OLOS recognizes and understands the importance of data protection and privacy of its users, and wants to respect their desire to store and access personal information in a private and secure manner.

OLOS' service consists of the OLOS Portal and the OLOS showcase website:

1. The OLOS Portal is a Swiss-based data management portal that provides a solution for the management, preservation and publication of research data, intended to both researchers and institutions.
2. The OLOS showcase website provides the documentation required for the operationalization of the OLOS Portal and ensures the provision of support, pre-contractual information and reasonable marketing of OLOS and its functionalities upon explicit request.

Terms of use

The purpose of OLOS' Terms of Use is to ensure transparency with regard to processing of personal data on both the OLOS Portal and the OLOS showcase website and to provide legal protection for the OLOS Association.

Data Protection Policy

OLOS' Data Protection Policy applies to the OLOS Portal and describes how OLOS manages, stores and utilizes personal data through its Portal. In order to use the OLOS Portal, we require you to consent to the collection and processing of your personal data before you start using the services. If you do not agree with the terms of the Data Protection Policy, you may not create an account on the OLOS Portal. Access to content on the OLOS Portal is open to all.

Privacy Policy

OLOS' Privacy Policy applies to the OLOS showcase website and describes how OLOS manages, stores and utilizes personal data through its showcase website. In order to use the OLOS showcase website, we require you to consent to the collection and processing of your personal data before you start using the services. If you do not agree with the terms of the Privacy Policy, you may not use the OLOS showcase website in any manner.

OLOS Terms of Use v.2.3 (2022.10.31)

Topics

• 1. Scope of application, applicable law, acceptance of conditions and definitions
• 1.1. Scope of application
• 1.2. Applicable Law
• 1.3. Acceptance of Conditions
• 1.4. Definitions
• 2. Roles, Responsibilities, Obligations and Oversight related to the use of the OLOS Portal
• 2.1. Use of the OLOS Portal
• 2.2. Roles related to the use of the OLOS Portal
• 2.3. Obligations as "data controllers"
• 2.4. Obligations as a data “processor”
• 2.5. Oversight
• 2.6. Responsibility for the content deposited on OLOS
• 2.7. Place of jurisdiction

1. Scope of application, applicable law, acceptance of conditions and definitions

1.1 Scope of application

OLOS is:

1. OLOS is an association under private law (hereinafter "the Association") within the meaning of Articles 60 et seq. of the Swiss Civil Code. Its purpose is to support research by providing services for the long-term preservation of research data.
2. A service (hereinafter "the Portal"), consisting of a modular infrastructure and the procedures required for the operationalization of a national solution for the management, preservation and publication of research data, adapted to both researchers and institutions, supporting most of the tools and formats used in all scientific disciplines and in complete security.

1.2 Applicable Law

The services provided by OLOS comply with the Swiss Federal Act on Data Protection (hereinafter "FADP") and the European General Data Protection Regulation (hereinafter "GDPR"). As Swiss institutions and their staff may be subject to the GDPR, the information provided in the following documents:

• These Terms of Use (hereinafter “Terms”)
• The OLOS Portal’s Data Protection Policy
• OLOS Privacy Policy

is compliant with the provisions of the GDPR in addition to Swiss law.

Article 28 of the GDPR provides that the contractual relationship (hereinafter Data Processing Contract) between the "data controller" and the data "processor" must be in writing.

• "Data controllers" are the institution responsible for and supplier of the personal data of the researchers (affiliated to the said institution) who are users of OLOS, and the researcher.
• “Processors" or "sub-processors" are the service providers, the institution and OLOS.

The aforementioned documents constitute this Data Processing Contract. These documents set out the instructions that member institutions and users of the Portal give to OLOS regarding the processing of personal and sensitive data under their control and establish the rights and obligations of all parties.

OLOS will only process data in accordance with these instructions.

1.3 Acceptance of Conditions

The OLOS Association provides the OLOS portal on the basis of these Terms. OLOS reserves the right to change these Terms any time by publishing the updated version without prior notice. Substantial changes will be clearly indicated to the member institutions as well as to every user of the portal.

The use of OLOS (by creating an account on the OLOS Portal or by contacting us via one of the forms on the website) is subject to the acceptance of these Terms.

Without express acceptance of the Terms, you will not be able to use this website.

