DataCite - Privacy policy

Privacy Policy

Your privacy is of critical importance to us, so at DataCite we have a few fundamental principles related to privacy.

We don’t ask for personal information unless we truly need it.

We don’t share personal information with anyone except to comply with the law, develop our products, or protect our rights.

We don’t store personal information on our servers unless required for the on-going business operations.

If you find content on the DataCite’s website, support site, or blog, that you believe violates our Privacy Policy, please contact us immediately at support@datacite.org.

1. DataCite -- Website, Support Site, Blog, and Services

DataCite operates a website at https://datacite.org/, a support site at https://support.datacite.org/ , blog at https://blog.datacite.org/, Fabrica, a DOI service, at https://doi.datacite.org/ and a Help Desk at support@datacite.org. It is DataCite’s policy to respect your privacy regarding any information we may collect while operating these sites and services. If you have questions about deleting or correcting any personal data you find on our please contact our support team.

Controller in the meaning of Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is: DataCite e.V. German National Library of Science and Technology Welfengarten 1B, 30167 Hannover, Germany info@datacite.org

2. Site Visitors

Just by merely using this website for information purposes, DataCite, like most site operators, collects personal data of the sort that web browsers and servers typically make available, such as the IP address, the browser type, language preference, referring site, and the date and time of each visitor request. DataCite’s purpose in collecting these information is to better understand how DataCite’s visitors use its sites.

Legal basis for the processing of these data is Art. 6 No. 1 lit. f GDPR.

DataCite will not attribute these data to specific persons, and these data will not be combined with other data sources. After use for the above purposes, the data are erased by DataCite after seven days.

3. General Treatment of Personally-Identifying Information

Certain visitors to DataCite’s sites can choose to interact with DataCite in ways that require DataCite to gather personal data. The amount and type of information that DataCite gathers depends on the nature of the interaction.

For example, we ask visitors who send a message to our Help Desk, requesting assistance, to provide an email address. Those who engage in transactions with DataCite – by becoming a member and using our DOI services, for example – are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, DataCite collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with DataCite. DataCite does not disclose personal data other than as described in the Protection of Information section below. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain activities.

For more information, please read the following sections on data processing, in which further details are provided.

4. Cookies

4.1 General information

When you use our website, cookies are also stored on your computer. Cookies are small text data files which are stored on your hard drive and attributed to the browser you are using and with which the place which sets the cookie (in this case, us) receives certain information. Cookies cannot execute any programs or transfer viruses to your computer. They serve the purpose of making the internet offering in general more user friendly and effective.

We use so-called technically necessary cookies on our website. Technically necessary cookies are cookies that are necessary for our website to function correctly. They help to make our website usable by enabling basic functions such as page navigation and access to secure areas of the website.

You can also prevent the storage of cookies with a corresponding setting in your browser software. If you prevent the storage of cookies, we wish to point out that you may not be able to fully use this website.

If you agree, technically not necessary cookies will be used in context with the use of Google Analytics. You will find more detailed information on this in sections 5.

4.2 Detailed information on the cookies used on this website

Name Function Expiry
Consent Cookie Technically Necessary 365 days
Authentication Cookie Technically Necessary 30 days
Google Analytics Statistics 1 year

The legal basis for the use of technically necessary cookies is Art. 6 No. 1 lit. f GDPR.

If you have given your consent to the use of technically not necessary cookies, the legal basis for the use of these cookies is Art. 6 No. 1 lit. a GDPR. The consent can be revoked at any time with effect for the future.

5. Google Analytics

If you have given your consent, DataCite uses Google Analytics to analyze and optimize the use of the website. We use the obtained statistics to improve our offering and design it so that it is more interesting for you as the user.

Google Analytics employs so-called “cookies“, text files that are stored to your computer in order to facilitate an analysis of your use of the site. The information about your use of this website produced by the cookie is normally transmitted to and stored on a server of Google in the USA. Recipient of the collected data is Google. In the case of activation of IP anonymization on this website, however, your IP address is first abbreviated within the Member States of the European Union or in other member countries to the Convention on the European Economic Area. The full IP address is only transmitted to and stored on a server of Google in the USA in exceptional situations. At the instruction of the Operator of this website, Google will use this information to analyze your use of the website and compile reports about website activity.

