Data Protection Policy for 'AI for Everyone'

General Information

Justus Liebig University Giessen (JLU) places the highest priority on the security of your data. Therefore, we inform you, as a user of this 'AI for Everyone' service, about the type, scope, and purpose of the collection and use of personal data and assure compliance with all relevant legal provisions, especially the EU General Data Protection Regulation (GDPR) and the Hessian Data Protection and Freedom of Information Act (HDSIG).

The 'AI for Everyone' service, referred to as the 'Service', provides functions in the field of Artificial Intelligence (AI). Users can generate media such as text or images using the Service. Users submit inputs, e.g., in text form, to the Service, which processes them based on AI systems to produce output.

This data protection declaration pertains to data collected during the use of the Service. The types of data you may submit to the Service (user inputs, so-called 'prompts', or uploads) are regulated by the 'AI for Everyone' Service's terms of use, available on this website.

Data Controller:

Justus Liebig University Giessen (JLU)
Legally represented by its President Prof. Dr. Katharina Lorenz
Ludwigstraße 23
35390 Giessen
Germany
Phone: +49 641 99-0
Fax: +49 641 99-12259
Email: praesidentin
Website: www.uni-giessen.de

Data Protection Officer of JLU:

Justus Liebig University Giessen
Official Data Protection Officer
Ludwigstraße 23
35390 Giessen
Germany
Phone: +49 641 99-12230 or +49 641 99-12270
Fax: +49 641 99-12229
Email: datenschutz
Website: www.uni-giessen.de/datenschutz

Some of the processed data is subject to data processing by OpenAI OpCo, LLC, hereinafter referred to as 'OpenAI'.
OpenAI can be reached at:

3180 18th St., San Francisco, CA 94110, USA
Emma Redmond, Head of EU Data Protection, privacy

Data Recipient and Purpose of Data Processing

The recipient of the data transmitted through the Service is JLU IT Service Center (HRZ). Some of the received data is processed by OpenAI under data processing agreements. JLU processes personal data and transmits it to OpenAI only to the extent necessary to provide a functional Service.

Scope and Types of Processed Data

In operating the Service, a distinction is made between personal data required for service provision (section a) and data users submit for processing within the Service (section b).

Further, a distinction is made between data processed internally by JLU and stored on JLU servers and data subject to data processing agreements with OpenAI.

a) Required for Service Provision and Processed Internally by JLU

Access Data/Server Log Files

For technical reasons, we automatically collect and store information in server log files, which your browser automatically sends to us. This data includes:

• IP address of the requesting computer
• Date and time of the request
• Access method/function requested by the computer
• Data submitted by the requesting computer
• Access status of the web server (file transferred, file not found, command not executed, etc.)
• Name of the requested file

This personal data is processed solely to provide a technically functional website and to ensure the security of our IT systems.

Access Data/Login

The access data you provide is solely used to verify your eligibility for access. Your data is not stored but is directly forwarded to the identity management system for verification.

Session Cookies

Our website uses so-called session cookies. Session cookies are small pieces of information that a web server stores in the visitor's computer memory. A randomly generated unique identification number, called a session ID, is stored in a session cookie. These cookies are necessary to recognize your browser after a page change. They are automatically deleted when you log out or close your browser. Session cookies are not used to create user profiles.

b) Data Submitted by Users During Service Use

All content submitted by users ('prompts') is sent anonymously and free of personal system data to a server operated locally by JLU. The connected language models may be hosted locally on JLU servers or on cloud systems inside and outside the EU. Users are informed about data processing implications through the Service's terms of use and user guidance.

Prompts submitted to linked ChatGPT language models are processed by OpenAI, stored, and deleted after 30 days. These inputs are not used for training language models. This includes all inputs (so-called 'prompts') that users transmit to the Service, along with the anonymous ID of the prompt. Certain metadata associated with user-submitted data is anonymized and processed and stored by OpenAI in a non-traceable manner back to JLU or its users. This includes the ID and timestamp of a prompt.

The IT Service Center cannot trace which users sent which user-generated data (prompts) to the locally operated server at JLU from log files or similar records. Chat histories cannot be viewed unless the user has provided permission, e.g., in the form of a shared chat history or a group chat.

Your Rights

Articles 15 ff. of the GDPR outline your rights. You have the right to request free information on your stored personal data, as well as the right to correct incorrect data, and to restrict or delete the processing of your personal data.

If you believe your data has been processed unlawfully, you may file a complaint with the appropriate supervisory authority. We recommend contacting the data protection officer (contact information above) before filing a complaint.

Contact Information for the Supervisory Authority:

Hessian Commissioner for Data Protection and Freedom of Information
Prof. Dr. Alexander Rossnagel
Gustav-Stresemann-Ring 1
65189 Wiesbaden
Phone: +49 611 1408-0
Fax: +49 611 1408-611
Email: poststelle
Website: datenschutz.hessen.de