Wiki source code of Privacy Policy
Last modified by publicadmin on 2025/12/16 13:04
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | {{info}} | ||
| 2 | Version: 1.1 (2021-09-17) | ||
| 3 | Download pdf: [[[[image:VRE Privacy Policy ver 1.1 17-Sep-2021.pdf]]>>attach:VRE Privacy Policy ver 1.1 17-Sep-2021.pdf||data-widget="image"]][[image:data:image/gif;base64,R0lGODlhAQABAPABAP///wAAACH5BAEKAAAALAAAAAABAAEAAAICRAEAOw==||draggable="true" height="15" role="presentation" title="Click and drag to move" width="15"]] | ||
| 4 | {{/info}} | ||
| 5 | |||
| 6 | ---- | ||
| 7 | |||
| 8 | (% class="wikigeneratedid" id="HCharitE9VirtualResearchEnvironmentPrivacyPolicy" %) | ||
| 9 | ((( | ||
| 10 | = **Charité Virtual Research Environment Privacy Policy** = | ||
| 11 | ))) | ||
| 12 | |||
| 13 | |||
| 14 | The Virtual Research Environment (VRE) is a computing research infrastructure that is contained within the information technology infrastructure of the Charité - Universitätsmedizin Berlin (Charité). The information in this policy is intended to supplement the Data Protection Statement of the Charité - which can be accessed at [[https:~~/~~/www.charite.de/en/service/data_protection/>>https://www.charite.de/en/service/data_protection/]] or by contacting the Data Protection Officer by email: [[datenschutz@charite.de>>mailto:datenschutz@charite.de]]. | ||
| 15 | |||
| 16 | This privacy policy will explain how the VRE uses personal data from two categories of data subjects: (1) users of the platform, and (2) individuals who are participants in research studies whose personal data is processed in the platform as part of a research initiative by an authorized research investigator. | ||
| 17 | |||
| 18 | |||
| 19 | **Contents** | ||
| 20 | |||
| 21 | {{toc start="2"/}} | ||
| 22 | |||
| 23 | |||
| 24 | |||
| 25 | == 1. Data Collected from Users of the VRE == | ||
| 26 | |||
| 27 | Users of the VRE include members of the public who visit the VRE web portal and registered account holders of the VRE. | ||
| 28 | |||
| 29 | === 1.1 What data do we collect? === | ||
| 30 | |||
| 31 | The VRE collects the following data from registered account holders: | ||
| 32 | |||
| 33 | * Personal identification information such as name, email address, institutional affiliation, username. Users who are not employees of the Charité are required to complete an application form to be included in the Charité user directory. This application collects additional personal information required by the Charité such as date of birth. | ||
| 34 | |||
| 35 | === 1.2 How do we collect your data? === | ||
| 36 | |||
| 37 | You directly provide the VRE with the data we collect. If you are invited to become a member of the VRE it is because you have requested to become a member and an administrator has invited you by email. We collect data and process your data when you: | ||
| 38 | |||
| 39 | * Complete an application to start a project on the VRE. | ||
| 40 | * Accept an invitation to become a member of VRE and complete the online registration process. | ||
| 41 | * Complete an application form to become part of the Charité user directory. | ||
| 42 | * Use or view our website via your browser's cookies. | ||
| 43 | * Contact VRE support to receive assistance on using the VRE. | ||
| 44 | |||
| 45 | === 1.3 How will we use your data? === | ||
| 46 | |||
| 47 | The VRE collects your data so that we can: | ||
| 48 | |||
| 49 | * Deliver the content of the VRE web portal. | ||
| 50 | * Provide the research tools and services of the VRE platform. | ||
| 51 | * Email you with news or maintenance updates about the VRE or to periodically ask for your feedback to continually improve on the features of the VRE. | ||
| 52 | * Aggregate statistics on platform usage to assist with the operations and future planning needs of the platform. | ||
| 53 | |||
| 54 | By applying to create a project on the VRE, and/or by agreeing to the Terms of Use upon registration of your user account, you consent to the collection and use of your data to deliver the services of the VRE. | ||
| 55 | The VRE may receive support and services from providers outside of the Charité through a contractual relationship. If any personal data is transferred to these providers, the administrator of this website is required to consult the Charité Data Protection Officer to ensure that all data privacy obligations are met. | ||
| 56 | |||
| 57 | The legal basis for processing of your personal data by the VRE is your consent, including: | ||
| 58 | |||
| 59 | * Your consent to become a member of the VRE and agree to the Privacy Policy (GDPR Art. 6(1)(a)) | ||
| 60 | * Necessity for the performance of a contract to which the Data Subject is a party, or for taking steps at the request of the Data Subject prior to entering a contract (GDPR Art. 6(1)(b)). | ||
| 61 | * Compliance with a legal obligation (GDPR Art. 6(1)(c)). For example, where the VRE partners are required to store the data to meet bookkeeping or audit obligations. | ||
| 62 | * Necessity for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (GDPR Art. 6(1)(e)). | ||
