Data Protection

The user needs to log in to do most actions. An external Identity Provider is used for this. The external provider and the user there are combined to a tupel (Issuer, User) and an UUID will be generated. This UUID is used within all systems to identify the owner of certain data objects. The DCIS Users vertical is used to de-pseudominize the data to the (Issuer, User) tupel.

Retention Time: The tupel and the UUID is the account. It will be deleted three years after closing of the account. The Account will be blocked for everyone but Judges and Admins immediately after closing the account.

There is an audit log of all user actions and information related to the user within the DCIS Users vertical. The user may check this logfile via Web UI.

Retention Time: The audit log is preserved for the whole existence of an account. It will be deleted with the removal of the account.

All data entered into the system is to be considered public data. Exemptions are listed in section Private Data.

Content created by the user will not be deleted when user account data is deleted or blocked.

It will be unlinked from the account and ownership transferred to the Torganized Play Organisation. If the creator does not consent to that, it is his responsibility to delete the data before closing the account. An option to delete/block all user created data will be given when closing the account.

In case, the created data also belongs to other users accounts (like notes for missions), the data ownership is shared and closing an account will transfer it to the other party involved.

All data is linked to an account.

The personal data will be blocked at the moment the account is closed. The data will be deleted three years after closing the account.

If there is a lawsuit (ongoing or up-coming) or a written agreement by the owner, the data will not be deleted.