Privacy Policy
Last updated: 5 March 2026
1. Controller
The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection legislation is:
SciPort GbR
Nathanaelstr. 17
04177 Leipzig
Germany
Email: torstenbrammer@icloud.com
Phone: +49 15142330605
A Data Protection Officer has not been appointed, as the requirements under Art. 37 GDPR in conjunction with § 38 BDSG are not met.
2. Overview of Data Processing
SciPort is a platform that provides a digital directory for research infrastructure and facilitates connections between providers and users. Personal data is processed for this purpose. Providers also enter information about their organisation, equipment, and services, for which they are responsible themselves.
3. Registration and User Account
Data Collected
- Email address (required)
- First and last name
- Password (stored in encrypted form)
Purpose
Provision of the user account, authentication, assignment to an organisation, and management of access rights on the platform.
Legal Basis
Art. 6(1)(b) GDPR (performance of a contract) – registration is a prerequisite for using the platform as a provider.
Retention Period
Data is stored for the duration of account use and deleted without undue delay after the user account is deleted, unless statutory retention obligations apply.
4. Contact Persons of Organisations
Data Collected
- First and last name
- Email address
- Phone number
- Organisational affiliation and role
Purpose
Publication as a contact person for equipment and services in the catalogue, to enable interested parties to get in touch.
Legal Basis
Art. 6(1)(f) GDPR (legitimate interest) – the legitimate interest lies in providing a functional directory. The data is entered by the respective organisation on its own responsibility.
Retention Period
Data is stored as long as the organisation maintains the entry in the directory. After removal by the organisation or upon request by the data subject, the data is deleted without undue delay.
5. Single Sign-On (SSO) via SAML
Data Collected
- Email address (transmitted by the Identity Provider of the home organisation)
- First and last name, phone number, user role (if provided by the Identity Provider)
Purpose
Authentication via the Identity Provider of the user's home organisation, to enable secure login without a separate password.
Legal Basis
Art. 6(1)(b) GDPR (performance of a contract).
Retention Period
Data transmitted by the Identity Provider is stored as described in Section 3.
6. Email Communication
Data Collected
- Email address
Purpose
Sending confirmation emails to verify the email address during registration, as well as security-related notifications (e.g. password reset).
Legal Basis
Art. 6(1)(b) GDPR (performance of a contract).
7. Cookies and Technical Storage
This website uses only technically necessary cookies. No tracking, analytics, or advertising cookies are used.
| Cookie | Purpose | Retention |
|---|---|---|
sessionid |
Session management after login | Until browser is closed or logout |
csrftoken |
Protection against cross-site request forgery attacks | 1 year |
Legal Basis
Art. 6(1)(f) GDPR (legitimate interest) – these cookies are strictly necessary for the secure operation of the website. § 25(2) TDDDG (exemption from consent requirement for technically necessary storage).
Local Storage (localStorage)
Additionally, the chosen colour scheme preference (light/dark) is stored in the browser's localStorage. This setting contains no personal data and serves solely for display preferences.
8. Embedded Third-Party Services
This website does not load any external resources from third-party providers (e.g. Google Fonts, CDNs, analytics tools). All required resources (fonts, JavaScript libraries, stylesheets) are served locally from our own server. Therefore, no data is transmitted to third parties through visiting the website.
9. Hosting and Server Log Files
The website is hosted by Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany.
When accessing the website, the hosting provider automatically collects information in server log files that your browser transmits:
- IP address of the requesting device
- Date and time of the access
- Name and URL of the accessed page
- Amount of data transferred
- Browser type and version
- Operating system
- Referrer URL
Purpose
Ensuring a smooth connection, system security and stability, and technical administration.
Legal Basis
Art. 6(1)(f) GDPR (legitimate interest in the secure provision of the website).
Retention Period
Server log files are automatically deleted after 30 days.
10. Disclosure of Data to Third Parties
Personal data is generally not transmitted to third parties, unless:
- this is necessary for the performance of the contract (e.g. hosting provider as a data processor),
- you have given express consent (Art. 6(1)(a) GDPR), or
- there is a legal obligation to do so (Art. 6(1)(c) GDPR).
A data processing agreement (DPA) pursuant to Art. 28 GDPR has been concluded with the hosting provider.
11. Data Subject Rights
You have the following rights regarding your personal data:
- Right of access (Art. 15 GDPR) – You may request information about whether and which personal data we process about you.
- Right to rectification (Art. 16 GDPR) – You may request the correction of inaccurate data or the completion of incomplete data.
- Right to erasure (Art. 17 GDPR) – You may request the deletion of your personal data, provided the legal requirements are met.
- Right to restriction of processing (Art. 18 GDPR) – You may request the restriction of processing of your data.
- Right to data portability (Art. 20 GDPR) – You may request to receive your data in a structured, commonly used, and machine-readable format.
- Right to object (Art. 21 GDPR) – You may object to the processing of your personal data at any time, insofar as the processing is based on Art. 6(1)(f) GDPR.
To exercise your rights, please contact us using the contact details provided above.
12. Right to Lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data infringes the GDPR (Art. 77 GDPR).
The supervisory authority responsible for us is:
Saxon Data Protection and Transparency Commissioner (SDTB)
Devrientstraße 5
01067 Dresden
Phone: +49 351 85471 101
Email: post@sdtb.sachsen.de
Website: www.sdtb.sachsen.de
13. Changes to This Privacy Policy
We reserve the right to amend this privacy policy to ensure it always complies with current legal requirements or to reflect changes to our services. The updated privacy policy will apply to your next visit.