Privacy Notice

Name of the Service Pangeo@EOSC
Description of the Service

Pangeo is a worldwide community-centric, open, collaborative and scalable big geoscience data analytic ecosystem where scientists, developers, and research software engineers can contribute to developing software and infrastructure and work on Big Data Geoscience research problems.

Pangeo@EOSC is the deployment of the Pangeo ecosystem on the European Open Science Cloud (EOSC).

Data controller

Simula Research Laboratory Kristian Augusts gate 23 0164 Oslo Norway

Contact: Anne Fouilloux

Jurisdiction and supervisory authority

Jurisdiction: NO, Norway

Simula’s lead supervisory authority is the Norwegian Data Protection Authority. They can be contacted at: https://www.datatilsynet.no/en/about-us/contact-us/how-to-complain-to-the-norwegian-dpa/

Personal data processed

The following categories of personal data may be processed by Pangeo@EOSC as part of providing the service. Personal data that may be transmitted or stored as part of the usage of the resources brokered through Pangeo@EOSC are not taken into consideration.

Identification data:
  • Name
  • Identification number
  • E-mail address
  • Affiliation
  • IP address
  • Affiliation
Behavioural data:
  • Usage data
  • Technical logs with timestamps
Data allowing conclusions on the personality:
  • Membership information about VO/role/group
Purpose of the processing of personal data

The purpose of the collection, processing and use of the personal data mentioned above is:

  • To provide the service functions, i.e. users to manage their notebooks on the resources they can access.
  • To allow administrators to manage the service, managing orders and the user groups.
  • Identify the users or the administrators accessing the service and track usage of resources for accounting, security management and maintaining service stability and performance.
  • Log, monitor, maintain and debug the operation of the services.
  • Detect possible abuse of the services.
Legal basis The legal basis for processing personal data is: Legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR.
Third parties to whom personal data is disclosed

Personal data will not be used beyond the original purpose of their acquisition. If a forwarding to third parties should be necessary to answer an inquiry or to carry out a service, the consent of the data subject is considered to have been given when using the respective function or service. In particular, the data you provide to us will not be used for marketing.

For the purpose given in this privacy policy, personal data may be passed to the following third parties:

Within the EU / EEA:
  • EGI Foundation, as contracted data processor, providing resource and services.
  • CESNET, as subcontracted data processor, providing resource and services.
  • VO managers and service administrators.
  • The records of your use and technical log files produced by the Service components may be shared, via secured mechanisms, for security incident response purposes.
Your rights

You can exercise the following rights at any time by contacting us using the contact details provided in the Data Controller section:

  • Information about your data stored with us and their processing
  • Correction of incorrect personal data
  • Deletion of your data stored by us
  • Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations
  • Objection to the processing of your data by us
  • Data portability

To access your Check-in profile information, you can go to your Check-in user profile page.

To access and rectify the data released by your home organisation (e.g. your university, research institute or any other identity provider), you should contact them.

You can complain at any time to the supervisory data protection authority (DPA) responsible for you. Your responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at https://edpb.europa.eu/about-edpb/board/members_en.

You can contact the Data Controller’s lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.

Data retention and deletion The records of your use and technical log files produced by the service are kept for 18-months in order to allow Pangeo Europe and funders to monitor the use of our services and radar data.
Data Protection Code of Conduct Your personal data will be processed in accordance with the REFEDS Data Protection Code of Conduct.
Acknowledgement This privacy notice is based on the AARC Policy development kit (licensed under CC BY-NC-SA 4.0)