Deutsch Intern
  • 50-jähriges Jubiläum des Rechenzentrums
Information Technology Centre

Privacy policy and data processing information for the service WueData

1. Responsible person in the sense of the data protection basic regulation

Julius-Maximilians-Universität Würzburg
Sanderring 2
97070 Würzburg

The University is represented by the acting president.

2. Data protection officer of the Julius-Maximilians-Universität Würzburg

Klaus Baumann

Josef-Stangl-Platz 2
Raum, 03.004
97070 Würzburg

Tel.: 0931 31-88757
Fax: 00931318688

3. Purpose and legal basis of data processing

The Julius-Maximilians-Universität Würzburg (JMU) offers WueData as institutional repository for the documentation and publication of research data. The primary aim of this service is to promote the preservation and accessibility of collected research data in line with the Open Science idea. To this end, researchers can upload their data in the repository, describe it with structured metadata and publish it.

During the publication process, the data is assigned a persistent identifier (DOI) and thus the data can be referenced permanently and is citeable. After publication, the research data and metadata are freely searchable and reusable on the internet for users in accordance with the terms of use of the repository.

The legal basis for the data processing is Art. 6 para. 1 lit. e GDPR in conjunction with Art. 4 ff BayDSG as well as Art. 85 GDPR and Art. 25 BayDSG. The legal basis for the storage of information in the end user's terminal equipment or access to information already stored in the terminal equipment is Art. 25 para. 2 TTDSG.

4. Categories and scope of data processing

4.1 Administration, editing and publication of metadata and research data

For login, administration and editing, personal identifiers of the JMU with access protection mechanisms are used and changes made with these identifiers are logged. Specifically, the following personal data is processed and stored:

  • User name or "Persistent ID" (when using Shibboleth)

  • Password (not applicable when using Shibboleth)

  • E-mail address

  • First and last name (optional)

  • ORCiD ID (optional)

  • Profile picture (optional)

This personal data is accessible to the administrators of the service.

While publishing research data, the following personal data will be stored and published by the data providers, as well as persons who were involved in creating the data:

  • Full name

  • Organisational affiliation

  • E-mail address (optional)

  • ORCiD ID (optional)

4.2 Log Files
When you access the repository or log in via a user account, you transmit data to our web server via your internet browser. The following data is recorded during an ongoing connection for communication between your internet browser and our web server:

  • IP address used

  • User ID or "Persistent ID" (when using Shibboleth)

  • E-mail address

  • Operating system used

  • Browser used / browser version

  • Visited web pages

  • Actions on these pages

  • Date and time at the time of access

  • Amount of data sent and received in bytes

4.3 Cookies
Session cookies are mandatory for the functionality of our services. They allow us to enable so-called "sessions" in which you can perform actions that build on each other.

4.4 Communication data
If you send us a request or an opinion by ticket, e-mail, post or telephone, the information provided will be processed to deal with the request and for possible follow-up questions and the exchange of opinions.

5. Recipients of the personal data

The data is disclosed to FIZ Karlsruhe - Leibniz Institute for Information Infrastructure GmbH, Hermann-von-Helmholtz-Platz 1, 76344 Eggenstein-Leopoldshafen within the scope of order processing.

6. Duration and type of storage of personal data

6.1 Personalised access data
Personalised access to our repository will be cancelled after deactivation of the JMU account of the person concerned.

6.2 Metadata and research data
Physical preservation of all uploaded research data and added metadata is assured for at least 10 years. The focus is on their physical preservation (bitstream preservation). The long-term usability and readability of the data depends on the availability of the respective formats in which the data sets are uploaded.

In principle, the deletion of uploaded data packages and metadata is not provided for according to the terms of use, but in justified individual cases (e.g. faulty files, legal reasons), a deletion of data packages can take place in consultation with the repository operators. In addition, the JMU reserves the right to block or delete uploaded data packages in justified exceptional cases (e.g. legal violations).

6.3 Log Files
Log files and the personal data contained therein are deleted after 7 days.

6.4 Cookies
Session cookies are deleted when the browser is closed. Only the general cookie disclaimer "cb_cookie_notice", which confirms the cookie information displayed in the browser, is valid for one year.

6.5 Communication data
Tickets, e-mails, notes on telephone calls and post and messages that you have not transmitted to us publicly are checked every two years to see whether it is still necessary to store your enquiries for follow-up purposes. If your data is no longer required, its processing will be restricted and it will still be stored in accordance with the statutory retention obligations, taking into account archiving law.

7. Data subjects rights

With regard to the processing of your personal data, you as a data subject are entitled to the following rights pursuant to Art. 15 et seq. GDPR:

  • You can request information about whether we are processing personal data about you. If this is the case, you have the right to information about this personal data as well as other information related to the processing (Art. 15 GDPR). Please note that this right to information may be restricted or excluded in certain cases (cf. in particular Art. 10 BayDSG).
  • In the event that personal data about you is not (or is no longer) accurate or incomplete, you may request that this data be corrected and, if necessary, completed (Art. 16 GDPR).

  • If the legal requirements are met, you can request the deletion of your personal data (Art. 17 GDPR) or the restriction of the processing of this data (Art. 18 GDPR). However, the right to erasure pursuant to Article 17 (1) and (2) GDPR does not apply, inter alia, if the processing of personal data is necessary for the performance of a task carried out in the public interest or in the exercise of official authority (Article 17 (3) (b) GDPR).

  • You may also object to the processing of your personal data by us at any time on grounds relating to your particular situation (Article 21 GDPR). If the legal requirements are met, we will no longer process your personal data.

  • If you have consented to the processing or if there is a contract for data processing and the data processing is carried out with the help of automated procedures, you may have the right to data portability (Art. 20 GDPR).

  • You have the right to complain to a supervisory authority within the meaning of Art. 51 DSGVO about the processing of your personal data. The competent supervisory authority for Bavarian public bodies is the Bavarian State Commissioner for Data Protection, Wagmüllerstraße 18, 80538 Munich. In addition to the right of complaint, you may also file a judicial appeal.

8. Other information on our data protection declaration

We reserve the right to amend this data protection declaration from time to time so that it always complies with the current legal requirements or in order to implement changes to our services in the data protection declaration, e.g. when introducing new services. The new data protection declaration will then apply to your next visit.

If you have any questions or would like to exercise your rights towards us, you can contact the data protection officer of the JMU or write an email to