Wiki source code of Access Policy
Last modified by publicadmin on 2026/04/08 06:48
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{info}} | ||
| 2 | Version: 1.1 (2021-09-17) | ||
| 3 | Download pdf: | ||
| 4 | {{/info}} | ||
| 5 | |||
| 6 | ---- | ||
| 7 | |||
| 8 | **Contents** | ||
| 9 | |||
| 10 | {{toc start="2"/}} | ||
| 11 | |||
| 12 | |||
| 13 | |||
| 14 | == 1. Introduction == | ||
| 15 | |||
| 16 | The BIH/Charité Virtual Research Environment (VRE) is a data management platform that is being developed to enable Charité researchers and their collaborators to store, standardize, analyze, and share data generated from their research studies. It provides a platform for researchers to find and use data, to perform modelling, simulation, and virtual experiments, and to access the required computing resources. This access policy is aimed at facilitating the responsible, transparent, extensive, and appropriate sharing, access and use of the services and resources provided through the VRE. It ensures that the processes of applying for access to these services are simple and clear while facilitating ethically and legally responsible use of research data. | ||
| 17 | |||
| 18 | |||
| 19 | |||
| 20 | == 2. Principles of Access == | ||
| 21 | |||
| 22 | |||
| 23 | The VRE operates with the following principles in accordance with the European Charter for Access to Research Infrastructures. | ||
| 24 | |||
| 25 | |||
| 26 | * VRE services and resources are available for legitimate purposes (e.g., research undertaken by universities, non-governmental organisations, government agencies, research institutions, commercial organizations, independent researchers) which are not excluded by the VRE General Terms of Use. | ||
| 27 | * Access to some resources is controlled and limited to specific conditions. | ||
| 28 | * Human datasets transferred to the VRE are in compliance with the General Data Protection Regulation (GDPR) provisions. Owing to the changing landscape of technology and the increasing possibility of a positive re-identification of human datasets, use of the VRE requires that applicants intending to use human datasets enter into an agreement not to make any attempt to re-identify data subjects. | ||
| 29 | |||
| 30 | == 3. Definitions == | ||
| 31 | |||
| 32 | //Data User//: Refers to the legal person (individual or organization) that accesses and/or uses datasets on the VRE. | ||
| 33 | |||
| 34 | //VRE Use and Access Committee//: Refers to the committee coordinated by the Charité which reviews applications for access to VRE services (including data submission, use of data and other resources/services). | ||
| 35 | |||
| 36 | //GDPR: //General Data Protection Regulation [[http:~~/~~/ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf>>http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf]] | ||
| 37 | |||
| 38 | //Human Dataset: //Collection of related sets of information from human subjects | ||
| 39 | |||
| 40 | //Human Data Subject: //Refers to the identifiable natural person (study participant) whose data are used in research and are accessed on the VRE (as defined in Chapter 1, Article 4 of the GDPR). | ||
| 41 | |||
| 42 | //Service Provider: //Refers to the institution providing VRE services, i.e., Charité - Universitätsmedizin Berlin. | ||
| 43 | |||
| 44 | //Service User: //Refers to legal person (individual or organization) that accesses and/or uses VRE services (such as software or computing services) that are not datasets. | ||
| 45 | |||
| 46 | |||
| 47 | |||
| 48 | == 4. Permission for Access and User Registration == | ||
| 49 | |||
| 50 | A VRE project represents a research project that has received the necessary approvals from applicable institutional bodies, from the VRE Use and Access Committee, and from applicable Charité approval bodies (such as the Charité Data Protection Officer) to use the VRE to store, process and share project data. All datasets stored in the VRE are associated with a project. VRE project members generally include researchers affiliated with Charite. Projects with members exclusively from other institutions may also be approved to use the VRE. | ||
| 51 | |||
| 52 | |||
| 53 | Each VRE project is assigned a Project Administrator. The Project Administrator is a VRE user that has been granted the authority to use the VRE and is typically the Principal Investigator (PI) of the research project, or a person delegated by the PI to serve the role of Project Administrator. Project Administrators can use the VRE Portal to invite other members of their project to the VRE. Invited users receive an email with a link to activate their VRE account, if they do not already have one, and can then access the project on the VRE Portal. During the activation process, each user is required to accept the VRE General Terms of Use. | ||
| 54 | |||
