OpenAIRE Data Protection Policy related to EOSC data transfer service
The EOSC Explore portal offers users the possibility to transfer files (datasets) to dCache and S3 storages, via the Data Transfer Service (implemented by EGI). For the transfer of files to dCache users are prompted to login to EGI Checkin (EGI production AAI). To transfer files to s3 users are prompted to give their s3 credentials to EOSC Explore. These credentials are encoded and passed to the Data Transfer Service.
Data Protection Policy for OpenAIRE Services v.1.0
Personal Data Policy
ΟpenAIRE and the EGI Foundation (henceforth the ‘Data controllers’) consider the protection and security of Personal Data as a high priority and responsibility towards the Open Science community. This Data Protection Policy is in place to protect the Personal Data of OpenAIRE service users. The Data controllers recognise the right to the protection of Personal Data and ensure the application of the current legal framework (in particular Regulation 2016/679 and the respective national laws).
As a user of the OpenAIRE services, you must be aware that your Personal Data is collected and maintained by the Data controllers for a certain period of time and for specified, explicit, and legitimate purposes. Personal Data shall be treated fairly and in a transparent manner in accordance with the applicable legal framework and in such a way as to guarantee their security. Information regarding the processing of such data may be found in the respective sections below.
Data controllers
The Data co-controllers for the purpose of the operation of the Data Transfer Service and the provision of the services listed below are as follows:
OpenAIRE AMKE
Artemidos 6
1512 Maroussi, Greece
EGI Foundation
Science Park 140
1098 XG Amsterdam
Netherlands
E-mail: dpo@egi.eu
OpenAIRE and the EGI Foundation are responsible for the design and direction of the processing of the Personal Data and non-personal data as well the technical collection, presentation, transfer, and storage of the Personal Data and non-personal data collected through the OpenAIRE services.
The Data controllers may modify this policy to achieve a better protection of Personal Data by announcing such modifications via the OpenAIRE website, by demarcating and dating the versions, and by keeping an archive of previous Data Protection Policies on the OpenAIRE website.
By navigating and using the Data Transfer Services that they have read, understood, and unconditionally accepted this Data Protection Policy.
For further information, you may contact the Data Protection Officers of the Data controllers by sending an e-mail to <dpo@openaire.eu>
Purpose of Personal Data Processing
The processing of Personal Data means any operation or set of operations that is performed on Personal Data or on sets of Personal Data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction of the Personal Data.
The Personal Data identified in the following section are processed for the purpose of collecting, analysing, and presenting data for the purposes of offering OpenAIRE services.
Personal Data
‘Personal Data’ means any information relating to an identified or identifiable natural person. An identifiable natural person (known as the ‘Data Subject’) is one who can be identified, directly or indirectly, in particular by reference to an identifier, including a name, identification number, location data, online identifier (such as an ΙΡ or e-mail address), or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.
We obtain the following Personal Data through our services:
- username
- password credentials in order to pass this information to the backend service.
These data will not be stored, but will be used as a parameter of a request to the API of the backend service.
Recipients of the Personal Data
Designated OpenAIRE and the EGI Foundation administrators will have access to the Personal Data in order to perform necessary activities for the processing of the collected monitoring data. A log will be kept and will be made accessible if required by law or contract upon request.
Personal Data may also be shared with (designated representatives of) the members of the OpenAIRE for the offering of the OpenAIRE services. The Data Controllers will in this case transfer the relevant Personal Data and enter into a Data controllers to controllers relationship with the OpenAIRE members. Due diligence will be performed to ensure that OpenAIRE has adequate Personal Data policies in place before transferring the Personal Data. A log will be kept and will be made accessible if required by law or contract upon request.
Personal Data Retention
All Personal Data obtained for the purposes of OpenAIRE services will be kept for the period offering such services.
Personal Data Security
To protect the privacy of users of OpenAIRE services, we employ data security measures to prevent the loss, misuse, unauthorised access, and disclosure of collected Personal Data.
Access to your Personal Data is restricted to authorised representatives of OpenAIRE the EGI Foundation, and its Members ho have a duty of confidentiality.
Your Rights
As far as the protection of your Personal Data is concerned, you have the following rights:
- The right of access to your Personal Data
- The right of correction of your Personal Data
- The right of remission of your Personal Data
- The right to limit processing of your Personal Data
- The right of portability of your Personal Data
- The right to object to the processing of your Personal Data.
To exercise your rights, you may contact the Data Protection Officers of OpenAIRE by sending an e-mail to <dpo@openaire.eu>
Right of Termination
If a user believes that the protection of their Personal Data is at risk or that the Data Controllers have not adequately responded, then the user may contact relevant Personal Data Protection Authorities:
Hellenic Data Protection Authority Kifissias 1-3
PC 115 23, Athens, Greece
Telephone: +302106475600
Ε-mail: <contact@dpa.gr>
Website: [https://www.dpa.gr/en]
Dutch Personal Data Authority
PO Box 93374
2509 AJ The Hague
Privacy Policy Version
This is Version 1.0 of this Privacy Policy on 26 May 2022