1.4 Definitions

Content

• Scope: All fields of research. All types of research artifacts. Content must not violate privacy or copyright, or breach confidentiality or non-disclosure agreements for data collected from human subjects.
• Eligibility of research data: Research data from any stage of the research data lifecycle, with different formats, types and volumes.
• Eligible depositors: OLOS is offered first to Swiss High Educational Institution (HEI), and scientific research centers and entities. Other heritage institutions or cultural institutions may be also accepted. More specifically, anyone registered with SWITCHaai or SWITCH edu-ID may create an organizational unit to deposit data. Registered users are allowed to deposit content for which they possess the appropriate rights.
• Ownership: By uploading content, no change of ownership is implied and no property rights are transferred to OLOS. All uploaded content remains the property of the users prior to submission.
• Data file formats: All file formats are allowed - even preservation unfriendly ones. A compliance system (under the form of stars) provides insight into files from “unfriendly formats” to “golden formats”, guaranteed for long-term preservation.
• Volume and size limitations: There is no technical limit to the amount of data you may deposit. It is dependent on billing.
• Metadata types and sources: All metadata are stored internally in XML-format. Metadata are exported according to the DataCite Metadata Schema.
• Language: For textual items, French, English or German are preferred, but all languages are accepted.
• Licenses: Users must specify a license for all publicly available files. Licenses for closed access files may be specified in the description field.

Access and Reuse

• Access to data objects: Files may be deposited under closed, restricted, open access, as well as with embargos. Files deposited under closed access are protected against unauthorized access at all levels. Access to metadata and data files is provided over standard protocols such as HTTP and OAI-PMH.
• Use and re-use of data objects: Use and re-use are subject to the license under which the data objects were deposited.
• Embargo status: Users may deposit content under an embargo status and provide an end date for the embargo. The repository will restrict access to the data until the end of the embargo period; at which time, the content will become publicly available automatically.
• Restricted Access: Users may deposit restricted files with the ability to share access with others if certain requirements are met. These files will not be made publicly available and sharing will only be made possible by depositors of original file approval. Data tagging provided by OLOS offers the possibility to users to choose and apply the appropriate level of restriction access.
• Metadata access and reuse: Metadata are licensed under CC0. All metadata are exported via OAI-PMH and can be harvested.
• Data quality appraisal: The "Data controllers" are solely responsible for the appraisal of the data deposited including data retention duration and disposal. Any regular visitor of the platform who demand the access to a data set can review its quality and usefulness.

Removal

• Withdrawal: If the uploaded research object must later be withdrawn, the reason for the withdrawal will be indicated on a tombstone page, which will henceforth be served in its place. Withdrawal is considered an exceptional action, which normally should be requested and fully justified by the original uploader. In any other circumstance reasonable attempts will be made to contact the original uploader to obtain consent. The DOI and the URL of the original object are retained.

Longevity

• Versions: Data files are not versioned. Records are not versioned. The uploaded data is archived as a Submission Information Package. Derivatives of data files are generated, but the original data is never modified. Records can be retracted from public view; however, the data files and record are preserved.
• Replicas: All data files are stored in SWITCHengines in Switzerland. Datasets are kept in two replicas on redundant architectures.
• Retention period: Items will be retained for the lifetime indicated upon deposit, which can extend from 5 years to forever. If OLOS is no longer able to keep the deposited datasets, their restitution will be suggested to the "Data controllers". If the data are refused, they will be deleted after the rentention period, or after 20 years if they are intended to be kept forever.
• Functional preservation: OLOS makes no promises of usability and understandability of deposited objects over time, but recommend “golden formats” to increases functional preservation on the very long term.
• Fixity and authenticity: All data files are stored along with a checksum (small-sized block of data derived from another block of digital data for the purpose of detecting errors that may have been introduced during its transmission or storage.) of the file content; different checksum formats are used. File checksums are regularly checked to ensure that their contents remain intact.

2. Roles, Responsibilities, Obligations and Oversight related to the use of the OLOS Portal

2.1 Use of the OLOS Portal

It is necessary to differentiate between two uses of the OLOS Portal:

1. Use by institutions under public or private law, not limited to Swiss Higher-educational institutions, to implement, administer and monitor services related to the management, preservation and publication of research data, with the aim of improving the impact and quality of research in all disciplines at their institution (hereinafter "Use A").
2. Use by researchers or any other person involved in the research process to access, on their own initiative, the contents and services of the OLOS Portal (hereinafter "Use B").