| 63 | * If the VRE partners have a legitimate interest that is not overridden by the interests or fundamental rights freedoms of the Data Subject (GDPR Art. 6(1)(f)). | ||
| 64 | |||
| 65 | === 1.4 How do we store your data? === | ||
| 66 | |||
| 67 | The VRE tools and services are secured within the IT infrastructure of the Charité. The VRE will retain your personal information as long as required for the original purpose. | ||
| 68 | Information stored in log files is periodically erased according to the policies and procedures of the Charité IT department. | ||
| 69 | |||
| 70 | Data Subjects may request erasure of their personal data to the Charité Data Protection Officer (DPO). The data controller will execute such requests, except for minimal personal data which may be retained if needed for monitoring legal compliance. Backups may also be retained in case of legitimate interests of the data controller for the continued exploitation of the research infrastructure. | ||
| 71 | |||
| 72 | === 1.5 Marketing === | ||
| 73 | |||
| 74 | No personal data collected from the VRE website is sold or otherwise shared with third parties for the purposes of direct marketing or other commercial purposes. | ||
| 75 | |||
| 76 | === 1.6 What are your data protection rights? === | ||
| 77 | |||
| 78 | You have the following rights vis-à-vis the controller (Charité) regarding the processing of your personal data: | ||
| 79 | **The right to access **- You have the right to submit a request to the Charité for copies of your personal data. | ||
| 80 | **The right to rectification **- You have the right to request that the Charité correct any information you believe is inaccurate. You also have the right to request the Charité to complete information you believe is incomplete. | ||
| 81 | **The right to erasure **- You have the right to request that the Charité erase your personal data, under certain conditions. | ||
| 82 | **The right to restrict processing **- You have the right to request that the Charité restricts the processing of your personal data, under certain conditions. | ||
| 83 | **The right to object to processing **- You have the right to object to the Charité processing of your personal data, under certain conditions. | ||
| 84 | **The right to data portability **- You have the right to request that the Charité transfer the data that we have collected to another organization, or directly to you, under certain conditions. | ||
| 85 | |||
| 86 | |||
| 87 | If you would like to exercise any of these rights, please contact us at our email: datenschutz(at)charite.de. | ||
| 88 | |||
| 89 | |||
| 90 | |||
| 91 | == 2 Data collected from Research Participants == | ||
| 92 | |||
| 93 | If you are a research participant, your personal information is collected by a qualified researcher who has been evaluated and approved by relevant authorities (e.g., research ethics board, data protection authorities) to conduct a research study and use the tools and services of the VRE to store and process the data. The researcher’s use of the VRE is detailed in a written Data Processing Agreement which is entered into by the researcher and the Charité before the processing takes place. | ||
| 94 | |||
| 95 | === 2.1 What data do we collect === | ||
| 96 | |||
| 97 | The VRE does not collect any data from you, the research participant. The VRE processes your data when qualified researchers use the tools and services of the VRE as a processing environment for their research analyses. The researcher determines the data that is collected from you to fulfil the objectives of their research study. | ||
| 98 | |||
| 99 | === 2.2 How do we collect your data? === | ||
| 100 | |||
| 101 | The VRE does not collect any data from you, the research participant. You provide your data to a qualified researcher who uses the tools and services of the VRE as a processing environment for their research analyses. | ||
| 102 | |||
| 103 | === 2.3 How will we use your data? === | ||
| 104 | |||
| 105 | The researcher is the data controller and is the only party that may determine the means and purpose of processing your data. The VRE processes your data on behalf of the researcher, as described in a written Data Processing Agreement entered into by both parties. | ||
| 106 | |||
| 107 | Employees of Charité and its qualified subcontractors may access research data stored in the VRE in their performance of duties as system administrators of the VRE. Charité has implemented and will maintain Technical and Organisational Security Measures to restrict access to research data to only those employees who require such access and takes appropriate steps to ensure compliance by its employees, contractors and sub-contractors to the extent applicable to their scope of performance and ensure that all persons authorized to process research data are under an obligation of confidentiality and receive adequate training. | ||
| 108 | Charité will not access, use, or disclose to any third party any research data except as necessary to comply with the law or a valid and binding order of a governmental body (such as a subpoena or court order). | ||
