Data protection serves to protect the privacy of individuals. It requires data processors to act lawfully, and confers enforceable rights to the affected persons with regard to the processing of their personal data. Section 3 of the Canton of Zurich’s Act on Information and Data Protection (Gesetz über die Information und den Datenschutz [IDG ZH]) defines personal data as any information related to an identified or identifiable individual. This includes details such as names, addresses, phone numbers, and e-mail or IP addresses.
Welcome to the UZH DSI web page – Community Cybersecurity. UZH DSI takes data protection very seriously; in this statement, we explain which user data are collected, processed, and disclosed by UZH DSI, and for what purpose, and we describe the measures taken to safeguard the security of these data. All measures conform to the prevailing provisions on data protection.
Every time the UZH DSI web pages is requested or called up, the following access data are collected and stored in a web server file:
- The IP address of the requesting computer
- The site or address (URL) from which the web page was requested
- The path and name of the requested web page
- The date and time of the request
- The volume of data transferred
- The access status
- The type of access
- A description of the type of web browser and/or operating system used
- The session ID
- These data are processed for the following purposes:
- Safeguarding the network infrastructure and facilitating technical administration
- Optimizing the use of specific web offerings
- Identifying and tracking unauthorized access attempts
- Web server log files are stored for six months after access is terminated. Once this period has elapsed, web server log files are automatically deleted, provided there has been no identified attack on the network infrastructure necessitating the civil or criminal prosecution of the intruder and thus requiring that the log file be stored longer.
- Linux Ubuntu 20.04 LTS 64-bit50 GB
- Standort Zürich (Based in one of the latest Equinix datacenters in Switzerland, CH-DK-2 is placed in the middle of Switzerland’s densest network exchange point.)
Personal data will be disclosed to third parties (e.g. other authorities) only if required by binding legal provisions (e.g. the ruling of an authority, court orders) or for the purposes of legal or criminal prosecution (e.g. in the event of attacks on UZH DSI’s network infrastructure). Personal data will not be disclosed to third parties for other purposes.
Nevertheless, UZH DSI may commission service providers to process data collected via the UZH DSI web page for the purposes described above. Legal, technical, and organizational measures will be put in place requiring UZH DSI and external service providers to comply with the relevant provisions of data protection law.
So-called temporary cookies may be used when UZH DSI web pages are accessed. Temporary cookies are small files that the UZH DSI web page visited stores on your computer to enable optimal use of the website; the cookies are deleted automatically when the web browser is closed. You can block the use of temporary cookies by adjusting the relevant settings in your web browser. Please note that disabling, blocking, or deactivating cookies can limit the functionality of the UZH DSI web pages.
The data protection statement applies only to UZH DSI web pages. In the case of links providing access to external sites, please refer to the data protection policies of the providers in question. UZH DSI is not responsible for the content or for the data protection policies of these providers. In particular, UZH DSI cannot guarantee that content provided by other providers is free of malware.
The UZH DSI web page does not use additional programs in the form of so-called social media plugins that send IP addresses direct to the providers of social networks. The buttons that appear on the UZH DSI web page are merely links to the corresponding social network providers.
To be able to better adapt website content and navigation tools to the needs of users, visits to pages and elements clicked within pages are logged and analyzed using the software Matomo. Matomo uses “cookies” (see point 5: regarding the use and how to prevent the use of such cookies). The usage information generated by the cookies, including their abbreviated IP address are stored on servers at exoscale (see point 3) for the purpose of usage analysis and website optimization. The IP addresses will immediately be anonymised during this process. It is therefore not possible to trace the results of this analysis back to a specific IP address or to monitor the behavior of a data subject.
When you use the contact form on the UZH DSI web page, the following information is stored:
- Date and time of receipt
- IP address
The data is stored for contact purposes only and will be kept indefinitely. A deletion can be requested by the user.
UZH DSI undertakes technical and organizational security measures to ensure that the data it collects and processes via the UZH DSI web page remain confidential and are safeguarded from accidental or unauthorized access, changes or disclosure, loss, and destruction; moreover, only the persons who require access to personal data due to their job and work-related duties are granted access on a need-to-know basis.
The measures selected depend on the type of information, the type and purpose of use, and the technology available.
UZH DSI reserves the right to amend this data protection statement at any time with future effect if the implementation of new technologies or the legal situation so requires. For this reason, we advise you to check the data protection statement on a regular basis.