On this page, we would like to inform you about what types of your personal data (hereinafter also abbreviated to “data”) we process, for what purpose and to what extent. This Data Protection Policy applies to all processing of personal data carried out within the context of MANTRAMS, in particular on this website and its larger components - Nextcloud for research data management and the OMnibus, our interactive sonic archive, - as well as our social media profiles.

MANTRAMS is funded by the European Union and all data processing is located at the University of Tübingen, Germany. Thus, the GDPR applies. Project members located outside the EU that are not legally bound to similar legislature have signed contracts to honor this Data Protection Policy developed in agreement with the GDPR.

Data Protection and Coordination of the Project

Dr. rer. nat. Geraldine Quénéhervé (DPO)
Digital Humanities Center
University of Tübingen
Keplerstraße 2
72074 Tübingen, Germany
+40-7071-29 73629
data@mantrams.eu

For further information, please refer to the University of Tübingen Data Privacy Statement.

Collection and Production of Personal Data in MANTRAMS Reserach (GDPR §9)

During its six-year runtime (2024-2030), MANTRAMS will conduct the first historcally contextualised and ethnographically grounded study of mantras in religion, media and society in Global Southern Asia. By exploring oral history, by carrying out long, narrative interviews, and through participation in and audiovisual recording of public and secluded religious events, researchers affiliated with MANTRAMS hope to gain deep and nuanced insights into how mantras are used, experienced and understood in a broad variety of communities. MANTRAMS research desires to meet mantra practitioners where they are, sharing a social space to explore and understand the lived realities of mantras past and present.

As per the scope of the project, conducting MANTRAMS research means processing personal data revealing racial or ethnic origin, political opinions and religious or philosophical beliefs (GDPR §9). We will not only handle sacred and ancient knowledge entrusted to us by mantra practitioners, but also create and care for audio recordings of storytelling and mantra soundscapes as well as video recordings containing people’s likenesses and religious life. During such fieldwork, researchers inevitably become aware of names, phone numbers and social identities of local collaborators and research participants. Therefore, we generally take great care to ensure data protection on all stages of data processing.

We are comitted to data minimisation, using pseudonyms as early in the data proccessing workflows as possible before applying rigorous internal and external access hierarchies that respect the wishes and require the explicit consent of local data co-producers. As part of good scientific practice, data that is cleared for archiving will be released to the FDAT Repository upon completion of the project. Additionally, any MANTRAMS documents and materials legally have to be presented to our Universities’ archives for possible preservation when they are no longer in the project’s internal circulation. Any other data will be permanently deleted in 2030 and only remain in the individual researcher’s personal archive.

This website and all its components are how we organise and communicate our project. We host all data, by research participants and web users alike, on local infrastructure as much as possible without relying on any third-party services. However, our web interfaces may include links to external sites and services. MANTRAMS cannot be held responsible for the data processing policies from these external sites and services. Should you have objections to any of the external sites and services regarding their data protection policies or content, kindly reach out.

The following passages elaborate on each data processing component of the MANTRAMS web interfaces, starting at the user frontend and heading deeper into the backend.

Domain Hosting and Browser Security (IONOS)

The domain for this website and all subdomains, notably the web interface of our Nextcloud Data Hub and of our upcoming interactive sonic and audiovisual archive OMnibus as well as the DNS mapping are provided by IONOS SE. To ensure encrypted communication between your browser, the DNS server and our local webserver, we use an industry standard SSL certificate provided by Sertigo as part of the IONOS domain hosting services. As long as you use an encrypted Wifi or mobile internet connection, no one can listen in. For more information, see IONOS Data Protection Policy.

Web Services (MANTRAMS & University of Tübingen)

Any and all major data traffic, both by researchers and research participants as well as users of our digital publications, are handled by web services created and maintained by the University of Tübingen in a collaboration between the MANTRAMS project team and the Digital Humanities Center.

Apache Webserver

All MANTRAMS web interfaces run on a webserver managed at the Digital Humanities Center Tübingen. For security reasons and to ensure proper technical functionality, this webserver compiles server logs: Each time a user accesses this site, her IP adress, date and time, information about browser and device operating system, as well as the site URL are captured. This information is stored locally on the Virtual Machine at the DHC and will only be accessed by local administrators to assess technical server performance and incoming traffic.

