Description of the eduroam Service
The eduroam service do we have a standard description? eduroam (education roaming) is a secure, world-wide roaming access service developed for the international research and education community. eduroam allows any user from an eduroam participating site to get network access at any institution connected to eduroam.
The eduroam roaming consortium is comprised of many legal entities. GÉANT is the body which is responsible for the international coordination and interoperability of eduroam. As such GÉANT operates a number of services for the eduroam consortium on the European level, some of which store data about ongoing usage by end users. Those services at a European level are maintained by eduroam Operations Team (OT). This privacy policy concerns part of the eduroam consortium that is operated and maintained by GÉANT including, but not limited to, the following services: the European international authentication proxy infrastructure, European F-Ticks collection and the eduroam Configuration Assistant Tool (CAT).
...
- When you roam and visit other countries, the eduroam OT will receive the following data: your realm (denoting your institution and federation), your IP and MAC addresses. We can also receive your username if the visited institution choose to not anonymise this data. When you roam to another institution within your home country we don’t receive any data because the European international authentication proxy infrastructure is not included in that process. The service has a legitimate interest in processing this information.
- When you roam and visit other countries or other institutions within your federation we may also process the following data for monitoring, measuring and reporting services: visited federation, producer of your NIC card and authentication outcome. We can also receive your username and your MAC address if visited institution choose to not anonymise this data and name of the visited institution if the visited federation choose to send this data. The service has a legitimate interest in processing this information.
- As part of supporting activities we maintain several public web sites (e.g. web of CAT service) where we collect normal web server logs, i.e. timestamp of access, IP address which requested the page, the page being requested, the HTML result code, etc. The data collected is for the purpose of troubleshooting and debugging potential problems of with eduroam web servers and therefore the service has a legitimate interest in processing this information.
- As part of administration activities, the eduroam Operational Team maintain a database of contacts for National Roaming Operators only. We process contact name, email address and phone numbers of Operator contacts to support incident response and operational information flow for between the Operators and the eduroam OT. This information is only accessible by the eduroam OT and is provided with the consent of the NROs.
- TO DO: CAT.
- TO DO: eduroam Managed IdP.
Who Do We Share Data With?
Personal data gathered for website statistics is only shared within the GÉANT Association . (do we collect any data on eduroam cat stats etc?).and the eduroam Operational Team for analysis and reporting.
All other data is held and processed only by the eduroam OT. (is this true?)
...
| Data Controller and Contact | Data Protection Officer GÉANT Association | Data Processor | (add addresses and contacts)|
| Jurisdiction | Netherlands Dutch Data Protection Authority |
...