Privacy Notice — RDM Bingo

Last updated: 4 May 2026 · Version 1.0

1. Who is responsible for your data

Lib4RI — Library for the Research Institutes within the ETH Domain (serving Eawag, Empa, PSI, and WSL) is the controller for the personal data collected through this application.

Lib4RI
Überlandstrasse 133, Postfach 611
8600 Dübendorf, Switzerland
Email: data@lib4ri.ch

Lib4RI is administratively associated with Eawag, and the application is hosted on Eawag's IT infrastructure in Switzerland. Data protection matters for both Lib4RI and Eawag are handled by the Eawag Data Protection Advisor:

Eawag — Data Protection
Überlandstrasse 133, 8600 Dübendorf, Switzerland
Email: datenschutz@eawag.ch

For background on Eawag's general data protection practices, see eawag.ch/en/data-protection.

2. What data we collect, and why

When you create an RDM Bingo account, you give us:

Your name — so we can identify you, and (unless you choose anonymous mode, see §3) display you on the public Winners page if you win.
Your email address — so we can contact you if you win, to arrange a prize or follow-up.
A password — stored only as a bcrypt hash, used to let you sign back in to your board.

While you play, you also create:

The URLs you submit as evidence for each completed bingo task.
A short description (3–1000 words) of what you did for each task.
The timestamp of when you registered and, if applicable, when you completed bingo.

We do not collect any other personal data through this application. We do not collect sensitive personal data (health, political opinions, religious beliefs, biometric data, etc.). We do not use any tracking, analytics, or advertising tools.

3. Where your data is shown

There are two visibility levels:

Account data (always private). Your real name, email address, and password hash are visible only to authorised Lib4RI staff for the purpose of running the activity. They are never shown publicly.
Winners page (public). When you complete a bingo and click "Submit", an entry is added to the public Winners page. By default this entry shows your real name, the visual pattern of your completed squares, and clickable links to the URLs you submitted as evidence, plus their descriptions on hover.

You can opt out of the public-display behaviour at registration time by ticking "Display me anonymously". If you do:

The Winners page shows a generated nickname (e.g. "COOL CROCODILE") instead of your name.
The URLs and descriptions you submitted are not shown publicly.
Clicking your squares on the Winners page does nothing.
Your real name and email remain stored internally so we can still contact you about prizes — but they are not published.

You can also choose not to submit a winning bingo at all; in that case nothing about your participation appears publicly, regardless of the anonymous-mode setting.

4. The legal basis for this processing

Lib4RI is a federal body within the meaning of the Swiss Federal Act on Data Protection (FADP). The legal basis for processing your account information and submissions is the ETH Act (Art. 36c) in conjunction with the FADP — the four ETH-domain research institutes are authorised to process personal data as necessary for their research, teaching, and associated services. Running this engagement activity falls within that mandate.

The public display on the Winners page happens only if you choose to submit a bingo. That action is an explicit, optional act on your part, and is not processed unless you take it.

5. How long we keep your data

The RDM Bingo campaign is planned to run until 1 July 2026.

During the campaign, your account and submissions are retained as long as the application is running.
Within 90 days after the campaign closes, all accounts and submitted content are deleted from the live application and from backups.
Exception — prize delivery. If you win and we owe you a prize, we keep your name and email address (only those two fields) for up to 6 months after the campaign closes, until the prize has been delivered. After delivery, or after 6 months — whichever is earlier — that record is also deleted.
Inactive accounts. Even during the active campaign, accounts that have not signed in for 12 months are deleted automatically.

You can also ask us to delete your data earlier — see §8 below.

6. Who has access to your data

Inside Lib4RI, access is restricted to staff running the RDM Bingo activity, who are bound by confidentiality obligations.

The application runs on Eawag's IT infrastructure in Dübendorf, Switzerland. Eawag staff who operate this infrastructure may have access to the encrypted data store as part of their normal hosting and backup duties. They are bound by the same confidentiality obligations that apply to all Eawag-hosted services. No data is processed outside Switzerland.

We do not currently use any external data processor. The application does not send any emails of its own. If we need to contact you (for example to arrange a prize), Lib4RI staff will write to you individually from a Lib4RI email address.

We do not sell or rent your data. We do not share it with third parties for marketing.

7. How we protect your data

All data is encrypted at rest in the application's data file using AES-256-GCM.
Connections between your browser and our server use TLS (HTTPS), and the server sets Strict-Transport-Security to enforce HTTPS for return visits.
Passwords are stored only as bcrypt hashes; the original password never leaves your browser in readable form, and we cannot recover it.
Session cookies are HttpOnly, SameSite=Lax, and (in production) Secure.
The administration interface requires a separately provisioned bearer token and is not exposed publicly.
Backups are encrypted under the same scheme as the live data.
Lib4RI and Eawag staff receive regular data protection training.

These measures follow Art. 8 FADP and the Ordinance to the FADP, and are aligned with the guidance published by the Federal Data Protection and Information Commissioner (FDPIC).

8. Your rights

Under the FADP you have the right to:

See what data we hold about you and receive a copy.
Correct data that is inaccurate.
Delete your data when it is no longer needed for the stated purpose.
Object to the processing.
Receive your data in a common electronic format (data portability), where applicable.

To exercise any of these rights, write to datenschutz@eawag.ch. We respond within 30 days. We may ask you to confirm your identity before acting on the request.

If you believe we are not handling your data lawfully, you may lodge a complaint with the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Bern — edoeb.admin.ch.

9. Cookies and tracking

This application uses only one cookie — a session cookie (sid) that is strictly necessary for keeping you signed in. It is destroyed when you sign out and contains no information beyond an opaque session identifier. We do not use analytics, advertising, or any third-party tracking.

10. International access

This service is operated from Switzerland and is hosted entirely on infrastructure in Switzerland. Anyone in the world may register; if you do so from outside Switzerland, your data is transferred to and processed in Switzerland, and Swiss law governs how we handle it.

11. Changes to this notice

If we change this notice in a way that affects how your data is processed, we note the change at the top of this page and increment the version number. The "Last updated" date above always reflects the current version.