...
- Introduction to Data protection directive for a general introduction on the data controller's obligation to inform the end user
- Code of Conduct for Service Providers, section 2.h and 2.i, on how the obligation is taken into account in this Code of Conduct
- SAML 2 Profile for the Code of Conduct to see how SAML2 metadata is used to mediate the Service Provider's Privacy Policy URL to the Identity Provider
...
Name of the service | SHOULD be the same as mdui:DisplayName WebLicht |
---|---|
Description of the service | SHOULD be the same as mdui:Description WebLicht is a service for language research. It provides an execution environment for automatic annotation of text corpora. |
Data controller and a contact person | Tübingen university, Institute for language research Laboratory manager Bob Smith, bob.smith@example.org |
Jurisdiction | The country in which the Service Provider is established and whose laws are applied. SHOULD be an ISO 3166 code followed by the name of the country and its subdivision if necessary for qualifying the jurisdiction. DE-BW Germany Baden-Württemberg |
Personal data processed | A. Following data is requested from your Home Organisation: - your unique user identifier (SAML persistent identifier) - your role in your Home Organisation (eduPersonAffiliation attribute) ... B. Following data is gathered from yourself: - your profile ... Please make sure the list A. matches the list of requested attributes in the Service Provider's SAML 2.0 metadata. |
Purpose of the processing of personal data | Don't forget to describe also the purpose of the log files, if they contain personal data (usually they do). |
Third parties to whom personal data is disclosed | Notice section 2.f: Third Parties of the Code of Conduct for Service Providers Are the 3rd parties outside EU/EEA or the countries whose data protection EC has decided to be adequate? If yes, notice also section 2.l |
How to access, rectify and delete the personal data | Contact the contact person above. To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk. |
Data retention | When the user record is going to be deleted or anonymised? Remember, you cannot store user records infinitely. It is not sufficient that you promise to delete user records on request. Instead, consider defining an explicit period. Personal data is deleted on request of the user or if the user hasn't used the service for two years. |
Data Protection Code of Conduct | Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy. |
...
Links to Member States' Data protection authorities' privacy policy quidelines
- Finland (in Finnish)
- The United Kingdom (in English)