Name of the

Service

NI4OS Europe Login

Description of the Service

The NI4OS Europe Login service (the “Service”) is provided by the National Infrastructures for Research and Technology (GRNET) based in Athens, Greece (“we”, “GRNET”, “us”) for the needs of the National Initiatives for Open Science in Europe project (“NI4OS Europe”). The Service enables the registration, authentication and management (groups, roles and rights) of users and teams of users that participate to NI4OS Europe (“User”, “you”, “your”), directly, e.g. ICT and science professionals, etc.), or via organisations/ teams, e.g. NI4OS-Europe Partners, universities and other scientific organizations, etc. ( “collaborations”). We use this information to allow User access to services provided by and in the context of NI4OS Europe and other European Open Science Cloud (EOSC) related projects.

This privacy notice describes how we process data by which you can be personally identified (“Personal Data”) when you use the Service.

Data controller and a contact person

Partners participating to NI4OS-Europe (a full list is available <a href="https://ni4os.eu/partners/">here</a>) acting under the capacity of joint controllers

Data controller’s data protection officer (if applicable)

Theodore Konstantakopoulos (ni4osinfo@grnet.gr)

Jurisdiction and supervisory authority

Hellenic Data Protection Authority (www.dpa.gr)

Personal data processed

We will process the following personal data:

A. External Identity Provider Institution information

Requested from your home institution or another identity provider of your choice:

- Given Name

- Middle Name

- Family Name

- Email

- Affiliation

B. Identifiers

Identifiers, as provided by identity providers like e.g. a Home Institution or

Identifiers from third parties, for example an ORCID

C. Following data may be gathered from yourself:

- Affiliation

D. Collaboration information

- The collaboration that you have created or joined

- Group and membership you may have in the context of your collaboration

- Roles and rights you may have in the context of your collaboration

All of the above information is provided by you on a voluntary basis, or in case of the information from your institution upon your choice. You may choose not to provide certain information, but this may impact your access to external services provided by or for the collaborations.

Additionally, we process technical logs of your activity consisting of the following data:

- Your actions along with timestamps


- Your IP address


- The Identity Provider you used for authenticating through the Service


- The external Service Providers that you accessed through the Service

Purpose of the processing of personal data

We process your personal data in order to provide the Service, i.e. in order to identify, authenticate and authorise you as a member of one or more collaborations who have chosen to use the Service to register and manage their members. Based on the provided information you may gain access to services that are available in the context of your collaboration.

Moreover, we process your personal data for system maintenance and security purposes.

Legal basis of processing

Legal basis for processing your personal data for the Service is your consent. You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

Legal basis for processing your personal data is also the legitimate interest of GRNET, i.e. fraud prevention and network and information security.

Parties to whom personal data is disclosed

We may share your personal data with other members of the collaboration you have chosen to join. By joining a collaboration that is using the Service, you agree that your personal data may be disclosed to other authorised participants of the collaboration via secured mechanisms, but only for the same purposes and only as far as necessary to provide the services.

The Service will share your personal data with services available to the collaboration you choose to become a member of. These services may be based in the EU/EEA, or in countries with less adequate data protection provisions. Data transfer will be done via secured mechanisms and according to sections 2.f and 2.l of the Data Protection Code of Conduct [<a href="http://www.geant.net/uri/dataprotection-code-of-conduct/v1">Code of Conduct</a>]. In case of data transfers outside the EU/EEA we will ensure that appropriate safeguards are in place (e.g. Standard Contractual Clauses issued by the European Commission); you can obtain a copy of said safeguards contacting us at [<a href="mailto:aai-support@ni4os.eu">Support</a>].

Statistical data is gathered based on the technical logs. This data is anonymised and does not contain any personal data. Statistical data may be made publicly available by the Service.

How to access, rectify and delete the personal data and object to its processing

Under the requirements set by applicable legislation, you have the right to request access to, rectification, erasure of personal data and restriction of processing; you can also object to processing and you have also the right to data portability.

To access your data, go to the [<a href="https://aai.ni4os/eu/registry">User Profile Page</a>]. You may rectify your personal data or deactivate your account by sending an email to [<a href="mailto:aai-support@ni4os.eu">Support</a>].

To access, rectify the data released by your Home Organisation (e.g. your university or research institute), contact your Home Organisation's IT helpdesk. You may object to the processing of your personal data by deactivating your account in the NI4OS Europe Login service at any time by sending an email to [<a href="mailto:aai-support@ni4os.eu">Support</a>].

Moreover, you have the right to file a complaint to the Hellenic Data Protection Authority.

Data retention

Your personal data associated with your account is kept as long as you are active in the Service and can be deactivated earlier on request (please refer above to section “Legal basis of processing” regarding your right to withdraw your consent). In case that you have not logged in to NI4OS Europe Login service for 12 consecutive months your account will be deactivated.

The technical logs and related information are kept independently in order to guarantee the security of the infrastructure and its optimisation and we be retained no longer than 18 months.

Security

We take appropriate security precautions to protect your personal data from loss, misuse and unauthorised access, disclosure, alteration and destruction. In particular, access to technical log data is restricted and can only be accessed in a secure way by the NI4OS Europe Login service staff.

Although we endeavour to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:

●      There are security and privacy limitations on the internet which are beyond our control and what can have a negative impact on the confidentiality, integrity and availability of the information.

●      We cannot be held accountable for activity that results from your own neglect to safeguard the security of your log on credentials and equipment which results in a loss of your personal data. If you feel this is not enough, then please do not provide any personal data.

Data Protection Code of Conduct

Your  personal  data  will  be  protected  according  to  the

Code  of  Conduct  for Service  Providers,  a  common standard  for  the  research  and  higher  education sector to protect your privacy

References

●      [Code of Conduct] <a href="http://www.geant.net/uri/dataprotection-code-of-conduct/v1">http://www.geant.net/uri/dataprotection-code-of-conduct/v1</a>

●      [User Profile Page] <a href="https://aai.ni4os/eu/registry">https://aai.ni4os.eu/registry</a>

●      [Support] <a href="mailto:aai-support@ni4os.eu">aai-support@ni4os.eu</a>