DUO Data Privacy Policy
0. Introduction
The protection of your personal data is very important for the PSI User Office and data protection is taken care seriously with high priority. The general PSI Data Privacy Policy applies also to the software and related database called “Digital User Office” (in the following “DUO”) provided by
Paul Scherrer Institute (in the following "PSI", "we" or "us")
5232 Villigen PSI
Switzerland
Additional regulations related to the use of DUO are listed in this document, which aims to inform the users about the collecting and processing of their personal data in DUO.
Contact: PSI User Office, e-mail: useroffice@psi.ch, telephone: +41-56-310-4666
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
1. Collecting and processing of personal data
The DUO data privacy policy aims to fulfil the requirements of the Swiss Data Protection Act (SR 235.1) taking into account also the European Regulation 2016/679 (General Data Protection Regulation, GDPR) and to respect the strategy of data protection by design and by default.
It is not possible to use DUO anonymously; DUO requires a personal registration.
1.1 Data collected via the registration process
During the registration process the user will be asked to provide mandatory information. This mandatory information is marked as such and includes first name, last name, position, title, gender, date of birth, citizenship, affiliation, phone number, e-mail address, username and password. If a registration has not been completed, the collected data will be deleted.
1.2 Data collected during the proposal submission and processing
If you submit a proposal for experiments at one of the PSI user facilities via DUO, you will be asked to provide additional information about the planned project and the persons involved (e.g. principal investigator, co-proposers).
This data will be used to process the proposal and will be made available to selected PSI employees (e.g. safety officers, beamline managers) and to members of the Proposal Review Panels for the purpose of scientific, technical, safety and ethical review of the proposal. The data related to the proposal will be accomplished by data from previous activities stored in DUO for the review procedure.
1.3 Data collected during application for badge and dosimeter
If you apply for badge/dosimeter for your visit at PSI, you will be asked to provide additional information about your planned stay at PSI such as date of arrival and departure, the beamline and facility you intend to use and if/when you intend to stay in the PSI guesthouse.
This data will be used to process your badge/dosimeter request and eventually to prepare a reservation in the PSI guesthouse. For that purpose the provided information is made available to selected PSI employees (e.g. safety guards, dosimetry office, guesthouse reception).
1.4 Data automatically collected from DUO users
Please refer to the general PSI Data Privacy Policy.
1.5 Purposes of data processing
We collect and process personal data for the following purposes:
- for the organization of the proposal workflow procedure and for the access to the PSI user facilities
- for statistical and reporting purposes
1.6 Transfer of data to third parties
Your personal data will only be transferred to third parties if the transfer is necessary for the performance of a contract or if a third party has a legitimate interest in the transfer. Examples are information on travel reimbursement data, which will be provided to third parties which cover travel funds partly or in total (e.g. EU). We may transfer data which has been rendered anonymous to third parties (e.g. funding agencies) for statistical purposes without further consent.
Additionally, personal data might be transferred to third parties if we are obliged to transfer the data by statutory provisions or by an enforceable order of a court or an administrative authority.
1.7 External service providers
We reserve the right to appoint external service providers for the collection and use of personal data. These service providers will only have access to data they need for the performance of their service. Service providers will generally be appointed as commissioned data processors which are only allowed to process the personal data according to our instructions.
1.8 Duration of data storage
We will delete your personal data under the condition that both of the following conditions are fulfilled:
- there is no reference to any proposal, experiment or visit to PSI in DUO
- 2 years after your last log in to DUO or even earlier if you have sent a respective request to useroffice@psi.ch
Otherwise your personal data will be stored at PSI in order to fulfill the legitimate record retention according to the Swiss Code of Obligations, to protect PSI against potential legal claims and to maintain a record of ownership of work and compliance with PSI internal rules and guidelines.
Proposals themselves - submitted once - will not be deleted from DUO for statistical and reporting purposes but we reserve the right to delete proposal drafts ("editing mode") that have not been edited for a period of two years or more from the DUO database.
1.9 Email distribution lists and newsletter
Depending on your DUO activities you might be added to certain mailing lists to receive tailored information about PSI and the user facilities (calls for proposals, job offers, facility newsletter, …). At any time you can edit your personal profile in DUO and activate/de-activate your subscription to any DUO mailing list.
2. Cookies, Web analysis and Social Plugins
The DUO policy regarding cookies, web analysis and social plugins complies with the the general PSI Data Privacy Policy. DUO only uses cookies which are mandatory for the provision of DUO. Please note: by blocking cookies you will not be able to make use of the full DUO functionality.
3. Data Security
Your personal data will be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Please note that regarding any communication via email confidentiality cannot be guaranteed as third parties may be able to access the information during the transmission process.
4. Rights of the data subject
You have the right to be informed and - if certain prerequisites are present - also to correction, to erasure, to limitation of the data processing and - starting at 25 May 2018 - a right to data portability.
Please address your request to: useroffice@psi.ch
In case you gave us your consent for the processing of data you may withdraw your consent at any time. Your data will be deleted under the conditions described in 1.8 Please note that you can correct parts of your data in DUO by yourself.
5. Complaints to data protection authorities
You may file a complaint to the data protection authority. You may file your complaint at your local data protection authority or at the data protection authority locally competent for us. This is:
Eidg. Datenschutz- und Öffentlichkeitsbeauftragter, Feldeggweg 1, 3005 Bern
Telephone: +41-58-462-4395, http://www.edoeb.admin.ch
6. Contact information
If you have comments or questions, any concerns or a complaint regarding the collection and use of your personal data, please feel free to contact our data protection officer:
Dr. Werner Roser, Paul Scherrer Institut, 5232 Villigen-PSI
Telephone: +41-56-310-3514, e-mail: werner.roser@psi.ch