Terms of Use
The SONICOM Ecosystem Research Data Repository (Repository)
is offered by Österreichische Akademie der Wissenschaften (Austrian Academy of Sciences; OeAW), to make available research results related to spatial hearing and to provide archiving infrastructure for and access to
digital research data. The Repository offers the following Services, according to FAIR
principles: Archiving, Web-Publication, Metadata-Assignment and -Dissemination
(OAI-PMH), Digital Object Identifier, API, Linked open data, Integration of
ROR and ORCID.
The use of the Repository, both the submitting as a Depositor
and the access and/or downloading as User of data, is subject to the
following terms, which are accepted by using the Services:
General Terms:
1.
The Repository is an open
dissemination research data repository for the preservation and making
available of research content, in any case for non-military purposes only.
2.
The Repository
offers the following different access modes:
a.
Open content:
available to the general public. The default licence of use of these data is
the Creative Commons licence CC-BY 4.0 (International).
b.
Embargoed
access: Restricted content that is not available to the general public or only
after a specific period has passed. Special access rules apply.
3. Unless specified otherwise, the Repository metadata
may be freely reused under the CC0 waiver.
4. The Repository accepts no liability for any damage or
loss resulting from acts or omissions by Depositors, Users or third parties.
5. The Depositors and Users agree to adhere to the OeAWI Guidelines for Good Scientific Practice ( https://oeawi.at/en/guidelines/ ).
6. The Repository reserves the right, without notice, at
its sole discretion and without liability, to alter, delete or block access to
content that it deems to be inappropriate or improper. It also may restrict or
remove access where it considers that use of the Repository interferes with its
operations or violates these Terms of Use or applicable laws.
7.
The Repository
operates on a best-effort basis. It does not guarantee faultless functioning of
its Services or permanent availability. In case of failures, in particular
because of force majeure or manipulation by third parties the Repository is not
liable. The Repository does not assume any liability for the usability of the
data for the purposes intended by the User.
8.
The Repository
may deny access for technical, organisational or other reasons. It reserves the
right to temporarily suspend Services for purposes of maintenance, technical
changes or similar reasons.
9. These Terms of Use are subject to amendments by the
Repository at any time and without notice, other than through posting the
updated Terms of Use on the Repository website. The changes will also be posted
for information purposes on the Repository website.
10. The
provisions of Austrian law apply to these Terms of Use. Place of jurisdiction
is Vienna to the extent that mandatory legal provisions are not superseded.
11. The
validity of these Terms of Use shall be unconditional from the validity of any
of its provisions. The invalid provision(s) shall be deemed as replaced by such
provisions that most closely reflect the intention of the parties subject to
the limitations imposed by the law and whose purpose most closely corresponds
to that of the invalid provision(s).
Additional Terms for Users:
1. Access to the Repository, and all content, is
provided on an as-is basis. Users of content shall
respect applicable license conditions. Download and use of content from the
Repository does not transfer or grant any intellectual property rights in the
respective content to the User.
2. Users (including Depositors) are exclusively
responsible for their use of content, and shall indemnify and hold the
Repository free and harmless in connection with their download and/or use.
Hosting and making content available through the Repository does
not represent any approval or endorsement of such content by the Repository.
3. Military use is prohibited.
Additional Terms for Depositors:
1. Depositors may only be researchers, who register to
the Repository, meet the required criteria (i.a. possession
of a valid ORCID identifier), and are approved by the Repository at its sole
discretion after the registration.
2. Research data may be uploaded only after the Depositors
acceptance by the Repository.
3. The
Depositor gives the Repository the right to distribute the data including metadata on Depositors
behalf. The Depositor grants the Repository an unlimited non-exclusive licence
to use the submitted data to provide the Services. The
Repository has the right to modify the format and/or functionality of the data
and metadata if this is necessary for the preservation, dissemination or reuse
of data. Furthermore, the Depositor agrees that the Repository may produce
copies of the submitted data for purposes of security, back-up, preservation,
and dissemination.
4. The
Depositor undertakes to provide all necessary information and metadata for the
data as stipulated by the Repository. The Repository has the
right to translate and modify metadata to increase the findability and
reusability of the data.
5. The
Depositor warrants that the use and dissemination of data by the Repository
does not infringe copyright, privacy or other rights of third parties and
complies with all relevant applicable laws.
6.
The Depositor
confirms to hold all exploitation rights to the submitted data and metadata and
to freely dispose of them.
7. The Depositor is exclusively responsible for the
submitted data and indemnifies and holds the Repository free and harmless in
connection with Depositors use of the Services and claims of third parties
regarding Depositors data and metadata.