| 109 | |||
| 110 | === 2.4 How do we store your data? === | ||
| 111 | |||
| 112 | Research data in the VRE is stored within the Information Technology (IT) infrastructure of the Charité. The Charite maintains policies and procedures governing data security and storage. The VRE retains data processed on behalf of the researcher as required for the researcher’s original purpose. | ||
| 113 | |||
| 114 | Information stored in log files is periodically erased according to the policies and procedures of the Charité IT department. | ||
| 115 | |||
| 116 | The VRE provides researchers with tools and services to retrieve or delete your data. As a research participant, you may request erasure of your personal data that the researcher collected and stored in the VRE. The researcher (data controller) will execute such requests, except for minimal logging or administrative information about the data files themselves which may be retained if needed for monitoring legal compliance. Backups may also be retained in case of legitimate interests of the data controller for the continued exploitation of the research infrastructure. | ||
| 117 | |||
| 118 | === 2.5 Marketing === | ||
| 119 | |||
| 120 | No personal data stored in the VRE is sold or otherwise shared with third parties for the purposes of direct marketing or other commercial purposes. | ||
| 121 | |||
| 122 | === 2.6 What are your data protection rights? === | ||
| 123 | |||
| 124 | You have the following rights vis-à-vis the controller (researcher) regarding the processing of your personal data: | ||
| 125 | **The right to access **- You have the right to request the researcher provides copies of your personal data. | ||
| 126 | **The right to rectification **- You have the right to request that the researcher corrects any information you believe is inaccurate. You also have the right to request the researcher to complete information you believe is incomplete. | ||
| 127 | **The right to erasure **- You have the right to request that the researcher erase your personal data, under certain conditions. | ||
| 128 | **The right to restrict processing **- You have the right to request that the researcher restricts the processing of your personal data, under certain conditions. | ||
| 129 | **The right to object to processing **- You have the right to object to the researcher’s processing of your personal data, under certain conditions. | ||
| 130 | **The right to data portability **- You have the right to request that the researcher transfer the data that they have collected to another organization, or directly to you, under certain conditions. | ||
| 131 | |||
| 132 | |||
| 133 | If you wish to make a request under your data protection rights, you should contact the researcher or Data Protection Officer at the institution of the research study where you participated. This information is usually available on a written informed consent form that you signed when you participated in the study. | ||
| 134 | |||
| 135 | |||
| 136 | If you are unable to reach the researcher or don’t have that information, please contact the Data Protection Officer of the Charité at our email: datenschutz(at)charite.de | ||
| 137 | |||
| 138 | |||
| 139 | |||
| 140 | == 3 Cookies == | ||
| 141 | |||
| 142 | === 3.1 What are cookies? === | ||
| 143 | |||
| 144 | Cookies are text files placed on your computer when you visit the VRE Portal webpage to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology. | ||
| 145 | |||
| 146 | For further information, visit allaboutcookies.org. | ||
| 147 | |||
| 148 | === 3.2 How do we use cookies? === | ||
| 149 | |||
| 150 | The VRE Portal uses cookies in a range of ways to improve your experience on the VRE website , including: | ||
| 151 | Some cookies are functional session cookies which are used to provide the user with the experience of a session: e.g., they track login details, remember user choices and preferences, and in some instances determine site permissions. Other cookies are used to provide statistics: e.g., they provide, in anonymous form, the number of visitors accessing a website, features users access during website visits, and the general location of the user based on IP address. | ||
| 152 | |||
| 153 | === 3.3 What types of cookies do we use? === | ||
| 154 | |||
| 155 | There are a number of different types of cookies, however, the VRE portal website uses only strictly necessary cookies — these cookies are essential for the proper operation of the website, allowing you to browse the website and use its features such as accessing secure areas of the site. This website protects your privacy by not creating cookies which contain personal data. The following list describes the types of cookies used on the VRE website: | ||
| 156 | |||
| 157 | * Access token: An encoded token that is used to mark user's identity and access to services. | ||
| 158 | * Refresh token: An encoded token that is used to refresh user's session. | ||
| 159 | * Username: Username of the current user | ||
