Your privacy is of critical importance to us, so at DataCite we have a few fundamental principles related to privacy.
We don’t ask for personal information unless we truly need it.
We don’t share personal information with anyone except to comply with the law, develop our products, or protect our rights.
We don’t store personal information on our servers unless required for the on-going business operations.
1. DataCite -- Website, Support Site, Blog, and Services
DataCite operates a website at https://datacite.org/, a support site at https://support.datacite.org/ , blog at https://blog.datacite.org/, Fabrica, a DOI service, at https://doi.datacite.org/ and a Help Desk at email@example.com. It is DataCite’s policy to respect your privacy regarding any information we may collect while operating these sites and services. If you have questions about deleting or correcting any personal data you find on our please contact our support team.
Controller in the meaning of Art. 4 No. 7 EU General Data Protection Regulation (GDPR) is: DataCite e.V. German National Library of Science and Technology Welfengarten 1B, 30167 Hannover, Germany firstname.lastname@example.org
2. Site Visitors
Just by merely using this website for information purposes, DataCite, like most site operators, collects personal data of the sort that web browsers and servers typically make available, such as the IP address, the browser type, language preference, referring site, and the date and time of each visitor request. DataCite’s purpose in collecting these information is to better understand how DataCite’s visitors use its sites.
Legal basis for the processing of these data is Art. 6 No. 1 lit. f GDPR.
DataCite will not attribute these data to specific persons, and these data will not be combined with other data sources. After use for the above purposes, the data are erased by DataCite after seven days.
3. General Treatment of Personally-Identifying Information
Certain visitors to DataCite’s sites can choose to interact with DataCite in ways that require DataCite to gather personal data. The amount and type of information that DataCite gathers depends on the nature of the interaction.
For example, we ask visitors who send a message to our Help Desk, requesting assistance, to provide an email address. Those who engage in transactions with DataCite – by becoming a member and using our DOI services, for example – are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, DataCite collects such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with DataCite. DataCite does not disclose personal data other than as described in the Protection of Information section below. Visitors can always refuse to supply personal data, with the caveat that it may prevent them from engaging in certain activities.
For more information, please read the following sections on data processing, in which further details are provided.
When you use our website, cookies are also stored on your computer. Cookies are small text data files which are stored on your hard drive and attributed to the browser you are using and with which the place which sets the cookie (in this case, us) receives certain information. Cookies cannot execute any programs or transfer viruses to your computer. They serve the purpose of making the internet offering in general more user friendly and effective. We use so-called technically necessary cookies on our website. Technically necessary cookies are cookies that are necessary for our website to function correctly. They help to make our website usable by enabling basic functions such as page navigation and access to secure areas of the website. The legal basis for the use of technically necessary cookies is Art. 6 No. 1 lit. f GDPR.
5. DataCite Members, Consortium Organizations & Repositories
If you become a member of DataCite or Consortium Organization (previously referred to as Clients), we ask for contact information (name and email and billing address) to fulfill our business obligations -- contacts include service, technical, voting, and billing contacts. The service contact receives general information about service status and new services. The technical contact is notified of service changes and infrastructure outages. The voting contact receives information pertaining to DataCite’s governance duties; board elections, statute changes, and budget approval. The billing contact receives annual invoices for membership and DOI service fees. We log membership contact and billing information to our Customer Relationship Management (CRM) system, Salesforce. Salesforce fully complies with current privacy regulations.
Legal basis for processing personal data as a result of membership and the use of the DataCite´s DOI services is either Art. 6 No. 1 lit. b GDPR and Art. 6 No. 1 lit. f GDPR, as these are required for the fulfilment of the contract/membership with DataCite as well as for the use of the offered services. Furthermore, DataCite has a legitimate interest in the fulfilment of its duties towards its members. For the storage of invoice data also Art. 6 No. 1 lit. c GDPR apply as legal basis.
Depending on the type of DataCite services used, your organization contact may receive, notifications about training sessions, webinars, product testing, or news that will impact the use of DataCite services. Individuals may remove themselves from mailings by following the unsubscribe link provided in every DataCite email.
Legal basis for the processing of these data in order to contact a member or an organization is Art. 6 No. 1 lit. a GDPR.
Fabrica is DataCite’s service used by DataCite members to create and assign DOIs and associated metadata. The service relies on cookies for use. Fabrica is not a public facing service and those using Fabrica must have an account. Fabrica also collects information about users of the service, including names and emails. This information is used to administer the service.
Legal basis for the processing of these data is Art. 6 No. 1 lit. b, f GDPR.
7. Support Site
DataCite maintains a support site to help the DataCite community understand and use our services. All of DataCite’s support content is on readme.io platform. readme.io fully complies with current privacy regulations.
8. DataCite’s Metadata and Identifiers
As part of our services of registering DOIs, we also collect associated metadata. All of DataCite’s metadata and Identifiers registered with DataCite are made available for reuse without restriction through our public APIs and search interfaces. We are open and transparent about the use of our identifiers and metadata.
DataCite also collects personal data like Internet Protocol (IP) addresses for logged in users. DataCite only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personal data as described in the Protection of Information section below.
If you are a consumer of our metadata and identifiers and identify yourself in API queries using your account credentials, we will not store or use your email for any other purpose than technical troubleshooting and only if absolutely necessary. You may choose not to use your account credentials for API queries of public content, which won’t identify you at all. More information can be found in our REST API documentation. Legal basis for the processing of these data is Art. 6 No. 1 lit. b, f GDPR.
