Privacy Policy

Privacy Policy - HPC Portal Europe

1. Data Controller Information

Data Controller: 

Universität Stuttgart 

Keplerstraße 7

70174 Stuttgart Germany

Phone: +49 711 685-0

Email: poststelle@uni-stuttgart.de 

Data Protection Officer: 

Universität Stuttgart Datenschutzbeauftragter

Geschwister-Scholl-Str. 24b 70174 Stuttgart

Tel: +49 711 685-83687

Email: datenschutzbeauftragter@uni-stuttgart.de

Technical Server Operator: 

HLRS (High-Performance Computing Center Stuttgart) 

Nobelstr. 19

70569 Stuttgart

2. Introductory Notice

This privacy policy relates to the web portal www.hpc-portal.eu. The HPC Europe Portal's mission is to function as the central access point for information concerning EU-funded High-Performance Computing (HPC) stakeholders.

In this Privacy Policy, we refer to the following laws and regulations:

• GDPR (General Data Protection Regulation, EU 2016/679)

• TDDDG (Telekommunikation-Digitale-Dienste-Datenschutz-Gesetz)

   

3. Categories of Personal Data Processed by Website Section

3.1 Website Section: General Access

• Categories of Personal Data Processed: 

  -- IP address (2 bytes anonymized)

  -- Date and time of access

  -- Name, URL and transferred data quantity of the accessed file

  -- Browser type and operating system (if transferred by the requesting web browser)

  -- Website from which the access took place (if transferred by the requesting web browser)

• Purposes of Processing: 

  -- Website provision

  -- IT security

  -- Attack Prevention

  -- System

  -- Optimization

• Legal Basis: Art. 6(1)(f) GDPR - Legitimate interest

• Data Storage Period: 

  -- Log files: 7 days

  -- Session data: End of session

3.2 Website Section: User Registration: Registration as NCC/CoE/Project (Administrator or Member)

• Categories of Personal Data Processed:

  -- Email address

  -- User ID

  -- First name

  -- Last name

  -- Affiliation to an organization (NCC/CoE) or to a Project

  -- Picture 

  -- Profile description 

  -- Scientific domain of interest

• Purposes of Processing:

  -- User account management

  -- Service provision

  -- Authentication

  -- Profile personalization

• Legal Basis: 

  -- Art. 6(1)(b) GDPR - Contract performance – for the data necessary for performing the service 

  -- Art. 6(1)(a) GDPR - Consent – for the data provided voluntarily by the data subject for personalizing the profile (e.g. picture, profile description)

• Data Storage Period: 

  -- Until account is deleted

3.3 Website Section: User Registration:  Registration as Training Provider

• Categories of Personal Data Processed: 

  -- Email address

  -- User ID

  -- First name

  -- Last name

  -- Picture 

  -- Profile description 

  -- Scientific domain of interest

• Purposes of Processing:

  -- User account management

  -- Service provision

  -- Authentication

  -- Profile personalization

• Legal Basis: 

  -- Art. 6(1)(b) GDPR - Contract performance - for the data necessary for performing the service

  -- Art. 6(1)(a) GDPR - Consent – for the data provided voluntarily by the data subject for personalizing the profile (e.g. picture, profile description)

• Data Storage Period: 

  -- Until account is deleted

3.4 Website Section: Contact Form

• Categories of Personal Data Processed: 

  -- First name

  -- Last name

  -- Email address

  -- CASTIEL 2 collaboration consent

  -- Interest

  -- Sector

• Purposes of Processing:

  -- Response to inquiries

  -- Technical support

  -- Collaboration opportunities

  -- Spam prevention

• Legal Basis: 

  -- Art. 6(1)(b) GDPR - Contract performance - for receiving the answer requested

  -- Art. 6(1)(a) GDPR - Consent for optional data and for additional collaboration opportunities 

  -- Art. 6(1)(f) GDPR - Legitimate interest 

• Data Storage Period:

  -- 5 years after the end of CASTIEL 2 Project

3.5 Website Section: Newsletter

• Categories of Personal Data Processed: 

