Information on Data Protection PubData
Data protection is a special concern for us. We process your personal data (hereinafter referred to as "data") in accordance with current legal requirements and wish to do so in a transparent manner. For this reason, we would like to briefly explain to you which data we process, for what purposes, and on what legal basis this is done. In addition, you will receive information about contact persons and your rights in connection with data processing.
Name and contact details of the responsible person:
Leuphana Universität Lüneburg
vertreten durch den Präsidenten
Universitätsallee 1
21335 Lüneburg
Leuphana Universität Lüneburg
vertreten durch den Präsidenten
Universitätsallee 1
21335 Lüneburg
Contact details of the data protection officer:
Leuphana Universität Lüneburg
- Datenschutzbeauftragter -
Universitätsallee 1
21335 Lüneburg
E-Mail: dsb@leuphana.de
Leuphana Universität Lüneburg
- Datenschutzbeauftragter -
Universitätsallee 1
21335 Lüneburg
E-Mail: dsb@leuphana.de
Purposes and legal basis for the data processing
1. Website
As soon as you visit our website for purely informational purposes, we store so-called log files of you. Your IP address, the date and time of the page access, the URL accessed, the URL you last visited (referrer URL), the browser you are using and its version as well as the version of the operating system you are using are recorded in these files. This data is automatically deleted after 14 days.
Furthermore, we store separately the IP address, the internal identification of the retrieved data record as well as the date and time of access to the data records in so-called audit logs. This is done to prevent unauthorized access to the protected database contents and for abuse control. This data is automatically deleted after 180 days.
Our website also uses cookies. By using cookies the users of this website can be provided with more user-friendly services than would be possible without setting cookies.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID. The purpose of this recognition is to make it easier for users to use our website.
We set a session cookie with a session ID on the website which allows your current session to be tracked in order to give you access to the data of the most recent session. This cookie is deleted at the latest after you have left our online offer and closed your browser.
The storare of or the access to information in your institution is carried out in accordance with Section 25 (2) no. 2 of the Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (TTDSG). The legal basis under data protection law for the technically necessary processing for the presentation and provision of our platform on the Internet is § 3 S.1 No. 1 Niedersächsisches Datenschutzgesetz (NDSG) in conjunction with. Art. 6 para. 1 p. 1 letter e) General Data Protection Regulation (GDPR) in conjunction with. § 3 para. 1 p.1 no. 1 Niedersächsisches Hochschulgesetz (NHG).
As soon as you visit our website for purely informational purposes, we store so-called log files of you. Your IP address, the date and time of the page access, the URL accessed, the URL you last visited (referrer URL), the browser you are using and its version as well as the version of the operating system you are using are recorded in these files. This data is automatically deleted after 14 days.
Furthermore, we store separately the IP address, the internal identification of the retrieved data record as well as the date and time of access to the data records in so-called audit logs. This is done to prevent unauthorized access to the protected database contents and for abuse control. This data is automatically deleted after 180 days.
Our website also uses cookies. By using cookies the users of this website can be provided with more user-friendly services than would be possible without setting cookies.
Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a string of characters by which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the person concerned from other internet browsers that contain other cookies. A specific internet browser can be recognized and identified via the unique cookie ID. The purpose of this recognition is to make it easier for users to use our website.
We set a session cookie with a session ID on the website which allows your current session to be tracked in order to give you access to the data of the most recent session. This cookie is deleted at the latest after you have left our online offer and closed your browser.
The storare of or the access to information in your institution is carried out in accordance with Section 25 (2) no. 2 of the Gesetz über den Datenschutz und den Schutz der Privatsphäre in der Telekommunikation und bei Telemedien (TTDSG). The legal basis under data protection law for the technically necessary processing for the presentation and provision of our platform on the Internet is § 3 S.1 No. 1 Niedersächsisches Datenschutzgesetz (NDSG) in conjunction with. Art. 6 para. 1 p. 1 letter e) General Data Protection Regulation (GDPR) in conjunction with. § 3 para. 1 p.1 no. 1 Niedersächsisches Hochschulgesetz (NHG).
