PUMA is a social bookmarking service which can be used free of charge.
PUMA does not give any warranties regarding data integrity, availability, fitness for a particular purpose, or quality of content.
Users give PUMA the right to publish the content they post in the system.
PUMA is not responsible for content posted by users.
Users are solely responsible for the content they publish.
Users will not use PUMA in a fashion which may corrupt the service or threaten the privacy of other users, including, but not limited to:
Posting content in order to promote certain web sites in search engine rankings (spam)
Posting content in order to establish commercial transactions (advertisement)
Hacking or trying to obtain passwords of other users
Denial of service attacks against PUMA
Automatic harvesting of PUMA contents
Giving account information to third parties.
Content posted by users may be deleted or withheld from the public pages of PUMA if considered to be violating the Terms of Service or the Privacy Statement.
PUMA is a bookmarking-service that is offered and run as a joint project of the Data Mining and Information Retrieval Group of the University of Würzburg, the Knowledge and Data Engineering team of the University of Kassel and the Institut für Bibliotheks- und Informationswissenschaft Sachgebiet Information Processing and Analytics of the Humboldt-Universität Berlin.
You can read the main contents of the agreement here.
Your contact point for questions concerning privacy is the
University of Würzburg.
If you have questions, please contact
Responsible for the website and service are:
University of Würzburg (public corporation)
Tel: +49 931 / 31 – 86731
Fax: +49 931 / 31 - 86732
Authorized representative for Data Mining and Information Retrieval Group at LS VI
and this service is Prof. Dr. Andreas Hotho.
Contact information of the appointed Data Protection Officer (Julius-Maximilians-Universität Würzburg):
Datenschutzbeauftragter der Julius-Maximilians-Universität Würzburg
Tel. 0931/31-88131 oder 0931/31-81446
University of Kassel (public corporation)
Wilhelmshöher Allee 73
Tel.: +49 561 804 - 6250
Fax: +49 561 804 - 6259
Authorized representative for the Knowledge and Data Engineering team is Prof. Dr. Gerd Stumme
Contact information of the appointed Data Protection Officer (Universität Kassel):
Behördliche Datenschutzbeauftragte der Universität Kassel
Tel.: +49 561 804-2756
Humboldt University of Berlin (public corporation)
Unter den Linden 6
Telefon: +49 30 2093–0
Fax: +49 30 2093–2770
Authorized representative for the Institut für Bibliotheks- und Informationswissenschaft
Sachgebiet Information Processing and Analytics is Prof. Dr. Robert Jäschke.
Contact information of the appointed Data Protection Officer (Humboldt-Universität Berlin):
Behördliche Datenschutzbeauftragte der Humboldt-Universität zu Berlin
Unter den Linden 6
Tel: +49 (30) 2093-2591
PUMA is run by the Data Mining and Information Retrieval Group of the University of Würzburg, the Knowledge and Data Engineering team of the University of Kassel and the Institut für Bibliotheks- und Informationswissenschaft Sachgebiet Information Processing and Analytics of the Humboldt-Universität Berlin as a research project.
In order to carry out the research, PUMA collects more data of its users and analyzes it in a greater extend than commercial web applications would do. The information is being used to provide and improve recommendation services, spam detection or ranking functions and also for the design of privacy aspects in bookmarking systems. Results can later be applied to other web 2.0 applications. Since science is an open process the options for the data's usage can not be finalized or completed. For PUMA, however, there is no interest in the real person behind the userprofile. The information will not be used for advertising. PUMA will not give information about the user to third parties. The only exception to this rule are other research groups, which can achieve a part of the data set, and use it for their own research and to revise the findings of the PUMA project. This data is made pseudonymous though.
Legal basis of processing
Consent, Art. 6 Abs. 1 a) GDPR Task performance, Art. 6 Abs. 1 e) CDPR i.V.m. Art. 2 Abs. 4 S. 1 BayHSchG; Art. 7 BayHSchG (+ other laws on higher education) Art. 11 Abs. 1 BayEGovG § 13 Abs. 7 TMG
PUMA is using so-called cookies. They are used to make BibSonomy more user-friendly, effective and secure. Cookies are small text files that are stored by your browser on your computer. Most of the cookies BibSonomy uses are so-called session cookies. They are deleted automatically at the end of your visit, except when you have selected the option "stay logged in" when signing in. In that case the cookie is deleted after one year, except you delete it manually. The data about your visits that is produced by cookies is only stored on BibSonomy servers. The data is used only for internal statistics and deleted afterwards.
List of Cookies used by PUMA:
JSESSIONID: is used by PUMA’s application stack Tomcat and saves the session ID that will be assigned to you when you visit the website. It helps to save various requests during the session.
