eduGAIN Attribute Release Check Privacy Policy

eduGAIN logo
Name of the service eduGAIN Attribute Release Check (EARC) - GEANT Data Protection Code of Conduct Test
Description of the service This service tests attribute release in the context of the eduGAIN Attribute Release Check (EARC). It requests for the user attributes mentioned below and then checks if an Identity Provider is able to send these attributes to the service.
Data controller and a contact person GÉANT Association in Amsterdam, The Netherlands
eduGAIN Support
Jurisdiction NL, The Netherlands
Personal data processed

A. The following data is retrieved from a user's Home Organisation Identity Provider:

  • Unique Identifier (eduPersonPrincipalName)
  • Affiliation Type (eduPersonScopedAffiliation)
  • E-Mail address (email)
  • Home Organization domain name (schacHomeOrganization)
  • Home Organization Identifier (entityID of Identity Provider)
  • Method and time how/when a user authenticated

B. Following data is gathered from a user himself:

  • Data (IP address, user agent, referrer, accepted, languages, cookies) that a user's web browser sends to the service. Some of this data (IP, user agent, referrer, time of access) is stored in the web server's log file for 6 months.
Purpose of the processing of personal data Data is only processed to allow the service checking if a user's Home Organisation Identity Provider is able to release the data to the service according to the GÉANT Data Protection Code of Conduct and to check if the data values meet certain requirements. User data is not used in any other way. Identifying user data (i.e. unique identifier, email address) is not stored, only the information that identifying data was received for a user from this organisation is stored.
Third parties to whom personal data is disclosed User data is not disclosed to third parties.
How to access, rectify and delete the personal data Generally, contact eduGAIN support: to access, rectify or delete data. As mentioned above, there is however no identifying user data is stored other than the IP address (for some time) in the web server logs.
Data retention
Data Protection Code of Conduct Personal data is protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect user privacy.
GÉANT logo