1. Responsible body under data protection laws

University of Stuttgart
5th Institute of Physics
Pfaffenwaldring 57
70569 Stuttgart
Germany
Telephone: +49 711 685 67893
Email: f.meinert@physik.uni-stuttgart.de

2. Data protection officer

Nicolai Lang
Institute for Theoretical Physics III
Pfaffenwaldring 57
70569 Stuttgart
Germany
Telephone: +49 711 685 65215
Email: thequantumlaend@itp3.uni-stuttgart.de

3. Introductory notice

This information concerning data protection / this data protection declaration relates to the website thequantumlaend.de provided jointly by the 5th Institute of Physics and the Institute for Theoretical Physics III of the University of Stuttgart. This website is operated by the institutes to publicly represent quantum computing related projects and to provide an application programming interface (API) to access simulators and quantum computers.

4. Personal data is gathered as follows:

4.1. Provision of website and creation of log files

4.1.1 Description and categories of data

Should you access this website, you transfer data to our web server via your browser. The following data is temporarily recorded in a log file whilst a connection is established:

  • IP address of the accessing computer
  • Date and time of the access
  • Name, URL and transferred data quantity of the accessed file
  • Access status (requested file transferred, not found etc.)
  • Browser type and operating system (if transferred by the requesting web browser)
  • Website from which the access took place (if transferred by the requesting web browser)

The processing of the data in this log file takes place as follows:

  • The log entries are continually automatically evaluated in order to recognize attacks against the web server and in order to be able to respond accordingly.
  • In individual cases, i.e. in case of reported disruptions, errors and security breaches, a manual analysis takes place.
4.1.2 Purpose

The temporary storage of the IP address by the system is necessary in order to deliver the website to the computer of the user. For this purpose, the IP address of the user must remain saved for the duration of the session.

Saving in a log file takes place in order to ensure the functional capability of the website. In addition, the data enables us to optimize the website and to ensure the security of our IT systems. IP addresses contained in the log entries are not combined with other data inventories, unless there are concrete indicators of a disruption to the correct operation.

These purposes also represent our legitimate interest in the data processing in accordance with Article 6 Paragraph 1 Letter f) GDPR.

The legal basis for the temporary storage of the data and log files is Article 6 Paragraph 1 Letter f) GDPR.

4.1.4 Recipients

Should criminal investigations be initiated due to attacks against our IT systems, the data named under 4.1.1 and log files can be passed on to state investigative bodies (for example the police, criminal prosecution authorities).

The same applies if relevant authorities and/or courts make inquiries of the institute and we are obliged to respond to these.

4.1.5 Storage duration

The data will be deleted once it is no longer necessary for the purpose for which it was gathered. In case of the recording of data for provision of the website, this is the case when the respective session has come to an end.

The log files are deleted after seven days.

4.1.6 Consequences of non-provision, right of objection and correction

The recording of data for provision of the website and the storage of data in log files is absolutely necessary in order to operate the website.

4.2. Use of cookies

4.2.1. Description and categories of data

This website uses cookies. Cookies are text files which are saved in the Internet browser or by the web browser on the computer system of the user. Should a user access a website, a cookie can be saved in the operating system of the user. This cookie contains a character sequence, which enables a clear identification of the browser next time the website is accessed.

4.2.2. Purpose

Certain functions of this website cannot be provided without the use of cookies (in particular the personalized login system). For these, it is necessary for the browser to be recognized again after a change of page.

The user data which is gathered by the technically necessary cookies is not used in order to create user profiles.

These purposes also represent our legitimate interest in the processing of the personal data in accordance with Article 6 Paragraph 1 Letter f) GDPR.

The legal basis for the processing of personal data using cookies is Article 6 Paragraph 1 Letter f) GDPR.

4.2.4. Recipients

The only recipient of the information contained in the cookies is the entitled web server, i.e. the web server of the institute which sets the cookie.

4.2.5. Storage duration

Session cookies are automatically deleted from your computer when you close your browser.

As the cookies are saved on your end device, you also have the option of deleting these earlier.

4.2.6. Consequences of non-provision, right of objection and correction

Cookies are saved on the computer of the user and transferred from this to our site. Therefore, you as the user also have full control of the use of cookies, regardless of the saving periods listed above. By altering the settings in your web browser, you can deactivate or restrict the transfer of cookies. Cookies which have already been saved can be deleted at any time. This can also take place automatically. Should cookies be deactivated for this website, most of the functions of this website cannot be used.

4.3. Personal data for the usage of the application programming interface (API)

4.3.1. Description and categories of data

The following data is stored in the database of the API system when you sign up for an account:

  • First- and last name
  • Academic degree
  • Profession*
  • Affiliation*
  • Motivation*
  • Newsletter Opt-In*
  • Email address
  • Salted hash of password
  • Number of logins
  • Date and time of last login

Most data fields can be accessed via the web frontend. Data fields marked with an asterisk (*) are optional and can be omitted when signing up. Contact the administrator for more information on your data.

4.3.2. Purpose

All data fields that are not marked as optional in the sign-up form are necessary to grant and manage the secure access to our API and to ensure that our limited resources are distributed most efficiently.

The legal basis for the processing of personal data for the organization of tutorials is Article 6 Paragraph 1 Letter e) GDPR.

4.3.4. Recipients

The data is stored in a database on the entitled web server and copied periodically to two independent backup servers. The data can be accessed by administrators via a web interface and post-processed for organizational purposes.

4.3.5. Storage duration

The data is stored until the account is deleted by the user.

4.3.6. Consequences of non-provision, right of objection and correction

Unless otherwise stated, all data fields are absolutely necessary for the administration of our API service. For corrections of your data, contact the administrator.

4.4. Website analytics (Matomo)

We use the open source web analytics application “Matomo” to analyze the traffic on this website. This application runs on the same server as this website (on-premise) and no data is transmitted to third parties.

You can opt out from being tracked below:

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

5. Your rights

  • You have the right to receive information from the institute concerning the data saved in relation to your person and/or to have incorrectly saved data corrected.
  • In addition, you have the right to deletion or to have the processing restricted or to object to the processing.

For this purpose, please contact the administrator.

  • You have the right to complain to the supervisory authority, should you be of the opinion that the processing of the personal data relating to you breaches legal regulations.

The competent supervisory authority is the State Data Protection and Freedom of Information Officer of Baden-Württemberg ( Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg ).