| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| Name | Personal Data | Special Category | Data Format | Data Subject | Purpose | Legal bases | Location of PD | Retention Period | Controller Contacts | Processor Contact | Transfer | Recipient | Controls implemented | Interfaces |
| eduroam RADIUS server logs | Outer EAP-identity (username@institution_domain, username can be anonymised but not all users do that), Calling-Station-Id (users MAC address), Chargeable-User-Identity (users anonymous ID) | No | Digital | eduroam end users | debugging, providing quality service, monitoring load of system, dimensioning of the system, incident management and preventing fraud and misuse | (f) legitimate interest | ETLR located in Netherlands (Surfnet) and Denmark (DEIC) | TBD | GÉANT | Surfnet (Netherlands) DEIC (Denmark) | not transfered | N/A | (RADIUS + EAP (SSL used), HTTPS), protective measures according to each hosting centre's security policy. | data received from ETLR |
| eduroam F-ticks | realm, Calling-Station-Id (User’s device MAC address), | No | Digital | eduroam end users | debugging, providing quality service, monitoring load of system, dimensioning of the system, incident management and preventing fraud and misuse | (f) legitimate interest | European F-ticks server located in Croatia (Srce) | permanently | GÉANT | Srce (Croatia) | not transfered | N/A | protective measures according to each hosting centre's security policy. | data received from federation level RADIUS servers and optionaly from home and visited institution RADIUS servers |
| eduroam Database: NRO information | name, e-mail, phone number | No | Digital | (N)RO contact, if contact is person | performance of contract between GÉANT and (N)RO | (b) contract | Croatia | permanently | GÉANT | Srce | not transfered | N/A | protective measures according to each hosting centre's security policy. | data received form (N)RO |
| eduroam Database: institution information | name, e-mail, phone number | No | Digital | Institution contact, if contact is person | performance of contract between GÉANT and institution (IdP or SP) | (b) contract | Croatia | permanently | GÉANT | Srce | not transfered | N/A | protective measures according to each hosting centre's security policy. | data received form (N)RO |
| eduroam Database: service location information | name, e-mail, phone number | No | Digital | location contact, if contact is person | performance of contract between GÉANT and SP | (b) contract | Croatia | permanently | GÉANT | Srce | not transfered | N/A | protective measures according to each hosting centre's security policy. | data received form (N)RO |
| eduroam CAT (as of version 1.1) | eduPersonTargetedId or equivalent, real name, email address (administrator authentication) email address of new institution administrator (administrator authorisation) | No | Digital | institution administrators | allowing administrators to upload and maintain the information needed to create eduroam installation programs ("installers") within their country / institution (CAT customization) | (b) contract | Netherlands (Surfnet) | the authorisation status of administrators is retained permanently, TBD | GÉANT | Surfnet (Netherlands) | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to NRO personnel for general status updates) | NRO personnel | protective measures according to each hosting centre's security policy. | data received from eduroam SP proxy |
| eduroam Managed IdP | eduPersonTargetedId or equivalent, real name, email address (administrator authentication) email address of new institution administrator (administrator authorisation) usernames of the institution's users (pseudonymous) Outer EAP-identity (username@institution_domain, username can be anonymised but not all users do that), Calling-Station-Id (users MAC address), Chargeable-User-Identity (users anonymous ID) | No | Digital | institution administrators, end users | allowing administrators to upload and maintain the information needed to manage their end user base to the end of creating eduroam installation programs ("installers") within their country / institution, and to authenticate their users in eduroam | (b) contract | TBD | the authorisation status of administrators is retained permanently, TBD | GÉANT | TBD | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to end-users for credentialing, one variant to NRO personnel for general status updates) | NRO personnel | TBD | eduroam database, eduroam SP proxy authentication, administrator input |
| eduroam Managed SP | eduPersonTargetedId or equivalent, real name, email address (administrator authentication) email address of new institution administrator (administrator authorisation) Outer EAP-identity (username@institution_domain, username can be anonymised but not all users do that), Calling-Station-Id (users MAC address), Chargeable-User-Identity (users anonymous ID) | No | Digital | institution administrators, end users | allowing administrators to upload and maintain the information needed to manage their hotspot troubleshooting and statistics of hotspot deployment | (b) contract | TBD | the authorisation status of administrators is retained permanently, TBD | GÉANT | TBD | System sends emails with invitation tokens (one variant to institution administrators for sign-up, one variant to NRO personnel for general status updates) | NRO personnel, hotspot administrators | TBD | eduroam database, eduroam SP proxy authentication, administrator input, logged RADIUS transactions |
Instructions
The table above should be filled with all data which is collected or processed by Geant Services according with Article 30 from GDPR. Below are described all the table's points and also the information they shall be provided to complete this exercise. You can find as well the match between GDPR requirements and the points from Data Mapping marked with ().
1 Name - Name of the service or project and dataset, if applicable;
...
15 Interfaces - Who receive and who send personal data- Service, Applications / What are the channels used for communication / What kind of services are connected eg. internet, firewall, storage devices (Cloud Systems);