This policy is effective from 2023-06-01.
1. Name of the Service
Helmholtz Cloud Portal
2. Description of the Service
Helmholtz Cloud Service Catalogue
3. Data Controller and a contact person
Deutsches Elektronen-Synchrotron DESY
Tel. +49 (0)40 89980
For requests related to the use of individual Helmholtz Cloud services please contact the corresponding service owner.
4. Data Controller's data protection officer (if applicable)
Tel. +49 (0)40 8998 2553
5. Jurisdiction and supervisory authority
Der Hamburgische Beauftragte für Datenschutz und Informationsfreiheit
Ludwig-Erhard-Str 22, 7. OG
Tel: +49 (0) 40 428 54 - 4040
6. Personal data processed and the legal basis
- A. Personal data retrieved from your Home organisation:
- your unique user identifier (SAML persistent identifier) *
- your role in your Home Organisation (eduPersonAffiliation attribute) *
- your name and preferred username*
- your email address and verification status of email address *
- your eduPersonEntitlements: e.g., AAI group memberships *
- B. Personal data gathered from yourself
- logfiles on the service activity *
- error reports which may contain personal information *
- performance metrics which may contain personal information *
- Information related to usage of the service, e.g., resource requests or deprovisioning requests *
* = the personal data is necessary for providing the Service. Other personal data is processed because you have consented to it.
7. Purpose of the processing of personal data
The personal data is required to provide you with the Helmholtz Cloud Portal service. Saving personal data in log files and error tracking or metrics systems occurs to ensure the functionality of the website and the security of our information technology systems. The legal basis for data storage is Article 6, Paragraph 1 f GDPR (legitimate interest).
8. Third parties to whom personal data is disclosed
When using certain functionality of the Helmholtz Cloud Portal your data will be disclosed to third parties:
- __Host-csrftoken: Mitigating cross-site attacks
- __Host-portal_token: Securing access to your profile information
- __Host-sessionid: allowing you to stay logged in
10. How to access, rectify and delete the personal data and object to its processing
Contact the contact person above. To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk.
11. Withdrawal of consent
You can withdraw consent of processing of your personal data anytime by sending an email to firstname.lastname@example.org.
12. Data portability
Contact the contact person above to request a copy of your personal data.
13. Data retention
Personal data is deleted on request of the user.
Retention policies apply for the following data:
- Logs: 14 days
- Database backups: 30 days
- Error reports: 28 days
- Other data: deleted on request by the user (e.g., resource provisioning data)
© Owned by the authors and made available under license: https://creativecommons.org/licenses/by-nc-sa/4.0/