Privacy Notice for Configuration Database

Name of the Service Configuration Database
Description of the Service

The EGI Configuration Database service (hereinafter referred to as: “the service” or “Configuration Database”) is a central registry to record information about the topology of an e-Infrastructure and it contains general information about all the participating sites.

This privacy notice describes how we, the EGI Foundation (hereinafter referred to as "we" or "the Data Controller"), collect and process data by which you can be personally identified (“Personal Data”) when you use the service.

Data controller

EGI Foundation

Science Park 140

1098 XG Amsterdam


Data protection officer

EGI Foundation

Data Protection Officer

Science Park 140

1098 XG Amsterdam



Jurisdiction and supervisory authority

Jurisdiction: NL, Netherlands

EGI Foundation's lead supervisory authority is the Dutch Data Protection Authority. They can be contacted at

Personal data processed

The service may process the following personal data:

Identification data:

  • Name

  • Identification number (as provided by identity providers like a home institution, or identifiers from third parties like ORCID)

  • E-mail address

  • Phone number

  • Affiliation

  • IP address

  • Certificate Distinguished Name (DN)

Behavioural data:

  • Usage data

  • Technical logs with timestamps

Data allowing conclusions on the personality:

  • Memberships

  • Roles

Sociodemographic data:

  • Gender

Purpose of the processing of personal data

The purpose of the collection, processing and use of the personal data mentioned above is:

  • To provide the service functions, i.e. to provide a central registry of the topology of the infrastructure, including Operations Centres, Resource Centres, service endpoints and their downtimes, contact information and roles of users responsible for operations at different levels. Identify the users accessing the service, and authorise them providing them edit capabilities based on their roles.

  • To monitor and maintain service stability, performance and security

Legal basis The legal basis for processing personal data is: Legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR.
Third parties to whom personal data is disclosed

Personal data will not be used beyond the original purpose of their acquisition. In particular, the data you provide to us will not be used for marketing.

For the purposes given in this privacy policy, personal data are passed to the following third parties:

Within the EU / EEA:

  • Authenticated users with a role at an entity in the service

  • Authenticated clients registered at a site by an authorised user of the service

  • The records of your use and technical log files produced by the Service components may be shared, via secured mechanisms, for security incident response purposes with other authorised participants in the academic and research distributed digital infrastructures authorised by EGI Foundation governance, only for the same purposes and only as far as necessary to provide the incident response capability where doing so is likely to assist in the investigation of suspected misuse of Infrastructure resources.

Outside the EU / EEA:

  • UKRI: resource provider and sub-contracted data processor

  • Authenticated users with a role at an entity in the service

  • Authenticated clients registered at a site by an authorised user of the service

Any data transfer to a third country outside the EU or the EEA only takes place under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this privacy policy and any related policies adopted by the EGI Federation.

Your rights

You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:

  • Information about your data stored with us and their processing

  • Correction of incorrect personal data

  • Deletion of your data stored by us

  • Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations

  • Objection to the processing of your data by us

  • Data portability

You can complain at any time to the supervisory data protection authority (DPA) responsible for you. Your responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at

You can contact EGI Foundation's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.

Data retention and deletion The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months.

We take appropriate technical and organisational measures to ensure data security and the protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access.

A comprehensive overview of the technical and organisational measures taken by EGI Foundation can be found at EGI Documentation Database.

Data Protection Code of Conduct EGI Foundation is conforming to GEANT Code of Conduct and your personal data will be processed in accordance with the Code of Conduct for Service Providers and the EGI-doc-2732-v3: Policy on the Processing of Personal Data.
Based on AARC Policy development kit (licenced under CC BY-NC-SA 4.0)
Return to GOCDB homepage.