2.2 Roles related to the use of the OLOS Portal

For Use A, the data processed are the users of the contents and services of the OLOS Portal. In this context, the institutions are regarded as "data controllers" and OLOS as the "processor" of this data within the meaning of the law.

For Use B, the content of the OLOS Portal represents the processed data. In this context, users of the OLOS Portal are considered "data controllers" and institutions are considered "processors" of this data. OLOS is then the "sub-processor" of this data within the meaning of the law. If the user of the portal is not affiliated with a member institution of the Association, OLOS will assume the role of "processor" for this data instead of the institution.

2.3 Obligations as "data controllers"

The "data controller" determines the purposes and means of data processing. The GDPR provides that the "data controller" must implement the appropriate technical and organizational measures to guarantee and be able to demonstrate that the processing is carried out in compliance with the law.

For Use A, as "data controllers", the institutions are responsible for the choice of the parameters for making the service available (procedures for opening new collaboration spaces, billing method, deployment method, number of copies, technical specifications relating to performance, submission policy, preservation policy, dissemination policy, default license, customization of the user interface), for the administration and monitoring of the services, and for the processing of administrative notifications and requests.

For Use B, as "data controllers", users remain responsible for the content deposited, for the adequacy of the access conditions and the choice of license with the level of sensitivity of the content, for the choice of the preservation period and the conditions of renewal or disposal at the end of the preservation period, and for the monitoring and processing of notifications and requests for use.

2.4 Obligations as a data “processor”

The data "processor" processes the data at the request of the "data controller" and carries out certain manipulations on his behalf. The use of the OLOS Portal implies the commitment of the OLOS Association as a data "processor" or "sub-processor" according to the provisions of the GDPR. Furthermore, the FADP provides that whoever processes personal data must ensure its accuracy and take all appropriate measures to delete or rectify data that is inaccurate or incomplete with regard to the purposes for which it was collected or processed.

For Use B, as the data "processors" of the users of the OLOS Portal, the institutions are obliged to guarantee the accuracy, security and confidentiality of the data processed on the OLOS Portal on their behalf. OLOS assists the institutions within the framework of their contractual relationship in guaranteeing these obligations. The institutions themselves respond to requests for services that concern them by guaranteeing the legitimacy of these requests and the accuracy of the data collected. OLOS provides the institutions with the information necessary for the processing of these services.

For uses A and B (in the absence of affiliation to a member institution), the OLOS Association acts as a "processor" for the data collected on the institutions and on the users of the OLOS portal. OLOS processes the data that is indispensable for the fulfillment of its contractual obligations and pre-contractual measures taken at the request of the parties (Art. 6(1)(b) of the GDPR) and in order to guarantee the legitimacy of service requests and the accuracy of the data collected (Art. 5 FADP). OLOS also processes data that enable the parties to fulfil their legal obligations as "data controllers" (article 6(1)(c) of the GDPR).

Lastly, OLOS processes personal data in its legitimate interests, in accordance with article 6(1)(f) of the GDPR. These "legitimate interests" are described in detail in the OLOS policies. They are as follows:

1. To process requests, manage and improve the service, while taking all reasonable measures to guarantee the security of the system and the content of the OLOS Portal (these interests are dealt with in the OLOS Data Protection Policy).
2. To ensure a reasoned marketing (selected news, events, and other important announcements related to the OLOS Portal and its services from the OLOS Association and its Member institutions) upon the explicit request of users (these interests are covered in the OLOS Privacy Policy).

2.5 Oversight

The member institutions are entitled to monitor, or have monitored on their behalf by a duly authorized third party, the compliance of OLOS with the provisions of data protection law. In addition, the supervisory powers of the (federal or cantonal) Data Protection and Information Commissioners may apply, within the limits of the applicable laws, both to the OLOS Association and to the member institutions in their capacity as data processors.

2.6 Responsibility for the content deposited on OLOS

OLOS declines all responsibility for the content posted on the OLOS platform by its users. It is the responsibility of the aforementioned users to comply with all legal obligations regarding the deposited content.

OLOS is solely responsible for the services and obligations arising from the contractual relationship between OLOS and its partner.

2.7 Place of jurisdiction

By accepting the Terms, you expressly agree to the jurisdiction of the Geneva Courts and the application of Swiss law.