Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

This privacy policy is based on the Elixir AAI privacy policy and the eduTEAMS privacy policy.

Name of the serviceDutch Research AAI (DRAAI)
Description of the serviceDRAAI is the AAI (Authentication and Authorization Infrastructure) for and to Dutch research infrastructure providers and researchers. DRAAI carries out the authentication of a DRAAI user and manages and delivers their access rights and other relevant personal data to the connected services relying on it.

Data controller and a contact person

SURFnet B.V
Raoul Teeuwen, raoul.teeuwen@surfnet.nl
JurisdictionNL Netherlands
Personal data processed

As part of your registration into a collaborative organisation, DRAAI may process the following data:

Profile information
* Honorific
* Given Name
* Middle Name
* Family Name
* Suffix
* Email
* Telephone number
* Postal addresses
* Language
* SSH public key(s)


Identifiers
* Identifiers, for example an ORCID

Information for your collaboration:
* Group and memberships you may have in the context of your collaboration
* Roles and rights you may have in the context of your collaboration

Home Institution information
From your home institution we may request:
* Given Name
* Middle Name
* Family Name
* Email
* Affiliation

All of the above information is provided by you on a voluntary basis, or in case of the information from your institution upon your consent. You may choose not to provide certain information, but this may mean you cannot participate in the collaboration. The actual data collected by your collaborative organisation may differ.

Purpose of the processing of personal data

DRAAI processes your personal data to identify and authenticate you as a user of the DRAAI services, and to manage your access rights and other personal data for the DRAAI connected research services. The log files produced by the DRAAI components will be used only for administrative, operational, accounting, monitoring and security purposes.

Third parties to whom personal data is disclosed

As a gateway to DRAAI connected research services, DRAAI will release your personal data to the DRAAI connected services you are using. Data release will be done according to the sections 2.f and 2.l of the Data Protection Code of Conduct. You agree that the logged information may be disclosed to other authorised participants via secured mechanisms, only for the same purposes and only as far as necessary to provide the services.

How to access, rectify and delete the personal data

To access and rectify (if possible, selected fields) personal data, access your profile at https://comanage.pilot.scz.lab.surf.nl/registry/ .

To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk.

To rectify or delete other information, contact the data controller mentioned above.

Data retention

Your personal data is deleted on request or if you have not logged in to DRAAI for 37 months. The operational logs and related information is kept independently in order to guarantee the security of the infrastructure and its optimization.

Data Protection Code of Conduct

Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.

  • No labels