A) Preamble
The Coscine platform and the integrated storage systems are different elements of a technical infrastructure to support research data management (RDM).
Coscine is a web-based platform that allows the mapping of project structures and project-based permissions, as well as the management of research data in linked resources and the description of these resources with metadata. Coscine is developed and operated at RWTH Aachen University (operator Coscine). The complete documentation for Coscine is available online.
Directly integrated into Coscine and also subject to these terms of use are object-based storage systems that can be used via the S3 protocol and are operated in a georedundant and consortial manner by universities in North Rhine-Westphalia.
Coscine and the storage systems can be used independently of each other or in combination. In particular, the storage units of the storage systems (“buckets”) are available as a resource type in Coscine and can be provisioned via Coscine. In addition, data-holding systems from third-party providers can be integrated by users via other resource types. Integrated systems from third-party providers are not subject to these terms of use.
When using Coscine, personal data about the users is collected, which the operator processes responsibly in accordance with the terms of use and the privacy policy. The personal data of users that is collected when using the storage systems via Coscine is also processed exclusively in Coscine.
No (further) personal data is collected when using the storage systems, as access is only possible via pseudonymous, randomly generated credentials.
However, users can store personal data of third parties (research data) in the storage systems. The responsibility for this data remains largely with the users who submitted it. The operators are responsible for the technical integrity and protection against unauthorized technical access to the data in the context of operating the systems.
Contracting Parties
The following license agreement is concluded between you and the operator of Coscine, RWTH Aachen University. RWTH Aachen University is represented by its rector.
Address:
Rector of RWTH Aachen University
Templergraben 55
52062 Aachen (office address)
52056 Aachen (postal address)
Telephone: +49 241 80 1
Fax: +49 241 80 92312
Definitions
- Operator Coscine: RWTH Aachen University
- Operator consortium: Consortium of universities in North Rhine-Westphalia that operates the integrated storage systems.
- Organisation: University that has a service contract with the operator Coscine
- Organisational unit: Institution of an organization that has a service contract with the operator Coscine
- Resources: The linked IT services in a project in Coscine
- Data manager: role in Coscine that is assigned by organization managers at the level of an organization or organizational unit. In Coscine, this role has the same rights as the project owner role for all projects assigned to the organization or organizational unit.
- User support: role in Coscine that can be assigned at the level of organizations to employees in 1st-level support. In Coscine, it has the same rights as the project owner role for all projects to which persons of the organization are assigned.
- Support admin: role in Coscine that only employees of the operator Coscine have. In Coscine, it has the same rights as the project owner role for all projects.
Detailed information on the roles in Coscine is available online in the documentation.
B) The following requirements must be met in order to use the services:
I. Personal requirements
- Employees of a participating university or research institution in North Rhine-Westphalia
- Third parties who have been invited by a person mentioned under 1 to collaborate on a project or who have received a link from a person mentioned under 1 to review research data
II. Material requirements
- Use is possible via a supported browser. For special functionalities, such as direct data transfer to the storage, an S3 client is required for communication and data transfer.
- The persons mentioned under B) I. 1. have 100 GB of storage space available for the resource type “Web” per project. Additional storage space and storage space in the resource types “S3” and “WORM” must be requested via the JARDS online portal (see below) to ensure compliance with good scientific practice regarding FDM. All persons named under the conditions of use for Coscine are entitled to use the resources.
- Storage space for Coscine resources is requested via the JARDS online portal. The effort required to apply for storage space varies depending on the type of resource and the amount requested.
C) The following usage rules apply to Coscine and the integrated storage systems:
The following usage rules describe the conditions for using the Coscine service for participating universities or research institutions in North Rhine-Westphalia and their cooperation partners (according to §3 Abs. 6 HSG NRW) as well as the integrated storage systems. The following rules defined for Coscine also apply to the use of third-party resources integrated into Coscine. This does not affect any rules of use of the integrated resources of third-party providers that go beyond the provisions of this document. Users can terminate the use of the service at any time without stating reasons. Deadlines for the deletion of user and content data arise from the specifications of the data protection declaration, even after the end of use.
§ 1 Costs
- The use of Coscine and the integrated storage systems is free of charge; there is no legal right to registration and use.
- Coscine enables users to integrate third-party resources that may be subject to a fee. Users are obliged to bear these costs themselves.
§ 2 Obligations of users
- Users are obliged to treat their access data confidentially and to protect it from access by third parties.
- In the event of possible misuse of their access data, users must inform the operator immediately. They are also responsible for the consequences of such misuse.
- Users may not take any action that could disrupt the functioning of Coscine or the integrated storage systems or interfere with their availability. In the event of non-compliance, the users’ access authorizations will be blocked.
- Special uses of the application (e.g. the use of encryption technologies) are the sole responsibility of the users.
- In the event of a data migration caused by a technology change, users are obliged to cooperate if necessary.
- Users are responsible for the data they store. If data continues to be stored in the project, users with the role of “owner” must transfer this responsibility to other users by assigning them the role of “owner” before leaving a project.
- Users are obliged to assess the protection needs of the data they store in Coscine and, in particular in the case of personal data of special categories according to Art. 9 GDPR, to take appropriate additional measures to secure them (e.g. pseudonymization, anonymization, encryption).
- Before integrating third-party systems via corresponding resource types, users must ensure that the terms of use and privacy policy of the third-party system allow this. Users are also obliged to exercise care when managing the members of their project and to take into account that membership of the Coscine project also allows access to data in integrated third-party systems.
§ 3 Rights of use and inspection of stored data
- The data stored by users in Coscine and other integrated resources can be shared with other users, so that they also have access to the data.
- By using Coscine, users grant the operator the right to store and process the data they have stored or referenced in Coscine and the integrated storage systems, and to gain access to it under the conditions set out in paragraphs 3 to 5. The data entered will be stored for a maximum of 10 years after the end of the project, unless the contract is terminated. This is set out in a separate data processing agreement if the data is used by an organization. If the data is used by third parties, these provisions are set out in the privacy policy.
- The data stored by users in Coscine and references to data stored or linked in resources may be viewed by the users’ organization, represented by the “data manager” role of the respective organization, if this is necessary to secure scientific knowledge in the interest of the organization.
- The data and references to data stored or linked in resources that users store in Coscine may be viewed by the operator Coscine, represented by the roles “support admin” and the home organization, represented by the role “user support”, in order to process user support requests (e.g. assistance with configuration, troubleshooting and reproduction of malfunctions).
- The data stored by users in Coscine and the integrated storage systems may be viewed by the operator Coscine and the operator consortium or by third parties commissioned by them if this is necessary to ensure the smooth operation of Coscine.
- Existing rights of use and copyrights to the stored or shared information remain unaffected. Users affirm that they hold the necessary rights for this and that the content is lawful. Users agree to protect the rights of third parties (name, personal, copyright, usage, data protection rights, etc.).
§ 4 Liability
- The operator Coscine and the operating consortium have unlimited liability in the event of intent or gross negligence for injury to life, limb or health and in accordance with the provisions of the Product Liability Act.
- In the event of a slightly negligent breach of an obligation that is essential to achieving the purpose of the contract (cardinal obligation), the liability of the operators is limited in amount to the damage that is foreseeable and typical for the type of business in question.
- The operators are not liable for user content, including links to third-party websites provided by users.
- The operators are not liable for abusive access.
- The operators do not accept any further liability.
- The above limitation of liability also applies to the personal liability of the operators’ employees, representatives and organs.
- Users are responsible for the data they process in the service. They are liable for all damages arising from or in connection with the storage of data in Coscine and the integrated storage systems that are not due to grossly negligent or intentional behavior on the part of the operator. Users shall indemnify the operators from all third-party claims for damages arising in this context. § 5 para. 7 sentences 2 and 3 do not apply to operationally-related use of the service by relatives of the operators. In this case, the general liability provisions apply.
- The operator Coscine creates a backup for Coscine every 24 hours. The backup is stored for 6 months. The backup does not include data stored in resources. Should data be lost due to the individual behavior of the user (e.g. accidental deletion), the operator Coscine and the operator consortium are not able to restore it.
§ 5 Availability
- The constant, smooth and/or unrestricted availability of Coscine and the integrated storage systems cannot be guaranteed or offered. In particular, maintenance work or security aspects, as well as force majeure and events that are beyond the control of the operator, can lead to disruptions or a temporary suspension of the service.
- The operator also reserves the right to discontinue the service for operational reasons. Users will be informed of this 6 months before the service is terminated and given the opportunity to export their data.
§ 6 Data protection
- In Coscine, personal data is processed in accordance with the data protection declaration.
- If personal data of third parties are stored in Coscine and the integrated storage systems, users, as the responsible party within the meaning of the GDPR, must ensure that the processing of the data is in accordance with the applicable data protection law. Users must ensure that third parties within the meaning of B I. 2. are also obliged to comply with data protection law. This applies in particular to the storage of particularly sensitive data within the meaning of Art. 9 GDPR.
§ 7 Miscellaneous
- Amendments and supplements to this contract, including this § 8, must be made in writing, unless otherwise specified. There are no verbal ancillary agreements.
- The user’s general terms and conditions do not apply.
- This contract is subject to German law.
- The place of performance is Aachen. Exclusive jurisdiction is Aachen, provided that each party is a merchant or legal entity under public law or has no general place of jurisdiction in Germany.
- Should individual provisions of this contract be invalid, this shall not affect the validity of the remaining provisions. The parties to the contract shall endeavor to find a valid provision to replace the invalid one that most closely approximates the economic meaning of the invalid provision.