This privacy policy is based on the Elixir AAI privacy policy and the eduTEAMS privacy policy.
Name of the service | Dutch Research AAI (DRAAI) |
Description of the service | DRAAI is the AAI (Authentication and Authorization Infrastructure) for and to Dutch research infrastructure providers and researchers. DRAAI carries out the authentication of a DRAAI user and manages and delivers their access rights and other relevant personal data to the connected services relying on it. |
Data controller and a contact person | SURFnet B.V Raoul Teeuwen, raoul.teeuwen@surfnet.nl |
Jurisdiction | NL Netherlands |
Personal data processed | As part of your registration into a collaborative organisation, DRAAI may process the following data: Profile information
Information for your collaboration: Home Institution information All of the above information is provided by you on a voluntary basis, or in case of the information from your institution upon your consent. You may choose not to provide certain information, but this may mean you cannot participate in the collaboration. The actual data collected by your collaborative organisation may differ. |
Purpose of the processing of personal data | DRAAI processes your personal data to identify and authenticate you as a user of the DRAAI services, and to manage your access rights and other personal data for the DRAAI connected research services. The log files produced by the DRAAI components will be used only for administrative, operational, accounting, monitoring and security purposes. |
Third parties to whom personal data is disclosed | As a gateway to DRAAI connected research services, DRAAI will release your personal data to the DRAAI connected services you are using. Data release will be done according to the sections 2.f and 2.l of the Data Protection Code of Conduct. You agree that the logged information may be disclosed to other authorised participants via secured mechanisms, only for the same purposes and only as far as necessary to provide the services. |
How to access, rectify and delete the personal data | To access and rectify (if possible, selected fields) personal data, access your profile at https://comanage.pilot.scz.lab.surf.nl/registry/ . To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk. To rectify or delete other information, contact the data controller mentioned above. |
Data retention | Your personal data is deleted on request or if you have not logged in to DRAAI for 37 months. The operational logs and related information is kept independently in order to guarantee the security of the infrastructure and its optimization. |
Data Protection Code of Conduct | Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy. |