Page tree
Skip to end of metadata
Go to start of metadata
123456789101112131415
Name Personal Data Special Category  Data FormatData
Subject 
PurposeLegal
bases 
Location
of PD 
Retention PeriodController Contacts Processor Contact Transfer Recipient Controls implemented Interfaces
eduPKI operations - personal identification form for Registration AuthoritiesSurname and given name, Phone number (work), E-mail-address (work), Signature with date and place, Name of eduPKI PMA member performing the identification, Signature of eduPKI PMA member performing the identification with date and placeNo

Paper

F-ID-en-1.1.pdf

RA personnel, eduPKI PMA membersto identify RA personnelGermany, DFN-CERT1 year after expiry of the certificateGÉANTDFN-CERTnot transferedN/ALocked cabinet in a locked office on DFN-CERT premisesPaper form stored at DFN-CERT. Access by eduPKI PMA
eduPKI operations - certificate application form

Fingerprint of Public key, contact e-mail-address, Surname and given name, E-mail-address to be included in certificate, Signature of applicant, Signature of Registration Authority approving the request

No

Paper or file (PDF form or scan of paper form)

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

applicants for certificate (server or personal)to receive user's request and identify applicant

(b) contract

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

Latest CP/CPS: https://www.edupki.org/fileadmin/Documents/eduPKI-CA-CP-CPS.pdf


Germany, DFN-CERT;

Croatia, SRCE,

Luxemburg, RESTENA;

Great Britain, GEANT


1 year after expiry of the issuing CAGÉANTDFN-CERT, SRCE, RESTENA, GEANTnot transferedN/A

Locked cabinet in a locked office on DFN-CERT premises;

similar on premises of SRCE, RESTENA, GEANT

Paper form stored at Registration Authority. Access by eduPKI Registration Authority (currently DFN-CERT, SRCE, RESTENA, GEANT)

eduPKI operations - request dataPublic key, contact e-mail-address, Surname and given name of applicant (user), E-mail-address to be included in certificate, User-created PIN,NoDigitalapplicants for certificate (server or personal)to receive user's request and identify applicant

(b) contract

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

Latest CP/CPS: https://www.edupki.org/fileadmin/Documents/eduPKI-CA-CP-CPS.pdf


Germany, DFN-CERT

1 year after expiry of the issuing CA, if no certificate was created within 180 days of request data submission, request data is deleted

GÉANTDFN-CERT, SRCE, RESTENA, GEANTnot transferedN/A

eduPKI CA system

operation systems' and DB permissions

TLS-client authentication to access

Stored in database operated in infrastructure of DFN-CERT. Access by designated DFN-CERT PKI operations personnel and by eduPKI Registration Authority (currently DFN-CERT, SRCE, RESTENA, GEANT)
eduPKI operations - revocation request dataSerial number of certificate to be revokedNoDigitalapplicants for certificate revocationto receive user's request

(b) contract

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

Latest CP/CPS: https://www.edupki.org/fileadmin/Documents/eduPKI-CA-CP-CPS.pdf


Germany, DFN-CERT1 year after expiry of the issuing CAGÉANTDFN-CERT, SRCE, RESTENA, GEANTnot transferedN/A

eduPKI CA system

operation systems' and DB permissions

TLS-client authentication to access

Stored in database operated in infrastructure of DFN-CERT. Access by designated DFN-CERT PKI operations personnel and by eduPKI Registration Authority (currently DFN-CERT, SRCE, RESTENA, GEANT)
eduPKI operations - log and audit trailAll data from Dataset “eduPKI operations - request data”, All data from Dataset “eduPKI operations - revocation request data”, IP addressNoDigitalapplicants for certificate (server or personal), applicants for certificate revocationReliable audit trail to create an high assurance level for PKI operations

(b) contract

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

Latest CP/CPS: https://www.edupki.org/fileadmin/Documents/eduPKI-CA-CP-CPS.pdf

eduPKI-RA-Template_1.2.pdf

Gernany, DFN-CERT1 year after expiry of the issuing CAGÉANTDFN-CERTnot transferedN/A

eduPKI CA system

operation systems' permissions

Stored on servers operated in infrastructure of DFN-CERT. Access by designated DFN-CERT PKI operations personnel
eduPKI operations - certificate dataX.509 certificate with public key, names, validity dates and email-addresses described as below, Surname and given name of user (for personal certificates only), E-mail-address in certificate (optional for server certificates, mandatory for personal certificates)NoDigitalusers of the eduPKI serviceto provide eduPKI service

