Difference between revisions of "NI4OS Europe Login Privacy Notice"

@@ Line 1: / Line 1: @@
-<h1>NI4OS Europe Login Privacy Notice</h1><p><em>Version 1.0, effective from 14th February, 2020.</em></p><p>&nbsp;</p>
-{|  width="624"
-|  width="177" | <p><strong>Name of the</strong></p><p><strong>Service</strong></p>
-|  width="447" | <p>NI4OS Europe Login</p>
-|-
-|  width="177" | <p><strong>Description of the Service</strong></p><p><strong>&nbsp;</strong></p><p><strong>&nbsp;</strong></p>
-|  width="447" | <p>The NI4OS Europe Login service (the &ldquo;Service&rdquo;) is provided by the National Infrastructures for Research and Technology (GRNET) based in Athens, Greece (&ldquo;we&rdquo;, &ldquo;GRNET&rdquo;, &ldquo;us&rdquo;) for the needs of the National Initiatives for Open Science in Europe project (&ldquo;NI4OS Europe&rdquo;). The Service enables the registration, authentication and management (groups, roles and rights) of users and teams of users that participate to NI4OS Europe (&ldquo;User&rdquo;, &ldquo;you&rdquo;, &ldquo;your&rdquo;), directly, e.g. ICT and science professionals, etc.), or via organisations/ teams, e.g. NI4OS-Europe Partners, universities and other scientific organizations, etc. ( &ldquo;collaborations&rdquo;). We use this information to allow User access to services provided by and in the context of NI4OS Europe and other European Open Science Cloud (EOSC) related projects.</p><p>This privacy notice describes how we process data by which you can be personally identified (&ldquo;Personal Data&rdquo;) when you use the Service.</p>
-|-
-|  width="177" | <p><strong>Data controller and a contact person</strong></p>
-|  width="447" | <p>Partners participating to NI4OS-Europe (a full list is available <a href="https://ni4os.eu/partners/">here</a>) acting under the capacity of joint controllers</p>
-|-
-|  width="177" | <p><strong>Data controller&rsquo;s data protection officer (if applicable)</strong></p>
-|  width="447" | <p>Theodore Konstantakopoulos (ni4osinfo@grnet.gr)</p>
-|-
-|  width="177" | <p><strong>Jurisdiction and supervisory authority</strong></p>
-|  width="447" | <p>Hellenic Data Protection Authority (www.dpa.gr)</p>
-|-
-|  width="177" | <p><strong>Personal data processed</strong></p>
-|  width="447" | <p>We will process the following personal data:</p><p>A. External Identity Provider Institution information</p><p>Requested from your home institution or another identity provider of your choice:</p><p>- Given Name</p><p>- Middle Name</p><p>- Family Name</p><p>- Email</p><p>- Affiliation</p><p>&nbsp;</p><p>B. Identifiers</p><p>Identifiers, as provided by identity providers like e.g. a Home Institution or</p><p>Identifiers from third parties, for example an ORCID</p><p>&nbsp;</p><p>C. Following data may be gathered from yourself:</p><p>- Affiliation</p><p>&nbsp;</p><p>D. Collaboration information</p><p>- The collaboration that you have created or joined</p><p>- Group and membership you may have in the context of your collaboration</p><p>- Roles and rights you may have in the context of your collaboration</p><p>&nbsp;</p><p>All of the above information is provided by you on a voluntary basis, or in case of the information from your institution upon your choice. You may choose not to provide certain information, but this may impact your access to external services provided by or for the collaborations.</p><p>&nbsp;</p><p>Additionally, we process technical logs of your activity consisting of the following data:</p><p>- Your actions along with timestamps </p><p>- Your IP address </p><p>- The Identity Provider you used for authenticating through the Service </p><p>- The external Service Providers that you accessed through the Service</p>
-|-
-|  width="177" | <p><strong>Purpose of the processing of personal data</strong></p>
-|  width="447" | <p>We process your personal data in order to provide the Service, i.e. in order to identify, authenticate and authorise you as a member of one or more collaborations who have chosen to use the Service to register and manage their members. Based on the provided information you may gain access to services that are available in the context of your collaboration.</p><p>Moreover, we process your personal data for system maintenance and security purposes.</p>
-|-
-|  width="177" | <p><strong>Legal basis of processing</strong></p>
-|  width="447" | <p>Legal basis for processing your personal data for the Service is your consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.</p><p>Legal basis for processing your personal data is also the legitimate interest of GRNET, i.e. fraud prevention and network and information security.</p>
-|-
-|  width="177" | <p><strong>Parties to whom personal data is disclosed</strong></p>
