Privacy Statement

License Checker

In the following you will find a description of which personal data is collected and processed by the License Checker service.

Name of the Service

License Checker

Description of the Service

Webservice to support researchers and research software engineers in finding the right software license for their research software

1. Responsible in the sense of data protection law

University of Stuttgart
Keplerstraße 7
70174 Stuttgart
Germany
Phone: +49 711/685-0
E-mail: poststelle@uni-stuttgart.de

2. Data Protection Officer

University of Stuttgart
Data protection officer
Breitscheidstr. 2
70174 Stuttgart, Germany
Phone: +49 711 685-83687
Fax: +49 711 685-83688
E-mail: datenschutz@uni-stuttgart.de

3. Notes

This data protection information/privacy policy relates to the License Checker service of the Universität Stuttgart. The License Checker supports scientists and scholars of the university in selecting a suitable software licence for their research software. To do this, existing software code can be uploaded to the service to identify software licences contained in it and to receive recommendations for compatible software licences.  The servers are provided by the Technical Information and Communication Services (TIK) of the Information and Communication Centre of the University of Stuttgart, and are jointly administered by TIK and the University Library. The Research Data Competence Centre FoKUS, as part of IZUS, is responsible for the operation of the service.

4. Processing of Personal Data

The personal data described in this section is collected, stored and/or processed.

4.1 Research software

4.1.1 Description and categories of data

Research software in the form of code files and other associated files such as licence files, dependencies (e.g. requirements.txt), documentation, citation recommendations or data and databases contained in the software can be made available to the service in various ways:

  • By providing the URL to a publicly accessible code repository (e.g. via github.com or gitlab.com)
  • By uploading files in the form of a packed zip archive
  • By uploading individual files to specify dependencies

In the first two cases, the files made available are examined by the service using the Fossology Toolkit to determine what licence information they contain. The licence information is stored on the server and can be accessed later.

In the third case, the information contained is used to determine the dependencies of the software and its licence. If personal data is contained in the transmitted files, it will not be stored in any of the cases.

4.1.2 Purpose

The data is processed solely for the purpose of determining the licence information contained in it or identifying software dependencies.

4.1.3 Legal basis

The legal basis for the temporary storage of the files is Article 6(1)(f) of the GDPR.

4.1.5 Duration of storage

The transmitted files will be deleted after processing.

If publication or long-term reuse of the data is not planned, the data will be deleted after a period specified in the data management plan of the research project. According to § 2 para. 5 of the statutes of the Universität Stuttgart for ensuring the integrity of scientific practice and for dealing with misconduct in science, this is regularly 10 years. Various research sponsors may have different deadlines. Similarly, the faculties of the university can define different regulations for their departments. If publication or long-term reuse of the data is planned beyond the retention period, this will only be done on the basis of an informed consent.

4.2 Provision of the website and creation of log files

4.2.1 Description and categories of data

When you access https://izus.uni-stuttgart.de/licensechecker, you transmit data to our web server via your browser. The following data is temporarily stored in a log file during an active connection:

  • IP address of the requesting computer
  • Date and time of access
  • Name, URL and transferred data volume of the retrieved file
  • Access status (requested file transferred, not found, etc.)
  • Browser type and operating system (if transmitted by the requesting web browser)
  • Referring website (if transmitted by the requesting web browser)

The data in this log file is processed as follows:

  • The log entries are continuously and automatically evaluated in order to detect attacks on the web servers and to be able to react accordingly.
  • In individual cases, i.e. in the event of reported faults, errors and security incidents, a manual analysis is carried out.

In addition, the active network components of the University of Stuttgart log the date and time stamp, IP address + port (source), IP address + port (destination) and packet size when websites are accessed.

4.2.2 Purpose

The system needs to store the IP address temporarily to enable the website to be delivered to the user's computer. To do this, the user's IP address must be stored for the duration of the session. The data is stored in a log file to ensure the functionality of the website. We also use the data to optimise the website and to ensure the security of our information technology systems. The IP addresses contained in the log entries are not merged with other data stocks, unless there are actual indications of a disruption to proper operation. The logging on active network components also serves to ensure the security of the information technology systems. These purposes also include our legitimate interest in data processing in accordance with Art. 6 (1) point f GDPR.

4.2.3 Legal basis

The legal basis for the temporary storage of log files is Article 6 (1) (f) of the GDPR.

4.2.4 Recipients

If investigative measures are initiated due to attacks on our information technology system, the log files mentioned in 4.1.1. may be passed on to state investigative bodies (e.g. police, public prosecutor's office). The same applies if the relevant authorities and/or courts address enquiries to the university and the university is obliged to comply with them.

4.2.5 Duration of storage

The data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of data collection for the provision of the website, this is the case when the respective session has ended.
The data stored in log files are anonymised after seven days. This is done by shortening the IP addresses.

4.2.6 Consequences of not providing data, right to object and right to erasure

The collection of data for the provision of the website and the storage of data in log files is essential for the operation of the website. Users who do not want their data to be processed as described cannot use the university's services.

4.3 Use of cookies

4.3.1 Description and categories of data

Our website uses cookies to assign consecutive visits to our site after a login to a coherent session (session cookie). Cookies are text files that are stored in the internet browser or by the internet browser on the user's computer system. This cookie contains a characteristic string of characters that enables the browser to be clearly identified when the website is accessed again. When a user accesses a website, a cookie may be stored on the user's operating system.

4.3.2. Purpose

Some of our website's functions cannot be offered without the use of cookies, in particular all functions that require authentication under a user account. For these, it is necessary that the browser is recognised even after a page change.

The user data collected by technically necessary cookies are not used to create user profiles.

Our legitimate interest in the processing of personal data in accordance with Art. 6 (1) point f GDPR also lies in these purposes.

4.3.3 Legal basis

The legal basis for the processing of personal data using cookies is Article 6(1)(f) of the GDPR.

4.3.4 Recipient

The sole recipient of the information contained in the cookies is the authorised web server, i.e. the University web server that sets the cookie.

4.3.5 Duration of storage

Session cookies are automatically deleted from your computer when you close your browser. Since the cookies are stored on your end device, you also have the option of deleting them earlier. You can find out more in the following point.

4.3.6 Consequences of non-disclosure, right to object and right to erasure

Cookies are stored on the user's computer and transmitted by it to our site. Therefore, you as a user also have full control over the use of cookies, regardless of the storage periods listed above. You can disable or restrict the transmission of cookies by changing the settings in your internet browser. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are disabled for our website, it is possible that not all of the website's functions can be used to their full extent.

5. Your Rights

  • You have the right to obtain information from the University about the personal data stored about you and/or to have incorrectly stored data corrected. If research (primary) data is affected, your right to have the data corrected is only permitted to the extent that the integrity of the data is still guaranteed. If a correction of the data is not possible for this reason, it is possible to add a note or a statement to the data.
  • In addition, you have the right to deletion or restriction of processing or a right to object to processing.

Please contact the data protection officer of the University of Stuttgart at: datenschutz@uni-stuttgart.de

  • You have the right to complain to the supervisory authority if you are of the opinion that the processing of your personal data violates legal regulations.

The responsible supervisory authority is the State Commissioner for Data Protection and Freedom of Information for Baden-Württemberg.

6. Data Protection Code of Conduct

Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.

 

FoKUS – Competence Center for Research Data

To the top of the page