User Rights under the GDPR
And how to exercise them in the context of the Galaxy Service provided by the Galaxy Freiburg Team and the European Galaxy Community.
Right to be Informed
We have published all of the documentation regarding the GDPR compliance at https://github.com/usegalaxy-eu/gdpr We will inform you of any and all processing activities and their affect on your personal information.
Right to Access to Personal Information
The only personal information we store that is associated with you, you can see on https://usegalaxy.eu/user/information We have logs containing IP addresses but these logs are destroyed after 24 hours and are not associated with a single user account.
Right to Rectification of Personal Information
You can do this on https://usegalaxy.eu/user/information
Right to be Erasure
We can manually delete your account upon request. In the future this will be something you can do yourself when we can implement the feature upstream.
Right to Restrict Processing
All of the processing activities we currently do are required to use the service. We do not transmit any PII to third parties.
Right to Data Portability
The upstream software Galaxy currently does not support this workflow, but does expose an interface that would allow us to do this. We are working on the implementation
Right to Object
All of the processing activities we currently do are required to use the service. We do not transmit any PII to third parties. If we do processing activities in the future that do affect PII, we will inform you and permit you to opt-out.
Right to Not be Subject to Automated Decision-making Including Profiling
We do not profile our users, nor do any form of automated decision making based on personal data.