Date: Fri, 29 Mar 2024 07:51:37 +0000 (UTC) Message-ID: <37731594.19.1711698697325@wiki-prod.refeds.org> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_18_328091187.1711698697322" ------=_Part_18_328091187.1711698697322 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This template intends to assist Service Provider O= rganisations in developing a Privacy Notice document that fulfills= the requirements of the GDPR and the Code of Conduct. The template present= s some examples (in italics) and proposes some issues that should be to tak= en into account.
The Privacy Notice must be provided at least in English. You can a=
dd another column to the template for a local translation of the text. Alte=
rnatively, the local translation can be a parallel page, and you can use th=
e xml:lang
element to introduce parallel language versions of =
the Privacy Notice page as described in Cod=
e of Conduct 2.0 Entity Category.
Name of the Service |
SHOULD be the same as WebLicht = |
Description of the Service
|
SHOULD be the same as WebLicht is= a service for language research. It provides an execution environment for = automatic annotation of text corpora. |
Data controller and a contact person
|
T=C3=BCbingen university, Institute= for language research
|
Personal data processed and the legal b= asis for processing
|
A. Personal data retrieved from you= r Home Organisation: - your unique user identif= ier (SAML persistent identifier) * - - y= our name * B. Personal data you have provided o= r may be generated as a result of your use of our service: <= p>- logfiles on the service activity *<= /em>- your profile= span> ... = span> * =3D the personal data is necessary for providing th= e Service that the End User has requested. Other personal data is processed= because you have consented to it. Please make sure= the list A. matches the list of requested Attributes in the Service Provid= er's SAML 2.0 metadata. |
Purpose of the processing of personal d= ata
|
Don't forget to describe also the purpo= se of the log files, if they contain personal data (usually they do). Your personal data is used= - to authorise your a= ccess to and use of the compute resources we provide;
- t= o ensure the integrity and availability of our service |
Third parties to whom personal data is = disclosed
|
Notice Clause I and J of the  = ; Code of Conduct for Servi= ce Providers. We may share = your personal data with third parties (or otherwise allow them access to it= ) in the following cases: (a) to satisfy any applica= ble law, regulation, legal = process, subpoena or governmental request (b)&n= bsp; to enforce this&nb= sp; Privacy Notice, including investigation &= nbsp;of potential violations thereof; Inform the us= er that his/her personal data may be displayed to other users of the servic= e or to the public. Your personal data may be access= ible by others users and by the public (e.g. for a wiki, a text in the bott= om of the page may state "This page was last edited by [first name] [= last name] ...".) Are the 3rd parties outside EU/EE= A or the countries or international organisations whose data protection EC = has decided to be adequate? If yes, add references to the appropriate or su= itable safeguards. In the case where a third party i= s located in a country whose data protection laws are not as comprehensive = as those of the countries within the European Union we will take appropriat= e steps to ensure that transfers of your personal data are still protected = in line with European standards. You have a rig= ht to contact us for more information about the safeguards we have put in p= lace to ensure the adequate protection of your personal data when this is t= ransferred as mentioned above. |
How to access, rectify and delete the p= ersonal data and object its processing. |
Contact the contact person above.= span> To rectify the data released = by your Home Organisation, contact your Home Organisation's IT helpdesk. |
Withdrawal of consent |
If personal data is&n= bsp; processed based on user consent, how they can = withdraw it? |
Data portability |
Can the user request their data be port= ed to another Service? How? |
Data retention |
When the user record is going to be del= eted or anonymised? Remember, you cannot store user records infinitely. It = is not sufficient that you promise to delete user records on request. Inste= ad, consider defining an explicit period. Personal d= ata is deleted on request of the user or if the user hasn't used the = Services for 18 months |
Data controller=E2=80=99s data protecti= on officer, if applicable |
If the controller has a data protection= officer (GDPR Section 4) Chief Security Officer bil= l.smith@example.org |
Jurisdiction and supervisory authority<= /span> |
The country in which the Service Provid= er Organisation is established and whose laws are applied.
DE-BW Germa= ny Baden-W=C3=BCrttemberg How to= lodge a complaint to the competent Data protection authority: Instructions to lodge a complaint are availab= le at ... |