Data protection information

The following text is based almost entirely on the TU Berlin text linked here . Reuse has been expressly permitted upon request by e-mail.

Zotero is used for literature management, do not store any secret, personal or other confidential information in it. Personal data of special categories in accordance with Article 9 GDPR (e.g. health data, biometric or genetic data) are particularly worthy of protection and may not be processed with Zotero if you have set up synchronization with the Zotero servers. In this case, you may also not use Zotero for projects in which data protection clauses prohibit the external processing of data.
 

If you do not want your personal data to be processed by Zotero outside the EU and especially in the USA, use a local Zotero installation on your computer with appropriate settings. Please note that it is then not possible to synchronize data across different devices or with other users. Some of the online functions are useful and should remain activated, e.g. the update check.

The use of Zotero, especially with synchronization via the Zotero server, is voluntary for all members of TU Clausthal. Alternatively, Zotero can be used locally in the desktop version (with certain settings) or other reference management programs can be used. Members of Clausthal University of Technology may not force, coerce or pressure anyone - especially students or employees - to use a Zotero account, not even as supervisors. If Zotero is used, the voluntary nature of all those involved must be ensured and an alternative solution must always be offered. For example, literature lists for courses must not be provided exclusively in Zotero or required for submissions in Zotero, so that there is no compulsion to use Zotero.

Zotero is offered by the Corporation for Digital Scholarship. The cloud service is operated on servers of various service providers that are also located outside the EU and in particular in the USA. As a result, personal data is transferred to these third countries (this applies to any use of Zotero with a Zotero account).

Registration with Zotero is done by entering a username and an e-mail address, which are stored in the Zotero account.

TU members must ensure that personal data of third parties is only processed by Zotero with their consent; this includes, for example, the names of co-authors (no consent is required for bibliographic references).

By creating a Zotero account, you voluntarily consent to the processing of your data by Zotero. You also consent to the processing of further data by Zotero, some of which is personal data; in the case of cloud use, this includes the content data you enter, but also usage and metadata, including when you have collaborated with which other Zotero users.

The legal basis for the use of the Zotero reference management program is informed consent in accordance with Article 6(1)(a) GDPR. In the absence of comprehensive information from Zotero, the information obligation cannot be fulfilled at this point.

When you register with Zotero, data stored about you is processed in Zotero. This is a freely chosen user name and your e-mail address. The username is used to uniquely identify the user each time they log in. Please ensure that you choose a username that allows as few conclusions to be drawn about you as possible. After logging in to Zotero, you can view your personal profile at any time by clicking on 'Home -> <Username> -> Settings -> Account' in the web interface. From the start of registration, the data you enter and upload (document content, embedded files, etc.) and the data automatically generated by your use of Zotero (e.g. IP address, time data) will be processed. You can find information on the terms of use and the processing of your data by Zotero on the following pages:

www.zotero.org/support/privacy
https://www.zotero.org/support/terms/terms_of_service
https://www.zotero.org/support/security

Please note that Zotero's data protection information is incomplete with regard to the GDPR. Since the processing of personal data is not sufficiently described, correct use in terms of data protection law cannot be guaranteed.

If you use third-party services or integrations, their providers may gain access to your library and also to personal data, which is why such services should only be used after a data protection check.

Zotero stores data on website visits and server requests for 90 days. After that, they are destroyed, deleted or anonymized. The last IPs used for the various clients are stored by Zotero for security reasons and to revoke access. The content data processed together with your Zotero account will be stored by Zotero until revoked. You can delete your account and all associated data in your Zotero account profile yourself. Zotero reserves the right to delete all data after 90 days of inactivity.

If you use your TU email address for registration, the data stored at Zotero may be lost after you leave the TU, so we strongly recommend that you back up your literature references/bibliographic data locally. In addition, another e-mail address can be entered in the Zotero profile to ensure access to the account.

If your personal data is processed, you are a data subject within the meaning of the GDPR and you have rights vis-à-vis the controller. Responsible for data processing is the non-profit organization: Corporation For Digital Scholarship, 8300 Boone Blvd, Suite 500; Vienna, Virginia 22182, USA. If you wish to exercise your data subject rights in connection with the Zotero product, please contact us directly by e-mail at privacy(at)zotero.org.

You can request confirmation from the controller as to whether personal data concerning you is being processed.

You have a right to rectification and/or completion vis-à-vis the controller if the processed personal data concerning you is incorrect or incomplete.

Under certain circumstances, you may request the restriction of the processing of personal data concerning you, e.g. if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data or if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead.

You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. The right to data portability does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority if you consider that the processing of personal data relating to you infringes the GDPR.

Contact for the Zotero service

Clausthal University of Technology Library
E-mail: service@ub.tu-clausthal.de

General inquiries about data protection

Data Protection Officer of Clausthal University of Technology
E-mail address: dbs@tu-clausthal.de