User Rights under the GDPR

And how to exercise them in the context of the Galaxy Service provided by the Galaxy Freiburg Team and the European Galaxy Community.

Right to be Informed

We have published all of the documentation regarding the GDPR compliance at https://github.com/usegalaxy-eu/gdpr. We will inform you of any and all processing activities and their affect on your personal information.

Right to Access to Personal Information

The only personal information we store that is associated with you, you can see on https://usegalaxy.eu/user/information. We have logs containing IP addresses, but these logs are destroyed after 24 hours and are not associated with a single user account.

Right to Rectification of Personal Information

You can do this on https://usegalaxy.eu/user/information

Right to Erasure

We can manually delete your account upon your request. You can also initiate this yourself by completing the steps at User > User Preferences > Delete Account after logging in to your account.

Right to Restrict Processing

All of the processing activities we currently do are required to use the service. We do not transmit any PII to third parties.

Right to Data Portability

The upstream software Galaxy currently does not support this workflow, but does expose an interface that would allow us to do this. We are working on the implementation

Right to Object

All of the processing activities we currently do are required to use the service. We do not transmit any PII to third parties. If we do processing activities in the future that do affect PII, we will inform you in advance and permit you to opt-out.

Right to Not be Subject to Automated Decision-making Including Profiling

We do not profile our users, nor do any form of automated decision making based on personal data.