OLOS recognizes and understands the importance of data protection and privacy of its users, and wants to respect their desire to store and access personal information in a private and secure manner.
OLOS' service consists of the OLOS Portal and the OLOS showcase website:
Data Protection Policy
OLOS' Data Protection Policy applies to the OLOS Portal and describes how OLOS manages, stores and utilizes personal data through its Portal. In order to use the OLOS Portal, we require you to consent to the collection and processing of your personal data before you start using the services. If you do not agree with the terms of the Data Protection Policy, you may not create an account on the OLOS Portal. Access to content on the OLOS Portal is open to all.
1.1 Scope of application
1.2 Applicable Law
The services provided by OLOS comply with the Swiss Federal Act on Data Protection (hereinafter "FADP") and the European General Data Protection Regulation (hereinafter "GDPR"). As Swiss institutions and their staff may be subject to the GDPR, the information provided in the following documents:
is compliant with the provisions of the GDPR in addition to Swiss law.
Article 28 of the GDPR provides that the contractual relationship (hereinafter Data Processing Contract) between the "data controller" and the data "processor" must be in writing.
The aforementioned documents constitute this Data Processing Contract. These documents set out the instructions that member institutions and users of the Portal give to OLOS regarding the processing of personal and sensitive data under their control and establish the rights and obligations of all parties.
OLOS will only process data in accordance with these instructions.
1.3 Acceptance of Conditions
The OLOS Association provides the OLOS portal on the basis of these Terms. OLOS reserves the right to change these Terms any time by publishing the updated version without prior notice. Substantial changes will be clearly indicated to the member institutions as well as to every user of the portal.
The use of OLOS (by creating an account on the OLOS Portal or by contacting us via one of the forms on the website) is subject to the acceptance of these Terms.
Without express acceptance of the Terms, you will not be able to use this website.
Access and Reuse
2.1 Use of the OLOS Portal
It is necessary to differentiate between two uses of the OLOS Portal:
2.2 Roles related to the use of the OLOS Portal
For Use A, the data processed are the users of the contents and services of the OLOS Portal. In this context, the institutions are regarded as "data controllers" and OLOS as the "processor" of this data within the meaning of the law.
For Use B, the content of the OLOS Portal represents the processed data. In this context, users of the OLOS Portal are considered "data controllers" and institutions are considered "processors" of this data. OLOS is then the "sub-processor" of this data within the meaning of the law. If the user of the portal is not affiliated with a member institution of the Association, OLOS will assume the role of "processor" for this data instead of the institution.
2.3 Obligations as "data controllers"
The "data controller" determines the purposes and means of data processing. The GDPR provides that the "data controller" must implement the appropriate technical and organizational measures to guarantee and be able to demonstrate that the processing is carried out in compliance with the law.
For Use A, as "data controllers", the institutions are responsible for the choice of the parameters for making the service available (procedures for opening new collaboration spaces, billing method, deployment method, number of copies, technical specifications relating to performance, submission policy, preservation policy, dissemination policy, default license, customization of the user interface), for the administration and monitoring of the services, and for the processing of administrative notifications and requests.
For Use B, as "data controllers", users remain responsible for the content deposited, for the adequacy of the access conditions and the choice of license with the level of sensitivity of the content, for the choice of the preservation period and the conditions of renewal or disposal at the end of the preservation period, and for the monitoring and processing of notifications and requests for use.
2.4 Obligations as a data “processor”
The data "processor" processes the data at the request of the "data controller" and carries out certain manipulations on his behalf. The use of the OLOS Portal implies the commitment of the OLOS Association as a data "processor" or "sub-processor" according to the provisions of the GDPR. Furthermore, the FADP provides that whoever processes personal data must ensure its accuracy and take all appropriate measures to delete or rectify data that is inaccurate or incomplete with regard to the purposes for which it was collected or processed.
For Use B, as the data "processors" of the users of the OLOS Portal, the institutions are obliged to guarantee the accuracy, security and confidentiality of the data processed on the OLOS Portal on their behalf. OLOS assists the institutions within the framework of their contractual relationship in guaranteeing these obligations. The institutions themselves respond to requests for services that concern them by guaranteeing the legitimacy of these requests and the accuracy of the data collected. OLOS provides the institutions with the information necessary for the processing of these services.
For uses A and B (in the absence of affiliation to a member institution), the OLOS Association acts as a "processor" for the data collected on the institutions and on the users of the OLOS portal. OLOS processes the data that is indispensable for the fulfillment of its contractual obligations and pre-contractual measures taken at the request of the parties (Art. 6(1)(b) of the GDPR) and in order to guarantee the legitimacy of service requests and the accuracy of the data collected (Art. 5 FADP). OLOS also processes data that enable the parties to fulfil their legal obligations as "data controllers" (article 6(1)(c) of the GDPR).
Lastly, OLOS processes personal data in its legitimate interests, in accordance with article 6(1)(f) of the GDPR. These "legitimate interests" are described in detail in the OLOS policies. They are as follows:
The member institutions are entitled to monitor, or have monitored on their behalf by a duly authorized third party, the compliance of OLOS with the provisions of data protection law. In addition, the supervisory powers of the (federal or cantonal) Data Protection and Information Commissioners may apply, within the limits of the applicable laws, both to the OLOS Association and to the member institutions in their capacity as data processors.
2.6 Responsibility for the content deposited on OLOS
OLOS declines all responsibility for the content posted on the OLOS platform by its users. It is the responsibility of the aforementioned users to comply with all legal obligations regarding the deposited content.
OLOS is solely responsible for the services and obligations arising from the contractual relationship between OLOS and its partner.
2.7 Place of jurisdiction
By accepting the Terms, you expressly agree to the jurisdiction of the Geneva Courts and the application of Swiss law.