| 160 | * Login status: Indicates whether or not a user is logged into the VRE | ||
| 161 | * Terms of Use Notification: Indicates whether or not a user has acknowledged the applicable Terms of Use and Privacy Policy notifications. | ||
| 162 | |||
| 163 | === 3.4 How to manage cookies === | ||
| 164 | |||
| 165 | You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result. | ||
| 166 | |||
| 167 | |||
| 168 | |||
| 169 | == 4 Privacy policies of other websites == | ||
| 170 | |||
| 171 | The VRE Portal website may contain links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy. | ||
| 172 | |||
| 173 | |||
| 174 | |||
| 175 | == 5 Changes to our privacy policy == | ||
| 176 | |||
| 177 | The VRE keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on March 24, 2021. | ||
| 178 | |||
| 179 | |||
| 180 | |||
| 181 | == 6 How to contact us == | ||
| 182 | |||
| 183 | === 6.1 Users of the VRE === | ||
| 184 | |||
| 185 | The Charité is the institution responsible for the VRE Research Infrastructure and is the data controller for the personal information of users on the VRE. If you have any questions about the VRE, the Charité privacy policy, or data we hold on you as a user of the VRE, or if you would like to exercise one of your data protection rights, please contact us. | ||
| 186 | |||
| 187 | (% style="height:131px; width:1486px" %) | ||
| 188 | |(% style="width:150px" %)Email us at: |(% style="width:1339px" %)[[datenschutz@charite.de>>mailto:datenschutz@charite.de]] | ||
| 189 | |(% style="width:150px" %)Call us:|(% style="width:1339px" %)+49 30 450 580 016 | ||
| 190 | |(% style="width:150px" %)Or write to us at: |(% style="width:1339px" %)Charité – Universitätsmedizin Berlin | ||
| 191 | Charitéplatz 1 | ||
| 192 | 10117 Berlin | ||
| 193 | Deutschland | ||
| 194 | |||
| 195 | === 6.2 Research Participants === | ||
| 196 | |||
| 197 | The researcher who collected your data is the data controller for the personal information you provided for research purposes. If you have any questions about your participation in the research study and the research data stored about you in the VRE, or you would like to exercise one of your data protection rights, please contact the researcher who collected your data or the Data Protection Officer (DPO) of the institution where your research data were collected. | ||
| 198 | If you are unable to reach the researcher or don’t have this information available, or you have general questions about how your data are processed within the VRE, you may contact the Data Protection Officer (DPO) of the Charité. | ||
| 199 | |||
| 200 | (% style="height:131px; width:1486px" %) | ||
| 201 | |(% style="width:150px" %)Email us at: |(% style="width:1339px" %)[[datenschutz@charite.de>>mailto:datenschutz@charite.de]] | ||
| 202 | |(% style="width:150px" %)Call us:|(% style="width:1339px" %)+49 30 450 580 016 | ||
| 203 | |(% style="width:150px" %)Or write to us at: |(% style="width:1339px" %)Charité – Universitätsmedizin Berlin | ||
| 204 | Charitéplatz 1 | ||
| 205 | 10117 Berlin | ||
| 206 | Deutschland | ||
| 207 | |||
| 208 | Datasets considered “open for public sharing” that have been processed by researchers in the VRE are posted on the VRE website. If you are a participant in one of these “open for public sharing” datasets and you have questions about the processing of your data in the VRE, you may contact the Charité DPO at the contact listed above. | ||
| 209 | |||
| 210 | |||
| 211 | |||
| 212 | == 7 How to contact the appropriate authority == | ||
| 213 | |||
| 214 | The VRE, its service providers, and the Charité DPO will make every reasonable effort to address your data protection concerns. However, you have a right to lodge a complaint with a data protection authority. | ||
| 215 | Contact information for the German Federal Commissioner for Data Protection and Freedom of Information is listed below: | ||
| 216 | |||
| 217 | (% style="height:131px; width:1486px" %) | ||
| 218 | |(% style="width:150px" %)Postal address: |(% style="width:1339px" %)DerBundesbeauftragten für den Datenschutz und die Informationsfreiheit - | ||
| 219 | Graurheindorfer Str. 153 - 53117 Bonn | ||
| 220 | |(% style="width:150px" %)Telephone:|(% style="width:1339px" %)+49 (0)228 99 77 99-0 | ||
| 221 | |(% style="width:150px" %)Fax: |(% style="width:1339px" %)+49 (0)228 99 77 99-5550 | ||
| 222 | |(% style="width:150px" %)E-mail:|(% style="width:1339px" %)[[poststelle@bfdi.bund.de>>mailto:poststelle@bfdi.bund.de]] | ||
| 223 | |(% style="width:150px" %)Website:|(% style="width:1339px" %)[[http:~~/~~/www.bfdi.bund.de/>>http://www.bfdi.bund.de/]] | ||
| 224 | |||
| 225 | The competence for complaints is split among different data protection supervisory authorities in Germany. | ||
| 226 | Competent authorities can be identified according to the list provided under www.bfdi.bund.de/anschriften | ||
| 227 | Contact information for the European Data Protection Board and EU DPAs is available here: [[https:~~/~~/edpb.europa.eu/about-edpb/board/members_en>>https://edpb.europa.eu/about-edpb/board/members_en]] | ||
| 228 | |||
| 229 |