DHC Directory
Sign in

Privacy Policy

This document is currently a draft. Sections marked [TBD: …] will be supplied by the curatorium before go-live.

Privacy Policy

Digital Health Corner — Project Directory Effective: 2026-04-29 · Concept reference: §7

Note. This text is a draft. Binding versions are released by the curatorium and the data-protection officer before go-live. Sections marked [TBD: …] are still to be supplied. The German version (PRIVACY.de.md) is the binding text per CoC §12.

1. Data Controller

The controller in the sense of the GDPR is:

  • [TBD: full legal name of the operating body]
  • Address: [TBD: street, postcode, city, country]
  • Email: [TBD: contact-email@…]
  • Phone: [TBD: optional]

2. Data Protection Officer

[TBD: name and contact of the DPO if appointed; otherwise: "No DPO is appointed; appointment is not mandatory under Art. 37 GDPR."]

3. What data is processed

The DHC Project Directory processes only the data needed to fulfil the purpose laid down in concept §3 (making projects visible and allowing personal contact):

CategoryContentLegal basis
Member accountemail, name, organisation, organisation domain, roleArt. 6(1)(b) — performance of contract
Profile contentthe 13 fields per concept §5.1consent at profile creation (Art. 6(1)(a))
Authentication tokensmagic-link tokens, session tokens, MFA secret if enabledArt. 6(1)(b)
Audit logactor, action, timestamp of administrative eventsArt. 6(1)(f) — legitimate interest, traceability (concept §7.4)
Invitationsemail address of invitee, optional note, statusArt. 6(1)(b)
Code-of-Conduct acceptancedate, versionArt. 6(1)(c) — documentation duty

No special-category data under Art. 9 GDPR is processed. Classified content is forbidden by CoC §4.

4. Purposes of processing

  • Operating the platform (rendering profiles per the visibility model, concept §4.3)
  • Communication with members (invitations, magic-link login, contact requests)
  • Security and abuse prevention (audit log, burst detection)
  • Fulfilment of legal obligations (consent records)

5. Recipients and processors

Personal data is shared only with:

  • Hosting provider: [TBD: ZAP server provider, Frankfurt am Main, Germany] — processor under Art. 28 GDPR
  • Email transport: [TBD: SMTP provider with EU-based servers]
  • Within the platform: other members within the profile-owner's chosen visibility tier (Tier 1/2/3 per §4.3)

No data is transferred to third countries outside the EU/EEA. All servers are located in Frankfurt am Main, Germany.

6. Retention

Data typeRetention
Account + profilesuntil the member deletes (Art. 17)
Magic-link tokens15 minutes
Session tokens30 days rolling, deleted on inactivity
Invitations30 days after issue or until accepted
Audit log[TBD: retention period, recommend 24 months, then anonymised]
Stale-profile flag12 months without update

After account deletion, anonymised traces remain in the audit log (actor-id nulled, email removed) where required for traceability.

7. Your rights

Under the GDPR you have the following rights:

  • Art. 15 — Access. On request you receive a copy of all data we hold about you. The most relevant fields are also visible in "Settings" while signed in.
  • Art. 16 — Rectification. Profile data is editable directly; other corrections via the contact in §11.
  • Art. 17 — Erasure. You can delete your account at any time (Settings → Delete account). Deletion covers profile, sessions and contact requests.
  • Art. 18 — Restriction. On request.
  • Art. 20 — Data portability. JSON export via Settings.
  • Art. 21 — Objection. Against processing based on Art. 6(1)(f) (audit log).
  • Right to lodge a complaint with the competent supervisory authority: [TBD: relevant German data-protection authority — for a Hessen-based seat, "Der Hessische Beauftragte für Datenschutz und Informationsfreiheit"]

8. Cookies

The DHC Project Directory uses only strictly necessary cookies:

CookiePurposeDuration
authjs.csrf-tokenCSRF protection on sign-insession
authjs.session-tokensign-in session30 days
authjs.callback-urlpost-login redirectsession
dhc_localeselected language1 year
dhc_themeselected colour scheme1 year

No tracking, analytics or marketing cookies are set. A consent banner under §25 TDDDG (German implementation of the ePrivacy directive) is therefore not required.

9. Security measures

  • TLS for all connections
  • Magic-link sign-in instead of persistent passwords
  • MFA (TOTP) mandatory for curators and administrators
  • Encrypted database backups; [TBD: backup strategy + retention]
  • Audit log of security-relevant actions

10. Profile visibility (concept §4.3)

Profiles are visible only to a restricted audience based on the chosen visibility tier:

  • Tier 1 (Open): all authenticated members
  • Tier 2 (Domain): only members of the same organisation domain
  • Tier 3 (Request): only name, tags and domain are visible upfront; full data only after individual approval by the profile owner

These tiers are enforced technically and cannot be circumvented by multi-account or scraping (cf. CoC §6).

11. Contact for data-protection requests

[TBD: dedicated privacy email, e.g. privacy@digitalhealthcorner.eu]

12. Changes to this policy

Substantive changes are announced to members at least 14 days in advance; non-substantive edits (typos, editorial clarifications) are made silently with an updated effective date above.