-|  width="447" | <p>We may share your personal data with other members of the collaboration you have chosen to join. By joining a collaboration that is using the Service, you agree that your personal data may be disclosed to other authorised participants of the collaboration via secured mechanisms, but only for the same purposes and only as far as necessary to provide the services.</p><p>The Service will share your personal data with services available to the collaboration you choose to become a member of. These services may be based in the EU/EEA, or in countries with less adequate data protection provisions. Data transfer will be done via secured mechanisms and according to sections 2.f and 2.l of the Data Protection Code of Conduct [<a href="http://www.geant.net/uri/dataprotection-code-of-conduct/v1">Code of Conduct</a>]. In case of data transfers outside the EU/EEA we will ensure that appropriate safeguards are in place (e.g. Standard Contractual Clauses issued by the European Commission); you can obtain a copy of said safeguards contacting us at [<a href="mailto:aai-support@ni4os.eu">Support</a>].</p><p>Statistical data is gathered based on the technical logs. This data is anonymised and does not contain any personal data. Statistical data may be made publicly available by the Service.</p>
-|-
-|  width="177" | <p><strong>How to access, rectify and delete the personal data and object to its processing</strong></p>
-|  width="447" | <p>Under the requirements set by applicable legislation, you have the right to request access to, rectification, erasure of personal data and restriction of processing; you can also object to processing and you have also the right to data portability.</p><p>To access your data, go to the [<a href="https://aai.ni4os/eu/registry">User Profile Page</a>]. You may rectify your personal data or deactivate your account by sending an email to [<a href="mailto:aai-support@ni4os.eu">Support</a>].</p><p>To access, rectify the data released by your Home Organisation (e.g. your university or research institute), contact your Home Organisation's IT helpdesk. You may object to the processing of your personal data by deactivating your account in the NI4OS Europe Login service at any time by sending an email to [<a href="mailto:aai-support@ni4os.eu">Support</a>].</p><p>Moreover, you have the right to file a complaint to the Hellenic Data Protection Authority.</p>
-|-
-|  width="177" | <p><strong>Data retention</strong></p>
-|  width="447" | <p>Your personal data associated with your account is kept as long as you are active in the Service and can be deactivated earlier on request (please refer above to section &ldquo;Legal basis of processing&rdquo; regarding your right to withdraw your consent). In case that you have not logged in to NI4OS Europe Login service for 12 consecutive months your account will be deactivated.</p><p>The technical logs and related information are kept independently in order to guarantee the security of the infrastructure and its optimisation and we be retained no longer than 18 months.</p>
-|-
-|  width="177" | <p><strong>Security</strong></p>
-|  width="447" | <p>We take appropriate security precautions to protect your personal data from loss, misuse and unauthorised access, disclosure, alteration and destruction. In particular, access to technical log data is restricted and can only be accessed in a secure way by the NI4OS Europe Login service staff.</p><p>Although we endeavour to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:</p><p>●&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; There are security and privacy limitations on the internet which are beyond our control and what can have a negative impact on the confidentiality, integrity and availability of the information.</p><p>●&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; We cannot be held accountable for activity that results from your own neglect to safeguard the security of your log on credentials and equipment which results in a loss of your personal data. If you feel this is not enough, then please do not provide any personal data.</p>
-|-
-|  width="177" | <p><strong>Data Protection Code of Conduct</strong></p>
-|  width="447" | <p>Your&nbsp; personal&nbsp; data&nbsp; will&nbsp; be&nbsp; protected&nbsp; according&nbsp; to&nbsp; the</p><p>Code&nbsp; of&nbsp; Conduct&nbsp; for Service&nbsp; Providers,&nbsp; a&nbsp; common standard&nbsp; for&nbsp; the&nbsp; research&nbsp; and&nbsp; higher&nbsp; education sector to protect your privacy</p>
-|-
-|  width="177" | <p><strong>References</strong></p>
-|  width="447" | <p>●&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Code of Conduct] <a href="http://www.geant.net/uri/dataprotection-code-of-conduct/v1">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</a></p><p>●&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [User Profile Page] <a href="https://aai.ni4os/eu/registry">https://aai.ni4os.eu/registry</a></p><p>●&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; [Support] <a href="mailto:aai-support@ni4os.eu">aai-support@ni4os.eu</a></p>
-|}<p>&nbsp;</p>

Difference between revisions of "NI4OS Europe Login Privacy Notice"

Latest revision as of 07:46, 10 June 2020

Navigation menu

Search