GÉANT Privacy Notice
Last updated 29th April 2021 Introduction
Data Protection Officer
How does GÉANT collect and process your personal data?
Data storage and retention periods
When and how we share information with others
Transferring personal data from the EU
Data subject rights
Security of your personal data
Changes and updates to the privacy notice
Questions, concerns and complaints
Introduction
GÉANT Vereniging, an association registered with the Chamber of Commerce in Amsterdam, Netherlands, with registered number (40535155) and registered office at Hoekenrode 3, 1102 BR, Amsterdam, The Netherlands (GÉANT, us or we) is dedicated to safeguarding the personal data that we process, as well as to developing and applying data protection solutions that are effective, fit for purpose and demonstrate an understanding of, and appreciation for the General Data Protection Regulation 679/2016 (GDPR) as well as applicable national data protection legislation.
We are committed to ensuring ongoing and continued compliance with data protection legislation and guidance provided by the supervisory authorities with regard to our business as a whole and all of our service offerings.
This Privacy Notice concerns the processing of your personal data for which GÉANT is the Data Controller, in other words, GÉANT collects personal data directly or indirectly from you and decides the personal data needed to provide you a service, the purposes for which your personal data is being collected, how it is stored, shared and for how long will be retained.
Considering the significance of this responsibility, GÉANT works on a daily basis to put in place adequate measures and controls to protect your personal data, improve them and ensure that you can exercise your rights at any time.
Data Protection Officer
GÉANT has appointed an internal Data Protection Officer (DPO), for you to contact if you have any questions or concerns about the way GÉANT is processing your personal data. Together, GÉANT’s DPO and GDPR team are working to provide you accurate information and implement the measures to protect your privacy.
The GÉANT’s DPO’s name and contact information are as follows:
Ana Alves
GÉANT Vereniging (Association)
Hoekenrode 3, 1102BR Amsterdam, The Netherlands
gdpr@geant.org
Tel. number: +31 20 530 4488
GÉANT Vereniging (Association)
Hoekenrode 3, 1102BR Amsterdam, The Netherlands
gdpr@geant.org
Tel. number: +31 20 530 4488
How does GÉANT collect and process your personal data?
GÉANT Events
Throughout the year, GÉANT organises, hosts and promotes many events globally, including with face-to-face as well as virtual participation. In this context “events” shall be understood as any event, seminar, conference, training session, webinar, info-share, networking event, task force and/or special interest group meeting, workshop, social event or other gathering organised by GÉANT. If you register for one of our events we may collect, depending on the nature of the event, the following information from you or someone within your organisation:- Name
- Organisation or affiliation
- Email address
- Address
- Contact telephone number
- Job title (when requested)
- Payment information (when requested)
- Dietary requirements (optional)
- Any special requirements (optional)
- Specific accessibility requirements (optional)
- Level of education and/or prior knowledge (optional)
GÉANT Services
GÉANT develops the services that its members need in order to provide support for researchers, educators and innovators - at national, European and international levels. Our portfolio of advanced services covers connectivity and network management; trust, identity and security; real-time communications; storage and clouds and professional services. In order to provide you the best services, GÉANT may collect the following personal data from you, depending on the service that we are providing to you:- Name and affiliation
- Username
- Email address
- Log records
- IP address
- SSH public key(s)
- Technical log data
- Device information
- The region or general location where your computer or device is accessing the Internet
- Unique device identifiers
- Application ID
- Contact information that is required for operational purposes by individual administrators from identity providers, service providers, Authentication & Authorisation, and Identity Federations is collected in the metadata published by Identity Federation and Location information, e.g. what university or institution you are logging in from.