9. Using Datacite’s Help Desk
If you send a message to our Help Desk a “ticket” along with your email will be logged in our ticketing system, Frontapp. DataCite will not use contact information to resolve questions and any details provided during a support conversation are kept private. From time to time DataCite will add your email to an appropriate mailing list for additional information. Individuals may remove themselves from mailings by following the unsubscribe link provided in every DataCite email. Frontapp fully complies with current privacy regulations.
10. Comments on DataCite’s Blog
Readers of the DataCite’s Blog can submit comments on each post. DataCite uses a platform called Disqus. Disqus is an online service provider, which provides a centralized discussion platform for websites allowing our visitors to post comments on our blog. You can control your privacy settings with a Disqus account.
When posting a comment on the website, Disqus collects information about your visit to this and other websites, including the information you post and your IP address. Your comment will be sent directly to the Disqus servers through an iframe.
If you enter our blog, your browser will establish a direct connection to the Disqus servers. The information that your browser visited the corresponding page of our online services is transmitted to Disqus, even if you do not have a Disqus account or are not logged into your account. This information is sent directly from your browser to a Disqus server in the USA and stored there.
If you log into your Disqus account at the same time, it is also possible to assign the page retrieval to your Disqus account and allow Disqus to assign your surfing behaviour directly to your account.
For any commentary made using Disqus, DataCite will receive the following information about the user: The email address you provided and the IP address assigned to you by your provider at the time of your comment. DataCite only uses these email addresses when it needs to contact you in case of queries regarding your comments. There is no other use of the email addresses, nor will they be publicized or shared with third parties in any way. The IP addresses are only transmitted to prevent any misuse of the comment function. Users that misuse the comment function can be blocked using the IP-address. Legal basis for processing personal data is Art. 6 No. 1 lit. f GPDR.
If you want to block the transmission and storage of your data and your behavior on our online services through Disqus, you must log out of your Disqus account before you visit our website and delete any cookies placed by Disqus.
For more information visit: https://help.disqus.com/customer/portal/articles/466187
Disqus´ contact details: Disqus Inc, 301 Howard St, San Francisco, CA 94105, USA
11. Email Communications
DataCite uses email to communicate with DataCite members and users of our services. Email is either personal interaction or via Google Groups. DataCite sends – on the legal basis of Art. 6 No. 1 lit. f) GDPR - occasional service updates that we believe will be useful to individuals that subscribe to Google Groups.
Legal basis for processing personal data to send you our newsletter is Art. 6 No. 1 lit. a GPDR.
Individuals may remove themselves from mailings by following the unsubscribe link provided in every DataCite email. We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law.
DataCite may collect statistics about the behavior of visitors to its website. For instance, DataCite may monitor the most popular pages, support articles, and blog posts on the sites. DataCite may display this information publicly or provide it to others. However, DataCite does not disclose personally-identifying information other than described in the Protection of Information section below.
12. Aggregated Statistics
DataCite may, with the visitors´ prior consent, collect statistics about the behavior of visitors to its website. For instance, DataCite may monitor the most popular pages, support articles, and blog posts on the sites. DataCite may display this information publicly or provide it to others. However, DataCite does not disclose personal data other than described in the Protection of Information section below.
Legal basis for processing personal data for statistic purpose is Art. 6 No. 1 lit. a GPDR.
13. Protection of Information
DataCite discloses personal data only to those of its employees, contractors and affiliated organizations
that need to know that information in order to process it on DataCite’s behalf or to provide services available at DataCite’s websites, and
have agreed to comply with current privacy regulations
DataCite will not rent or sell personal data to anyone. Other than to its employees, contractors and affiliated organizations, as described above, DataCite discloses personal data only in response to a court order or other governmental request, or when DataCite believes in good faith that disclosure is reasonably necessary to protect the property or rights of DataCite, third parties or the public at large.
DataCite takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of personal data .
14. Your rights
According to the GDPR, you are entitled to the following rights against DataCite as a data subject: Right of access by the data subject (Art. 15 GDPR) In principle, you have the right to receive information on the points mentioned in Art. 15 GDPR. You also have the right to request a copy of your personal data in accordance with Art. 15 No. 3 GDPR.
Right to rectification (Art. 16 and 17 GDPR) You have the right to have incorrect personal data corrected. In addition, you have the right to demand that your personal data is deleted if further processing is no longer necessary, if processing is unlawful or if you have withdrawn your consent.
Each DataCite web page that is designed for the entry of personal data contains instructions explaining how you can update the personal data you provide or cancel any subscriptions you have with DataCite. You may send an e-mail to the Webmaster of the website through which you entered your personal data.
Right to restriction of processing (Art. 18 GDPR) If the conditions in Art. 18 GDPR are met, you have the right to have the processing of your personal data restricted, i.e. to prevent further processing for the time being.
Right to data portability (Art. 20 GDPR) Within the limits of Art. 20 GDPR, you have the right to receive your personal data in a machine-readable format in order to forward it or have it forwarded to another controller.
Right to object (Art. 21 GDPR) If the processing of your personal data is based on Art. 6 No. 1 lit. e or f GDPR, you have the right to object to the processing if the further requirements of Art. 21 GDPR are met. You can require this by sending us an email at: email@example.com
The exercise of these rights is in general free of charge.
In addition, you are entitled to lodge a complaint regarding the handling of your personal data with a supervisory authority.