8. The Depositor ensures that the submitted data is
suitable for (open) dissemination, and that it complies with these Terms of Use
and applicable laws, including, but not limited to, privacy, data protection
and intellectual property rights and does not breach
any existing agreements.
9. The Repository is primarily intended for the archiving
and dissemination of anonymised and pseudoanonymised data.
The Depositor ensures that research data originally containing (sensitive)
personal data is either anonym, anonymised, or fully consent cleared. In case
the Depositor submits personal data, the Terms on Data Processing below are
agreed upon and apply. However, Depositors considering the Repository for the
archiving and dissemination of personal data are advised to use bespoke
specialised service providers for sharing their data rather than the Repository
that is an open dissemination research service.
10. The Repository is not obliged to check whether the
archiving, preservation, dissemination and/or use of data and metadata violates
the rights of third parties. Specifically, the Repository is not responsible
for the content of the data and metadata, the legality of the dissemination of
the data and metadata or the access to the data and metadata. The Depositor
will indemnify, defend, and hold harmless the Repository from any and all
claims, damages and liabilities of third parties in that respect. For that said
purpose, the Depositor agrees that during or after the
submission of data and metadata to the Repository, the data may undergo a
curation process by the Repository. The Depositor agrees to collaborate with
the Repository in order to verify basic levels of quality and consistency of
the data.
11. The Repository accepts no liability in the event that
data are lost in whole or in part. This does not apply in the case of
intentional conduct.
12. The
Repository protects any personal information it collects from the Depositors as
required by data protection legislation. The Privacy Policy (Annex 3) describes
what personal data is collected and how it is processed.
Additional Terms on Data Processing:
Additional terms in case personal data is processed by the Repository on behalf of the Depositor.
In this case the Repository is considered processor within the meaning of Art 4
(8) General Data Protection Regulation[1] (GDPR).
1.
These terms govern the obligations of the parties
regarding data protection arising from the Services provided to the Depositor
by the Repository. It applies to all activities that are related to the
Services and in which employees of the Repository or third parties commissioned
by the Repository process personal data of the Depositor.
2.
The Repository will
process personal data submitted by the Depositor to the Repository. The data
processing has the sole purpose of providing the Services. The processor may
process data only in the context of the Services for and according to the
instructions of the Depositor or as agreed upon in these Terms of Use.
3.
The Repository will inform the Depositor, if it
believes that an instruction violates applicable law. In this case, the
Repository may suspend the implementation of the instruction until it has been
confirmed or amended by the Depositor.
4.
The Repository undertakes to take technical and
organizational measures to adequately protect the data that meet the
requirements of the GDPR, in particular to comply with Art 32 GDPR (see Annex
1).
5.
Insofar as this is possible, the Repository assists
the Depositor in the fulfillment of requests and claims of data subjects
(Art 12 to 23 GDPR) and supports the Depositor to comply with the
obligations set out in Art 32 to 36 GDPR. In case of a claim by a data subject
according to Art 82 GDPR, the Repository undertakes to assist the Depositor in
defending the claim to the best of its ability. For these support and
assistance Services, the Repository is entitled to demand a reasonable fee from
the Depositor.
6.
The Repository is entitled to engage another processor
(hereinafter referred to as "subprocessor") without prior written authorization of
the Depositor. In any case, the Repository is obliged to inform the Depositor
about the subprocessors as listed in Annex 2 and the
Depositor may raise a reasonable objection within a week of notification. If
the Repository engages a subprocessor for carrying
out specific processing activities on behalf of the Repository, the same data
protection obligations as set out in these Terms on Data Processing shall be
imposed on that subprocessor by way of a contract, in
particular providing sufficient guarantees to implement appropriate technical
and organisational measures in such a manner that the
processing will meet the requirements of the GDPR. Where that subprocessor fails to fulfil its data protection
obligations, the Repository shall remain liable to the Depositor for the
performance of the subprocessor's obligations.
7.
The Repository shall keep all confidential data
confidential that has been entrusted or made accessible by the Depositor and
shall use these data only for the lawful performance of its Services. The
Repository further warrants that all its employees and any subprocessors
who have access to the confidential data will have signed a confidentiality
agreement with at least equivalent content to this provision and will sign such
prior to contact with the confidential data. The confidentiality obligations
continue to exist even after the termination of the Services.
8.
The Repository shall delete all data after the end of
the provision of Services relating to processing. The exceptions to this are
data backlogs in backup systems until their regular and secure deletion, as
well as data that must be stored in order to fulfill legal obligations.
