Data Protection Declaration

Data Protection Declaration

Version March 2019

The web servers of the High-Performance Computing Center Stuttgart (HLRS) are operated by HLRS, Nobelstr. 19, 70569 Stuttgart. The processed personal data are subject to the applicable data protection regulations, in particular the General Data Protection Regulation (GDPR), the Federal Data Protection (BDSG), and the State of Baden-Württemberg Data Protection Act (LDSG BW).

1. Party responsible for data protection

University of Stuttgart
Keplerstraße 7
70174 Stuttgart
Germany

Phone: +49 711 685 0
Email: poststelle@uni-stuttgart.de

for the High Performance Computing Center Stuttgart (HLRS)
Nobelstr. 19
70569 Stuttgart

2. Data Protection Officer

Data Protection Officer of the University of Stuttgart
Breitscheidstraße 2
70174 Stuttgart
Phone: +49 711 685 83687
Email: datenschutz@uni-stuttgart.de

3. Data collection when accessing HLRS websites

3.1 Webserver log files

a) Each time you access a page on our website and retrieve a file,HLRS temporarily logs the following data:

  • IP address of the requesting computer
  • Date and time of access
  • Name, URL, and size of the retrieved file (in bytes)
  • Access status (requested file transfer, not found, etc.)
  • Identification data of the browser and operating system used (if transmitted by the requesting web browser)
  • Website from which access was made (if provided by the requesting web browser)

b) Purpose, legal basis
Log files are temporarily stored for the purpose of detecting, correcting, or preventing disturbances and attacks. The legal basis for this activity is Art. 6 para. 1 lit. f of the GDPR. Also included in the stated purpose is our legitimate interest in data processing according to Art. 6 para. 1 lit. f of the GDPR.

c) Addressee
Transmission of log files from our web server to state institutions and authorities takes place only within the framework of mandatory national requirements or if disclosure is required in the event of an attack on our IT infrastructure or for reasons of legal action or criminal prosecution.

d) Duration of data storage
HLRS completely deletes stored data seven days after logging.

e) Consequences of non-declaration, objection or removal possibility
The collection of data for the provision of the website and the storage of the data in log files is essential for this website's operation. Users who do not want their data processed as described can not use this website.

3.2 Use of Matomo

We use the open source tool Matomo (formerly Piwik) to analyze the surfing behavior of our website's users. The software places a cookie on the user's computer. All IP addresses are immediately anonymized during this process so that we have no way to determine the identities of individual users. When accessing our website, a user is informed about our use of Matomo and his or her consent is obtained to process personal data in this context. When users receive this notification, it also includes a reference to this Data Protection Declaration.

a) When accessing individual websites, Matomo collects and temporarily stores the following data:

  • IP address in anonymous form (2 bytes). The last two digits are masked; e.g. 168.xxx.xxx. In this way, it becomes impossible to determine the specific computer from which the call was made.
  • Web page that was called
  • Website from which the user came to our website
  • Subpages called from the web page
  • Duration of visit to the website
  • Number of visits to the website

b) Purpose, legal basis
The processing of users' personal data enables us to analyze our users' browsing behavior. By analyzing the data obtained, we can compile information about how individual components of our website are being used. This helps us to constantly improve our website and its user-friendliness. These purposes are grounds for our legitimate interest in the processing of data according to Art. 6 para. 1 lit. f of the GDPR. The anonymization of a user's IP address sufficiently takes into account users' interest in their protection of personal data.

c) Adressee
Matomo runs exclusively on our website's servers. Personal data of our website's users is stored only there. Transmission of this data to governmental facilities and agencies will only take place in the context of mandatory national regulations or when disclosure is necessary for law enforcement or criminal prosecution in the event of an attack on our IT infrastructure.

d) Duration of data storage
The stored data is automatically deleted after three years.

e) Tracking, consequences of non-declaration, objection or removal possibility
Cookies are stored on the user's computer and transmitted by the user's computer to our site. Therefore, as a user, regardless of the data storage duration described above, you also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the transmission of cookies. However, if cookies are disabled for our website or if you do not consent to the use of cookies, it might not be possible to completely use all functions of the website.

If you no longer consent to the storage and analysis of the data from your visit, you can revoke your consent at any time. In this case, a so-called opt-out cookie is stored in your browser, with the result that Matomo no longer collects any session data, beginning at the time you submit a request to no longer submit tracking data.

Objection:

3.3 Other data collection and processing

To the extent that personal data are collected for individual functions on our pages (such as contact forms, trouble tickets, or course registrations, for example), users explicitly provide this data voluntarily or data are stored on the basis of legal provisions that permit it. You will be informed about any collection and further use of your data at the appropriate point.

4. Your rights

You have the right at any time to free information about your stored data, including their origin and any third-party recipients, and the purpose of any processing of those data. You also have a right to the correction, blocking, or deletion of any data that correspond to you.

Whenever data processing is based on a consent or on a contract, we will bring this to your attention at the appropriate point. If you have given us consent to the processing of your personal data, you have the right to revoke this consent at any time, although the legality of that data processing between the time of your consent and your revoking of that consent will not be affected. Please contact recht@hlrs.de if you have any questions about this. In addition, if data processing is carried out with the use of automated procedures, you might be entitled to data portability (Article 20 GDPR).

You have the right to complain to a supervisory authority if you believe that the processing of your personal data violates any law. One example of such a supervisory authority is the Baden-Württemberg State Commissioner for Data Protection and Freedom of Information.

5. Miscellaneous, validity and timeliness

Insofar as personal data is collected for individual functions on our website (such as a contact form), the user expressly provides this information voluntarily or the survey is made on the basis of legal provisions that permit it. You will be informed of the collection and further use of your data at the appropriate point.

This Data Protection Declaration is immediately valid and supersedes all prior statements. Further developments may make it necessary to revise this Data Protection Declaration. We reserve the right to change the Data Protection Declaration at any time with future effect, and recommend that you stay up-to-date with the current Data Protection Declaration. The Data Protection Declaration is linked in the footer of the website www.hlrs.de.

The German version of this Data Protection Declaration is the only binding and enforceable version of this Statement.