Difference between revisions of "GOCDB/data privacy"
< GOCDB
Jump to navigation
Jump to search
m (Created page with "GOCDB Personal Data Privacy and Code of Conduct coming soon") |
|||
Line 1: | Line 1: | ||
{{Template:Op menubar}} {{Template:Tools menubar}} {{TOC_right}} | |||
GOCDB Personal Data Privacy and Code of Conduct | GOCDB Personal Data Privacy and Code of Conduct | ||
This document follows the [[https://wiki.refeds.org/display/CODE/Privacy+policy+guidelines+for+Service+Providers template suggested by GEANT]] in their privacy policy guidelines for Service Providers: | |||
{| class="wikitable" | |||
|- | |||
| '''Name of Service''' | |||
| Grid Operations Centre Database (GOCDB) hosted by the [[http://www.stfc.ac.uk Science and Technology Facilities Council (STFC)]] on behalf of the [[http://www.egi.eu European Grid Initiative (EGI.eu)]]. | |||
|- | |||
| '''Description of Service''' | |||
| GOCDB is a central registry to record information about the topology of the EGI e-Infrastructure. This includes entities such as Operations Centres, Resource Centres, service types, service endpoints and their downtimes, user contact information and roles of users responsible for operations at different levels | |||
|- | |||
| '''Data Controller/Processor and contact''' | |||
| ''Data Controller:'' [[http://www.egi.eu EGI.eu]],<br/> ''Data Processor:'' [[http://www.stfc.ac.uk Science and Technology Facilities Council]] | |||
|- | |||
| '''Jurisdiction of data processor''' | |||
| GB | |||
|- | |||
| '''Personal data processed''' | |||
| ''Unique user identifier'' <br> If you register your GOCDB account using the [[http://www.ukfederation.org.uk/ UK Access Management Federation]] the '''eduPersonPrincipalName''' unique identifier is retrieved from your home organisation. If you register your GOCDB account using the [[https://www.igtf.net Interoperable Global Trust Federation (IGTF)]], the '''Distinguished Name (DN)''' unique identifier is retrieved from your personal certificate. | |||
<br/> | |||
The following data are provided by you on account creation (see below screen capture):<br/> | |||
* Title | |||
* First name | |||
* Last name | |||
* Email address | |||
* Tel (optional) | |||
|- | |||
| '''Purpose of processing personal data''' | |||
| The personal data listed above is used to establish a persistent user account within EGI. Your identifier is re-published by GOCDB to trusted third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. | |||
|- | |||
| '''Third parties to whom personal data is disclosed''' | |||
| On registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and authenticated client-services of GOCDB via its Web interface and its REST API. This includes those authenticated by the [[https://www.igtf.net Interoperable Global Trust Federation]]] (note, IGTF includes countries outside the European Economic Area) and the [[http://www.ukfederation.org.uk UK Access Management Federation (UKAMF)]]. | |||
<br/> | |||
Information is not shared unless '''positive informed consent is provided by the user''' which is obtained during GOCDB account creation (see screen capture below). This conforms to the [[http://www.ukfederation.org.uk/library/uploads/Documents/rules-of-membership.pdf rules of membership]] for the UKAMF (section 4.1) and [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx GEANT Data Protection Code of Conduct]] (section f c.) - both stipulate prior consent is necessary from the end user before their attributes can be shared to third parties including collaboration partners. | |||
|- | |||
| '''Data retention''' | |||
| The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts are also deleted after a period of 3yrs of inactivity. | |||
|- | |||
| '''Data Protection Code of Conduct''' | |||
| Your personal data will be protected following the guidelines set out in the [[http://www.geant.net/uri/dataprotection-code-of-conduct/v1/Pages/default.aspx Code of Conduct for Service Providers ]], a common standard for the research and higher education sector to protect your privacy. | |||
|} |
Revision as of 16:23, 17 August 2015
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Tools menu: | • Main page | • Instructions for developers | • AAI Proxy | • Accounting Portal | • Accounting Repository | • AppDB | • ARGO | • GGUS | • GOCDB |
• Message brokers | • Licenses | • OTAGs | • Operations Portal | • Perun | • EGI Collaboration tools | • LToS | • EGI Workload Manager |
GOCDB Personal Data Privacy and Code of Conduct
This document follows the [template suggested by GEANT] in their privacy policy guidelines for Service Providers:
Name of Service | Grid Operations Centre Database (GOCDB) hosted by the [Science and Technology Facilities Council (STFC)] on behalf of the [European Grid Initiative (EGI.eu)]. |
Description of Service | GOCDB is a central registry to record information about the topology of the EGI e-Infrastructure. This includes entities such as Operations Centres, Resource Centres, service types, service endpoints and their downtimes, user contact information and roles of users responsible for operations at different levels |
Data Controller/Processor and contact | Data Controller: [EGI.eu], Data Processor: [Science and Technology Facilities Council] |
Jurisdiction of data processor | GB |
Personal data processed | Unique user identifier If you register your GOCDB account using the [UK Access Management Federation] the eduPersonPrincipalName unique identifier is retrieved from your home organisation. If you register your GOCDB account using the [Interoperable Global Trust Federation (IGTF)], the Distinguished Name (DN) unique identifier is retrieved from your personal certificate.
|
Purpose of processing personal data | The personal data listed above is used to establish a persistent user account within EGI. Your identifier is re-published by GOCDB to trusted third party service-providers for use in Monitoring, Accounting and other data processing systems. Log files that include your personal identifier are also kept for fault diagnostics, auditing and for security monitoring purposes. |
Third parties to whom personal data is disclosed | On registering a GOCDB account, the identity string and the personal information listed above is made visible to all other authenticated users and authenticated client-services of GOCDB via its Web interface and its REST API. This includes those authenticated by the [Interoperable Global Trust Federation]] (note, IGTF includes countries outside the European Economic Area) and the [UK Access Management Federation (UKAMF)].
|
Data retention | The personal information listed above is removed on deletion of a GOCDB account. GOCDB accounts are also deleted after a period of 3yrs of inactivity. |
Data Protection Code of Conduct | Your personal data will be protected following the guidelines set out in the [Code of Conduct for Service Providers ], a common standard for the research and higher education sector to protect your privacy. |