Privacy Policy

Name of the service EduGroepen
Description of the service EduGroepen is a service for collaboration and document sharing
Data controller and a contact person

2AT B.V.

info@edugroepen.nl

Jurisdiction NL-UT The Netherlands, Utrecht
Personal data processed
  1. Following data is retrieved from your Home Organisation:
    • your unique user identifier (eduPersonPrincipalName)
  2. Following data is gathered from yourself:
    • your e-mail address, and display name
    • your usage profile
    • any other content you enter or upload within the service
Purpose of the processing of personal data

The IP and referrer addresses of all web page visitors are stored in the web server log file for statistical purposes (e.g. to find out from which countries users are accessing the service) and for accountability (e.g. in case of misuse of the service).

For authenticated users, EduGroepen receives the personal data mentioned-above (eduPersonPrincipalName). This personal data is used to identify users (who created or edited what content), for access control (e.g. only authenticated users can create or edit content), for customization (personal preferences) and to (optionally on request) notify users in case content changed.

Third parties to whom personal data is disclosed

No raw data will be released to third parties outside the GEANT project. Aggregated and anonymized data (e.g. how many visitors the wiki had last year) may be published.

Authenticated users must be aware that any data they enter can be visible to other users of EduGroepen based on sharing. The right to share data starts with the owner (creator) of the specific (personal or shared) EduGroep but can be delegated by that owner to others at any point in time.

How to access, rectify and delete the personal data

Contact info@edugroepen.nl.

To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk.

Data retention

Personal data is deleted on request of the user or if the user hasn't used the service for ten years. Deleted in this context means renamed as the system does not allow deleting user accounts without damaging the database. Therefore, personal data will be anonymized, which has the same effect as deletion.

Log files containing IP addresses and Referrer are deleted automatically after one year.

Data Protection Code of Conduct

Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.