WaTTS privacy policy and description

Description of the service

The INDIGO Token Translation Service WaTTS provides a layer where identities, enrollment, group membership and other attributes and authorization policies on distributed resources can be managed in an homogeneous way. In particular, the WaTTS acts as a central service for authentication and authorization management for linked INDIGO-Datacloud services.

Processed data

The following scopes are requested from the OIDC-Provider server:

- OpenID
- Profile

Example of information released by Google when asked for the OpenID Scope

- profile   
- family_name   
- Name  
- picture   
- Issuer    
- Gender    
- given_name    
- Subject   

Purpose for the processing of personal data

The INDIGO WaTTS service provides a Token Translation Service for authorised users. In order to provide a service, personal data and log files are collected and used for:

- User authentication and authorization at the service or at trusted INDIGO services
- Automated sending of email messages necessary for the use of the service
- Statistics and development of the service
- Integration testing

Regular disclosure of personal data to third parties

Personal data is not regularly disclosed to third parties.

Data retention

In general, personal data is not stored.

The X.509 certificate plugin, however, requires storage of:

- the anonymous, but unique, pair of subject/issuer with the issued certifcate subject 
- a copy of the certificate may be stored on external myproxy service throughout its validity period

The user may ask to be removed from the service by interacting with the contact person for the service. Access logs are deleted after 12 months.

Transfer of personal data outside the EU or EEA

Personal data shall not be transferred to any third party outside the EU.

How to access, rectify and delete the personal data

Contact for the service is provided. To rectify the data released by a Home Organisation, contact the Home Organisation's operators.

Data protection code of conduct

Personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect the user's privacy.

Contact Information

KIT/SCC

Dr. Marcus Hardt

Herrmann-von-Helmholtz-Platz 1

76344 Eggenstein-Leopoldshafen

Tel + 49 721 6082 4659

marcus.hardt@kit.edu

KIT Helpdesk:

http://www.scc.kit.edu/servicedesk/index.php