(b) contract

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

Latest CP/CPS: https://www.edupki.org/fileadmin/Documents/eduPKI-CA-CP-CPS.pdf


Germany, DFN-CERT1 year after expiry of the issuing CAGÉANTDFN-CERT, SRCE, RESTENA, GEANTCertificates and its contained data may be shared via a public web search, if the subscriber agreed to publish the certificate during certificate application time.N/AeduPKI CA system, operation systems' and DB permissions

Stored in database operated in infrastructure of DFN-CERT. Access by designated DFN-CERT PKI operations personnel and by eduPKI Registration Authority (currently DFN-CERT, SRCE, RESTENA, GEANT)

eduPKI operations - revocation status data CRL and OCSPSerial number of X.509 certificateNoDigitalusers of the eduPKI serviceto provide eduPKI service

(b) contract

eduPKI-CA-server-certificate-application-form.pdf

eduPKI-CA-user-certificate-application-form.pdf

Latest CP/CPS: https://www.edupki.org/fileadmin/Documents/eduPKI-CA-CP-CPS.pdf


Germany, DFN-CERT1 year after expiry of the issuing CAGÉANTDFN-CERTnot transferedN/A

eduPKI CA system, operation systems' and DB permissions

Public read access.

Stored in database operated in infrastructure of DFN-CERT. Access by designated DFN-CERT PKI operations personnel.

Public read access.

Name Personal Data Special Category  Data FormatData
Subject 
PurposeLegal
bases 
Location of PD Retention PeriodController Contacts Processor Contact Transfer Recipient Controls implemented Interfaces

Instructions 

The table above should be filled with all data which is collected or processed by Geant Services according with Article 30 from GDPR. Below are described all the table's points and also the information they shall be provided to complete this exercise. You can find as well the match between GDPR requirements and the points from Data Mapping marked with (). 

1 Name - Name of the service or project and dataset, if applicable; 

2 (30 1c) Personal Data - Any information relating to an identified or identifiable natural person, it means that could be identified, directly or indirectly through this data,

  • Name, 
  • Birth dates
  • Address
  • Email address, IP address, Mac Address,
  • Id card, social security number, VAT number
  • Job title, academic qualifications, 
  • Banking details;

3 (30 1c) Special Category -   Check if special categories of personal data are processed, eg. racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation. Article 9 of GDPR describes Special categories of Personal data a that can revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation shall be prohibited. 

  • Medical records
  • Genetic and biometric data 
  • Ethnic origin
  • Political opinions
  • Membership of a trade union
  • Religion
  • Sexual orientation
  • Criminal activity (criminal records)

4 Data Format -  Physical or Digital;

5 Data Subject -  Natural persons who's personal data are collected and processed; 

6 (30 1b) Purpose -  What is the purpose of data collecting and processing. Personal Data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;

7 Legal Bases -  Describe legal bases for data processing as defined in Article 6, one of the following: (a) consent, (b) contract, (c) legal obligation (law), (d) protect vital interest of data subject of another person, (e) public interest or exercise of official authority (law), (f) legitimate  interests Eg.:Contract, Clauses, Terms and Conditions, Agreements, Disclaimers, etc. 

8 Location of Personal Data - Where personal data are stored, database/server, country; 

9 (30 1f) Retention Period - The Personal Data only should be keep for the period previous defined based on Business, Legal or Contratual purposes or Obligations; 

10 (30 1a) Controller Contacts -  The controller means the natural legal person (authority, agency or other body), that is responsible to determines the purposes and means of the processing of personal data. This point should include the contacts of the Data Protection Officer nominated.  

11 (30 1a) Processor Contacts - The processor means a natural or legal person (authority, agency or other body), witch processes personal data on behalf of the controller. If applicable, this point should include the contacts of the Data Protection Officer nominated. 

12 (30 1e) Transfer  - Description of other services, systems, applications, databases where data are being sent.

13 (30 1d) Recipient -  If applicable, name recipient of personal data; 

14 (30 1g) Controls Implemented - Describe what controls are in place to protect personal data as definied in Article 32, (a) pseudonymisation, encryption; (b) confidentiality, integrity, availability and resilience; (c) backup; (d) regularly testing, assessing and evaluating the effectiveness of technical and organisational measures.Eg.: Anonymised (Encryption) 32a) /  Backup 32 c) / Encrypted Channel 32 b) /Access Control 32 2);

15 Interfaces - Who receive and who send personal data- Service, Applications / What are the channels used for communication / What kind of services are connected eg. internet, firewall, storage devices (Cloud Systems);