  -- Email address

  -- Name and Username

• Purposes of Processing:

  -- Newsletter delivery

  -- HPC community updates

• Legal Basis: 

  -- Art. 6(1)(a) GDPR -Consent 

• Data Storage Period: 

  -- Until unsubscription + 1 month for completing the  deletion

4. Obligation to Provide Data

Providing personal data is necessary for the following services delivery (legal basis art. 6 (1) lett. b) GDPR):

• User registration as NCC/CoE/Project (Administrator or Member) or as Training Provider: Email, name, institutional details required for account creation and providing services

• Contact inquiries: Email required to respond to your voluntary request

5. Consent to provide data

In case we process data based on your consent (Art. 6(1) lett. a) GDPR), your consent is always voluntary, and you will not face any negative consequences for refusing or withdrawing it. However, the following functionalities require your consent to work:

• Registration as NCC/CoE/Project (Administrator or Member) or Training provider: personalizing the profile 

• Contact form: Consent for optional data and for additional collaboration opportunities

• Newsletter:  receiving the newsletter

If you refuse, these features will not be available, but you can still fully access all other parts of our website or services.

6. Social Media Elements

On our website, components of various third-party providers are used in order to provide additional content. For example, these include YouTube and Vimeo videos, as well as share and like buttons of social media platforms.

If we were to directly integrate the social medial elements made available by the third-party providers into the website, then when loading the website in which they are integrated, the URL of the website which has just been loaded, the IP address and any other information (for example browser type) would be transferred to the third-party provider and cookies may be set by the third-party provider also. This would also happen if you are not registered with the third-party provider or are a member of it.

If you were also logged into the third-party provider when accessing the website, it would be able to assign additional information to your user account (for example which video you are accessing, which commentary you submit and what information you share etc.).

Therefore, it is the case that social media elements of third-party providers are not directly integrated into our websites. Rather, solutions are used which only establish a connection to the server of the third-party provider once the social element has been intentionally clicked on and only then is the associated data processing carried out.

Please bear in mind that the data processing which is carried out as a result is outside of the area of control of the university and the data protection provisions of the third-party providers must be observed.

You can find some of the data protection provisions here:

• Google/YouTube: https://policies.google.com/privacy

  • Vimeo: https://vimeo.com/privacy

    • jsDelivr: https://www.jsdelivr.com/terms/privacy-policy

    • LinkedIn: https://www.linkedin.com/legal/privacy-policy

    • BlueSky: https://bsky.social/about/support/privacy-policy

    • Spotify: https://www.spotify.com/de/legal/privacy-policy/

    • Apple Podcasts: https://www.apple.com/uk/legal/privacy/data/en/apple-podcasts-web/

    • X: https://privacy.x.com/en 

    • Facebook: https://www.facebook.com/privacy/policy/

    • Instagram: https://privacycenter.instagram.com/policy

Should you not agree to data processing by the third-party provider as described above, please do not click on the social media element.

7. Links to Other Websites

When we provide links to websites operated by other organizations, their privacy policies and terms apply.

Should you not agree to data processing of such third-parties as described above, please do not click on the links.

8. Data Recipients 

In case you are registered as a User Registration as NCC/CoE/Project (Administrator or Member), your data may be shared with the other users of the same organization or Project for fulfilling the requested services. 

In case you have a User profile and you click on “Create Training”, your data (name, surname, User ID and e-mail) will be transferred to Indico / Digitalis Kormanyzati Fejlesztes Es Projektmenedzsment KFT, (Esztergomi Út 31-39., Hub 3. Épület, Budapest 1138, Hungary). The transfer is carried out for the purpose of allowing you publishing the training content and fulfilling the requested services.

In case you register for the Newsletter, we use Mailchimp by Intuit Inc. (USA) for newsletter distribution. The data will be transferred in USA with appropriate safeguards (Standard Contractual Clauses). The Provider is Intuit Inc., USA.

Apart from these cases, should criminal investigations be initiated due to attacks against our IT systems, the data named under General Access section and log files can be passed on to state investigative bodies (for example the police, criminal prosecution authorities).

