version 1.0 - November 17, 2020
Name of the Service | MyAcademicID Identity and Access Management Service for the European Student Card Initiative [from now on referred to as the Service] |
---|---|
Description of the Service | The Service enables students and faculty of Higher Education Institutions (HEIs) to authenticate and identify themselves to the services of the European Student Card Initiative and services directly supporting the digitisation of Erasmus+, referred to hereafter as “Connected Services”, that support and enable the student mobility process. Leveraging the ubiquitous presence of eduGAIN and eIDAS federated identities, the Service enables the [Connected Services] to use the academic attributes that are available through the HEI federated logins provided in combination with the national eID of the users participating in student mobility. This privacy notice describes how we process the personal data of you – data subject – when you use the Service. |
Data controller and a contact person | GÉANT VERENIGING (Association) – registered with the Chamber of Commerce in Amsterdam with registration number 40535155 with its registered address at Hoekenrode 3, 1102 BR, Amsterdam, The Netherlands (hereinafter referred to as: “we” or “GÉANT”) is the data controller. GÉANT has appointed a Data Protection Officer, who can be contacted at: gdpr@geant.org Additionally, you can contact the [GEANT eduTEAMS Support Desk] |
Jurisdiction and supervisory authority | NL, The Netherlands |
Personal data processed | During your use of the Service we may process and record the following data:
You may choose not to provide certain information, but this may mean you will not be able to access the [Connected Services] through the Service. Additionally, during your activity on the Service we keep technical log consisting of the following data:
|
Purpose of the processing of personal data | The legal basis for processing your personal data is the GÉANT legitimate interest consisting of:
which are not overridden by the interests or your fundamental rights and freedoms as the data subject. |
Recipients | The Service may release your personal data to the Connected Services. Data release will be done via secured mechanisms and according to the sections 2.f and 2.l of the Data Protection Code of Conduct [Code of Conduct]. At the [Connected Services page you can find the list of all the services that can be accessed through the Service. Statistical data is gathered based on the technical logs. This data is anonymized and does not contain any personal data. Statistical data may be made publicly available by the Service. |
Data storage | All data processed by the Service is stored within the EU/EEA. The Service is operated under the jurisdiction of the Data Controller. The [Connected Services] that you access through the Service, process and store your data within the EU/EEA. |
Data retention | Personal data associated with your account on the Service is kept while you are active in the Service and for a period of 6 months after your account has been deactivated. Technical logs and related information are kept independently in order to guarantee the security of the infrastructure and its optimization and will be retained for no longer than 18 months. |
Security | GÉANT takes the confidentiality, integrity and availability of your personal data very seriously. We take appropriate security precautions to protect your personal data from loss, misuse, unauthorised access, disclosure, alteration and destruction. In particular, access to technical log data is restricted and can only be accessed in a secure way by authorized personnel. When accessing the Service we will have adequate security controls in place to keep your personal data safe in accordance with the classification of the personal data we have collected from you. Although we endeavour to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:
|
Your rights | You may access and modify your user profile on the Service through the [User profile Page]. If you have any additional questions connected with your data protection rights, contact [GEANT eduTEAMS Support Desk] To access and/or modify the data that is being released by your Identity Provider (e.g. your university or research institute), contact your Identity Provider’s support helpdesk. You may object to further processing of your personal data by the Service by deactivating your user account on the Service. You can request for your user account on the Service to be deactivated at any time by contacting the [GEANT eduTEAMS Support desk]. Your account will be automatically deactivated, if you have not logged on to the Service for more than 12 consecutive months. You can reactivate your account, by logging on to the Service within 6 months after the deactivation of your account. You have the right to file a complaint to the Dutch Data Protection Authority [Autoriteit Persoonsgegevens] |
Data Protection Code of Conduct | Your personal data will be protected according to the Code of Conduct for Service Providers [Code of Conduct], a common standard for the research and higher education sector to protect your privacy. |
References | [User Profile Page] - https://mms.myacademicid.org/profile/ [Autoriteit Persoonsgegevens] - https://autoriteitpersoonsgegevens.nl [Code of Conduct] - http://www.geant.net/uri/dataprotection-code-of-conduct/v1 [Connected Services] - Connected Services |
Contact | [GEANT eduTEAMS Support Desk] - support@eduteams.org |