Information on Data Protection: Research Data
2. Create an account
If you wish to submit datasets and metadata to our database or receive restricted content, you need a user account for identification and allocation, as the database in certain parts can only be made accessible to a specified and identified user group to protect the data it contains. Furthermore, identification of the contracting party is required in order to be able to provide you with legally protected datasets.
To create an account, we store your contact details (surname, first name, email address, official address, academic institution) for the conclusion and implementation of archiving and/or publication agreements. In case of changes of your contact details during the contract period, we will also store these for the duration of the contractual relationship. Leuphana account owners can also login to PubData using this account. In this case, we use the contact data you have provided to Accounting (surname, first name, Leuphana email address, official address, assigned Leuphana institution) to conclude and implement the necessary archiving and/or publication agreements.
This data processing is necessary to carry out pre-contractual measures based on your request and to subsequently fulfil the contract concluded between you and us. The legal basis for this processing is Art. 6 para. 1 p. 1 letter b) GDPR.
If you wish to submit datasets and metadata to our database or receive restricted content, you need a user account for identification and allocation, as the database in certain parts can only be made accessible to a specified and identified user group to protect the data it contains. Furthermore, identification of the contracting party is required in order to be able to provide you with legally protected datasets.
To create an account, we store your contact details (surname, first name, email address, official address, academic institution) for the conclusion and implementation of archiving and/or publication agreements. In case of changes of your contact details during the contract period, we will also store these for the duration of the contractual relationship. Leuphana account owners can also login to PubData using this account. In this case, we use the contact data you have provided to Accounting (surname, first name, Leuphana email address, official address, assigned Leuphana institution) to conclude and implement the necessary archiving and/or publication agreements.
This data processing is necessary to carry out pre-contractual measures based on your request and to subsequently fulfil the contract concluded between you and us. The legal basis for this processing is Art. 6 para. 1 p. 1 letter b) GDPR.
3. Submitting research datasets
If you submit a research dataset for archiving or publication, its documentation and assignment to a person are required. A submission can therefore only be made after a user account has been created for allocation. We process the following additional data categories upon submission:
We process the following optional dataset information if provided:
After submission, we check your dataset for compliance with our PubData Collection Policy Research Data and, if necessary, supplement your submitted metadata in such a way that the findability of the datasets is guaranteed in accordance with good scientific practice.
The legal basis for this processing is Art. 6 para. 1 sentence 1 letter b) GDPR.
Insofar as you have submitted research datasets and these are sufficiently described and legally, technically and formally suitable for inclusion in PubData, we will publish the metadata specified above for the dataset submitted on our website.
The legal basis for this processing is Section 3 S. 1 No. 1 NDSG, Art. 6 para. 1 S. 1 letter e), para. 2 and 3 GDPR iVm. Section 3 para. 1 S. 1 No. 1 Niedersächsisches Hochschulgesetz (NHG) i.V.m.. Section 3 para. 1 s. 2 of the “Richtlinie der Leuphana Universität Lüneburg zur Sicherung guter wissenschaftlicher Praxis und zum Verfahren zum Umgang mit wissenschaftlichem Fehlverhalten“.
Please note that you must be able to prove that you have an appropriate legal basis for the publication of submitted personal (meta) data of the researchers involved in the research project. Data without a suitable legal basis may be rejected by us.
In the course of the publication of the metadata, the aforementioned metadata will also be delivered to the provider DataCite - International Data Citation Initiative e.V., Welfengarten 1 B, 30167 Hannover, Germany, for the purpose of the registration of the data. In addition, the metadata are specifically disseminated to selected scientific search engine networks, reference systems and metacatalogues for the purpose of increased visibility and findability via metadata interfaces including the metadata publication. The processing is carried out under the data protection responsibility of the respective providers. A list of the platforms and systems concerned is available on request.
The legal basis for this contractual disclosure is also Art. 6 para. 1 s. 1 letter b) GDPR.
If you submit a research dataset for archiving or publication, its documentation and assignment to a person are required. A submission can therefore only be made after a user account has been created for allocation. We process the following additional data categories upon submission:
- Title of the dataset and data collection
- Name, first name of the submitting responsible person, role in the project, ORCID-ID
- Kinds of data / resource type
- Language
We process the following optional dataset information if provided:
- Formal information on the dataset (e.g. project title, temporal coverage of the project, funding information, etc.).
