The Austrian Centre for Digital Humanities and Cultural Heritage (ACDH-CH) at the Österreichische Akademie der Wissenschaften (ÖAW) operates ARCHE. This document informs about ACDH-CH policies regarding the collection, use and disclosure of personal information received from users of ARCHE.
ACDH-CH takes the protection of personal information seriously and uses it only for providing and improving ARCHE’s services. By using the services, the user agrees to the collection and use of information in accordance with this policy and the General Data Protection Regulation.
Generally the use of ARCHE is possible without indication of personal Information. Collection of personal information is required e.g. for registering as a user or depositing resources, which is voluntary. Legal basis for processing your data in this case is your registration or/and the performance of the deposition agreement ( Art 6 (1) b GDPR). The information is not shared with third parties without explicit consent from the user.
Name of the Service
ARCHE - A Resource Centre for HumanitiEs
Description of the Service
ARCHE offers deposition and stable hosting of digital research data for the Austrian humanities community. The service is designed to cover a wide range of humanities research data, including (annotated) digital texts, lexical resources, tabular data, databases, images, collections containing GIS, 3D or CAD data, multimedia files (sound and/or video), websites and social media data, etc. as well as software (applications, source code, etc.).
Personal Data Processed
In case you login to the service via Federated Login (Shibboleth), following personal data is processed:
- Data requested as required from user’s home organisation:
- SAML persistent identifier (attribute: eduPersonTargetedID) - unique ID to identify the user
- Data requested (optional) from user’s home organisation:
- alternative identifier (attribute: eduPersonPrincipalName)
- user’s name (attributes: displayName, sn, givenName)
- user’s email (attribute: mail)
- user’s affiliation within the home institution (attribute: eduPersonScopedAffiliation)
- Data is gathered from the user:
- in case the home organisation does not provide some of the requested attributes, the user might be requested to provide the missing information in order to use certain functionality, or otherwise this functionality may not be available to the user.
- in case user makes use of personalization functionality (e.g. store personalized workspace settings)
- in case the user is contributor to the resources (work in a collaborative environment) all the changes are tracked
- General network traffic data (like IP address or referrer) is logged and is used in anonymized usage statistics.
Purpose of the Processing of Personal Data
The unique user identifier is needed to recognize the user over sessions, to be able to associate user-related information (customisation, authorisation settings, user-generated content). The identification of the user as well as the affiliation information serves as a means to determine the authorization to access protected resources (which may be granted to certain groups, like members of an institute or partners in a project).
Attributes concerning user's name are used in communication with the user (via e-mail and on the website) and for marking user's contribution. If the requested attributes are obtained, they are used by default, the user still has the possibility to change the display name.
The user's affiliation can be used for managing access to resources (authorisation), e.g. if access to a resource is granted to members of an institute. If no information about affiliation is available, user-based authorisation is used.
Providing an email address allows the user to be notified of news, or activity on the platform, especially changes by other members of a team working on common resource collection. This is not a critical functionality, thus the email attribute is optional. ACDH-CH may use the user’s personal information to contact the user with newsletters and other information regarding the services of ARCHE
General network traffic data is logged to generate anonymised statistics about the use of our resources, for which Matomo (see respective section) is used.
Cookies are files with small amount of harmless data, which may include an anonymous unique identifier. Cookies are sent to the user’s browser from a web site and stored on the user’s hard drive.
ARCHE uses both session and persistent cookies to enable certain functions of ARCHE’s service, to provide analytics and to store user preferences. Cookies are not used for advertising purposes.
Like most website operators, ARCHE collects non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. For this purpose an own instance of Matomo (former Piwik) is used.
ARCHE’s purpose in collecting non-personally identifying information is to better understand how ARCHE’s visitors use its website and services. ARCHE may release non-personally-identifying information in the aggregate, e.g. by publishing a report on trends in the usage of its website, to reveal how many downloads a particular resource got or to say which resources are most popular.
ARCHE also collects potentially personally-identifying information like Internet Protocol (IP) addresses. ARCHE does not use such information to identify its visitors, however, and does not disclose such information, other than under the same circumstances that it uses and discloses personally-identifying information, as described above.
OPT-OUT OPTION TO COME
Third Parties to whom Personal Data is Disclosed
No personal data will be disclosed to third parties.
The security of personal information is important to ACDH-CH, but no method of transmission over the Internet, or method of electronic storage, is 100% secure. While ACDH-CH strives to use commercially acceptable means to protect personal information, it cannot guarantee its absolute security.
How to Access, Rectify and Delete the Personal Data
If you need to access, rectify and/or delete any personal data we store about you or which you provided to us please contact us. Contact details can be found in Data Controller and Contact Person.
Data Protection Code of Conduct
User’s personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect user privacy.
Data Controller and Contact Person
Austrian Centre for Digital Humanities and Cultural Heritage
Austrian Academy of Sciences (ÖAW)
The provisions of Austrian law apply to this agreement. Place of jurisdiction is Vienna.