The same applies if relevant authorities and/or courts make inquiries of the University and we are obliged to respond to these.

9. International Data Transfers

Personal data is processed within the European Economic Area (EEA), except for newsletter service (Mailchimp - USA) with Standard Contractual Clauses as appropriate safeguards.

10. Automated Decision-Making

We do not use automated decision-making, including profiling, as referred to in Article 22(1) and (4) GDPR.

11. Data Subject Rights

Under GDPR, you have the following rights:

• Right of Access (pursuant to Art. 15 GDPR): Information about your stored data

• Right of Rectification (pursuant to Art. 16 GDPR): Correction of incorrect data

• Right of Erasure (pursuant to Art. 17 GDPR): Deletion when data no longer necessary

• Right of Restriction (pursuant to Art. 18 GDPR): Limitation of processing

• Right to Object (pursuant to Art. 21 GDPR): Opposition to processing based on legitimate interest

• Right to Data Portability (pursuant to Art. 20 GDPR): Receive data in structured format, applies only to processing based on consent (Art. 6(1) lett. a) GDPR) or contract (Art. 6(1) lett. b) GDPR) – User Registration as NCC/CoE/Project Administrator or Member, User Registration as Training Provider, Contact Form, Newsletter -

• Right to Withdraw Consent (pursuant to Art. 7(3) GDPR): For consent-based processing according to Art. 6 (1) lett. a) GDPR - User Registration as NCC/CoE/Project Administrator or Member, User Registration as Training Provider, Contact Form/Newsletter-

Contact for data protection matters: datenschutzbeauftragter@uni-stuttgart.de

12. Use of Cookies and Similar Technologies

12.1 What are Cookies?

Cookies are small text files stored by your browser when you visit our website. They help our website function properly and remember your preferences.

We also use:

• Scripts: Program code that makes our website work interactively

• Web beacons: Small invisible elements that help us understand website traffic

12.2 Cookie Management System

Our website uses the COOKiES Consent Management system to ensure compliance with GDPR and TDDDG. This system allows you to choose which cookies you accept.

12.3 Types of Cookies

Essential Cookies 

Cookie: SSESS<ID>

What it does: Remembers you're logged in

Duration: 1 month

Legal Basis: TDDDG § 25(2) + GDPR Art. 6(1)(f)

Cookie: cookiesjsr

What it does: Remembers your cookie choices

Duration: 1 year

Legal Basis: TDDDG § 25(2) + GDPR Art. 6(1)(f)

These cookies are necessary for basic website functionality and do not require your consent.

Optional Cookies

These cookies improve your experience but require your permission.

Website Analytics (Matomo)

• Purpose: Helps us understand how visitors use our website

• Data processed: IP address (2 bytes anonymized), pages visited, time spent on site

• Legal basis: GDPR Art. 6(1)(a) + TDDDG § 25(1) - Consent required

Video Content & Social Media (YouTube, Vimeo, LinkedIn, etc.)

• Purpose: Display video and social media content from third-party platforms

• Activation: Only when you click to play/interact

• Legal basis: GDPR Art. 6(1)(a) + TDDDG § 25(1) - Consent required

  Content Delivery (jsDelivr)

• Purpose: Faster website file loading

• Data processed: IP address during file requests

• Legal basis: GDPR Art. 6(1)(a) + TDDDG § 25(1) - Consent required

12.4    Managing Your Cookie Preferences

How to control cookies:
1.    Cookie banner: A cookie consent banner is displayed whenever you access our website in a new browser session, allowing you to customize your cookie settings.
2.    Cookie settings: Use the link in our website footer anytime. 
3.    Browser settings: By altering the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. 

13. Children's Privacy

Our website is not directed towards anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we will take steps to remove that information from our servers.

14. Complaints

You have the right to lodge complaints with the supervisory authority:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg

Lautenschlagerstraße 20, 70173 Stuttgart

Phone: +49 711/615541-0;  Email: poststelle@lfdi.bwl.de

15. Changes to Privacy Policy

We reserve the right to update this Privacy Policy. The current version is always available at www.hpc-portal.eu. We recommend reviewing this policy periodically.