Overview
In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the “GDPR”), we inform data subjects about the conditions under which personal data is processed when DSW services are provided.
Data subjects are natural persons using DSW services.
Data stored in “Knowledge Models”, “Questionnaires”, and “Documents” is not the responsibility of the service provider.
Service Access
The DSW web portal is publicly available and provides services to subjects who meet the access conditions. Access to services is divided into two categories.
| Service category | Authentication and authorization | Note |
|---|---|---|
| Publicly available services | Do not require authentication or authorization. | Access is possible without creating a user account. |
| Services with a user account | Require authentication and authorization. | A user account must be created to access these services. |
Data Processed
| Situation | Personal data processed |
|---|---|
| Access to authenticated and authorized services |
|
| Access to unauthenticated and unauthorized services |
|
Purposes and Retention
Processing of personal data begins with the first use of the DSW service.
| Data category | Retention period |
|---|---|
| First name, last name, email, and user identity | Stored for the entire period during which DSW services are used. |
| Data retained for security, accounting, or reporting reasons | May be retained even after use of DSW services has ended. |
| Operational and location data, such as IP address and other identifiers | Deleted after 18 months. |
| Data about the use of DSW resources | Retained for the period necessary to provide and improve the services. |
Processing purposes
- providing DSW services
- authenticating and authorizing users
- administration
- monitoring and optimizing services
- ensuring security
- creating reports and statistical analyses
- sending service notifications
User Profile and GÉANT
In accordance with the GÉANT Data Protection Code of Conduct, we store the following data as part of the user profile that the user can manage.
| Profile data | Purpose |
|---|---|
| Unique user ID | Internal user identification, and where applicable identification provided by the identity provider. |
| Profile avatar | Used only to display the profile, managed through Gravatar or the identity provider. |
| Email address | Password recovery, verification, and account matching. |
| First and last name | Identification of the profile within the service. |
| Affiliation | Optional data, only if entered by the user. |
Sharing and Legal Grounds
Who personal data may be shared with
- network and service administrators connected with DSW for the purpose of resolving operational and security incidents;
- other entities in anonymized or pseudonymized form.
Legal grounds for processing
Access to DSW services may be provided only after the conditions set out in the DSW rules have been met and consent to personal data processing has been granted. Legal grounds for processing personal data include:
- consent granted by the data subject;
- the controller’s legitimate interest, especially for fraud prevention, internal administrative purposes, and ensuring network and information security, including prevention of unauthorized access, spread of malicious code, and mitigation of attacks.
Data Subject Rights
Data subjects may exercise their rights in accordance with the GDPR. The procedure for exercising rights is described on the Contact page.
Cookies and Similar Technologies
DSW may use cookies and similar tracking and analytics technologies to access or store information. Detailed information about their use and refusal options is provided in the DSW Cookie Policy.