- Content-related methodological descriptions of the dataset (e.g. dataset description, survey method, research design, geographical information, time period, etc.).
- Persons involved (first name, last name, ORCID-ID, institution, role, etc.) and institutions
After submission, we check your dataset for compliance with our PubData Collection Policy Research Data and, if necessary, supplement your submitted metadata in such a way that the findability of the datasets is guaranteed in accordance with good scientific practice.
The legal basis for this processing is Art. 6 para. 1 sentence 1 letter b) GDPR.
Insofar as you have submitted research datasets and these are sufficiently described and legally, technically and formally suitable for inclusion in PubData, we will publish the metadata specified above for the dataset submitted on our website.
The legal basis for this processing is Section 3 S. 1 No. 1 NDSG, Art. 6 para. 1 S. 1 letter e), para. 2 and 3 GDPR iVm. Section 3 para. 1 S. 1 No. 1 Niedersächsisches Hochschulgesetz (NHG) i.V.m.. Section 3 para. 1 s. 2 of the “Richtlinie der Leuphana Universität Lüneburg zur Sicherung guter wissenschaftlicher Praxis und zum Verfahren zum Umgang mit wissenschaftlichem Fehlverhalten“.
Please note that you must be able to prove that you have an appropriate legal basis for the publication of submitted personal (meta) data of the researchers involved in the research project. Data without a suitable legal basis may be rejected by us.
In the course of the publication of the metadata, the aforementioned metadata will also be delivered to the provider DataCite - International Data Citation Initiative e.V., Welfengarten 1 B, 30167 Hannover, Germany, for the purpose of the registration of the data. In addition, the metadata are specifically disseminated to selected scientific search engine networks, reference systems and metacatalogues for the purpose of increased visibility and findability via metadata interfaces including the metadata publication. The processing is carried out under the data protection responsibility of the respective providers. A list of the platforms and systems concerned is available on request.
The legal basis for this contractual disclosure is also Art. 6 para. 1 s. 1 letter b) GDPR.
4. Archiving
Datasets that you have transferred to us after the conclusion of the archiving agreement are stored in accordance with our official Leuphana Archiving Directive for Research Data (“Leuphana Archivierungsrichtlinie Forschungsdaten") together with the assigned metadata under linkage to your user account for preservation. The archiving infrastructure is primarily used for the digital archiving of research results to enable reproducibility of research results. Data transfer is carried out with transport encryption, data storage with the integration of fully comprehensive directory and file protection.
For files requiring protection (especially datasets with personal data), additional encryption procedures are used. The MIZ uses a standardized procedure for encryption including the separate, secure storage and administration of the corresponding key.
Access to Leuphana's digital archiving and storage system is only granted in direct access to MIZ staff explicitly entrusted with digital archiving. Therefore, the archive is protected from unauthorized access from outside. Any other access and, if necessary, the decryption of certain data only takes place in exceptional cases, and only after examination by the MIZ, with existing legal permission and authorization by the respective submitters. Data is stored in accordance with the Guidelines for Safeguarding Good Scientific Practice that means for 10 years from the date of submission. Longer preservation must be agreed and determined separately. The processing is necessary to fulfil our contractual obligations under the archiving agreement. The legal basis for this processing is Art. 6 para. 1 s. 1 letter b) GDPR.
Datasets that you have transferred to us after the conclusion of the archiving agreement are stored in accordance with our official Leuphana Archiving Directive for Research Data (“Leuphana Archivierungsrichtlinie Forschungsdaten") together with the assigned metadata under linkage to your user account for preservation. The archiving infrastructure is primarily used for the digital archiving of research results to enable reproducibility of research results. Data transfer is carried out with transport encryption, data storage with the integration of fully comprehensive directory and file protection.
For files requiring protection (especially datasets with personal data), additional encryption procedures are used. The MIZ uses a standardized procedure for encryption including the separate, secure storage and administration of the corresponding key.
