1. Responsible person and scope:

The person responsible within the meaning of the EU General Data Protection Regulation (hereinafter: GDPR) and other national data protection laws of the member states as well as other data protection regulations is:

Denny Spiegelberg
Robert-von-Ostertag Strasse 15
14163 Berlin
Tel .: +49 (30) 838-62513

The following data protection notices refer to the use of the OHIF Viewer hosted on the servers of Freie Universität.

2. How your data is used:

By entering a user name and password (your FU login data) it is determined whether the user is who he claims to be. The OHIF viewer is only informed that a user has successfully authenticated himself. The data is no longer processed by the viewer or saved and only used for logging in.

3. Cookies:

The user's web browser receives a token so that the user does not have to authenticate again with the IdP when accessing another protected application. This is Shibboleth's single sign-on feature. The token is valid for a certain period of time. However, the validity ends at the latest when the browser (session) is closed.

4. Transfer of data:

After a user has been authenticated, the OHIF viewer can request further attributes of the user from the IdP. From the values of these returned attributes, the viewer can then derive what the user is allowed to do with this provider (authorization). The provider still does not know the identity of the user.

5. Information about the rights of website visitors

As a person affected by the processing of personal data, the GDPR gives you the following rights:

According to Art. 15 GDPR you can request information about your personal data processed by us. In particular, you can obtain information about the processing purposes, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to correction, deletion, restriction of processing or objection, the existence of a Right to lodge a complaint, the origin of your data, if we have not collected it, via a transfer to third countries or to international organizations as well as the existence of automated decision-making including profiling and, if necessary, meaningful information on their details.
According to Art. 16 GDPR you can immediately request the correction of incorrect or the completion of your personal data stored by us.
According to Art. 17 GDPR, you can request the deletion of your personal data stored by us, insofar as the processing is not to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend Legal claims is required.
According to Art. 18 GDPR, you can request the restriction of the processing of your personal data if you dispute the correctness of the data, the processing is unlawful, we no longer need the data and you refuse to delete it because you want to assert or exercise it or need defense of legal claims. You also have the right under Art. 18 GDPR if you have objected to processing in accordance with Art. 21 GDPR.
According to Art. 20 GDPR, you can request to receive your personal data that you have provided to us in a structured, common and machine-readable format or you can request the transfer to another person responsible.
According to Art. 7 Para. 3 GDPR, you can revoke your once given consent to us at any time. As a result, we are no longer allowed to continue the data processing based on this consent in the future.
According to Art. 77 GDPR, you have the right to complain to a supervisory authority. As a rule, you can contact the supervisory authority of your usual place of residence, your place of work or our headquarters.

6. Contact details of the data protection officer

Data protection officer of the Free University of Berlin, Dahlem area
Grunewaldstrasse 34a
12165 Berlin

Email: datenschutz@fu-berlin.de
Telephone: 030 838 53636