Information Security

Privacy Policy

This Privacy Policy applies to you, the User (data subject), in connection with the services provided by the University of Tartu High Performance Computing Center (hereinafter UTHPC), and to the University of Tartu (data controller), which owns and operates the website https://hpc.ut.ee (hereinafter the Website) and UTHPC services.

This Privacy Policy outlines how we collect, use, share, and retain your personal data (hereinafter Data) during and after your engagement with UTHPC. We process personal data only when there is a valid legal basis and only for as long as necessary to fulfill the purpose of processing or to meet legal requirements.

Please note that this Privacy Policy does not cover any external websites or services that may be accessed through links on our Website, including (but not limited to) social media platforms.

1. Definitions

  • In this Privacy Policy, the following definitions are used:

  • 1.1. the University of Tartu, we or us - the University of Tartu, Ülikooli 18, 50090 Tartu, Estonia;

  • 1.2. Data - refers to all information you provide to us or that we collect from you during the course of our engagement. This definition incorporates, where applicable, the definitions provided in General Data Protection Regulation (GDPR);

2. Personal Data Protection and Processing

  • 2.1. Your personal data is protected and processed in accordance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679, GDPR) and the Estonian Personal Data Protection Act.

  • 2.2. For purposes of the GDPR, the University of Tartu is the data controller.

  • 2.3. Categories of Personal Data Collected

    • 2.3.1. Data You Provide

      • We collect personal data that you voluntarily provide, for example by filling out forms on the Website or by contacting us via email.

      • Data:
        • ● First name and last name;
        • ● Email;
        • ● Organization;
        • ● Institute (when you are employee of University of Tartu);
        • ● Country;
        • ● Username;
        • ● Billing contact;
        • ● Any other information you choose to provide.
      • Legal basis: The processing of this data is based on your consent.
      • Data retention: This data is retained for 5 years from your last recorded activity, unless it is related to billing or associated with specific projects.
      • Data storage: The data is stored in the UTHPC ticketing system, which is hosted on UTHPC infrastructure.

    • 2.3.2. Data Collected Automatically (Server Logs)

      • We automatically collect certain data through UTHPC server logs when you use our services.

      • Data:
        • ● IP address;
        • ● Username;
        • ● User’s unique identifier;
        • ● Web browser type and version;
        • ● Operating system;
        • ● User activity and related data;
      • Legal basis: The processing of this data is based on our legitimate interest in ensuring the security, monitoring, and auditing of UTHPC services and infrastructure.
      • Data retention: Server log data is retained for 3 years from the date of collection.
      • Data storage: This data is stored securely on UTHPC infrastructure.

3. Use of Personal Data

  • 3.1. We may use any of the personal data described above to ensure the best possible experience and quality of service when you engage with UTHPC.

  • 3.2. Specifically, your data may be used for the following purposes:

    • 3.2.1. Responding to and managing your requests or inquiries;

    • 3.2.2. Improving our services and infrastructure;

    • 3.2.3. Troubleshooting technical issues;

    • 3.2.4. Investigating and resolving data breaches or security incidents;

    • 3.2.5. In each case, in accordance with this privacy policy.

  • 3.3. We do not sell, trade, or otherwise share your personal data with third parties, unless you have provided explicit written consent, or we are required to do so under applicable law.

  • 3.4. All personal data, whether submitted by you or collected automatically, will be deleted once the applicable retention period has expired.

  • 3.5. We store your personal data securely and in full compliance with GDPR principles. For further information, please refer to the Security section below.

4. Security

  • 4.1. We adhere to the ISO/IEC 27001:2022 information security standard, as well as all applicable Estonian national legislation governing data protection and cybersecurity.

  • 4.2. We are committed to safeguarding your personal data and take appropriate technical and organizational measures to protect it. However, please note that data transmission over the internet is not completely secure, and any information you send to us is transmitted at your own risk. While we strive to protect your data, we cannot guarantee its security during transmission.

  • 4.3. For more detailed information about our security practices, please see our Technical and Organizational Measures page.

5. Cookies

  • 5.1. Cookies are small text files stored on your computer or mobile device by your browser when you visit a website. These cookies help improve your browsing experience by remembering your preferences, login information, and other settings to provide a more personalized experience.

  • 5.2. Our Website uses analytical cookies to gather insights into user behavior and improve overall performance and usability. We use Matomo Analytics, a self-hosted analytics platform installed on UTHPC servers. All analytical data is processed locally and not shared with third parties. Analytical data does not contain any personally identifiable information.

  • 5.3. The following analytical data is collected automatically:

    • ● City and country;
    • ● Device type;
    • ● IP address;
    • ● Web browser type and version;
    • ● Operating system;
    • ● in each case, in accordance with this Privacy Policy.

  • 5.4. Analytical data is retained for 24 months from the date of your visit to our Website.

6. Your Rights

  • 6.1. Your rights under this Privacy Policy are personal and non-transferable to any other individual.

  • 6.2. You have the right to request confirmation as to whether we are processing your personal data.

  • 6.3. If your personal data is processed based on your consent, you have the right to withdraw that consent at any time. Please note that withdrawing consent does not affect the lawfulness of any processing carried out before the withdrawal.

  • 6.4. You have the right to request the erasure of your Data. If you withdraw your consent or request deletion, we will erase your Data unless we have other legal grounds for retaining it, or we are required to retain it by law. In all cases, your data will be deleted once the applicable retention period expires.

  • 6.5. You have the right to request a copy of your personal data held by the University of Tartu. The first copy is provided free of charge, additional copies may be subject to a fee not exceeding 20 EUR.

  • 6.6. If you have any questions regarding the processing of your personal data or wish to exercise any of the rights listed above, you may contact the University of Tartu’s Data Protection Officer at andmekaitse@ut.ee.

  • 6.7. If you believe that the processing of your personal data violates applicable laws, you have the right to file a complaint with the Estonian Data Protection Inspectorate.

7. Changes in Ownership and Control

  • 7.1. The University of Tartu may, from time to time, expand or restructure its services. This may involve the sale or transfer of ownership or control of all or part of the University or its services. In such cases, user data relevant to the transferred services may be included in the transfer. The new owner or controlling party will be permitted to use the data in accordance with this Privacy Policy and only for the purposes for which it was originally collected.

  • 7.2. In such instances, we will take reasonable steps to ensure that your privacy remains protected, and this Privacy Policy will be updated as needed to reflect any changes in ownership or control.

8. Changes to this Privacy Policy

  • 8.1. The University of Tartu reserves the right to update or amend this Privacy Policy at any time, either as required by law or as we consider necessary to reflect changes in our services or data practices. The most recent version will always be available on our Website. By continuing to use UTHPC services after changes are made, you are deemed to have accepted the updated Privacy Policy.

  • 8.2. We encourage you to review this Privacy Policy periodically to stay informed about any changes that may impact how your data is handled.

9. Contacting Us

If you have any questions about this Privacy Policy or wish to request access to the personal data we hold about you, please contact us at support@hpc.ut.ee.

07 August 2025