The GFZ takes the protection of personal data very seriously. The GFZ is bound to protect the privacy of everyone who uses its website and to treat any personal data provided in the strictest confidence. This data is used solely for the purposes indicated in each case. The following declaration applies to personal data provided to the GEOFON Data Center. Data is not forwarded to any third party except as outlined below (Section IX).
I. Name and address of controller
The data controller as defined in the General Data Protection Regulation, the national data protection laws of other EU member states, and other data protection regulations is:
Helmholtz Centre Potsdam – German Research Centre for Geosciences GFZ
Telegrafenberg
14473 Potsdam
Germnay
Phone: +49 331 288 0
Website: https://www.gfz-potsdam.de
II. Name and address of data protection officer
The controller’s data protection officer is:
Datenschutzauftragter
Telegrafenberg
14473 Potsdam
Germany
Phone: +49 331 288 1052
E-Mail: datenschutzbeauftragter@gfz-potsdam.de
III. General information on data processing
1. Scope of personal data processing
In general, the GFZ only processes personal data collected from users insofar as this is necessary to provide a functional website with the relevant content and services including data services offered by the GEOFON infrastructure at GFZ (see Section IX).
As a rule, personal data provided by users is only processed with the respective user's consent. Exceptions apply in cases where the user's prior consent cannot be obtained on factual grounds and statutory regulations permit the processing of personal data.
2. Legal basis for the processing of personal data
Art. 6 no. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis when the GFZ obtains a data subject's consent to the processing of his/her personal data.
Art. 6 no. 1 lit. b GDPR serves as the legal basis when processing personal data for the performance of a contract to which the data subject is a party. The same applies to any processing measures that are required if steps are to be taken before entering into a contract.
Art. 6 no. 1 lit. c GDPR serves as the legal basis when the processing of personal data is necessary for compliance with a legal obligation to which the GFZ is subject.
Art. 6 no. 1 lit. f GDPR serves as the legal basis when processing is necessary to safeguard the legitimate interests of the GFZ or a third party, and provided these legitimate interests are not outweighed by the data subject’s interests and fundamental rights and freedoms.
3. Data erasure and storage period
i.
The data subject's personal data is erased or blocked as soon as the purpose for which it was stored ceases to apply. Personal data may also be stored if so specified by European or national legislators in EU regulations, laws or other provisions to which the data controller is subject. In such instances, personal data is blocked or erased when a retention period specified in any of the above-named legislation expires, unless it has to be retained for longer in order to conclude or execute a contract.
ii.
GEOFON manages restricted and embargoed data sets on behalf of third parties. We must ensure access to these data is limited to those authorised by the data set providers. If you request such data, and only then, we may report your name and e-mail address to a data set provider. This personal data is reported to data set providers periodically.
IV. Provision of website and generation of log files
1. Description and scope of data processing
Every time our website is accessed, our system automatically collects data and information from the accessing computer system.
The following information is stored in the web server's log files:
This data is also stored in our system’s log files. However, it is not stored together with other personal data collected from the user.
The legal basis for the temporary storage of this data is Art. 6 no. 1 lit. f GDPR.
2. Purpose of data processing
This data is used to optimise website use, correct errors, and safeguard the security of our information technology systems. Data collected in this context is not evaluated for marketing purposes.
Data about web site access is also used without requiring personal data, in order to monitor site activity and assist in our earthquake monitoring tasks.
The above-named purposes also constitute the GFZ’s legitimate interest in processing the data pursuant to Art. 6 no. 1 lit. f GDPR.
3. Storage period
The data is erased as soon as it is no longer required to fulfil the purpose for which it was collected. Log files are anonymised within 3 months maximum.
4. Right to object and right to erasure
The collection of data for website provision and the storage of data in log files are absolutely essential to the operation of the website. The user is therefore unable to assert any right to object in this context.
V. Use of Cookies
1. Description and scope of data processing
The GFZ website uses cookies. Cookies are text files stored in the user's web browser or by the web browser on the user's computer system. Whenever a user accesses a website, a cookie can be stored on that user's operating system.
The GFZ uses cookies to make the website more user-friendly. Some elements on the GFZ website require the accessing browser to be identified after the user has moved to another web page.
When accessing the GFZ website, an info banner informs users that cookies are being used for analytical purposes and refers them to this data protection declaration. In this context, users are also informed how the storage of cookies can be prevented by changing the browser settings.
2. Legal basis for data processing
The legal basis for the processing of personal data using cookies is Art. 6 no. 1 lit. f GDPR.
3. Purpose of data processing
The use of technically necessary cookies is intended to simplify website use. Some of the functions on our website cannot be provided unless cookies are enabled. In these cases, it is essential that the browser is also recognised after accessing another page.
The user data collected by these technically necessary cookies is not used to generate user profiles.
4. Storage period, right to object and right to erasure
Cookies are stored on the user's computer, from where they are sent to our website. This means that users have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing their web browser settings. Any cookies already stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our website, it may no longer be possible to use all the website’s functions in full.
VI. E-mail contact
You may contact us electronically.
If you do so, you provide your e-mail address.
You may also provide your name and other personal information.
Data collected in this context is not forwarded to any third parties, except for the purpose of dealing with the correspondence with you.
Your personal data is used solely to process the correspondence.
VII. Web analysis by Matomo (formerly Piwik)
1. Scope of personal data processing
The GFZ uses the open source software tool Matomo (formerly Piwik) to analyse the browsing behaviour of its website users. The software stores a cookie on the user's computer (see above for information about cookies). The following data is stored whenever individual pages on the website are accessed:
The software runs solely on GFZ servers. This is the only place where the user's personal data is stored. This data is not forwarded to any third party.