| 55 | Users are either employees of the Charité, or members of trusted institutions who have established a contractual relationship (e.g., business contract, data processing agreement) with the Charité. Users from the latter category are required to apply for access by providing the contract number and a form of personal identification for approval and onboarding to the central active directory of the Charité. This process is supported by the VRE platform administrators and the Use and Access Committee. | ||
| 56 | |||
| 57 | === 4.1 Levels of Access === | ||
| 58 | |||
| 59 | Access to VRE project data and services is controlled. There is no open or public level of access, therefore users must be authenticated on the VRE in order to access VRE services and/or project data. Users can only access data and services associated with the projects for which they have been authorized by Project Administrators. | ||
| 60 | The VRE uses role-based access control. Roles include Platform Administrator, Project Administrator, Project Collaborator, and Project Contributor, in decreasing order of user privilege. Each user account is assigned one of these roles, and other roles may be added in the future. Each user role is associated with a set of rights that determine the actions that a user can perform, and the data and functionality that the user can access on the VRE. | ||
| 61 | |||
| 62 | |||
| 63 | |||
| 64 | = 5. User Access Requirements = | ||
| 65 | |||
| 66 | Users are required to accept the [[VRE General Terms of Use>>doc:Main.Privacy and Data Governance.General Terms of Use.WebHome]] to confirm that they will comply with all applicable laws, regulations, rules, and approvals in the use and sharing of the data stored in the VRE, including the General Data Protection Regulation (GDPR). Additionally, users who are not employees of the Charité are required to fulfill the preconditions for receiving entry into the central Active Directory as described in Section 4. | ||
| 67 | |||
| 68 | |||
| 69 | Beyond complying with the provisions of the General Terms of Use, the user must adhere to basic ethical principles of respect for autonomy, human rights, dignity, non-discrimination, social benefits and the principles of Responsible Research and Innovation that help the anticipation and assessment of potential implications of research and innovation to align research and technology with values, needs and expectations of society. | ||
| 70 | |||
| 71 | Non-EU users must agree to comply with the provisions of the GDPR especially with regard to data subject rights to: access, rectification, restriction of processing, erasure, data portability, object and automated individual decision-making (see GDPR chapter 3 article 12-23). | ||
| 72 | |||
| 73 | The VRE General Terms of Use also require users to agree to use the VRE services and project data only for the purposes for which access was granted, and to confirm that they understand that no guarantees are offered regarding service reliability and availability. | ||
| 74 | |||
| 75 | |||
| 76 | |||
| 77 | == 6. Access Charges == | ||
| 78 | |||
| 79 | The VRE generally seeks to provide services to the research community without access charges. Some projects requiring specialized functionality, computing resources or support may be required to contribute funds to offset associated costs. | ||
| 80 | |||
| 81 | |||
| 82 | |||
| 83 | == 7. VRE Privacy Policy == | ||
| 84 | |||
| 85 | The VRE privacy policy can be found at [[https:~~/~~/vre.charite.de>>https://vre.charite.de]]. | ||
| 86 | |||
| 87 | |||
| 88 | |||
| 89 | == 8. Terms and Conditions == | ||
| 90 | |||
| 91 | Access to the VRE implies the user’s approval of the VRE General Terms of Use which can be found at [[https:~~/~~/vre.charite.de>>https://vre.charite.de]]. | ||
| 92 | |||
| 93 | |||
| 94 | |||
| 95 | == 9. Termination of Access == | ||
| 96 | |||
| 97 | The VRE and its service providers reserve the right to monitor the use of a user account and to suspend or terminate access with or without notice in case of breach of VRE General Terms of Use or other VRE policies. | ||
| 98 | |||
| 99 | |||
| 100 | |||
| 101 | == 10. VRE Liabilities == | ||
| 102 | |||
| 103 | The VRE does not provide explicit or implied warranties for the data stored in the VRE or for the services provided by the VRE. Data may contain advice, opinions, statements or other information by various authors or entities. Reliance upon any such advice, opinion, statement, or other information is at the user’s own risk. | ||
| 104 | |||
| 105 | |||
| 106 | |||
| 107 | == 11. Implementation and Compliance == | ||
| 108 | |||
| 109 | It is the responsibility of users to demonstrate compliance to this policy upon request. Data concerning major breaches of the conditions set out in this policy will be gathered by the VRE administration team and submitted to the VRE Use and Access Committee. | ||
| 110 | |||
| 111 | |||
| 112 |