Privacy Policy
This policy is effective from 23.02.2026.
1 Name of the Service
DZI Image Services
2 Description of the Service
The service provides a specialized image processing and hosting pipeline designed to facilitate the viewing of high-resolution images over the web.
3 Data Controller and a contact person
4 Data Controller's data protection officer (if applicable)
5 Jurisdiction and supervisory authority
6 Personal data processed and the legal basis
- your unique user identifier (OpenIdConnect: sub attribute) *
- your role in your Home Organization (OpenIdConnect: eduperson_scoped_affiliation attribute) *
- your full name (OpenIdConnect: name attribute) *
- your preferred user name (OpenIdConnect: preferred_username attribute) *
- your e-mail address (OpenIdConnect: email attribute) *
- your permissions and group membership (OpenIdConnect: eduperson_entitlement attribute) *
- logfiles on the service activity, such as logging in and uploading files to the server. These can contain an IP-Address. *
- upload info of all started uploads (time, size, name, progress...) *
- the uploaded images and all their metadata *
7 Purpose of the processing of personal data
The personal data retrieved from your Home Organization is needed to map you to the local account and to map the uploaded images to the account. Your role in your organization can be used to further restrict who can upload images. Only the user identifier is actually permanently stored on the server, the other user data retrieved from your organization is only displayed for comfort in the browser and stored there. Image metadata is also stored for comfort. The logfiles are needed to provide support in case you had problems with the service.
8 Third parties to whom personal data is disclosed
Personal data are disclosed to service providers within the Helmholtz Federation
9 How to access, rectify and delete the personal data and object to its processing
Contact the contact personal above. To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk. The Personal data is also deleted if all uploaded images are deleted by the user. The exception to this are logfiles, which are automatically overwritten on a rolling basis and capped at a maximum size of 10MB, ensuring older entries are regularly purged, and upload information, which is kept for 1 day.
10 Withdrawal of consent
There is no more data collection beyond whats necessary for the service to function. You are not asked for further consent and therefore cant not withdraw it.
11 Data portability
The user can not request his/her data be ported to another Service.
12 Data retention
Personal data is deleted on request or by deleting all uploaded images. So the retention period is as long as images from you exist. The exception to this are logfiles, which are automatically overwritten on a rolling basis and capped at a maximum size of 10MB, ensuring older entries are regularly purged, and upload information, which is kept for 1 day.
13 Data Protection Code of Conduct
Your personal data will be protected according to the Code of Conduct for Service Providers [1], a common standard for the research and higher education sector to protect your privacy
REFERENCES
[1] GÉANT Data Protection Code of Conduct http://www.geant.net/uri/dataprotection-code-of-conduct/v1