Basic Web Analytics

To analyse the degree to which MANTRAMS is actually able to reach local communities in Global Southern Asia and whether or not our project website and our sonic archive OMnibus are as accessible and interesting to the desired audiences as we hope, we need to collect further information on user behaviour, especially on rough geo-location. We use GoAccess, an Open Source Web Log Analytics tool that is locally installed on our webserver and operates without passing on any data to a third-party provider. The goal of our Go Access implementation is to track overall trends in website traffic, it is not to track individual visitors.

Nextcloud

To back up, analyse, process and prepare research data such as audiovisual material, photographs, fieldnotes and archival sources for publication and archival, we use a locally hosted Nextcloud instance as our central Data Hub.

Nextcloud is fundamentally designed so that Nextcloud GmbH, the company behind the product, does not have any access to customer data, removing the need for a data processor or controller agreement with Nextcloud GmbH as a third party under the GDPR or similar legislation. For more information, see Nextcloud GDPR Disclaimer.

Users of the Nextcloud (i. e., project members and external collaborators) are required to sign in using bwIDM (for users with an affilliation to a German academic institution), HelmholtzID (for users with an affilliation to an international academic institution) or ORCID (for users without academic affilliation), sharing their full name and email address. This ensures personal identification of anyone with writing access to the MANTRAMS Data Hub which is necessary to provide the required transparency and data protection beyond the MANTRAMS community of practice. A Keycloak server locally hosted at the Digital Humanities Center at University of Tübingen consolidates these federated access possibilities.

While we have policies in place ensuring that no personal data of research participants such as full names or contact details are uploaded to the MANTRAMS Nextcloud instance without the explicit consent or request, field material such as interviews, recordings from religious practice and everyday life as well as highly sensitive field notes are backed-up, analysed and collaboratively shared here. We do enforce rigorous access management through layered access hierarchies within the Nextcloud itself and try to replicate emic criteria of knowledge accessibility through custom tagging of files with Traditional Knowledge Labels. Researchers may share reading access to pseudonymised field material with anyone they chose to but are legally required to do so with the utmost sensitivity and duediligence.

Legal basis: explicit consent (GDPR §6)

Virtualisation (University of Tübingen)

The webserver and the Nextcloud docker run on a Virtual Machine provided by the Zentrum für Datenverarbeitung (ZDV) at the University of Tübingen. All ingoing and outgoing traffic are funnelled through the ZDV Network Administration and Firewalls for IT Security purposes only. Since the SSL certificate is stored locally on the Virtual Machine, the ZDV only deals with encrypted network accesses and cannot read what is being transmitted.

Physical Data Storage & Hardware (bwSFS)

The physical storage for the MANTRAMS Data Hub is provided by bwSFS - Storage for Science. This georedundant infrastructure is funded by the Deutsche Forschungsgesellschaft (DFG) and the state of Baden-Württemberg to facilitate failsafe and encrypted data storage. All data uploaded to the MANTRAMS Nextcloud instance is archived and backed-up here, requiring the same level of access control that the MANTRAMS Nextcloud instance is privy to.

Your Rights

Under GDPR §15-21, you (both as web user and as research participant) have the right to

  1. refuse processing and storage of your personal data by MANTRAMS.
  2. revoke previously given consent at any point.
  3. demand information on the type of data held or processed by MANTRAMS concerning you as well as to demand a copy of any data we hold or process concerning you.
  4. demand completion or correction of data held or processed by MANTRAMS concerning you.
  5. demand to recieve data held or processed by MANTRAMS concerning you in machine-readable form or to have it transferred to a third party of your choice.
  6. complain to any eligible Regulatory Authority, either for MANTRAMS as a project (see Impressum) or for you in your contry of residence, should you perceive your rights to be violated.

Should you as a co-producer of data wish to exercise your Authority to Control under the the CARE Principles for Indigenous Data Governance, you are welcome to sign on to the MANTRAMS Data Hub, identify yourself in relation to the project and gain full admin rights for your data. Additionally, the DHDMO Edda Schwarzkopf and the DPO Geraldine Quénéhervé are obligated to assist you in exercising your rights.