Data Privacy Notice
Note that this document in provided for supporting English-speaking users, the legally binding document is the German document.
Data Processor
The responsible party for data processing within the meaning of Art. 4 No. 7 GDPR and other national data protection laws of the member states as well as other data protection regulations is the:
Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
Burckhardtweg 4
37077 Göttingen
Göttingen, Germany
Tel: +49 (0) 551 39-30001
E-mail: support@gwdg.de
Website: www.gwdg.deRepresented by the managing director. The controller is the natural or legal person who alone or jointly with others determines the purposes and means of the processing of personal data.
Contact person / Data protection officer
Gesellschaft für wissenschaftliche Datenverarbeitung mbH Göttingen
Datenschutzbeauftragter
Burckhardtweg 4
37077 Göttingen
Göttingen, Germany
Phone: +49 (0) 551 39-30001
E-mail: support@gwdg.deGeneral information on data processing
Overview of the service
The Protein AI service consists of several components, particularly a web frontend and alphafold2/boltz models in the backend. The frontend provides users with a web interface to directly enter query sequences via a browser. Additionally, users can select their desired model and adjust certain settings. The frontend forwards all requests to the selected model backend. The backend is hosted via the GWDG platform, which receives all requests and forwards them to the appropriate model.
Scope of the processing of personal data
We only process our users’ personal data to the extent necessary to provide a functional website and our content and services. The processing of personal data of our users takes place regularly only with the consent of the user (Art. 6 para. 1 lit. a GDPR). An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.
Legal basis for the processing of personal data
Insofar we obtain consent from the data subject for processing operations involving personal data, Article 6 (1) lit. (a) of the EU General Data Protection Regulation (GDPR) is the legal basis for personal data processing.
When processing personal data that is necessary for the performance of a contract to which the data subject is party, Article 6 (1) lit. (b) GDPR is the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures.
Insofar as the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6 (1) lit. (c) GDPR is the legal basis.
Where the processing of personal data is necessary in order to protect the vital interests of the data subject or another natural person, the legal basis is Article 6 (1) lit. (d) GDPR.
If the processing is necessary to protect a legitimate interest of our company or a third party and the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) lit. f DSGVO is the legal basis for the processing.
Use of the Protein-AI website (frontend)
Description and scope of data processing
Each time https://protein-ai.academiccloud.de/ is accessed, the system automatically collects data and information from the computer system of the accessing computer. The following data is collected in each case:
- Date of access
- Name of the operating system installed on the accessing device
- Name of the browser used
- Source system via which the access was made
- The IP address of the accessing device
The data is also stored in the log files of our system. This data is not stored together with other personal data of the user. After users query sequences get processed by backend model, they get deleted and only output result will be kept on GWDG’s secure data mover node for 30 days.
General use of models
Description and scope of data processing
For billing purposes, the following data is stored and logged on the GWDG server for each request:
- Date of the request
- user ID
- Time of the GPU use
This data is also stored in the log files of our system. This data is not stored together with other personal data of the user. No liability can be accepted for the automatically generated results. Results may be completely incorrect or contain incorrect partial information.
Duration of storage
The billing data is stored for one year.
Use of self-hosted models
Description, Duration of storage, and scope of data processing
In order to use the models hosted by the GWDG, the user’s inputs/sequences are processed on the GWDG’s systems. Protecting the privacy of user requests is of fundamental importance to us. For this reason, our service in combination with the self-hosted models does not store the inputs/sequences of the requests, and the output is kept on GWDG data mover node for 30 days (for user convenience to have ample time to download the results). Note on Output Data: While the output (e.g., predicted protein structure) is not considered personal data under GDPR, it may contain sensitive biological information. Users are responsible for ensuring compliance with applicable laws when using or sharing results.
Rights of data subjects
You have various rights with regard to the processing of your personal data. We list them in the following, but there are also references to the articles (GDPR) and/or paragraphs (BDSG (2018)) which provide even more detailed information.
Right to immediate erasure / “Right to be forgotten” / Right to restriction of processing (Article 17/18 GDPR; § 35 BDSG)
You have the right to request the immediately erase of your personal data from the controller. As an alternative, you may request to restrict the processing from the controller, whereby restrictions are referred to in the GDPR/BDSG under the articles and/or sections mentioned.
Right to data portability (Article 20 GDPR)
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. In addition to the scenarios presented in and provisions of the GDPR, it must be noted that portability of mass data / user data is limited to technical readability. The right to data portability does not include that the data created by the user in a proprietary format is converted by the controller into a commonly used, i.e. standardised format.
Right to complain to a supervisory authority (Article 77 GDPR)
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.