|Name of the Service||
|Description of the Service||
The B2ACCESS service is arbitrating access to other registered Service Providers (in this context called Downstream Service Providers). These Downstream Service Providers consume Attribute assertions provided by the B2ACCESS service when the End User accesses these services.
The role of the B2ACCESS service is to allow these Downstream Service Providers to make the authentication and the authorisation decisions, and other processing required by the Downstream Service Providers, when the End User accesses these services. In turn, B2ACCESS may make use and store the Attributes provided by the IdP for a certain span of time. Furthermore, B2ACCESS itself can act as an Identity Provider to authenticate the End Users that have registered directly with the B2ACCESS service. In those cases, B2ACCESS assigns a dedicated username and the End User defines his/her password. The End User is affected by this privacy statement if he/she uses the B2ACCESS service directly and in connection with the Downstream Service Providers (when logging into the downstream services), regardless of which IdP is primarily used.
By registration to the B2ACCESS service, the End User declares his/her consent to the use of the data as described in this statement. This registration to B2ACCESS happens the first time the End User accesses one of the services of the Downstream Service Providers which requires authentication and when the End User's request has been redirected from this service to the B2ACCESS service. The redirected End User can then directly register with the B2ACCESS service by creating a user name and password, or he/she uses the identity provided by the IdP of his/her Home Organisation or Agent.
|Data controller and a contact person||
Federated Systems and Data
Service Administrator Team
|Data controller’s data protection officer||
|Jurisdiction and supervisory authority||
DE-NW Germany North Rhine-Westphalia
A complaint can be lodged at:
You may, at any time, prevent the setting of cookies through our service by means of a corresponding setting of the web browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via a web browser or other software programs. This is possible in all popular web browsers. If you deactivate the setting of cookies in the web browser used, not all functions of our service may be entirely usable.
|Personal data processed and the legal basis||
The set and format of personal data depends on the selected remote identity provider.
* the personal data is necessary for providing the Service. Other personal data is processed because you have consented to it.
|Purpose of the processing of personal data||
The personal data retrieved from your remote identity provider is need to map you to the local account, contact you and provide a comfortable interface. The personal information is used to authenticate and authorize you for further actions at B2ACCESS and other Downstream Service Providers. The logfiles are needed to provide support in case you had problems with the service. Some parts of personal data might be used for anonymised statistics.
|Third parties to whom personal data is disclosed||
Personal data are disclosed to (registered) downstream service providers within the EUDAT CDI the user will access. Before the data is released to a service provider, you have to give your consent.
Information, stored in B2ACCESS, can be given to
|How to access, rectify and delete the personal data and object its processing.||
Personal data can be accessed and reviewed in user home. The account deletion can be done there too. If you delete your account, you will lose access to B2*services and your stored data.
|Withdrawal of consent||
Given consents of attribute releases to service providers within the EUDAT CDI could be withdraw in user home. To withdraw the consent to the DPS or ToU delete the account in user home. If you delete your account, you will lose access to B2*services and your stored data.
Your profile can be exported and provided in a json file. This file can be used to create an account by other services. To retrieve the json file contact the contact person above.
Personal data is deleted on your request or after expiration of a statutory retention period, as long as it is no longer necessary for the fulfillment of the contract or the initiation of a contract. If the account is deleted, you will lose access to B2*services and your stored data.
|Data Protection Code of Conduct||
Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.
|Update of this privacy statement||
We may update our Privacy Statement from time to time. Updates of our Privacy Statement will be published at this location. Any amendments become effective upon publication. We therefore recommend that you regularly visit the site to keep yourself informed on possible updates.