Welcome to the EOSC Future wiki!

IMPORTANT: Please be aware that this Wiki space is no longer actively maintained. The information in it applies to the discontinued EOSC Marketplace and Provider Portal, which have been replaced by the EOSC EU Node.
Information related to the EOSC EU Node is available via the official page <here>

Name of the service

EOSC Future Confluence and Jira

Description of the service

The EOSC Future Confluence (wiki) and Jira (ticketing system) (hereinafter referred to as: “the service” ) support the EOSC Future project's activities. Personal data is used to provide access to the service  with the proper access levels.

This privacy notice describes how we, Technopolis Group Belgium, (hereinafter referred to as "we" or "TGB" or "the Data Controller"), collect and process data by which you can be personally identified (“Personal Data”) when you use the service.

Data controller

Technopolis Group Belgium
Avenue de Tervueren 188A
1150 Brussels
Belgium

Data processors

  • EGI Foundation: service operator and manager
  • CESNET: resource provider, sub-contracted data processor of EGI Foundation

Data protection officer

Agis Evrygenis, TGB Managing Partner
agis.evrigenis@technopolis-group.com
Avenue de Tervueren 188A
1150 Brussels
Belgium

Jurisdiction and supervisory authority

Jurisdiction: BE, Belgium

TGB’s lead supervisory authority is the Belgian Data Protection Authority “Gegevenbeschermingsautoriteit – Autorité de protection de données”. They can be contacted at www.dataprotectionauthority.be 

Personal data processed

The service may process the following personal data:
Identification data:

  • Name
  • Identification numbers (as provided by identity providers)
  • E-mail address
  • Affiliation
  • IP address

Behavioural data:

  • Usage data
  • Technical logs with timestamps

Data allowing conclusions on the personality:

  • Membership information on roles and groups

Purpose of the processing of personal data

The purpose of the collection, processing and use of the personal data mentioned above is:

  • To provide the service functions, i.e. to identify users and provide access to Confluence and Jira with the proper access levels.
  • To monitor and maintain service stability, performance and security

Legal basis

The legal basis for processing personal data is: Legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR.

Third parties to whom personal data is disclosed

Personal data will not be used beyond the original purpose of their acquisition. If a forwarding to third parties should be necessary to answer an inquiry or to carry out a service, the consent of the data subject is considered to have been given by entering in a contract when using the respective function or service. In particular, the data you provide to us will not be used for advertising purposes.
 
For the purpose given in this privacy policy, personal data may be passed to the following third parties:
 
Within the EU / EEA:

  • Confluence and Jira users, space and project managers
  • The records of your use and technical log files produced by the service components may be shared for security incident response purposes with other authorised participants in the academic and research distributed digital infrastructures via secured mechanisms, only for the same purposes and only as far as necessary to provide the incident response capability where doing so is likely to assist in the investigation of suspected misuse of Infrastructure resources.

Outside the EU / EEA:

  • Confluence and service users, space and project managers


Any data transfer to a third country outside the EU or the EEA only takes place under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this privacy policy and any related policies adopted by the EGI Federation.

Your rights

You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:

  • Information about your data stored with us and their processing
  • Correction of incorrect personal data
  • Deletion of your data stored by us
  • Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations
  • Objection to the processing of your data by us
  • Data portability

To access and rectify the data released by your home organisation (e.g. your university, research institute or any other identity provider), you should contact them.

You can complain at any time to the supervisory Data Protection Authority (DPA) responsible for you. Your responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at https://edpb.europa.eu/about-edpb/board/members_en.

You can contact the Data Controller's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.

Data retention and deletion

Your personal data associated with your account is kept as long as your account is active. Your account can be deactivated on request.
The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months. As required by EC-funded projects, data added to Jira/Confluence will be retained for 5 years from the end of the project.

Data protection code of conduct

Your  personal  data  will  be  protected  according  to  the
Code  of  Conduct  for Service  Providers,  a  common standard  for  the  research  and  higher  education sector to protect your privacy:
http://www.geant.net/uri/dataprotection-code-of-conduct/v1

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.



Based on AARC Policy development kit (licenced under CC BY-NC-SA 4.0)

  • No labels