data protection officer

For questions or comments relating to privacy, please contact the GFZ's data protection officer.