The legal basis for the use of Google Analytics is Art. 6 No. 1 lit. a GDPR

You can revoke your consent at any time with effect for the future by preventing the storage of cookies with a corresponding setting in your browser software; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can also prevent the collection of the data produced by the cookie that relates to your use of the website (incl. your IP address) with regard to Google as well as the processing of these data by Google by downloading and installing the browser-Add-on available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de. Alternatively to the browser add-on, especially for browsers on mobile devices, you can prevent the collection of your data by clicking on the following link: Opt-Out Cookie. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you will have to set the opt-out cookie again. To prevent Google Analytics from collecting data across multiple devices, you must opt-out on all devices.

We use Google Analytics with the expanded "_anonymizeIp()". This results in IP addresses being further processed in abbreviated form so that a connection to an individual can accordingly be precluded.

In exceptional situations in which personal data are transmitted to the USA, Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Information on the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, telefax: +353 (1) 436 1001. Terms and Conditions for Use: https://policies.google.com/terms?hl=en, overview of data privacy: https://policies.google.com/?hl=en&gl=de, as well as the data privacy statement: https://policies.google.com/privacy?hl=en&gl=de.

6. DataCite Members, Consortium Organizations & Repositories

If you become a member of DataCite or Consortium Organization (previously referred to as Clients), we ask for contact information (name and email and billing address) to fulfill our business obligations -- contacts include service, technical, voting, and billing contacts. The service contact receives general information about service status and new services. The technical contact is notified of service changes and infrastructure outages. The voting contact receives information pertaining to DataCite’s governance duties; board elections, statute changes, and budget approval. The billing contact receives annual invoices for membership and DOI service fees. We log membership contact and billing information to our Customer Relationship Management (CRM) system, Salesforce. Salesforce fully complies with current privacy regulations.

Legal basis for processing personal data as a result of membership and the use of the DataCite´s DOI services is either Art. 6 No. 1 lit. b GDPR and Art. 6 No. 1 lit. f GDPR, as these are required for the fulfilment of the contract/membership with DataCite as well as for the use of the offered services. Furthermore, DataCite has a legitimate interest in the fulfilment of its duties towards its members. For the storage of invoice data also Art. 6 No. 1 lit. c GDPR apply as legal basis.

Depending on the type of DataCite services used, your organization contact may receive, notifications about training sessions, webinars, product testing, or news that will impact the use of DataCite services. Individuals may remove themselves from mailings by following the unsubscribe link provided in every DataCite email.

Legal basis for the processing of these data in order to contact a member or an organization is Art. 6 No. 1 lit. a GDPR.

7. Fabrica

Fabrica is DataCite’s service used by DataCite members to create and assign DOIs and associated metadata. The service relies on cookies for use. Fabrica is not a public facing service and those using Fabrica must have an account. Fabrica also collects information about users of the service, including names and emails. This information is used to administer the service.

Legal basis for the processing of these data is Art. 6 No. 1 lit. b, f GDPR.

8. Support Site

DataCite maintains a support site to help the DataCite community understand and use our services. All of DataCite’s support content is on readme.io platform. readme.io fully complies with current privacy regulations.

9. DataCite’s Metadata and Identifiers

As part of our services of registering DOIs, we also collect associated metadata. All of DataCite’s metadata and Identifiers registered with DataCite are made available for reuse without restriction through our public APIs and search interfaces. We are open and transparent about the use of our identifiers and metadata.

DataCite also collects personal data like Internet Protocol (IP) addresses for logged in users. DataCite only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personal data as described in the Protection of Information section below.

If you are a consumer of our metadata and identifiers and identify yourself in API queries using your account credentials, we will not store or use your email for any other purpose than technical troubleshooting and only if absolutely necessary. You may choose not to use your account credentials for API queries of public content, which won’t identify you at all. More information can be found in our REST API documentation. Legal basis for the processing of these data is Art. 6 No. 1 lit. b, f GDPR.

10. Using Datacite’s Help Desk

If you send a message to our Help Desk a “ticket” along with your email will be logged in our ticketing system, Frontapp. DataCite will not use contact information to resolve questions and any details provided during a support conversation are kept private. From time to time DataCite will add your email to an appropriate mailing list for additional information. Individuals may remove themselves from mailings by following the unsubscribe link provided in every DataCite email. Frontapp fully complies with current privacy regulations.

11. Comments on DataCite’s Blog

Readers of the DataCite’s Blog can submit comments on each post. DataCite uses a platform called Disqus. Disqus is an online service provider, which provides a centralized discussion platform for websites allowing our visitors to post comments on our blog. You can control your privacy settings with a Disqus account.

When posting a comment on the website, Disqus collects information about your visit to this and other websites, including the information you post and your IP address. Your comment will be sent directly to the Disqus servers through an iframe.

