GDPR Compliance
Overview
Forschungszentrum Jülich GmbH runs Open-MSS for scientific aircraft mission campaigns.
We take the privacy of your personal information very seriously.
This document will help you better understand the personal information we collect, why we collect it, how we use it, and how we protect it. In full compliance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”), which comes into effect May 25, 2018, this document also explains the various rights of the data subject, including the right of access and the right to erasure (aka “the right to be forgotten”).
Hosting for Open-MSS
Open-MSS is a software used for planning flight tracks of scientific aircraft measurement campaigns.
It enables to collaborate in real-time. This collaboration includes sharing one or more of chat, flight tracks. We refer to this component by MSColab.
On top of an Open Geospatial Consortium (OGC) Web Map Service standard-compliant server we deliver images of horizontal and vertical cross-sections through model data. We refer to this component by MSWMS.
Our Collection and Use of Your Personal Information
We capture personal information when you login to MSColab and when you share information during a live session
What happens when you login?
When you login to MSColab through a Front End, we receive (at minimum) your e-mail Address.
We also receive additional information during the join process, which may include:
- your IP address, browser, and OS in our web server logs.
We use this additional data to provide you support (such as troubleshooting a support ticket to see if your MSS version is out-of-date)
What data do we receive when you participate in a flight track planning session?
During a flight track planning, you may exchange chat, waypoints locations, description of waypoints. We collectively refer to this content as “Flight Track Data”.
The users browser sends/receives Flight Track Data to the server via encrypted channels (HTTPS, and WSS).
When do we store Flight Track Data?
All changes of Flight Track Data are stored when you login to the MSColab and do contribute to a Flight Track.
For how long do we store Flight Track Data?
Users can delete their Flight Track Data by the Front End MSUI. After 30 days of inactivity Flight Track Data becomes archived.
How do we restrict access to Flight Track Data?
For access to Flight Track Data, users can login via a Front End (MSUI). They need an invitation from an admin/creator of the flight track.
What information do we retain for support purposes and for how long?
As described above, we capture user metrics and logs during a session to better enable us to provide customer support. MSWMS and MSColab servers record metrics for each flight track and for each user working on a flight track (“Support Data”).
We use this Support Data to resolve login issues
This Support Data includes:
- Start time
- Length of time in session
- The user’s IP address
We store all Support Data on servers in Jülich, Germany.
How Do We Secure Our Infrastructure?
We adhere to a number of industry best practices for securing our infrastructure, which include:
- We restrict access to all servers containing personal information to only a few employees in the company.
- We disable password access to all servers (access is only through revocable keys).
- All servers are regularly updated with the latest security patches.
- All employees are trained on our privacy policy.
Who Is the Data Protection Officer (DPO) for Forschungszentrum?
The DPO is Frank Rinkens. You can contact him at dsb@fz-juelich.de
Your privacy rights
You have the right of Information pursuant to Art. 15 GDPR, the right of rectification pursuant to Art. 16 GDPR, the right of deletion pursuant to Art. 17 GDPR, the right of restriction of processing pursuant to Art. 18 GDPR and the right of data transfer pursuant to Art. 20 GDPR. In addition, there is a right of appeal to a data protection supervisory authority (Art. 77 GDPR).
How Can You Request Access to Your Personal Information?
We recommend you first contact the Data Controller (the organization providing the Server for accessing Open-MSS).
You may request a full report on the personal information we hold for you by sending an e-mail to dsb@fz-juelich.de
In the subject line, please indicate “Request for Personal Information”. In your email, please specify:
- Your full Name
- Whether you are an individual or a representative of a Data Controller
- If you are an individual, the name of your Data Controller (the organization providing you access to Open-MSS)
Please note that we will need to share your request with the Data Controller to verify and action it. We will endeavor to fulfill all access requests within 30 days of receipt.
How Can You Request Deletion of Your Personal Information?
We recommend you first contact the Data Controller (the organization providing the Front End for accessing Open-MSS).
You may request deletion of personal information by sending an e-mail to dsb@fz-juelich.de
Use the subject “Request for Deletion”
In the subject line, please indicate “Request for Deletion”. In your email, please specify:
- Your full Name
- Whether you are an individual or a representative of a Data Controller
- If you are an individual, the name of your Data Controller (the organization providing you access to Open-MSS)
Please note that we will need to share your request with the Data Controller to verify and action it. We will endeavor to fulfill all access requests within 30 days of receipt.
How Can You Contact Us?
If you have any questions about this document or our support for GDPR or about our Privacy Policy, please contact us directly at dsb@fz-juelich.de
Scope of your obligations to provide us with your data
You only need to provide data which is necessary for the establishment and execution of a business relationship or for a pre-contractual relationship with us or which we are legally obliged to collect. Without this data, we will generally not be able to conclude or execute the contract. This may also refer to data required later within the framework of the business relationship. If we also request data from you, you will be informed of the voluntary nature of the information separately.
Your right to appeal to the competent supervisory authority
You have the right to appeal to the data protection supervisory authority (Art. 77 GDPR). The supervisory authority responsible for us is:
The Federal Commissioner for Data Protection and Freedom of Information Graurheindorfer Str. 153, 53117 Bonn, Germany E-mail: poststelle@bfdi.bund.de
Or contact directly our Data Protection Officer
Frank Rinkens
DSB Forschungszentrum Jülich GmbH
Tel: 02461-61-9005
E-Mail: dsb@fz-juelich.de