| Name of the Service | Indico |
|---|---|
| Description of the Service | The LOFAR Indico service (hereinafter referred to as: “the service” or “Indico”) is an event management service allowing to manage complex conferences, workshops and meetings, from managing timetable, call of abstracts to registration and hosting of the material relating to the event. Event can be public or access restricted, and based on their rights, users can access event-specific pages, retrieve information and material about specific event, and optionally register to an event. This privacy notice describes how we, the LOFAR (hereinafter referred to as "we" or "the Data Controller"), collect and process data by which you can be personally identified (“Personal Data”) when you use the service. Specific events may also have their own privacy notice that will be provided when registering, and from the event page. |
| Data controller | ASTRON HQ: Oude Hoogeveensedijk 4 7991 PD Dwingeloo The Netherlands |
| Jurisdiction and supervisory authority | Jurisdiction: NL, Netherlands LOFAR's lead supervisory authority is the Dutch Data Protection Authority. They can be contacted at https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us |
| Personal data processed | The service may process the following personal data: Identification data:
Behavioural data:
Data allowing conclusions on the personality:
|
| Purpose of the processing of personal data | The purpose of the collection, processing and use of the personal data mentioned above is:
|
| Legal basis | The legal basis for processing personal data are: performance of a contract with the data subject and legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR. |
| Your rights | You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:
You can complain at any time to the supervisory data protection authority (DPA) responsible for you. The responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at https://edpb.europa.eu/about-edpb/board/members_en. You can contact EGI Foundation's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section. |
| Data retention and deletion | The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months. |
| Security | We take appropriate technical and organisational measures to ensure data security and the protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access. A comprehensive overview of the technical and organisational measures taken by EGI Foundation can be found at EGI Documentation Database. |
| Data Protection Code of Conduct | EGI Foundation is conforming to REFEDS Code of Conduct and your personal data will be processed in accordance with the REFEDS Code of Conduct for Service Providers and the EGI-doc-2732-v3: Policy on the Processing of Personal Data. |
| Based on AARC Policy development kit (licenced under CC BY-NC-SA 4.0) |
