Privacy Policy

Hey there!
Thank you for taking a look at our privacy policy – few people do.

We are the DSA Collaboratory (read more about us here). You can contact us through our contact form or via email at contact [at] dsa40collaboratory.eu

At the DSA40 Data Access Collaboratory, we think that responsible research also has to handle data responsibly and clearly communicate data management practices. This is why we want to keep this privacy policy short and readable – while also continously looking to improve the conditions under which we process your personal data. So, if you have ideas on how we can improve this privacy policy or our current practices, have questions, or encounter any issues, please contact us.

We basically process your personal data for four different purposes:

  1. displaying our website
  2. basic website security
  3. contacting you based on contact information you provide
  4. collecting data from you to display it on the website (in the case of open letters or the issue tracker for example)
  5. collecting data from you for further analysis and anonymised publication (in the case of our application tracker)

Below, we detail for each purpose, what data we process, for how long we store it, and who has access to it.

Generally, you also have the rights to

  • know which information we hold about you (Art. 15 GDPR)
  • correct the data we hold about you (Art. 16 GDPR)
  • delete your data (Art. 17 GDPR)
  • ask us to limit our usage of your data (Art. 18 GDPR)
  • ask us to transfer your data elsewhere (Art. 20 GDPR)
  • stop us from processing your data (Art. 21 GDPR)

If you want to exercise these rights, please contact us or send us an email at contact [at] dsa40collaboratory.eu. If you are not satisfied with our answers, you have the option to issue a formal complaint with the relevant supervisory authority in the state of Berlin.

But enough of the introduction, let’s get to the information you’re here for.

1. Displaying our website

1.1 What data do we collect?

  • Your operating system (Windows 10, macOS Mojave, etc.)
  • The page or pages you visited on our website
  • The time and date you accessed our website

1.2 What’s the legal basis for this?
We have a legitimate interest, according to Art. 6(1f) GDPR, to process this data – in order to show you our website in the first place.

1.3 Who else gets access to your data?
Since we are hosting this website on a Strato server, we share this information with them. We are planning to move onto a self-hosted solution soon though.

1.4. How long do we keep your data?
Our server stores your data only during the time that you are visiting our website. The same data might be saved longer for security purposes.

2. Basic website security

2.1 What data do we collect?

  • The type and version of your internet browser (Chrome, Safari, Firefox, etc.)
  • The size of your browser window
  • Your operating system (Windows 10, macOS Mojave, etc.)
  • The page you visited before landing on our website
  • The page or pages you visited on our website
  • The size of the data sent by your request and the responses sent between your browser and the server hosting our website
  • The HTTP Status Codes issued by our server when it responds to your browser’s request

2.2 What’s the legal basis for this?
We have a legitimate interest, according to Art. 6(1f) GDPR, to process this data – in order to protect your personal data by being able to trace and protect ourselves from cyberattacks.

2.3 Who else gets access to your data?
Since we are hosting this website on a Strato server, we share this information with them. We are planning to move onto a self-hosted solution soon though.

2.4. How long do we keep your data?
The data are stored on our server for one week and then they are erased. However, if our website has a security incident, we have a legitimate interest to keep the data as long as necessary to investigate the incident. For example, we might look into the IP addresses we collected to identify the origin of the attack.

3. Contacting you

3.1 What data do we collect?

  • Your email address
  • Your name (if provided)
  • The time and date your message was sent

3.2 What’s the legal basis for this?
We have a legitimate interest, according to Art. 6(1f) GDPR, to process this data – in order to communicate with you. If you sign up to our newsletter, we also ask for your consent as a legal basis under Art. 6(1a) GDPR

3.3 Who else gets access to your data?
Since we are hosting this website on a Strato server, we share this information with them. We are planning to move onto a self-hosted solution soon though.

3.4. How long do we keep your data?

We store your message, your email address and your name (if you shared it) in our mailbox as long as necessary to answer your contact request and to keep our conversation ongoing. We keep these data until you object to the processing or ask us to delete it, or the project ends, likely not before 2029.

4. Displaying data provided by you

4.1 What data do we collect?

  • Your email address
  • Your name (if provided)
  • The time and date your submit your data
  • additional data that you submit to us (like urls for verification or issue descriptions)

4.2 What’s the legal basis for this?
If we collect data from you, we ask you for your consent to display it, which is a legal basis for processing under Art. 6(1)(f) GDPR, to process this data.

4.3 Who else gets access to your data?
Since we are hosting this website on a Strato server, we share this information with them. We are planning to move onto a self-hosted solution soon though.

4.4. How long do we keep your data?
The data is stored on our server until you object to the processing or ask us to delete it, or the project ends, likely not before 2029.

5. Collecting and analysing data provided by you

5.1 What data do we collect?

  • Your email address
  • Your name (if provided)
  • You affiliation
  • The time and date your submit your data
  • data on your data access application (like the platform you submitted it to, and it’s contents)

5.2 What’s the legal basis for this?
If we collect data from you, we ask you for your consent for further processing, which is a legal basis for processing under Art. 6(1)(f) GDPR, to process this data.

5.3 Who else gets access to your data?
Since we are hosting the survey on SoSciSurvey we share this information with them. We are planning to move onto a self-hosted solution soon though.

5.4. How long do we keep your data?
The data is stored on our server until you object to the processing or ask us to delete it, or the project ends, likely not before 2029.