The EGI Indico service (hereinafter referred to as: “the service” or “Indico”) is an event management service allowing to manage complex conferences, workshops and meetings, from managing timetable, call of abstracts to registration and hosting of the material relating to the event. Event can be public or access restricted, and based on their rights, users can access event-specific pages, retrieve information and material about specific event, and optionally register to an event.

This privacy notice describes how we, the EGI Foundation (hereinafter referred to as "we" or "the Data Controller"), collect and process data by which you can be personally identified (“Personal Data”) when you use the service.

Specific events may also have their own privacy notice that will be provided when registering, and from the event page.

EGI Foundation

Science Park 140

1098 XG Amsterdam

Netherlands

EGI Foundation

Data Protection Officer

Science Park 140

1098 XG Amsterdam

Netherlands

E-mail: dpo@egi.eu

Jurisdiction: NL, Netherlands

EGI Foundation's lead supervisory authority is the Dutch Data Protection Authority. They can be contacted at https://autoriteitpersoonsgegevens.nl/en/contact-dutch-dpa/contact-us

The service may process the following personal data:

Identification data:

• Name
• Identification number
• E-mail address
• Phone number
• Address
• Bank details
• Affiliation
• IP address

Behavioural data:

• Usage data
• Technical logs with timestamps

Data allowing conclusions on the personality:

• Membership information on group, roles or communities

Biographical data:

• CV data

The purpose of the collection, processing and use of the personal data mentioned above is:

• To provide the service functions, i.e. an event management service allowing to manage events (abstract, session and registration management) such as conferences, workshops and meetings. Identify the users accessing the service, and grant them access based on their roles.
• Process your booking, contact you regarding your participation in the event, organise and facilitate the event (including the creation of attendance lists and attendee badges) and to carry out post-event evaluation.
• To monitor and maintain service stability, performance and security

The legal basis for processing personal data are: performance of a contract with the data subject and legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR.

Personal data will not be used beyond the original purpose of their acquisition. If a forwarding to third parties should be necessary to answer an inquiry or to carry out a service, the consent of the data subject is considered to have been given when using the respective function or service. In particular, the data you provide to us will not be used for marketing.

For the purposes given in this privacy notice, personal data may be passed to the following third parties:

Within the EU / EEA:

• CESNET: sub contracted processor, resource provider for Indico.
• Google Ireland Limited: sub contracted processor, resource provider (provision of Google Workspace).
• Individuals responsible for organising the events, reviewing abstracts and managing sessions.
• Events' attendees.
• Anonymous users that may be accessing public events.
• The records of your use and technical log files produced by the Service components may be shared, via secured mechanisms, for security incident response purposes with other authorised participants in the academic and research distributed digital infrastructures authorised by EGI Foundation governance, only for the same purposes and only as far as necessary to provide the incident response capability where doing so is likely to assist in the investigation of suspected misuse of Infrastructure resources.

Outside the EU / EEA:

• Individuals responsible for organising the events, reviewing abstracts and managing sessions.
• Events' attendees.
• Anonymous users that may be accessing public events.

Any data transfer to a third country outside the EU or the EEA only takes place under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this privacy policy and any related policies adopted by the EGI Federation.

You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:

• Information about your data stored with us and their processing
• Correction of incorrect personal data
• Deletion of your data stored by us
• Restriction of data processing, if we are not yet allowed to delete your data due to legal obligations
• Objection to the processing of your data by us
• Data portability

You can complain at any time to the supervisory data protection authority (DPA) responsible for you. The responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at https://edpb.europa.eu/about-edpb/board/members_en.

You can contact EGI Foundation's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.

The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months.

We take appropriate technical and organisational measures to ensure data security and the protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access. 

A comprehensive overview of the technical and organisational measures taken by EGI Foundation can be found at EGI Documentation Database.