1. Who are we?
The Software, Products and Services made available to you are provided by SixSq Sàrl (SixSq) located at Rue du Bois-du-Lan 8, 1217, Meyrin, Geneva, Switzerland.
SixSq is the data controller which collects your personal information, thus deciding (upon your consent) how that data is processed and for what purposes.
Rue du Bois-du-Lan, 8
1.1.2. Contact Information
SixSq Support: firstname.lastname@example.org
SixSq Info: email@example.com
Info/Support: +41 22 54 41 733
2. What personal data we collect from you?
During the process of registration for our services and products, we collect personal and unique information, which can be used to identify you, such as your email address, name, organization, and any other information that you might willingly share when you authenticate via a social provider or an identity federation.
With respect to the Federated Identity Portal, the following data, if available, (with respective attribute names in SAML:OIDC) are required and retrieved from the persons’ Home Organization:
- email (email:mail)
- user identifier (eduPersonPrincipalName:preferred_username)
- type of affiliation (eduPersonAffiliation)
- person’s affiliation within a particular security domain (eduPersonScopedAffiliation)
- home organization type (schacHomeOrganizationType)
- person’s home organization using the domain name of the organization (schacHomeOrganization)
- persistent, non-reassigned, opaque identifier for a principal (eduPersonTargetedID)
- the names of an object (commonName)
- the name(s) that should appear in white-pages-like applications (displayName:name)
- name strings that are the part of a person’s name that is not their surname (givenName)
- name strings for the family names of a person (sn)
- long-lived, non re-assignable, omnidirectional identifier (eduPersonUniqueId:sub)
- URI (either URL or URN) that indicates a set of rights to specific resources (eduPersonEntitlement)
The processing of personal data is governed by the General Data Protection Regulation (EU) 2016/679 (GDPR).
3. How will we use your personal data?
The personal data we collect from you is mostly used to identify you as a user/customer of our products and services (authentication and authorization). Your personal data (for example email) might also be used to communicate important matters related to your usage and general status (like billing, service maintenances, etc.) of the products and services you’ve registered to.
Your personal data might also be used to link your user account with your Cloud Service Providers (CSPs).
Any other personal data processing purposes other than the ones described in this notice will be preceded by a new data processing notice, asking for your consent.
3.1. Access to personal data
SixSq only reserves the rights to manage your personal data, it being entirely owned by you.
If at any time you wish to be provided with a copy of all the information we have about you, you have the right to request it using the contact information provided in section 1.
3.2. Data retention
Personal data can be completely erased on request. Other retention policies include removing personal data of inactive users after a period of 24 months.
3.3. Data integrity
As a data controller, SixSq complies with GDPR when it comes to:
- protecting personal information from loss, misuse and unauthorized access;
- storing, managing and deleting personal data;
- maintaining full transparency between the data we hold and the user;
- keeping personal data up to date.
Data integrity is enforced by the implementation of ISO27001 controls.
Personal data is not transferred to any 3rd parties unless:
- consent has been given by the user, or
- mandated by the Service Provider for enabling access to its service on its behalf;
- the 3rd party has undertaken similar duties considered sufficient under the data protection law applicable to the Service Provider.
3.5. Lawfulness of processing (according to Article 6 of the GDPR)
Lawful processing of your personal data is ensured by applying the following:
- “the data subject has given consent to the processing of his or her personal data for one or more specific purposes”;
No special categories of personal data (Article 9 of the GDPR) are processed by SixSq.
Where do we keep your personal data?
All personal data is kept within EU data centers and might be moved between data centers residing in other countries also within the EU. Personal data is protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.
Independently of the existing relations with third-party partners and references to other websites, this privacy notice only applies to SixSq’s websites and web services like sixsq.com, nuv.la, fed-id.nuv.la and any other public pages with static content, owned by SixSq and related to our services and products. This includes the documentation website ssdocs.sixsq.com.