If you enter our blog, your browser will establish a direct connection to the Disqus servers. The information that your browser visited the corresponding page of our online services is transmitted to Disqus, even if you do not have a Disqus account or are not logged into your account. This information is sent directly from your browser to a Disqus server in the USA and stored there.

If you log into your Disqus account at the same time, it is also possible to assign the page retrieval to your Disqus account and allow Disqus to assign your surfing behaviour directly to your account.

For any commentary made using Disqus, DataCite will receive the following information about the user: The email address you provided and the IP address assigned to you by your provider at the time of your comment. DataCite only uses these email addresses when it needs to contact you in case of queries regarding your comments. There is no other use of the email addresses, nor will they be publicized or shared with third parties in any way. The IP addresses are only transmitted to prevent any misuse of the comment function. Users that misuse the comment function can be blocked using the IP-address. Legal basis for processing personal data is Art. 6 No. 1 lit. f GPDR.

If you want to block the transmission and storage of your data and your behavior on our online services through Disqus, you must log out of your Disqus account before you visit our website and delete any cookies placed by Disqus.

For more information visit: https://help.disqus.com/customer/portal/articles/466187

Disqus´ contact details: Disqus Inc, 301 Howard St, San Francisco, CA 94105, USA

Disqus´privacy policy: https://help.disqus.com/customer/portal/articles/466259-privacy

12. Email Communications

DataCite uses email to communicate with DataCite members and users of our services. Email is either personal interaction or via Google Groups. DataCite sends – on the legal basis of Art. 6 No. 1 lit. f) GDPR - occasional service updates that we believe will be useful to individuals that subscribe to Google Groups.

Legal basis for processing personal data to send you our newsletter is Art. 6 No. 1 lit. a GPDR.

Individuals may remove themselves from mailings by following the unsubscribe link provided in every DataCite email. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law.

13. Aggregated Statistics

DataCite may, with the visitors´ prior consent, collect statistics about the behavior of visitors to its website. For instance, DataCite may monitor the most popular pages, support articles, and blog posts on the sites. DataCite may display this information publicly or provide it to others. However, DataCite does not disclose personal data other than described in the Protection of Information section below.

Legal basis for processing personal data for statistic purpose is Art. 6 No. 1 lit. a GPDR.

14. Protection of Information

DataCite discloses personal data only to those of its employees, contractors and affiliated organizations

  1. that need to know that information in order to process it on DataCite’s behalf or to provide services available at DataCite’s websites, and

  2. have agreed to comply with current privacy regulations

DataCite will not rent or sell personal data to anyone. Other than to its employees, contractors and affiliated organizations, as described above, DataCite discloses personal data only in response to a court order or other governmental request, or when DataCite believes in good faith that disclosure is reasonably necessary to protect the property or rights of DataCite, third parties or the public at large.

DataCite takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of personal data .

15. Your rights

According to the GDPR, you are entitled to the following rights against DataCite as a data subject: Right of access by the data subject (Art. 15 GDPR) In principle, you have the right to receive information on the points mentioned in Art. 15 GDPR. You also have the right to request a copy of your personal data in accordance with Art. 15 No. 3 GDPR.

Right to rectification (Art. 16 and 17 GDPR) You have the right to have incorrect personal data corrected. In addition, you have the right to demand that your personal data is deleted if further processing is no longer necessary, if processing is unlawful or if you have withdrawn your consent.

Each DataCite web page that is designed for the entry of personal data contains instructions explaining how you can update the personal data you provide or cancel any subscriptions you have with DataCite. You may send an e-mail to the Webmaster of the website through which you entered your personal data.

Right to restriction of processing (Art. 18 GDPR) If the conditions in Art. 18 GDPR are met, you have the right to have the processing of your personal data restricted, i.e. to prevent further processing for the time being.

Right to data portability (Art. 20 GDPR) Within the limits of Art. 20 GDPR, you have the right to receive your personal data in a machine-readable format in order to forward it or have it forwarded to another controller.

Right to object (Art. 21 GDPR) If the processing of your personal data is based on Art. 6 No. 1 lit. e or f GDPR, you have the right to object to the processing if the further requirements of Art. 21 GDPR are met. You can require this by sending us an email at: info@datacite.org

The exercise of these rights is in general free of charge.

In addition, you are entitled to lodge a complaint regarding the handling of your personal data with a supervisory authority.

16. Privacy Policy Changes

The DataCite Privacy Policy goes into effect as of April 18, 2019. Although most changes are likely to be minor, DataCite may change its Privacy Policy from time to time, and at DataCite’s sole discretion. DataCite encourages visitors to frequently check this page for any changes to its Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.