Disclaimer: The English version is for information only. Please see the German version for legal issues.
Responsible for the processing of your data is the
Technical University of Munich, Arcisstraße 21, 80333 Munich, Germany
E-mail: poststelle@tum.de, Telephone: +49 89 289-01
You can reach our data protection officer as follows
Technical University of Munich, Data Protection Officer, Arcisstraße 21, 80333 Munich
E-mail: beauftragter@datenschutz.tum.de, Telephone: +49 89 289-17052
You have the following rights under the General Data Protection Regulation (GDPR):
You can request information as to whether and, if so, which of your personal data we process and receive further information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases.
If incorrect personal data is processed, you have the right to rectification (Art. 16 GDPR).
If the legal requirements are met, you can request the erasure of your personal data or the restriction of its processing (Art. 17 and 18 GDPR). However, the right to erasure pursuant to Art. 17 (1) and (2) GDPR does not apply if, among other things, the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Art. 17 (3) (b) GDPR).
If the processing is carried out for the performance of a public task (Art. 6 para. 1 subpara. 1 letter e GDPR), you have the right to object to the processing of your data at any time if you have reasons for doing so that arise from your particular situation (Art. 21 para. 1 sentence 1 GDPR).
If you make use of your rights, we will check whether the legal requirements for this are met.
Further restrictions, modifications and, if applicable, exclusions of the aforementioned rights may result from the General Data Protection Regulation or national legislation.
You also have the right to lodge a complaint with the Bavarian State Commissioner for Data Protection. You can reach him at the following contact details
Postal address: P.O. Box 22 12 19, 80502 Munich
House address: Wagmüllerstr. 18, 80538 Munich
Telephone: +49 89 212672-0, Fax: +49 89 212672-50
Contact form: https://www.datenschutz-bayern.de/service/complaint.html
Data protection is an important concern for the Technical University of Munich. We want you to know when we store which data and how we use it. We collect, process and use personal data only insofar as this is necessary for the operation of the TUM DataTagger.
The TUM University Library is subject to the applicable data protection regulations, in particular the European General Data Protection Regulation (GDPR), the Bavarian Data Protection Act (BayDSG) and the German Telemedia Act (TMG).
In the following, we inform you about the type, scope and purpose of the collection, processing and use of data in connection with the TUM DataTagger.
The TUM DataTagger is a working tool for researchers at the Technical University of Munich (TUM) and its cooperation partners. The TUM DataTagger is used to manage and document research data from research projects over their entire duration and to prepare them for data publication and archiving.
The TUM DataTagger facilitates project collaboration, even across locations, and serves to document and trace research work in accordance with good scientific practice (https://portal.mytum.de/archiv/kompendium_rechtsangelegenheiten/sonstiges/wiss_Fehlverh.pdf/download). It also serves as an infrastructure for implementing the guidelines of the Technical University of Munich on the handling of research data (https://web.tum.de/researchdata/tum-leitlinien/) and various third-party funding bodies such as the German Research Foundation (https://www.dfg.de/foerderung/grundlagen_rahmenbedingungen/gwp/) and the European Commission (https://ec.europa.eu/research/participants/docs/h2020-funding-guide/cross-cutting-issues/open-access-data-management/data-management_en.htm).
For the use of the TUM DataTagger, the TUM’s guidelines for the use of information processing systems and recommendations of the German Research Foundation (Guidelines for Safeguarding Good Research Practice. Code of Conduct (zenodo.org)). The legal basis for the processing of your data results from Art. 6 para. 1 lit. e GDPR in conjunction with Art. 4 para. 1 BayDSG in conjunction with. Art. 2 para. 1 sentence 2 BayHIG and Art. 6 para. 1 sentence 3 BayHIG.
The web servers for https://datatagger.ub.tum.de are operated by the Leibniz Supercomputing Center (LRZ), Boltzmannstraße 1, 85748 Garching near Munich by way of order processing.
If you are a TUM member, the following data is retrieved from TUM Identity Management (TUM IDM):
- TUM ID
- e-mail address
- First name, surname and academic degree
- Affiliation, e.g. affiliation to a chair
- Organizational affiliation
If you are not a TUM member and you log in via Shibboleth, the data listed above for TUM members will be requested, whereby your personal ID of your organization will be recorded.
If you are not a TUM member, the e-mail address used for registration and a hash of your self-chosen password will be saved. You can enter the other data listed above for TUM members yourself.