_pk_id: cookie used by our analytics tool Matomo for general request statistics
Furthermore, the following cookies are used when the user is logged in:
_user: contains the username of the logged in user
db_user: contains hashed information in order to enable an automatic log in of a user after some time
openID_user: contains hashed information in order to enable an automatic log in of a user after some time using OpenID
_lPost: contains random, non-personal characters which are used for spam detection and spam protection.
In line with the usage of PUMA the following data is gathered and processed to provide the system's services and to collect statistical information: the name of the requested site, the time of the request, the size of transfered data, the protocol message, if the request was successful, the referrer url and the cookie with its session id. Additionally, the ip adress of the calling computer is stored for research purposes, eg. for developing spam detection algorithms. In order to analyse the user behaviour, which is being explored to create new algorithms and to evaluate them, PUMA uses a click-log functionality, which stores every user click on a link within PUMA. Indeed, PUMA does neither have the resource nor the intent to relate this data with the person behind the user.
In the line of the registration PUMA collects the following data for the ground of contract of use, which might make conclusions to the identity of the user possible and with that also represent personal data of the user: the nickname, password and email adress. The nickname and password are used to secure the access to the user's account. The nickname itself is also part of the entered bookmarks and publications, which were marked public. The email adress is used for research in the field of spam discovery and is also used for the process of the activation of the user account in order to prevent the abuse of extrinsical information. The email adress or other registration data wont be circulated to third parties.
During the usage PUMA collects the following data, which may allow for drawing conclusions and so might represent personal information: Information for the authorization process like username and password, or begin and end of a session, the name of the requested file, timestamp of entered and requested data, the size of the data transmitted, the success of transactions, the referrer url and session cookies which contain user ids. For research reasons the ip adress of the requesting systems is going to be stored. All the data is used to investigate matters of design aspects of data privacy, spam detection, ranking, recommendation or the overall improvement of the system. PUMA makes the collected data excluding the username, password and ip adress available for other research facilities for scientific work in pseudonymous form. It can not be categorically ruled out, that these prepared information can't be connected to a concrete user within the system by comparison of the data set with the published entries of this user. If users are active using their real names as user names or their identity emerge from their public entries , PUMA can not eliminate the possibility of personal references.
To protect our website from spam, we use Google's "reCAPTCHA" service for enhanced security. For this service, the user's IP-address as well as other data that is possibly needed by Google for the function of "reCAPTCHA", will be transmitted.
The entries created by a PUMA user during the process of using the system, i.e. the bookmarks and the links to posted literature, are used to provide the offered functionality to store the information for the same user for later access or in case of public entries for access of others including the possibility to copy the entries for his or her own collection. Public entries are used for research purposes like the creation of rankings and tag clouds and are processed during search in combination with the user who owns this entry and the user who started the search. Additionally there is the possibility for registered users to access and download public entries by using the programming api. The entries are being used and processed for research purposes in fields like spam detection, recommender functions and are part of the data set, which PUMA makes available in pseudonymous form for other research facilities. If users end their memberships by deleting their user accounts, their entries are locked and can not be accessed by users. The entries are stored, but will only be used and processed for research purposes.
PUMA is free of advertisment. No personal information will be processed for assigning personalized advertisments and will be circulated to third parties for purposes of advertising.
The criteria for the duration of storage are defined in the purposes of processing. The personal data has to be offered to university archives before deletion. If the data is of archival value, it will be moved to the archive for archiving purposes, otherwise the personal data will be deleted.
You can assert these rights against each of those responsible, and also against the mentioned contact point within the framework of our shared responibility. If personal data will be processed, you have the right to obtain information about the data that will be saved about you (Art. 15 GDPR). If the processed personal data is inaccurate, you have the right of rectification (Art. 16 GDPR). If the legal requirements are met, you can demand the erasure or restriction of the processing as well as oppose the data processing (Art. 17, 18 und 21 GDPR). If you have agreed to the data processing or a data processing contract exists and the data processing is performed using automated processes, you potentially have a right to data portability (Art. 20 GDPR).
If you should exercise the rights mentioned above, the public entity will consider whether the legal requirements for this are met.
Furthermore, you have a right of appeal to the competent supervisory authorities:
You can exercise your right of appeal against each of this supervisory authorities.
If you have agreed to the processing through the University Kassel, Julius-Maximilians-Universität Würzburg and Humboldt-Universität Berlin with a corresponding consent, you can at any time revoke the consent for the future. The legality of the data processed in the timespan from consent to revocation will not be affected.
The data subject shall have the right to receive the personal data concerning him or her (Art. 20 GDPR), which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided. This applies if the basis for data processing is based on consent or a contract and the data processing is carried out by automated means. You can export all your data using our API.
We require your data, to conclude a contract of use with the user and to carry out our research projects. If you do not provide the required data, the contract of use can not be concluded and the research projects can not be carried out.
This privacy protection policy applies only for the collection of personal data by PUMA, but not for the service providers which are referenced within the entries of PUMA or other external web sites.