- to present content from the services you requested in an effective manner to you;
- to carry out contractual obligations arising from any contracts entered between you and us or your service provider;
- to register you for events and other services you have requested;
- to assist us in maintaining records of events for internal and external security and audit purposes;
- to respond to any concerns or queries you have in relation to our services or websites;
- to help diagnose problems with our servers and to administer our websites, analyse trends, track visitor movements and gather broad demographic information that assists us in identifying visitor preferences;
- to help you collaborate with others, some services provide different ways authorised users can collaborate, such as shared communication channels and services;
- to provide you with information, products or services that you request from us or which we think may be of interest to you;
- to help us deliver a better service to you, we may collect certain technical information that does not directly identify an individual: such information tells us about the equipment you are using, browsing actions, the resources accessed and the operating systems used; we use analytics and similar services, as explained in our Cookie Policy to help us deliver a better service to you;
- to contact you about our services or related services;
- to ensure that the data you provide remains safe and secure by using appropriate monitoring and auditing mechanisms.
- For certain services, we collect personal information under the direction of our clients (e.g. an entity like a university that subscribes to the services for use by the entity’s personnel).
- We may engage with Third Party Services; when enabled by you we may share data with them to enable their services to operate effectively. It is your responsibility to check the privacy setting and notices in these Third-Party Services.
- We may engage Third Party Service Providers to process information and provide storage services. GÉANT will ensure that appropriate security controls are in place with any Third-Party Provider.
- We may use aggregated or de-identified data for other purposes such as identified users from specific countries or average time using services.
GÉANT Publications
GÉANT has several channels to provide you with content, such as blog, websites, Connect magazine, social media pages managed by GÉANT, newsletters and mailing lists. The subscription for GÉANT publications is provided on a voluntary basis and you can at any time unsubscribe. We may need your email address to be provided in order to send you GÉANT publications. GÉANT relies on a legitimate interest to process your personal information for purposes of fulfilling your request to receive our publications.GÉANT Recruitment
GÉANT’s recruitment process is made through our official website and managed by Eploy, which works as the Data Processor under GÉANT (Data Controller) guidance. The security and privacy measures provided by Eploy were evaluated by us in line with GDPR. Hence, when you apply for a vacancy through the GÉANT website you are under the Candidate Privacy Notice.Website
The GÉANT websites, in order to provide you a better performance and experience, collect certain information automatically and store it in log files. We use this information to help us design our sites to better understand your needs and requirements. Our websites also use cookies and web beacons. Google Analytics GÉANT uses Google Analytics to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our members find useful or interesting, so we can produce the most valuable content to meet your needs. We use Google Analytics to track the numbers of visitors to our site but do not collect any personal information or store IP address locally on our site. This is only used to monitor the number of hits on our pages and location at the country level therefore we cannot track or trace individual users or their physical addresses. If you would like to opt out please use the Google Analytics Opt-out Browser Add-On. Cookies What are cookies? A cookie is a small text file that is stored on the web browser on your computer when you visit a website. Cookies do lots of different jobs, like letting you navigate between web pages efficiently, remembering your preferences, and generally improving the user experience. By using our websites, you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings (there are instructions below on how to do this). GÉANT recommends you to accept and use cookies. A full Cookie Policy can be seen by clicking here which will provide further details on:- How we use cookies;
- How to enable/disable cookies;
- How to change cookie settings;
- The cookies used on the websites;
- Third party cookies.
Data storage and retention periods
Events
- Conferences
- Training
- Meetings
Services
Your personal information (name, contact details, workplace) is stored for the duration of your use of the services provided and an additional 12 months after you cease using our services. GÉANT keeps this data in order to deal with any queries that may arise following your use of our services. You can consult the retention periods for each GÉANT service on the respective website.Publications
GÉANT will retain your information so long as you wish to remain a subscriber to one or more of our publications.Recruitment
Personal data relating to candidates who are unsuccessful will be retained for a maximum of 12 months after a hiring decision has been made (unless you have asked us to retain your details to allow us to notify you of any similar vacancies in the future). After this time, it will be securely destroyed and permanently deleted. If you start work with us, any personal data processed as part of your employment records will normally be held for a period of 7 years from the end of your employment with us, except where we are:- legally required to retain the information for longer;
- legally required to delete the information within a specified period;
- required to supply personal data in relation to any legal or other type of dispute, either with you or with a third party.