9.
The Repository shall notify the Depositor without
undue delay upon becoming aware of a data breach affecting the Depositors data
and undertakes to take the necessary measures to mitigate possible adverse
consequences for the data subjects concerned.
10. To
the extent necessary, the Depositor is entitled to audit the Repositorys
compliance with the data protection regulations and the contractual
obligations, in particular the technical and organizational measures taken by
the Repository and to carry out inspections before starting the data processing
and at regular intervals.
Annex 1: Technical and organizational measures
Liste an technischen und organisatorischen Maßnahmen
(TOM) der ÖAW Gemäß Art 32 Datenschutz-Grundverordnung (DSGVO)
sind technische und organisatorische Maßnahmen (im Folgenden TOM) zu treffen,
um personenbezogenen Daten vor Verlust oder Zugriff durch unbefugte Personen zu
schützen. Diese sind zu dokumentieren. Die folgenden TOMs stellen
Mindeststandards der ÖAW dar, die von der gesamten ÖAW (Institute,
Verwaltungseinrichtungen, Zentrale Verwaltung sowie Kommissionen) einzuhalten
sind.
1 Bauliche Maßnahmen
Elektrische Schließsysteme
Einbruchssicherungen (z.B. Alarmanlagen, Sicherheitsbeschläge,
Videoüberwachung, Portier)
Sicherheitsbegehung durch Wachdienst in der Nacht
Brandschutzvorkehrungen
Verschließbare Schränke für vertrauliche Akten
Shredder zur Vernichtung von vertraulichen Dokumenten
Videoüberwachung von sensiblen (IT-)Bereichen
Unterbrechungsfreie Stromversorgung (USV)
2 Technische Maßnahmen
Spezielle Schutzvorkehrungen für Serverräume,
insbesondere:
- Videoüberwachung
- Zutrittssystem
- Klimaanlage
- Brandschutz
- Notfallsystem
- Wassermelder
Absicherung von Geräten, Netzwerken und
Schnittstellen, insbesondere
- lokale und zentrale Firewalls
- Anti-Virensoftware
- Durchführung von notwendigen Updates
Verschlüsselung:
- Verschlüsselung von Speichermedien (USB-Sticks, Ext.
Festplatten, Zip-Dateien, etc
)
- Verschlüsselung der Kommunikation (TLS/SSL)
- Verschlüsselung der Mobilen Endgeräte - Laptops
(z.B. BitLocker), Mobiltelefone, Tablets
Technische Passwortvorgaben (z.B. ARZ
Kennwortrichtlinie)
Einsatz eines VPN Systems
Trennung von Server und Clientsystemen
Individueller Log-In und Kennwortverfahren (SSO, Verwendung einer zentralen
Identifizierung (Identity
Management (IM) z.B. zentrales LDAP der ÖAW)),
Zusätzlicher Log-In für bestimmte Anwendungen
Anlage von ÖAW User Accounts im zentralen LDAP der
ÖAW
Verwendung des zentralen LDAPs zur Authentifizierung
für EDV Systeme (soweit sinnvoll und
technisch möglich) und Vergabe von Zugriffsrechten
über ÖAW-LDAP
Automatische Sperrung der Clients (Bildschirmsperre)
Systemseitige Protokollierungen
Einsatz von ausfallsicheren Serversystemen (DDoS,
RAID, HA-Netzteile), Back-Up-Verfahren (auf
mindestens zwei Standorten in verschiedenen Brandabschnitten)
und regelmäßige Tests von Back-Ups
Aufbau von redundanten Systemen (z.B.
unternehmenskritische Services)
Skalierbarkeit über Loadbalancing Mechanismen
Skalierbarkeit durch den Einsatz der virtuellen
Technologie
Penetrationstests (Sicherheitstests, Belastungstests)
Ausbau und Vernichtung aller Speichermedien aus deinventarisierten und zu entsorgenden Endgeräten
der ÖAW
3 Organisatorische Maßnahmen
Rollenbasierte Zutrittsberechtigungen (z.B.
