A Privacy Policy document is used for informing the end users on processing of their personal data. This Code of Conduct builds on the EU data protection laws. See

Privacy Policy Template

This template intends to assist Service Providers in developing a Privacy Policy document that fulfills the requirements of the Data protection directive and the Code of Conduct. The second column suggests some phrases, and proposes some issues that should be to taken into account in italic.

The Privacy Policy must be at least in English. You can add another column to the template for a local translation of the text. Alternatively, the local translation can be a parallel page, and you can use the xml:lang element to introduce parallel language versions of the Privacy Policy page as described in SAML 2 Profile for the Code of Conduct.

Name of the serviceSHOULD be the same as mdui:DisplayName
Description of the serviceSHOULD be the same as mdui:Description
WebLicht is a service for language research. It provides an execution environment for automatic annotation of text corpora.
Data controller and a contact personTübingen university, Institute for language research
Laboratory manager Bob Smith, bob.smith@example.org
JurisdictionThe country in which the Service Provider is established and whose laws are applied.
SHOULD be an ISO 3166 code followed by the name of the country and its subdivision if necessary for qualifying the jurisdiction.

DE-BW Germany Baden-Württemberg
Personal data processedA. Following data is requested from your Home Organisation:
- your unique user identifier (SAML persistent identifier)
- your role in your Home Organisation (eduPersonAffiliation attribute)
B. Following data is gathered from yourself:
- your profile
Please make sure the list A. matches the list of requested attributes in the Service Provider's SAML 2.0 metadata.
Purpose of the processing of personal dataDon't forget to describe also the purpose of the log files, if they contain personal data (usually they do).
Third parties to whom personal data is disclosedNotice section 2.f: Third Parties of the Code of Conduct for Service Providers
Are the 3rd parties outside EU/EEA or the countries whose data protection EC has decided to be adequate? If yes, notice also section 2.l
How to access, rectify and delete the personal dataContact the contact person above.
To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk.
Data retentionWhen the user record is going to be deleted or anonymised? Remember, you cannot store user records infinitely. It is not sufficient that you promise to delete user records on request. Instead, consider defining an explicit period.
Personal data is deleted on request of the user or if the user hasn't used the service for two years.
Data Protection Code of ConductYour personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.

Links to Member States' Data protection authorities' privacy policy quidelines