When and how we share information with others
GÉANT will share your personal data with third parties only in ways that are described in the Privacy Notice.
We provide and support some of our services through contractual arrangements with service providers and other third parties. GÉANT and our service partners use your personal data to operate our website(s) and provide services and events to you.
The personal information GÉANT collects from you is stored in one or more databases hosted by third parties that may be located within the EU or outside the EU. These third parties do not use or have authority to access to your personal data for any reason other than cloud storage and retrieval.
We will also disclose personal data in the following circumstances:
- if we are required or permitted to do so by law, regulatory or other legal process;
- to protect our rights, reputation, property or the safety of us and others;
- to defend or enforce our rights or your obligations.
Transferring personal data from the EU
GÉANT is headquartered in The Netherlands (NL), with another office based in Cambridge, England (UK). Personal Data we collect about you will generally be processed in these locations. GÉANT endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only within the authorisation you have given and the practices described in this Privacy Notice.
In some cases, GÉANT may transfer your personal data to countries outside the European Economic Area (EEA), for example if we use a third party for processing services or storing data or for obtaining feedback on one of the services or events we provide. If we do transfer personal data to third countries, we will ensure that such transfers are compliant with our obligations under relevant data protection legislation and that appropriate technical and operational controls are in place to keep your personal data secure.
If personal data is transferred from the EU to the USA, the EU-US Privacy Shield will be used. This framework was developed to enable companies to comply with data protection requirements when transferring personal data from the EU to the USA.
GÉANT also minimises the risk to your rights and freedoms by not collecting or storing any sensitive information about you without your explicit consent.
Data subject rights
You have the following rights regarding your personal data:
- You have the right to request access to your data.
- You have the right to ask us to rectify your personal data.
- You have the right to ask us to erase your personal information.
- You have the right to object to your data being processed by us.
- In the Netherlands: (Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl)
- In the UK: Information Commissioner's Office: https://ico.org.uk
Security of your personal data
GÉANT takes the confidentiality, integrity and availability of your personal data very seriously. We take appropriate security precautions to protect your personal data from loss, misuse or unauthorised access, disclosure, alteration and destruction. When you access a GÉANT service, GÉANT will provide adequate security controls to keep your personal data safe in accordance with the classification of the personal data we have collected from you.
Although we endeavour to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:
- there are security and privacy limitations on the Internet which are beyond our control;
- the confidentiality, integrity and availability of any and all information exchanged using these services cannot be 100% guaranteed;
- we cannot be held accountable for activity that results from your own neglect to safeguard the security of your login credentials and equipment that results in a loss of your personal data.
Changes and updates to the privacy notice
Services and products offered to you may change from time to time and this Privacy Notice will be updated appropriately. We reserve the right to amend the Privacy Notice at any time – in such case, an updated version of the Privacy Notice will be posted on our website and we encourage you to check it from time to time. We may email periodic reminders of our notices and terms that are currently in effect and any changes that may have been made to them.
GÉANT keeps this Privacy Notice under regular review; the last update was in January 2021.
Questions, concerns and complaints
The GÉANT Association head office is based in The Netherlands. Please let us know if you have any questions, complaints or concerns about how GÉANT processes your personal data or about this Privacy Notice, by contacting GÉANT’s Data Protection Officer:
Ana Alves
GÉANT Association
Hoekenrode 3 1102 BR - Amsterdam – Zuidoost- The Netherlands
Tel number: +31 20 530 4488 Email: GDPR@geant.org
If you wish to raise a complaint directly with the relevant supervisory authority, their details are:
For Netherlands
Dutch Data Protection Authority: Autoriteit Persoonsgegevens
Postbus 93374 2509 AJ DEN HAAG.
Telephone number: (+31) - (0)70 - 888 85 00.
GÉANT’s registration number in Netherlands is FG004357
For United Kingdom
Information Commissioners Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
https://ico.org.uk/global/contact-us/
GÉANT’s registration number in the UK is ZA187860