Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

123456789101112131415
Name Personal Data Special Category  Data FormatData
Subject 
PurposeLegal
bases 
Location
of PD 
Retention PeriodController Contacts Processor Contact Transfer Recipient Controls implemented Interfaces
eduroam RADIUS server logsOuter EAP-identity (username@institution_domain, username can be anonymised but not all users do that), Calling-Station-Id (users MAC address), Chargeable-User-Identity (users anonymous ID)NoDigitaleduroam end users

debugging, providing quality service, monitoring load of system, dimensioning of the system, incident management and preventing fraud and misuse

(f) legitimate  interestETLR located in Netherlands (Surfnet) and Denmark (DEIC)TBDGÉANTSurfnet (Netherlands) DEIC (Denmark)not transferedN/A

(RADIUS + EAP (SSL used), HTTPS), protective measures according to each hosting centre's security policy.

data received from ETLR
eduroam F-ticksrealm, Calling-Station-Id (User’s device MAC address),NoDigitaleduroam end usersdebugging, providing quality service, monitoring load of system, dimensioning of the system, incident management and preventing fraud and misuse(f) legitimate  interestEuropean F-ticks server located in Croatia (Srce)permanentlyGÉANTSrce (Croatia)not transferedN/Aprotective measures according to each hosting centre's security policy.data received from federation level RADIUS servers and optionaly from home and visited institution RADIUS servers
eduroam Database: NRO informationname, e-mail, phone numberNoDigital(N)RO contact, if contact is personperformance of contract between GÉANT and (N)RO(b) contractCroatiapermanently

GÉANT

Srce

not transferedN/Aprotective measures according to each hosting centre's security policy.data received form (N)RO
eduroam Database: institution informationname, e-mail, phone numberNoDigitalInstitution contact, if contact is personperformance of contract between GÉANT and institution (IdP or SP)(b) contractCroatiapermanently

GÉANT

Srce

not transferedN/Aprotective measures according to each hosting centre's security policy.data received form (N)RO
eduroam Database: service location informationname, e-mail, phone numberNoDigitallocation contact, if contact is personperformance of contract between GÉANT and SP(b) contractCroatiapermanently

GÉANT

Srce

not transferedN/Aprotective measures according to each hosting centre's security policy.data received form (N)RO
eduroam CAT (as of version 1.1)

eduPersonTargetedId or equivalent, real name, email address (administrator authentication)

email address of new institution administrator (administrator authorisation)

NoDigitalinstitution administrators

allowing administrators to upload and maintain the information needed to create eduroam installation programs ("installers") within their country / institution (CAT customization)

(b) contractNetherlands (Surfnet)the authorisation status of administrators is retained permanently, TBDGÉANTSurfnet (Netherlands)System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to NRO personnel for general status updates)NRO personnelprotective measures according to each hosting centre's security policy.
data received from eduroam SP proxy
eduroam Managed IdP

eduPersonTargetedId or equivalent, real name, email address (administrator authentication)

email address of new institution administrator (administrator authorisation)

usernames of the institution's users (pseudonymous)

Outer EAP-identity (username@institution_domain, username can be anonymised but not all users do that), Calling-Station-Id (users MAC address), Chargeable-User-Identity (users anonymous ID)

NoDigitalinstitution administrators, end usersallowing administrators to upload and maintain the information needed to manage their end user base to the end of creating eduroam installation programs ("installers") within their country / institution, and to authenticate their users in eduroam(b) contractTBDthe authorisation status of administrators is retained permanently, TBDGÉANTTBDSystem sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to end-users for credentialing, one variant to NRO personnel for general status updates)NRO personnelTBDeduroam database, eduroam SP proxy authentication, administrator input
eduroam Managed SP

eduPersonTargetedId or equivalent, real name, email address (administrator authentication)

email address of new institution administrator (administrator authorisation)

Outer EAP-identity (username@institution_domain, username can be anonymised but not all users do that), Calling-Station-Id (users MAC address), Chargeable-User-Identity (users anonymous ID)

NoDigitalinstitution administrators, end users

allowing administrators to upload and maintain the information needed to manage their hotspot

troubleshooting and statistics of hotspot deployment

(b) contractTBDthe authorisation status of administrators is retained permanently, TBDGÉANTTBDSystem sends emails with invitation tokens (one variant to institution administrators for sign-up,  one variant to NRO personnel for general status updates)NRO personnel, hotspot administratorsTBDeduroam database, eduroam SP proxy authentication, administrator input, logged RADIUS transactions


Instructions 

The table above should be filled with all data which is collected or processed by Geant Services according with Article 30 from GDPR. Below are described all the table's points and also the information they shall be provided to complete this exercise. You can find as well the match between GDPR requirements and the points from Data Mapping marked with (). 

...

15 Interfaces - Who receive and who send personal data- Service, Applications / What are the channels used for communication / What kind of services are connected eg. internet, firewall, storage devices (Cloud Systems);