Difference between revisions of "GOCDB/data privacy"
Line 36: | Line 36: | ||
|- | |- | ||
| '''Third parties to whom personal data is disclosed''' | | '''Third parties to whom personal data is disclosed''' | ||
| | | After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and authenticated client-services of GOCDB via its Web interface and its REST API. This includes those authenticated by the [[https://www.igtf.net Interoperable Global Trust Federation]]] (note, IGTF includes countries outside the European Economic Area) and the [[http://www.ukfederation.org.uk UK Access Management Federation (UKAMF)]]. | ||
<br/> | <br/> | ||
Information is not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is required from the end user before their attributes can be shared to third parties including collaboration partners. | Information is not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is required from the end user before their attributes can be shared to third parties including collaboration partners. |
Revision as of 17:49, 17 August 2015
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Tools menu: | • Main page | • Instructions for developers | • AAI Proxy | • Accounting Portal | • Accounting Repository | • AppDB | • ARGO | • GGUS | • GOCDB |
• Message brokers | • Licenses | • OTAGs | • Operations Portal | • Perun | • EGI Collaboration tools | • LToS | • EGI Workload Manager |
GOCDB Personal Data Privacy and Code of Conduct
DRAFT - Under construction
This document follows the [template suggested by GEANT] in their privacy policy guidelines for Service Providers:
Name of Service | Grid Operations Centre Database (GOCDB) hosted by the [Science and Technology Facilities Council (STFC)] on behalf of the [European Grid Initiative (EGI.eu)]. |
Description of Service | GOCDB is a central registry to record information about the topology of the EGI e-Infrastructure. This includes entities such as Operations Centres, Resource Centres, service types, service endpoints and their downtimes, user contact information and roles of users responsible for operations at different levels |
Data Controller/Processor and contact | Data Controller: [EGI.eu], Data Processor: [Science and Technology Facilities Council] |
Jurisdiction of data processor | GB |
Personal data processed | Unique user identifier: If you register your GOCDB account using the [UK Access Management Federation] your eduPersonPrincipalName is retrieved from your home organisation. If you register your GOCDB account using the [Interoperable Global Trust Federation (IGTF)], your Distinguished Name (DN) is retrieved from your personal certificate loaded in your web browser.
|
Purpose of processing personal data | The personal data listed above is used to establish a persistent user account within EGI. Your identifier is re-published by GOCDB to trusted third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. |
Third parties to whom personal data is disclosed | After registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and authenticated client-services of GOCDB via its Web interface and its REST API. This includes those authenticated by the [Interoperable Global Trust Federation]] (note, IGTF includes countries outside the European Economic Area) and the [UK Access Management Federation (UKAMF)].
|
Data retention | The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts are also deleted after a period of 3yrs of inactivity. |
Data Protection Code of Conduct | Your personal data will be protected following the guidelines set out in the [Code of Conduct for Service Providers ], a common standard for the research and higher education sector to protect your privacy. |
User Provided Positive Informed Consent