JIVE Jupyterhub — Privacy Policy

v2 — 04 Aug 2025

Name of the Service

Jupyterhub

Description of the Service

The Joint Institute for VLBI ERIC (hereinafter referred to as: "JIV-ERIC", "we" or "the Data Controller") Notebooks service (hereinafter referred to as: "the service" or "Notebooks") provides a browser-based tool for interactive analysis of European VLBI Network (hereinafter referred to as: "EVN") radio-astronomical data using JIV-ERIC-owned storage- and compute infrastructures based on the JupyterHub technology.

This privacy notice describes how we collect and process data by which you can be personally identified ("Personal Data") when you use the service.

Data controller

Joint Institute for VLBI ERIC
Oude Hoogeveensedijk 4
7991 PD Dwingeloo
The Netherlands

Data Protection Officer

Joint Institute for VLBI ERIC Data Protection Officer
Oude Hoogeveensedijk 4
7991 PD Dwingeloo
The Netherlands
E-mail: gdpr@astron.nl

Jurisdiction and supervisory authority

Jurisdiction: NL, The Netherlands

JIV-ERIC's lead supervisory authority is the Dutch Data Protection Authority. They can be contacted at https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us

Personal data processed

In addition to any personal data incorporated in notebooks managed by end users using the Notebooks service, the following categories of personal data are processed by JIV-ERIC as part of providing the aforementioned service:

Identification data:

• Identification number
• Display name
• E-mail address
• IP address
• ORCID (https://orcid.org/)

Behavioural data:

• Usage data
• Other: technical logs with timestamps

The service does not store passwords nor imprints of passwords.

Purpose of the processing of personal data

The purpose of the collection, processing and use of the personal data mentioned above is:

• to provide the service functions, i.e. allowing users to manage their private notebooks, and data on the resources they can access and allowing administrators to manage the service and the user groups;
• identify the users or the administrators accessing the service and track usage of resources for accounting, security management and maintaining service stability and performance;
• to link or cite data and/or methods generated using the service to the user after they have taken action to publish any of those products in the public domain. If an ORCID (https://orcid.org/) is associated with your IdP account JIV-ERIC uses this to identify you as original author, otherwise display name and email address will be used.

Legal basis

The legal basis for processing personal data is: Legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (a) and 6 (1) (f) GDPR.

Third parties to whom personal data is disclosed

Personal data will not be used beyond the original purpose of their acquisition. If a forwarding to third parties should be necessary to answer an inquiry or to carry out a service, the consent of the data subject is considered to have been given when using the respective function or service. In particular, the data you provide to us will not be used for advertising purposes.

For the purpose given in this privacy policy, personal data may be passed to the following third parties:

Within the EU / EEA:

The records of your use and technical log files produced by the Service components may be shared, via secured mechanisms, for security incident response purposes with other authorised participants in the academic and research distributed digital infrastructures authorised by JIV-ERIC or SURF/SURFconext (SURF is the Dutch NREN to which JIV- ERIC is connected and SURFconext the organisation with which the service is registered), only for the same purposes and only as far as necessary to provide the incident response capability where doing so is likely to assist in the investigation of suspected misuse of Infrastructure resources.

Outside the EU / EEA:

Any data transfer to a third country outside the EU or the EEA only takes place under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this privacy policy and any related policies adopted by JIVE.

Your rights

You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:

• Information about your data stored with us and their processing
• Correction of incorrect personal data
• Deletion of your data stored by us (but see section below)
• Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations
• Objection to the processing of your data by us
• Data portability

You can complain at any time to the supervisory data protection authority (DPA) responsible for you. Your responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at https://edpb.europa.eu/about-edpb/board/members_en.

You can contact JIV-ERIC's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.

Data retention and deletion

The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months. The service can serve as scientific archive for publicly published data products and/or data processing methods produced using the service. In such cases the original author remains the owner, implying that a minimal amount of personal data remains indefinitely stored and linked to the data products and/or data processing methods for future citation or reference, as allowed by Art. 89 GDPR and implemented by JIV-ERIC subject to conditions stated therein.

Security

JIV-ERIC takes appropriate technical and organisational measures to ensure data security and the protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access.

A comprehensive overview of the technical and organisational measures taken by JIV-ERIC can be found in the Technical and organizational measures (TOM) documentation at https://jupyterhub.jive.eu/Technical-and-Operational-Measures-v2.html

Data Protection Code of Conduct

JIV-ERIC is conforming to the GÉANT Code of Conduct and your personal data will be processed in accordance with both version 2 of the Code of Conduct for Service Providers at https://wiki.refeds.org/display/CODE/Code+of+Conduct+2.0, as well as version 1 of this Code of Conduct available at http://www.geant.net/uri/dataprotection-code-of-conduct/v1