Access to Leuphana's digital archiving and storage system is only granted in direct access to MIZ staff explicitly entrusted with digital archiving. Therefore, the archive is protected from unauthorized access from outside. Any other access and, if necessary, the decryption of certain data only takes place in exceptional cases, and only after examination by the MIZ, with existing legal permission and authorization by the respective submitters. Data is stored in accordance with the Guidelines for Safeguarding Good Scientific Practice that means for 10 years from the date of submission. Longer preservation must be agreed and determined separately. The processing is necessary to fulfil our contractual obligations under the archiving agreement. The legal basis for this processing is Art. 6 para. 1 s. 1 letter b) GDPR.
5. PublicationIf commissioned and in accordance with our PubData Collection Policy Research Data, we publish datasets submitted by you. This means that the data cannot only be viewed by a limited group of users after registration and verification but can be publicly accessed on the internet by anyone. Due to the purpose limitation under data protection law, this is not possible if your dataset contains personal data. Access to such datasets is only granted to third parties via a data request (clause 6.).
The legal basis for this processing is Art. 6 para. 1 s. 1 letter b) GDPR.
The legal basis for this processing is Art. 6 para. 1 s. 1 letter b) GDPR.
6. Data request
If you grant access protection or if it is legally necessary, datasets can only be released to requesting users after a check. This is particularly the case if the datasets contain personal data of data subjects of the requested dataset, as they are subject to purpose limitation under data protection law. You can apply the request to grant access to such protected datasets via a created user account. In order to check the legitimate purpose and the compatibility with the legal basis underlying the dataset, we process not only your e-mail address and your user data but also the information on the purpose of your request. When granting a data release, we store the information together with the time of the releases in order to be able to track data recipients and to be able to fulfil our obligations to provide information. This data processing is necessary to meet our obligations towards the data providers and the data subjects and to ensure a level of protection appropriate to the risk.
The legal basis for this processing is Section 3 s. 1 no. 1 NDSG, Art. 6 para. 1 s. 1 letter c) GDPR in conjunction with Art. 32 para. 1 GDPR and Art. 12 para. 3 s. 1 GDPR.
If you grant access protection or if it is legally necessary, datasets can only be released to requesting users after a check. This is particularly the case if the datasets contain personal data of data subjects of the requested dataset, as they are subject to purpose limitation under data protection law. You can apply the request to grant access to such protected datasets via a created user account. In order to check the legitimate purpose and the compatibility with the legal basis underlying the dataset, we process not only your e-mail address and your user data but also the information on the purpose of your request. When granting a data release, we store the information together with the time of the releases in order to be able to track data recipients and to be able to fulfil our obligations to provide information. This data processing is necessary to meet our obligations towards the data providers and the data subjects and to ensure a level of protection appropriate to the risk.
The legal basis for this processing is Section 3 s. 1 no. 1 NDSG, Art. 6 para. 1 s. 1 letter c) GDPR in conjunction with Art. 32 para. 1 GDPR and Art. 12 para. 3 s. 1 GDPR.
General information:
If we did not receive your data directly from you, it was transmitted to us by Leuphana Accounting.
Even if you do not exercise your rights below, the data associated with research datasets will be stored by us for a period of 10 years in accordance with the Guidelines for Safeguarding Good Scientific Practice and otherwise only for as long as is necessary for the above purposes. This does not apply if, in derogation thereof, a longer storage or preservation period is required by law or is necessary for legal enforcement within the statutory limitation periods. If data is only retained for the aforementioned purposes, data access is limited to the extent necessary for this purpose.
As a matter of principle, we keep your data to ourselves and only make it available to those employees who need it for their work within the scope of fulfilling their tasks. This does not apply if we are legally obliged to disclose it or if we publish data for an undefined group of persons by way of contract performance.
We would like to inform you that the provision of your data is necessary for the conclusion and performance of the publication and/or archiving contract. If you do not provide your data, you will be prevented from fulfilling the contract, which may result in further legal and contractual claims, or the contract cannot be concluded.
For the sake of completeness, we would like to inform you that further consequences under civil law may arise from a contractual relationship that has been concluded but cannot be implemented.
