​GÉANT Privacy Notice



Introduction

GÉANT Association is dedicated to safeguarding the personal data that we process, as well as to developing and applying data protection solutions that are effective, fit for purpose and demonstrate an understanding of, and appreciation for the General Data Protection Regulation 679/2016 (GDPR) as well as applicable national data protection legislation.


We are committed to ensuring ongoing and continued compliance with data protection legislation and guidance provided by the supervisory authorities with regard to our business as a whole and all of our service offerings.


This Privacy Notice concerns the processing of your personal data for which we are the Data Controller, in other words, GÉANT collects personal data directly or indirectly from you and decides the personal data needed to provide you a service, the purposes for which your personal data is being collected, how it is stored, shared and for how long will be retained.


Considering the significance of this responsibility, GÉANT works on a daily basis to put in place adequate measures and controls to protect your personal data, improve them and ensure that you can exercise your rights at any time. 



Data Protection Officer 

GÉANT has appointed an internal Data Protection Officer (DPO), for you to contact if you have any questions or concerns about the way GÉANT is processing your personal data. Together, GÉANT’s DPO and GDPR team are working to provide you accurate information and implement the measures to protect your privacy. 


The GÉANT’s DPO’s name and contact information are as follows:


Ana Alves 

GÉANT Vereniging (Association)

Hoekenrode 3, 1102BR Amsterdam, The Netherlands

gdpr@geant.org 

Tel. number: +31 20 530 4488 


How does GÉANT Collect and Process your Personal Data? 

GÉANT Events

Throughout the year, GÉANT organises, hosts and promotes many events globally, including with face-to-face as well as virtual participation.


In this context “events” shall be understood as any event, seminar, conference, training session, webinar, info-share, networking event, task force and/or special interest group meeting, workshop, social event or other gathering organised by GÉANT.


If you register for one of our events we may collect, depending on the nature of the event, the following information from you or someone within your organisation:

  • Name
  • Organisation or affiliation
  • Email address
  • Address
  • Contact telephone number
  • Job title (when requested) 
  • Payment information (when requested)
  • Dietary requirements (optional)
  • Any special requirements (optional) 
  • Specific accessibility requirements (optional)
  • Level of education and/or prior knowledge (optional)

During the event, GÉANT may capture some collective and individual images, audio or video recordings, and collect information provided by others (especially during training sessions), to evaluate your performance as a speaker or as a trainer. We could also make and store a recording of your voice in certain instances. GÉANT may use this information, including your personal data, in online communication channels such as social media pages, websites and blogs. 


If you are a speaker at one of our events, we will also collect information including your name, institution/company and contact information.  We may invite you to provide more information about you. GÉANT will keep this information available on its websites or wiki pages for an indefinite period of time for educational purposes, but you are able to delete your own personal data at any time.


This information, that could include pictures and an abbreviated biography (optional in both cases, and always provided by you), is managed by GÉANT. Rectification and removal requests can be submitted to the GÉANT staff member responsible for the event, or, depending on the event, may be edited directly and managed via your account.


GÉANT relies on a legitimate interest for collecting, storing and processing the information mentioned above.


During or after the event, GÉANT might contact you to collect your feedback about your experience, ascertain event impact or manage a post-event collaboration. For this purpose, GÉANT may collect additional personal data such as gender, level of education, age group. This personal data will be anonymised and will be used for the purposes of reporting and statistics. 


Events held with third parties

If the event is being jointly run with or sponsored by a third party, this will be clearly communicated to you. If your personal data is to be shared with a third party, sponsors, exhibitors, it will be clearly specified on the event website or invitation. To understand how a third party will use your data, GÉANT will provide you a link to the third party’s Privacy Notice or otherwise inform you how to obtain a copy of it. 


GÉANT develops the services that its members need in order to provide support for researchers, educators and innovators - at national, European and international levels. Our portfolio of advanced services covers connectivity and network management; trust, identity and security; real-time communications; storage and clouds and professional services. In order to provide you the best services, GÉANT may collect the following personal data from you, depending on the service that we are providing to you:


  • Name and affiliation
  • Username
  • Email address
  • Log records
  • IP address
  • SSH public key(s)
  • Technical log data
  • Device information
  • The region or general location where your computer or device is accessing the Internet
  • Unique device identifiers
  • Application ID
  • Contact information that is required for operational purposes by individual administrators from identity providers, service providers, Authentication & Authorisation, and Identity Federations is collected in the metadata published by Identity Federation and Location information, e.g. what university or institution you are logging in from.

For more details, please consult our Services Privacy Notices, available on the official websites for each service. 