The software is configured in such a way as to prevent IP addresses from being stored in full; instead, 2 bytes of the IP address are masked (e.g. 192.168.xxx.xxx). This ensures that the truncated IP address can no longer be identified with the accessing computer. “Do not track” is also taken into account if the browser sends this.
2. Legal basis for the processing of personal data
The legal basis for the processing of the user's personal data is Art. 6 no. 1 lit. f GDPR.
3. Purpose of data processing
Processing personal data enables us to analyse the browsing behaviour of our users. Evaluations of the data collected allow the GFZ to compile information about the use of individual components on the website. This helps us to continue improving our website and make it more user-friendly. These purposes also constitute our legitimate interest in processing the data pursuant to Art. 6 no. 1 lit. f GDPR. The user's interest in the protection of his/her personal data is duly taken into account by anonymising the IP address.
4. Storage period
The data is erased as soon as we no longer need it for recording purposes.
5. Right to object and right to erasure
Cookies are stored on the user's computer, from where they are sent to our website. This means that users have full control over the use of cookies. Users can deactivate or restrict the transmission of cookies by changing their web browser settings. Any cookies already stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for the GFZ website, it may no longer be possible to use all the website’s functions in full.
Detailed information about Matomo's privacy settings is available at the following link: https://matomo.org/docs/privacy
VIII. Rights of the data subject
Whenever personal data is processed, the data subject defined in GDPR has the following rights vis-à-vis the data controller:
1. Right to information
Data subjects (users) can request the GFZ’s controller to confirm whether or not the GFZ is processing their personal data.
If this is the case, data subjects are entitled to request the following information from the GFZ’s controller:
2. Right to rectification
Data subjects have the right to request the GFZ’s controller to rectify and/or complete their personal data insofar as that of their personal data being processed is incorrect or incomplete. In such cases, the GFZ’s controller must rectify the data immediately.
3. Right to restriction of processing
Data subjects are entitled to request restrictions on the processing of their personal data in the following circumstances:
If the processing of the data subject’s personal data has been restricted, this data may – with the exception of storage – only be processed with the data subject’s consent, or to establish, exercise, or defend legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest within the EU or an EU member state.
A data subject who has obtained restriction of processing under the conditions specified above must be informed by the GFZ’s data controller before the restriction of processing is lifted.
4. Right to erasure
a) Erasure obligation
The data subject may request the controller to erase his/her personal data without delay, in which case the controller is obliged to erase the data without delay where one of the following grounds applies:
b) Information to third parties
If the GFZ’s controller has made the data subject’s personal data public and is obliged pursuant to Art. 17 no. 1 GDPR to erase it, the controller, taking account of the technology available and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers who are processing the personal data that the data subject has requested the erasure of any links to, or copy or replication of, his/her personal data
c) Exceptions
No right of erasure exists if the data has to be processed
5. Right to notification
If the data subject exercises his/her right to rectification or erasure of personal data or restriction of processing, the controller is obliged to communicate this to all recipients to whom the personal data has been disclosed unless this proves impossible or involves disproportionate effort.
The GFZ’s controller is obliged to inform the data subject about these recipients if so requested.
6. Right to object
The data subject has the right to object at any time, on grounds relating to his/her particular situation, to any processing of his/her personal data effected on the basis of Art. 6 no. 1 lit. e or f GDPR.
If this right is exercised, the GFZ’s controller will cease processing this personal data unless he/she can demonstrate compelling legitimate grounds for the processing that override the interests, rights and freedoms of the data subject, or if the data has to be processed for the establishment, exercise, or defence of legal claims.
7. Right to revoke the declaration of consent provided in compliance with data protection legislation
The data subject has the right to withdraw his/her consent under data protection law at any time. The withdrawal of consent shall not affect the lawfulness of processing effected on the basis of the data subject’s consent before its withdrawal.
8. Right to complain to a supervisory authority
Without prejudice to any other administrative or judicial remedy, the data subject has the right to lodge a complaint with a supervisory authority, in particular in the member state of his/her habitual residence, place of work, or place of the alleged violation, if the data subject considers that the processing of his/her personal data violates the GDPR.
IX. Specific services of the GEOFON Infrastructure at GFZ
1. EIDA Authentication Service: This system provides tokens to access restricted or embargoed data and by no means store any data in the context of its normal operation with exception of the system logs (see section #IV). Users are always redirected to the B2ACCESS Identity Provider service hosted by EUDAT at Forschungszentrum Juelich GmbH. Users have the option to register themselves locally or through their home institutions. In the former case, the Privacy Statement can be found at https://b2access.eudat.eu/unitygw/VAADIN/files/data-privacy-statement.html The data received from these systems are digitally signed, sent to the user and instantaneously removed from our system. The name of users could be visible to some Network Managers within B2ACCESS in order to update access control lists to restricted datasets.
2. Requests for restricted or embargoed waveform data via WebDC3 and/or fdsnws-dataselect services: Users of embargoed or restricted data, after having received a token can use it to authenticate, authorize, identify to the service. Once authenticated the service matcesh the user e-mail address with an access control list that is maintained with the data set provider. Data set providers inform GEOFON in advance about who is allowed to access their data. E-mail addresses of users of restricted data are sent periodically to data owners.
3. Discussion forums (SeisComP and GEOFON): GEOFON maintains two Discourse forum for the SeisComP software project as well as a GEOFON forum to discuss with users about software issues and latest services or recent earthquakes. Users registered there agree to the Terms of Service and Privacy Policy of each forum, available at the following links: