Scope of this notice
This privacy notice describes the policies and procedures when an individual's personal data is collected, used, consulted, or otherwise processed through the PRACE Website (hereafter the "PRACE Activities").
This notice is to be read as consistent with the PRACE Data Protection Policy which can be found here: https://prace-ri.eu/legal-corporate/data-protection/.
For the purpose of this notice, the following term "Data Protection Legislation" shall mean the Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "GDPR"), as well as any legislation and/or regulation implementing or created pursuant to the GDPR and the e-Privacy legislation, or which amends, replaces, re-enacts or consolidates any of them, and all other national applicable laws relating to processing of personal data and privacy that may exist under applicable law.
For the purpose of this notice, "controller", "processor", "third party", "supervisory authority", "personal data", "processing", "data subject", shall have the meanings set out in the applicable Data Protection Legislation.
Who processes what personal data about you?
In the context of the High-Performance Computing in Europe Website, your personal data is processed as detailed hereafter.
Through the High-Performance Computing in Europe Website, the following organisation/s process your personal as data controllers, for their own purposes.
- Organisation (data controller): PRACE AISBL, Belgium
- Processed data categories: Authenticated users with an account: Full Name, e-mail address, encrypted password, IP Address.
- Processing purpose(s): Authentication and authorization, security.
- Source of data: Registration form, system logs.
- Legal basis: Prior explicit consent.
In order for the processing to take place, the following organisation/s process your personal data on behalf and under the instructions of the other organisations identified herein.
- Organisation (data processor): BSC, Spain
- Processed data categories: Authenticated users with an account: Full Name, e-mail address, encrypted password, IP Address, uploaded source code.
- Instructions: The service operates according to PRACE.
- Source of data: Registration form, system logs
On what basis is your personal data processed?
Your personal data is processed in the context of the PRACE Activities and for the purposes described herein on the basis of your prior explicit consent. You have the right to withdraw your consent at any time you choose and on your own initiative. You however understand that in such cases, certain features of the information you get on PRACE Activities may be limited or otherwise impacted.
How long is your personal data stored?
Your personal data will be kept no longer than is necessary to inform you about PRACE Activities and more particularly, for authenticated users, for as long as they have an account on the service.
How is your personal data shared with third parties?
We may share or disclose information, solely as described herein, including with third parties.
Your personal data may also be shared with government authorities and/or law enforcement officials if required for the purposes above, if mandated by law or if required for the legal protection of the data controller(s) legitimate interests in compliance with applicable laws.
Is your personal data transferred outside the EEA?
In the context of the PRACE Activities and for the purposes described in this notice, your personal data will not be transferred outside the European Economic Area – EEA.
What are your rights?
Once you have provided your personal data, several rights are recognized under the Data Protection Legislation, which you can in principle exercise free of charge, subject to statutory exceptions. In particular, you have the following rights:
- Right to withdraw consent: if your personal data is processed on the basis of you consent, you have the right to withdraw your consent at any time you choose and on your own initiative. You can do so by sending e-mail to email@example.com or directly to the contacts listed below. The withdrawal of your consent will not affect the lawfulness of the collection and processing of your data based on your consent up until the moment where you withdraw your consent.
- Right to access, review, and rectify your data: you have the right to access, review, and rectify your personal data. You are entitled to ask us for a copy of your information, to review or correct it if you wish to review or rectify any information like your name, email address, passwords and/or any other preferences. You may also request a copy of the personal data processed as described herein by sending an email to firstname.lastname@example.org or directly to the contacts listed below. You can access and review this information and, if necessary, ask to rectify your information.
- Right to erasure: you have the right to erasure of all the personal data processed by as described herein in case it is no longer needed for the purposes for which the personal data was initially collected or processed, in accordance with the Data Protection Legislation.
- Right to object or restriction of processing: under certain circumstances described in the Data Protection Legislation, you may ask for a restriction of processing or object to the processing of your personal data.
- Right to object to processing for direct marketing: where your personal data is processed for direct marketing purposes, you may object to such processing.
- Right to data portability: you have the right to receive the Personal Data processed in a format which is structured, commonly used and machine-readable and to transmit this data to another service provider.
These rights may be limited, for example if fulfilling your request would reveal personal data about another person, or if you ask us to delete information which we are required by law to keep or have compelling legitimate interests in keeping.
To exercise any of these rights, you can get in touch with us using the details set out below.
If you have unresolved concerns, you have the right to lodge a complaint with an EU data protection authority where you live, work or where you believe a breach may have occurred.
What security measures are put in place?
Appropriate technical and organisational measures are implemented in order to ensure an appropriate level of security of your personal data, including but without limitation:
Administrative access is limited to 2 persons from BSC. The system has all the security updates and is protected by a firewall. Furthermore, the service has passed a security review by the PRACE security forum.
In the event personal information is compromised as a result of a security breach and where the breach is likely to result in a high risk to the rights and freedoms, we will make the necessary notifications, as required under the Data Protection Legislation.
How can we be contacted?
Questions, comments, remarks, requests or complaints regarding this Privacy notice are welcome and should be addressed to:
For PRACE AISBL
PRACE Communications Officer
Address: Troonstraat 98, rue du Trône, 1050
Telephone: +32 2 613 09 27
For Barcelona Supercomputing Center – Centro Nacional de Supercomputación (BSC)
Dr. David Vicente Dorca
User Support Group Manager
Phone: +34 93 405 42 16
Dr. Oriol Pineda
Phone: +34 93 413 7525
Barcelona Supercomputing Center
C/Jordi Girona 29