GÉANT uses this information to provide you with the services you wish to use including:

  • to present content from the services you requested in an effective manner to you;
  • to carry out contractual obligations arising from any contracts entered between you and us or your service provider;
  • to register you for events and other services you have requested;
  • to assist us in maintaining records of events for internal and external security and audit purposes;
  • to respond to any concerns or queries you have in relation to our services or websites;
  • to help diagnose problems with our servers and to administer our websites, analyse trends, track visitor movements and gather broad demographic information that assists us in identifying visitor preferences;
  • to help you collaborate with others, some services provide different ways authorised users can collaborate, such as shared communication channels and services;
  • to provide you with information, products or services that you request from us or which we think may be of interest to you;
  • to help us deliver a better service to you, we may collect certain technical information that does not directly identify an individual: such information tells us about the equipment you are using, browsing actions, the resources accessed and the operating systems used; we use analytics and similar services, as explained in our Cookie Policy to help us deliver a better service to you;
  • to contact you about our services or related services;
  • to ensure that the data you provide remains safe and secure by using appropriate monitoring and auditing mechanisms.
  • For certain services, we collect personal information under the direction of our clients (e.g. an entity like a university that subscribes to the services for use by the entity’s personnel).
  • We may engage with Third Party Services; when enabled by you we may share data with them to enable their services to operate effectively. It is your responsibility to check the privacy setting and notices in these Third-Party Services. 
  • We may engage Third Party Service Providers to process information and provide storage services. GÉANT will ensure that appropriate security controls are in place with any Third-Party Provider.
  • We may use aggregated or de-identified data for other purposes such as identified users from specific countries or average time using services.

GÉANT may be acting as a Data Processor operating a service provided to you by someone else such as a university or a research establishment. For information about these services, you should contact the appropriate Data Controller directly for their Privacy Notices. 


Some data collected is used for the generation of usage statistics that are publicly available, and for reporting to the European Commission or other relevant stakeholders.


The services have a legitimate interest in processing this information that is not overriding your rights and freedoms. 


If you are unwilling or unable to provide us with the necessary personal information required to provide you with the services we are engaged in then we will try to provide the service but it may prove impossible.  


GÉANT has several channels to provide you with content, such as blog, websites, Connect magazine, social media pages managed by GÉANT, newsletters and mailing lists. 


The subscription for GÉANT publications is provided on a voluntary basis and you can at any time unsubscribe. We may need your email address to be provided in order to send you GÉANT publications. 

GÉANT relies on a legitimate interest to process your personal information for purposes of fulfilling your request to receive our publications.


GÉANT’s recruitment process is made through our official website and managed by Networx, which works as the Data Processor under GÉANT (Data Controller) guidance. The security and privacy measures provided by Networx were evaluated by us in line with GDPR. 


Hence, when you apply for a vacancy through the GÉANT website you are under the Candidate Privacy Notice.



Website

The GÉANT websites, in order to provide you a better performance and experience, collect certain information automatically and store it in log files. We use this information to help us design our sites to better understand your needs and requirements. Our websites also use cookies and web beacons.    



Google Analytics 

GÉANT uses Google Analytics to track how often people gain access to or read our content. We use this information in the aggregate to understand what content our members find useful or interesting, so we can produce the most valuable content to meet your needs.


We use Google Analytics to track the numbers of visitors to our site but do not collect any personal information or store IP address locally on our site. This is only used to monitor the number of hits on our pages and location at the country level therefore we cannot track or trace individual users or their physical addresses. If you would like to opt out please use the Google Analytics Opt-out Browser Add-On.  



Cookies

What are cookies? A cookie is a small text file that is stored on the web browser on your computer when you visit a website. Cookies do lots of different jobs, like letting you navigate between web pages efficiently, remembering your preferences, and generally improving the user experience. 


By using our websites, you agree that we can place these types of cookies on your device, however you can block these cookies using your browser settings (there are instructions below on how to do this).

GÉANT recommends you to accept and use cookies. A full Cookie Policy can be seen by clicking here which will provide further details on:


  • How we use cookies;
  • How to enable/disable cookies;
  • How to change cookie settings;
  • The cookies used on the websites;
  • Third party cookies.


Attendee lists will be kept no longer than 4 years.

Photographs of events will be stored and archived for an unlimited period. 

Feedback forms will be retained no longer 4 years. 


  • Training 
Attendee lists will be kept no longer than 4 years.
Photographs of events will be stored and archived for an unlimited period. 

  • Meetings 
Attendee lists will be kept no longer than 4 years.

Your personal information (name, contact details, workplace) is stored for the duration of your use of the services provided and an additional 12 months after you cease using our services. GÉANT keeps this data in order to deal with any queries that may arise following your use of our services. You can consult the retention periods for each GÉANT service on the respective website. 


GÉANT will retain your information so long as you wish to remain a subscriber to one or more of our publications. 


Personal data relating to candidates who are unsuccessful will be retained for a maximum of 12 months after a hiring decision has been made (unless you have asked us to retain your details to allow us to notify you of any similar vacancies in the future). After this time, it will be securely destroyed and permanently deleted. If you start work with us, any personal data processed as part of your employment records will normally be held for a period of 7 years from the end of your employment with us, except where we are: 


  • legally required to retain the information for longer; 
  • legally required to delete the information within a specified period; 
  • required to supply personal data in relation to any legal or other type of dispute, either with you or with a third party. 

