DataDOI is a research data repository of the University of Tartu (UT) that is managed by the University of Tartu Library.

Legal, transparent and confidential processing of personal data is important for the DataDOI team, therefore, we follow the University of Tartu data protection policy.

Processing personal data in DataDOI repository is the activity in public interest.

According to the Statutes of the University of Tartu, one of the objectives of the university is, among others, the advancement of science, the development of knowledge-based public services, the development, research and preservation of scientific and museum collections, and ensuring public access to these collections.

Open science and open research data are a public good, encouraging and supporting research activities for the benefit of society. Research results are transparent and research data can be reused in next studies.

Research data uploaded to the DataDOI repository are generally accessible to the public, but provisions on privacy allow to make it visible only for the collector of the data or the members of a working group.

Personal data can be found at three locations:

1. Personal data collected for the provision of the DataDOI services
2. Personal data in the metadata of data files
3. Personal data in data files

There is no need to register as a user to view and download open access data in the DataDOI repository.

To upload data, it is necessary to log in either with the University of Tartu user ID or with an e-mail address and password.

When logging in with a UT ID, the person's name and e-mail address are registered.

When registering, the user has to indicate their first and last name and e-mail address, and create their username and password (minimum of eight characters, including numbers, letters in Latin script); they are responsible for keeping it secret.

One can choose the language of communication and voluntarily provide your telephone number when creating the account.

The objective of collecting such personal data is to identify the user, to manage their account and contact them for, e.g., giving information or verifying the uploaded research data. Only the administrators of the DataDOI repository have the possibility and the right to see the personal data of its users in order to fulfil their obligations arising from their employment contract.

Before registering as a DataDOI user, one has to read the DataDOI privacy policy and confirm the acceptance of it.

Creating anonymous accounts, accounts on behalf of other persons or fake accounts is not allowed. One person should not have more than one account.

The user will receive a letter confirming their registration on their e-mail; if necessary, they can also receive important information on their e-mail.

DataDOI user accounts can be deleted only by the repository administrators.

DataDOI repository collects the IP-addresses of its users and the following data related to visits to the platform: language, geographical location, type and version of the browser, OP system and its version, navigation track, duration of the visit, pages visited and services used. Collected information is anonymised and used for research and statistical purposes, for developing, marketing and advertising the services provided by the repository, and in submitting applications for funding.

One of the basic principles of the open repository is that the metadata of a dataset are freely accessible even in cases when the data are not accessible for some reason.

Metadata, including personal data, are supplied by the person who uploads the data.

It is obligatory to indicate the names of the creators of the dataset and contributors (collector of the data, data manager, etc.), their affiliation to some research institution or project, and the ORCID identifiers as well.

These data are necessary for clearly identifying all the authors of the dataset so that all of them could get more citations and recognition for their work. Dates, geographical locations, and technical information are also part of recommended and essential metadata.

It should be noted that combining and aggregating (processing data collected from different sources and expressing it in a summary form) metadata may reveal new information about the authors and breach their privacy. See "Technical metadata and privacy".

Technical metadata include, e.g., information about different mobile devices used at fieldwork, as well as metadata generated by the equipment.

By using the tool Metadata2Go, it is possible to find out the metadata included in, e.g., image and video files, such as the exact description of the device and the date and location of creating the data file. When aggregated with other metadata, this information could pose an immediate danger to a person’s safety and property by describing the person’s property, location and habits. The editing of metadata before making the data accessible is the task and responsibility of the collector of the data.

DataDOI repository applies relevant technical and organisational measures to ensure the security of its users (Privacy by design, GDPR, article 25).

DataDOI is responsible for the security of the uploaded files, but it is not responsible for the content of the data files, i.e. the personal data disclosed by the researcher/uploader.

Information about changes in privacy policy can be found on the web page of DataDOI. If the changes are not acceptable for registered users, they can stop using the services provided by DataDOI, but it is not possible to withdraw the already uploaded and licenced data.

DataDOI enables linking of datasets to the platforms of other service providers (OpenAIRE, DataCite, ORCID), which have their own privacy policies, found on their web pages; DataDOI is not responsible for these policies.

evelin.arust@ut.ee

In order to ensure the quality and development of the services provided by DataDOI, the e-mail address of the sender is collected, as well as the content of the question and the answer to it.