The following data is also recorded:
- Time of registration
- Time of the last login
- Your access authorizations to data records (files and their metadata) in the TUM DataTagger and your other authorizations in projects in the TUM DataTagger
- Elements (projects, folders, files, metadata, metadata templates) that you create, upload or edit in TUM DataTagger
- Timestamps and user names for all edits you have made in the TUM DataTagger for the history of all TUM DataTagger elements (analogous to the editing history, e.g. in a wiki)
- IP address
- cookies
You can assign permissions to all data records (files and their metadata) in a folder, whereby the default setting is always “private” (privacy by design). The possible permissions are: read, edit, no access.
You can assign authorizations for a data set to any number of TUM DataTagger users. This is done at the folder level.
All TUM students, employees and guests (provided they have a guest account in Identity Management) are authorized to access the TUM DataTagger (this group is referred to as TUM members below). In addition, every TUM member can invite external cooperation partners (hereinafter referred to as TUM externals) to the TUM DataTagger via e-mail address.
TUM members can see contact details of other TUM members in the TUM DataTagger in addition to content to which they have been explicitly granted access. This contact data includes first and last name, academic degree, e-mail address, affiliation and organizational affiliation and corresponding data that is also visible to TUM members, e.g. in TUM Online.
In addition to content to which they have been explicitly granted access, TUM external users can see contact details of other TUM DataTagger users with whom they have at least one joint project. The stored contact details of external cooperation partners are in turn visible to other TUM DataTagger users with whom they have at least one joint project.
TUM external users can only create elements in the TUM DataTagger within a project that was created by a TUM member.
TUM DataTagger administrators can view, edit or delete all data stored in the TUM DataTagger. TUM DataTagger administrators are employees of the Research Data Services and Library Technology departments of the TUM University Library as well as developers, possibly from an external company from the European Union. Developer companies are obliged by contract data processing agreement to guarantee data protection as described in this privacy policy. The TUM DataTagger administrators will only view or process data for support purposes with your prior permission or if required by law.
In order to quickly recognize problems with the performance of the TUM DataTagger and to be able to intervene if necessary, accesses are temporarily logged. Each time the TUM DataTagger is accessed, the web servers save the following information in log files:
- User ID
- Date and time of access
- Web browser and operating system used
The data in this log file is processed as follows:
- In individual cases, i.e. reported malfunctions, errors and security incidents, a manual analysis is carried out.
- As a rule, the oldest data is deleted as soon as the log file is larger than 125 MB.
The TUM DataTagger is to be used for scientific purposes. It supports compliance with good scientific practice. This includes ensuring that data is audit-proof and that the complete history of the data remains transparent. As a rule, scientific data must therefore not be erasable.
Created elements can only be permanently deleted by system administrators. If you submit a request for the deletion of data and the administrators see a risk of scientific misconduct, you must be able to provide adequate justification for your request for deletion. If necessary, the administrators have the right to permanently document such deletions.
One exception is the “My draft files” area, which is to be used as a temporary repository for uploaded files in preparation for sharing with other project members. Here, files including metadata can be deleted both by the user and by the system if the files are not assigned to a folder within 30 days.
If you no longer wish to use the TUM DataTagger, you have the right to have your data anonymized in the TUM DataTagger. Your “First name Last name” will be replaced by the text “Anonymous User” everywhere in the system. All personal data will also be removed from your user profile. Content that you have created or uploaded will remain (see above: Deleting content that you have created).
Anonymization takes place automatically ten years after your last login. You will receive an e-mail informing you three months before such anonymization. If you do not respond, the anonymization will take place as planned. You can also request anonymization immediately. If you do not wish to be anonymized, simply log in to the TUM DataTagger.
The TUM DataTagger uses active components such as JavaScript. These must be activated in order to make full use of the services.
When you visit our website, your browser stores so-called session cookies on your computer. Cookies are small text files that are used to make our website more user-friendly and effective. Cookies do not damage your computer and do not contain viruses. The storage of these cookies can be disabled by changing the settings in your browser.
The following cookies are essential for use:
- Session cookie
- sessionid and csrftoken cookie if you use the API
We make every effort to ensure the security of your data. To secure your data, we maintain technical and organizational security measures in accordance with Art. 32 GDPR, which we constantly adapt to the state of the art.
We cannot guarantee that our service will be available at all times; disruptions, interruptions or failures cannot be ruled out. The servers we use are carefully backed up on a regular basis.
Your personal data is transmitted to us in encrypted form. We use the SSL (Secure Socket Layer) coding system, but would like to point out that data transmission on the Internet (e.g. when communicating by e-mail) can have security gaps. Complete protection of data against access by third parties is not possible.
Your personal data will be passed on to
Anexia Internetdienstleistungs GmbH (processor)
The transfer of personal data takes place exclusively within the framework of mandatory national legislation or if the transfer is necessary in the event of attacks on our IT infrastructure for legal or criminal prosecution.
Your personal data will not be transferred to a third country or to an international organization.
Further information: About the library