Privacy Policy

This policy is effective from 2023-06-01.

1. Name of the Service

Helmholtz Cloud Portal

2. Description of the Service

Helmholtz Cloud Service Catalogue

3. Data Controller and a contact person

Deutsches Elektronen-Synchrotron DESY
Notkestrasse 85
22607 Hamburg
Tel. +49 (0)40 89980

Email: desypr@desy.de

Website: https://www.desy.de

For requests related to the use of individual Helmholtz Cloud services please contact the corresponding service owner.

4. Data Controller's data protection officer (if applicable)

Carsten Porthun
Notkestrasse 85
22607 Hamburg
Tel. +49 (0)40 8998 2553
Email: datenschutz@desy.de

5. Jurisdiction and supervisory authority

DE-HH

Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
20459 Hamburg

Tel: +49 (0) 40 428 54 - 4040

Email: mailbox@datenschutz.hamburg.de

6. Personal data processed and the legal basis

  • A. Personal data retrieved from your Home organisation:
    • your unique user identifier (SAML persistent identifier) *
    • your role in your Home Organisation (eduPersonAffiliation attribute) *
    • your name and preferred username*
    • your email address and verification status of email address *
    • your eduPersonEntitlements: e.g., AAI group memberships *
  • B. Personal data gathered from yourself
    • logfiles on the service activity *
    • error reports which may contain personal information *
    • performance metrics which may contain personal information *
    • Information related to usage of the service, e.g., resource requests or deprovisioning requests *

* = the personal data is necessary for providing the Service. Other personal data is processed because you have consented to it.

7. Purpose of the processing of personal data

The personal data is required to provide you with the Helmholtz Cloud Portal service. Saving personal data in log files and error tracking or metrics systems occurs to ensure the functionality of the website and the security of our information technology systems. The legal basis for data storage is Article 6, Paragraph 1 f GDPR (legitimate interest).

8. Third parties to whom personal data is disclosed

When using certain functionality of the Helmholtz Cloud Portal your data will be disclosed to third parties:

  • A. when using the feedback form or the deprovisioning functionality your data will be sent to the HIFIS Helpdesk. The service's data privacy policy can be found here: https://support.hifis.net/privacy.html
  • B. When using the Portal to request resources your information will be sent to the service. Please note services might disclose your personal information to third parties or store and/or process your information in third countries outside the EU. For more information please review the service's privacy policy.

9. Cookies

Some of our websites/web applications use cookies. Cookies are text files that are saved on the user's computer system in or by the browser software. If a user accesses a website, a cookie can be stored on their system. This cookie contains a unique identification code that enables the user's browser to be recognised when the user revisits the website. Furthermore cookies perform security functions on the Helmholtz Cloud Portal. The following cookies are set:

  1. __Host-csrftoken: Mitigating cross-site attacks
  2. __Host-portal_token: Securing access to your profile information
  3. __Host-sessionid: allowing you to stay logged in

Cookies are saved on the user's computer and transferred from there to our site. Therefore you as user have full control over the use of cookies. By adjusting your browser settings you can deactivate or restrict the transfer of cookies. Cookies already saved can be deleted at any time and they can also be deleted automatically, but deletion may result in restricted usability of some of the functions of our website.

10. How to access, rectify and delete the personal data and object to its processing

Contact the contact person above. To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk.

11. Withdrawal of consent

You can withdraw consent of processing of your personal data anytime by sending an email to support@hifis.net.

12. Data portability

Contact the contact person above to request a copy of your personal data.

13. Data retention

Personal data is deleted on request of the user.

Retention policies apply for the following data:

  • Logs: 14 days
  • Database backups: 30 days
  • Error reports: 28 days
  • Other data: deleted on request by the user (e.g., resource provisioning data)

© Owned by the authors and made available under license: https://creativecommons.org/licenses/by-nc-sa/4.0/
Other Sources / Attribution / Acknowledgements: “The AARC Privacy Policy”, used under CC BY-NC-SA 4.0.