A Privacy Policy document is used for informing the end users on processing of their personal data. This Code of Conduct builds on the EU data protection laws. See
- Introduction to Data protection directive for a general introduction on the data controller's obligation to inform the end user
- Code of Conduct for Service Providers, section 2.h and 2.i, on how the obligation is taken into account in this Code of Conduct
- SAML 2 Profile for the Code of Conduct to see how SAML2 metadata is used to mediate the Service Provider's Privacy Policy URL to the Identity Provider
Privacy Policy Template
This template intends to assist Service Providers in developing a Privacy Policy document that fulfills the requirements of the Data protection directive and the Code of Conduct. The second column suggests some phrases, and proposes some issues that should be to taken into account in italic.
The Privacy Policy must be at least in English. You can add another column to the template for a local translation of the text. Alternatively, the local translation can be a parallel page, and you can use the xml:lang
element to introduce parallel language versions of the Privacy Policy page as described in SAML 2 Profile for the Code of Conduct.
Name of the service | SHOULD be the same as mdui:DisplayName WebLicht |
---|---|
Description of the service | SHOULD be the same as mdui:Description WebLicht is a service for language research. It provides an execution environment for automatic annotation of text corpora. |
Data controller and a contact person | Tübingen university, Institute for language research Laboratory manager Bob Smith, bob.smith@example.org |
Jurisdiction | The country in which the Service Provider is established and whose laws are applied. SHOULD be an ISO 3166 code followed by the name of the country and its subdivision if necessary for qualifying the jurisdiction. DE-BW Germany Baden-Württemberg |
Personal data processed | A. Following data is requested from your Home Organisation: - your unique user identifier (SAML persistent identifier) - your role in your Home Organisation (eduPersonAffiliation attribute) ... B. Following data is gathered from yourself: - your profile ... Please make sure the list A. matches the list of requested attributes in the Service Provider's SAML 2.0 metadata. |
Purpose of the processing of personal data | Don't forget to describe also the purpose of the log files, if they contain personal data (usually they do). |
Third parties to whom personal data is disclosed | Notice section 2.f: Third Parties of the Code of Conduct for Service Providers Are the 3rd parties outside EU/EEA or the countries whose data protection EC has decided to be adequate? If yes, notice also section 2.l |
How to access, rectify and delete the personal data | Contact the contact person above. To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk. |
Data retention | When the user record is going to be deleted or anonymised? Remember, you cannot store user records infinitely. It is not sufficient that you promise to delete user records on request. Instead, consider defining an explicit period. Personal data is deleted on request of the user or if the user hasn't used the service for two years. |
Data Protection Code of Conduct | Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy. |
Links to Member States' Data protection authorities' privacy policy quidelines
- The United Kingdom (in English)
2 Comments
Alex Stuart
The privacy policy template includes the phrase that the "Following data is retrieved from your Home Organisation..." The phrase indicates that this and only this data is pulled from the IdP. However, in typical SAML 2 operation where the IdP appends an AttributeStatement to the AuthenticationStatement, the IdP pushes data to the SP. And even though the SP must include the RequestAttribute elements in metadata, and one can configure an IdP to automatically use this information, it is the IdP which makes the ultimate decision about what data is sent to the SP.
Can the phrase be changed to "The following data is requested from your Home Organisation"?
Alex Stuart
Looks like this suggestion was merged into the document in Dec 16, 2019 15:44. Thanks Peter!