Privacy Policy for the service GitLab

GitLab is the first single application for the entire DevOps lifecycle.

1. Personal Data

If you use the service GitLab, we will process your personal data. According to Art. 4 No. 1 of the EU General Data Protection Regulation (GDPR), personal data are all data relating to an identified or identifiable natural person.

2. Controller

Controller of the data processing on this website according to Art. 4, par. 7 GDPR as well as other data protection regulations:
The Karlsruhe Institute of Technology is a corporation governed by public law, represented by its acting president Prof. Dr Oliver Kraft.
Our Data Protection Officer can be contacted at or by ordinary mail with “Die Datenschutzbeauftragte” (the data protection officer) being indicated on the envelope.

3. Data Processing

When you login to the service, we collect the following personal data from your remote identity provider (EUDAT B2ACCESS):
In addition we collect the following personal data from your operating system: You have the option to give us the following personal data voluntarily: The personal data retrieved from external identity provider is necessary to map you to the GitLab account, contact you and provide a comfortable interface. Your name and email address are visible for other users of GitLab to share files/projects.
When you log in to the service we store a cookie on your device. Cookies are small text files stored in your computer system by the browser used by you, through which we (the server of our website) obtain certain information. Cookies cannot execute any programs or transmit viruses to your computer. They serve to make internet offers more user-friendly, more effective, and quicker. It is distinguished between session cookies (transient cookies) and permanent (persistent) cookies.
Transient cookies are deleted automatically when you close the browser. They include in particular the session cookies. These store a so-called session ID, through which queries of your browser can be allocated to the joint session. They allow us to identify your computer when you return to our website. Session cookies are deleted when you log out or close the browser.
We use session cookies exclusively. We do not use any persistent cookies or flash cookies.
You can set your browser such that you will be informed about the setting of cookies and you can permit cookies in individual cases only, exclude the acceptance of cookies in certain cases or in general, and activate automatic deletion of cookies when closing your browser. When deactivating cookies, functionality of this website may be limited.

4. Legal Basis

The legal basis for the processing is Art. 6, par. 1, clause 1, (b), clause 3, (b) GDPR in conjunction with Section 4 Landesdatenschutzgesetz Baden-Württemberg (State data protection act of the state of Baden-Württemberg).
The legal basis for the information you provide voluntarily is your consent in accordance with Art. 6, par. 1, clause 1, (a) GDPR. The consent is voluntary. There are no disadvantages if it is denied or withdrawn.

5. Data Storage

Your data will be stored for as long as necessary to provide the service and there are statutory storage requirements. After expiry of the statutory retention periods your data will be deleted unless you have expressly consented to any further use of the data. In general, the data is deleted after one month.

6. Your Rights

Personal data can be accessed and reviewed in your account settings. To rectify the data released by EUDAT GitLab, please update them at EUDAT GitLab.
To request an account deletion, please contact the KIT Team under and provide your email address and your full name.
According to Art. 7 par. 3 GDPR you have the right to withdraw your consent at any time with effect for the future. The withdrawal may also refer to parts of your consent.
In Addition you have the following rights: You have the right to complain about the processing of your personal data by us with a supervisory authority (Art. 77 GDPR).
In the case of manifestly unfounded or excessive requests, we can charge a reasonable fee. Otherwise, information will be provided free of charge (Art. 12, par. 5 GDPR).
In the case of reasonable doubts concerning the identity of the natural person asserting the above rights, we may request the provision of additional information necessary to confirm the identity of the data subject (Art. 12, par. 6 GDPR).