Automated decision-making including profiling within the meaning of Art. 22 para. 1 and 4 GDPR does not take place.
If we did not receive your data directly from you, it was transmitted to us by Leuphana Accounting.
Even if you do not exercise your rights below, the data associated with research datasets will be stored by us for a period of 10 years in accordance with the Guidelines for Safeguarding Good Scientific Practice and otherwise only for as long as is necessary for the above purposes. This does not apply if, in derogation thereof, a longer storage or preservation period is required by law or is necessary for legal enforcement within the statutory limitation periods. If data is only retained for the aforementioned purposes, data access is limited to the extent necessary for this purpose.
As a matter of principle, we keep your data to ourselves and only make it available to those employees who need it for their work within the scope of fulfilling their tasks. This does not apply if we are legally obliged to disclose it or if we publish data for an undefined group of persons by way of contract performance.
We would like to inform you that the provision of your data is necessary for the conclusion and performance of the publication and/or archiving contract. If you do not provide your data, you will be prevented from fulfilling the contract, which may result in further legal and contractual claims, or the contract cannot be concluded.
For the sake of completeness, we would like to inform you that further consequences under civil law may arise from a contractual relationship that has been concluded but cannot be implemented.
Automated decision-making including profiling within the meaning of Art. 22 para. 1 and 4 GDPR does not take place.
Your right to object according to Art. 21 GDPR:
With regard to the publication of metadata (see point 3), you have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation.
In this case, we will no longer process this data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
With regard to the publication of metadata (see point 3), you have the right to object to the processing of personal data concerning you at any time on grounds relating to your particular situation.
In this case, we will no longer process this data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
Your other rights:
You have the right to request information from us about the processing of data concerning you. In addition to a copy of the data, this right to information also includes the purposes of the data processing, the data recipients and the storage period.
If incorrect data is processed, you can demand that we correct this data without delay. If the legal requirements according to Art. 17 or 18 GDPR are met, you also have the right to immediate deletion or restriction of the processing of the data. Please note that restricted processing of the data may not be possible.
Furthermore, you can make use of your right to data portability under the conditions of Art. 20 GDPR.
To exercise your above rights, please contact:
Leuphana Universität Lüneburg
Martin Bilz
Universitätsallee 1
21335 Lüneburg
E-Mail: martin.bilz@leuphana.de
If you have any further questions, our data protection officer will be happy to advise you.
If you have a data protection complaint, please contact the data protection authority of your choice. Directly responsible for Leuphana University of Lüneburg:
Die Landesbeauftragte für den
Datenschutz Niedersachen
Prinzenstraße 5
30159 Hannover
E-Mail: poststelle@lfd.niedersachsen.de
Only the German version of this privacy notice shall be legally binding. The English translation serves information purposes only.
The Leuphana guidelines, policies and agreements referenced in this document can be found at the PubData Guidelines Overview for Research Data.
You have the right to request information from us about the processing of data concerning you. In addition to a copy of the data, this right to information also includes the purposes of the data processing, the data recipients and the storage period.
If incorrect data is processed, you can demand that we correct this data without delay. If the legal requirements according to Art. 17 or 18 GDPR are met, you also have the right to immediate deletion or restriction of the processing of the data. Please note that restricted processing of the data may not be possible.
Furthermore, you can make use of your right to data portability under the conditions of Art. 20 GDPR.
To exercise your above rights, please contact:
Leuphana Universität Lüneburg
Martin Bilz
Universitätsallee 1
21335 Lüneburg
E-Mail: martin.bilz@leuphana.de
If you have any further questions, our data protection officer will be happy to advise you.
If you have a data protection complaint, please contact the data protection authority of your choice. Directly responsible for Leuphana University of Lüneburg:
Die Landesbeauftragte für den
Datenschutz Niedersachen
Prinzenstraße 5
30159 Hannover
E-Mail: poststelle@lfd.niedersachsen.de
Only the German version of this privacy notice shall be legally binding. The English translation serves information purposes only.
The Leuphana guidelines, policies and agreements referenced in this document can be found at the PubData Guidelines Overview for Research Data.