Conditions of the data management platform PlutoF on the protection of personal data
Data management and publication platform PlutoF enables the web-based management of research projects and research data, starting from the creation of data management plans up to the storing and publishing of data, in the form of open data, in the machine-readable format. Processing personal data on the data management and publishing platform PlutoF is the activity in public interest.
According to the Statutes of the University of Tartu, one of the objectives of the university is, among others, the advancement of science, the development of knowledge-based public services, the development, research and preservation of scientific and museum collections, and ensuring public access to these collections.
Open science and open research data are a public good, encouraging and supporting research activities for the benefit of society. Research results are transparent and research data can be reused in next studies.
Research data uploaded to the PlutoF platform are generally accessible to the public, but provisions on privacy allow to make it visible only for the collector of the data or the members of a work group.
Personal data can be found at three locations on the PlutoF platform:
- Personal data collected for the provision of the PlutoF services
- Personal data in the metadata of data files
- Personal data in data files
At least 13-year-old persons can register as users of the data management platform PlutoF. When registering, the user has to get familiar with the privacy policy applied by PlutoF and accept it.
When registering, the user has to indicate their first and last name and e-mail address, and create their username and password. The objective of collecting such personal data is to identify the user, to manage their account and contact them for, e.g., forwarding information or verifying the uploaded research data. Only the administrators of PlutoF can associate the username to the name of the real person.
Creating anonymous accounts, accounts on behalf of other persons or fake accounts is not allowed. One person should not have more than one account.
The user will receive a letter confirming their registration on their e-mail; if necessary, they can also receive important information on their e-mail.
The registered user has to have a safe password (minimum of eight characters, including numbers, letters in Latin script); they are responsible for keeping it secret.
PlutoF platform collects the IP-addresses of its users and the following data related to visits to the platform: language, geographical location, type and version of the browser, OP system and its version, navigation track, duration of the visit, pages visited and services used. Collected information is anonymised and used for research and statistical purposes, for developing, marketing and advertising the services provided by the platform, and in submitting applications for funding.
For the security of the data management platform, log files are stored for six months and the daily back-ups are kept for one year.
Administrators of PlutoF have the possibility and the right to see the personal data of its users in order to fulfil their obligations arising from their employment contract.
One of the basic principles of the open repository is that the metadata of a dataset are freely accessible even in cases when the data are, for some reason, inaccessible.
Metadata, including personal data, are supplied by the person who uploads the data.
It is compulsory to indicate in the metadata the names of the creators of the dataset and contributors (collector of the data, data manager, etc.), their affiliation to some research institution or project, and preferable to add the ORCID identifiers as well.
These data are necessary for clearly identifying all the authors of the dataset so that all of them could get more citations and recognition for their work. Dates, geographical locations, and technical information are also part of recommended and essential metadata.
It should be noted that combining and aggregating (processing data collected from different sources and expressing it in a summary form) metadata may reveal new information about the authors and breach their privacy.
Technical metadata include, e.g., information about different mobile devices used at fieldwork, as well as metadata generated by the equipment.
By using the tool https://www.metadata2go.com/, it is possible to find out the metadata included in, e.g., image and video files, such as the exact description of the device and the date and location of creating the data file. When aggregated with other metadata, this information could pose an immediate danger to a person’s safety and property by describing the person’s property, location and habits. The editing of metadata before making the data accessible is the task and responsibility of the collector of the data.
PlutoF platform applies relevant technical and protective measures to ensure the security of its users (Privacy by design, GDPR, article 25).
PlutoF is responsible for the security of the uploaded files, but it is not responsible for the content of the data files, i.e. the personal data disclosed by the researcher/uploader.
Information about changes in data protection conditions can be found on the web page of PlutoF. If the changes are not acceptable for registered users, they can stop using the services provided by PlutoF, but it is not possible to withdraw the already uploaded and licenced data.
PlutoF enables the linking of datasets to the platforms of other service providers (GenBank, GBIF, ORCID), which have their own privacy policies, found on their web pages; PlutoF is not responsible for these conditions.
Legal, transparent and confidential processing of personal data is important for the PlutoF team, therefore, we follow the University of Tartu data protection policy.
For further information, write to support@plutof.ut.ee
In order to ensure the improvement and development of the services provided by PlutoF, we collect the name and e-mail address of the sender, as well as the content of the question and our answer to it.