Unterscheidung ÖAW-Mitarbeiter, Sonderberechtigte)
Verpflichtende Verlustmeldung von ÖAW Schlüsseln und
Transpondern (an Abteilung Bau und Facility
Management)
Versperren von vertraulichen Dokumenten
Sichere Vernichtung (schreddern) von vertraulichen
Dokumenten
Zugangskontrolle zu EDV Systemen durch rollenbasierte
Zuordnung von Benutzerrechten
Zugriffskontrolle in EDV Systemen durch die
Verwaltung der Rechte durch Systemadministratorinnen
bzw. Systemadministratoren und Berechtigungskonzepte
Bildschirmsperre bei Verlassen des Arbeitsplatzes
Verpflichtende Verlustmeldung von ÖAW IT Hardware
(an ARZ)
Protokollierung und Meldung aller Änderungen von
Zugängen zu Ressourcen
Dokumentation von Berechtigungen
Einhaltung der ÖAW-Datenschutzrichtlinie
Einhaltung der ÖAW-Sicherheitsrichtlinien
Verpflichtung sämtlicher Mitarbeiterinnen und
Mitarbeiter zum Datengeheimnis
Schulung der Mitarbeiterinnen und Mitarbeiter (insbesondere
Datenschutz, Informationssicherheit,
organisatorische Maßnahmen z.B. Schlüsselverwaltung
etc.)
Verpflichtende Meldung von Datenschutzverletzungen
(an Datenschutzbeauftragte)
Annex 2: List of Subprocessors
|
Subprocessor |
Services |
|
FIZ Karlsruhe Leibniz-Institut für Informationsinfrastruktur GmbH |
Provision of the RADAR System |
Annex 3: Privacy Policy
The Österreichische Akademie der Wissenschaften
(OeAW Austrian Academy of Sciences) takes data
protection very seriously and treats your personal data confidentially and in
accordance with the statutory provisions. The Research Data
Repository (Repository) is offered by OeAW
to make available research results related to OeAW
and to provide
archiving infrastructure for and access to digital research data.
With this data
protection declaration, we would like to inform you - regardless of whether you
submit data as a Depositor and/or access or download data as a User
- about the nature, scope and purposes of the collection, use and processing of
your personal data by OeAW.
The
Repository does not collect or process personal data from Users. However, please
note that the access and/or download of data is subject to the Terms of Use.
If you
would like to submit, deposit and disseminate data through the Repository as a
Depositor, you have to register, accept the Terms of Use of the Repository and
fulfil the required criteria. To register, the following personal data will be processed:
·
Name
·
Institution
·
ORCID
identifier
·
E-mail
address
·
Website
·
Password
·
IP
address
·
Metadata
·
Research
data
·
Possibly
other, additional data you provide during the registration process.
We process these
data on the basis of Art. 6 para. 1 lit. b GDPR in order to perform the
contract of use, deposition and dissemination.
In
addition, we process the metadata and IP address in accordance with Art. 6
para. 1 lit. f GDPR, as it is in our legitimate interests to disseminate the
metadata to promote science, and the IP address to match your IP address with
IP addresses that have misused our service in the past for fraud prevention
purposes.
Please consider
that using the Repository for the deposition and dissemination of research data
containing personal data of any kind is only permitted if there is a
justification for this under data protection law. Therefore, our Terms of Use
provide for the conclusion of a data processing agreement (Art. 28 GDPR).
Please further
note that the registration is a prerequisite for submitting data as a
Depositor. If you do not provide us with the data, the registration, deposition
and dissemination of data is unfortunately not possible.
There will
be no disclosure of your registration data to third parties.
All
metadata and depending on the access mode the research data, in which you can
be identified may be published as part of the dissemination service.
Your
personal data will be stored on the basis of contract fulfilment for as long as
it is necessary to provide the services for use, deposition and dissemination of
your research data.
In case of
legitimate interest, we process the data as long as this is necessary to
protect the legitimate interest or until a (justified) objection is raised.
In
connection with the processing of your personal data, you have the following
rights at any time, which can be exercised:
- Right of
access (Art 15 GDPR),
- Right to
rectification (Art 16 GDPR) or erasure (Art 17 GDPR) or to restriction of
processing (Art 18 GDPR),
- Right to
data portability (Art 20 GDPR),
- right to
object (Art 21 GDPR),
Furthermore,
you have the right to lodge a complaint (Art 77 GDPR), which would have to be
submitted to the Austrian Data Protection Authority, www.dsb.gv.at , phone: +43 1 52 152-0, e-mail:
dsb@dsb.gv.at as the competent supervisory authority in Austria or a competent
supervisory authority within the EU.
Acoustics Research Institute of the OeAW, Dominikanerbastei 16, Vienna, Austria; E-Mail: piotr.majdak@oeaw.ac.at.
Österreichische Akademie der Wissenschaften: datenschutz@oeaw.ac.at
[1] Regulation
(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on
the protection of natural persons with regard to the processing of personal
data and on the free movement of such data, and repealing Directive 95/46/EC
(General Data Protection Regulation).