Any personal data contained in any work-related correspondence may be retained for longer, dependant on the relevant retention period for that work or matter. 


In certain circumstances data may be retained longer for archiving in the public interest, scientific or historic research purposes.



When and how we share information with others

GÉANT will share your personal data with third parties only in ways that are described in the Privacy Notice.


We provide and support some of our services through contractual arrangements with service providers and other third parties. GÉANT and our service partners use your personal data to operate our website(s) and provide services and events to you.


The personal information GÉANT collects from you is stored in one or more databases hosted by third parties that may be located within the EU or outside the EU. These third parties do not use or have authority to access to your personal data for any reason other than cloud storage and retrieval.  


We will also disclose personal data in the following circumstances:


  • if we are required or permitted to do so by law, regulatory or other legal process;
  • to protect our rights, reputation, property or the safety of us and others;
  • to defend or enforce our rights or your obligations.

We do not sell personal information to anyone or share it with third parties who are facilitating the delivery of other services.  



Transferring Personal Data from the EU

GÉANT is headquartered in The Netherlands (NL), with another office based in Cambridge, England (UK). Personal Data we collect about you will generally be processed in these locations. GÉANT endeavours to apply suitable safeguards to protect the privacy and security of your personal data and to use it only within the authorisation you have given and the practices described in this Privacy Notice.


In some cases, GÉANT may transfer your personal data to countries outside the European Economic Area (EEA), for example if we use a third party for processing services or storing data or for obtaining feedback on one of the services or events we provide. If we do transfer personal data to third countries, we will ensure that such transfers are compliant with our obligations under relevant data protection legislation and that appropriate technical and operational controls are in place to keep your personal data secure.


If personal data is transferred from the EU to the USA, the EU-US Privacy Shield will be used. This framework was developed to enable companies to comply with data protection requirements when transferring personal data from the EU to the USA.


GÉANT also minimises the risk to your rights and freedoms by not collecting or storing any sensitive information about you without your explicit consent. 



Data Subject Rights 

You have the following rights regarding your personal data:


  • You have the right to request access to your data.

  • You have the right to ask us to rectify your personal data.

  • You have the right to ask us to erase your personal information.

  • You have the right to object to your data being processed by us.

You also have the right to inquire what personal data we hold about you, and to present a complaint to the Supervisory Authority (Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl) about our personal data processing activities if you feel your personal data is not being managed as described here.



Automated Processing 

If some of our services use automated processing to detect and respond to problems more efficiently and you feel any decision made by any automated process has affected you in a way that is not acceptable, you can contact the GÉANT Data Protection Officer to ask us to review the results manually.   



Security of your Personal Data 

GÉANT takes the confidentiality, integrity and availability of your personal data very seriously. We take appropriate security precautions to protect your personal data from loss, misuse or unauthorised access, disclosure, alteration and destruction. When you access a GÉANT service, GÉANT will provide adequate security controls to keep your personal data safe in accordance with the classification of the personal data we have collected from you. 


Although we endeavour to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:


  • there are security and privacy limitations on the Internet which are beyond our control;
  • the confidentiality, integrity and availability of any and all information exchanged using these services cannot be 100% guaranteed; 
  • we cannot be held accountable for activity that results from your own neglect to safeguard the security of your login credentials and equipment that results in a loss of your personal data. 

If you feel this not sufficient then please do not provide any personal data. 



Changes and updates to the Privacy Notice

Services and products offered to you may change from time to time and this Privacy Notice will be updated appropriately. We reserve the right to amend the Privacy Notice at any time – in such case, an updated version of the Privacy Notice will be posted on our website and we encourage you to check it from time to time. We may email periodic reminders of our notices and terms that are currently in effect and any changes that may have been made to them.


GÉANT keeps this Privacy Notice under regular review; the last update was in November 2018. 



Questions, Concerns and Complaints 

The GÉANT Association head office is based in The Netherlands. Please let us know if you have any questions, complaints or concerns about how GÉANT processes your personal data or about this Privacy Notice, by contacting GÉANT’s Data Protection Officer: 


Ana Alves 

GÉANT Association

Hoekenrode 3 1102 BR - Amsterdam – Zuidoost- The Netherlands

Tel number: +31 20 530 4488 Email: GDPR@geant.org  


If you wish to raise a complaint directly with the relevant supervisory authority, their details are:  


For Netherlands

Dutch Data Protection Authority:  Autoriteit Persoonsgegevens 

Postbus 93374 2509 AJ DEN HAAG. 

Telephone number: (+31) - (0)70 - 888 85 00.


For United Kingdom

Information Commissioners Office

Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF

https://ico.org.uk/global/contact-us/  


GÉANT’s registration number is ZA187860