Description of the eduPKI Service
eduPKI service is provided to other GÉANT services as support in defining their security requirements and providing them with digital certificates.
eduPKI CA is a Certification Authority that issues X.509 digital certificates for GÉANT Services who are not able to obtain suitable certificates for these services from a CA local to them. The certificates are issued in accordance with the Trust Profiles defined by eduPKI Policy Management Authority (PMA) to meet the demands of GÉANT Services.
There are two GÉANT services that have eduPKI trust profiles: eduroam and family of GÉANT Multi-Domain Network services.
To view the general Privacy Notice for GÉANT, please visit the GÉANT website.
When accessing this web-server (www.edupki.org) the applicable privacy notice is at:
- Privacy Notice DFN-Verein for www.edupki.org: https://www.dfn.de/en/association/datenschutz/
Below is the privacy notice for the eduPKI CA service (i.e. when requesting an eduPKI certificate directly or using the Java Web-Start eduPKI Certificate Request Generators) as part of the eduPKI service provided by our web-services reachable at pki.edupki.org, ra.edupki.org, cdp.edupki.org and ocsp.edupki.org.
Privacy Notice eduPKI CA service:
Why We Collect Personal Data
eduPKI collects personal data to manage the complete lifecycle of X.509 certificates.The personal data can be part of the issued certificates, may be needed as contact information, or may be part of an audit trail to ensure the trustworthiness of the PKI.
What Personal Data We Collect and Process
eduPKI collects and processes the following data:
- Logs with IP addresses, timestamps and identity (for Registration Authorities) of visitors who use website functions regarding certificate lifecycle, such as placing or approving a certificate application with a request;
- Names that are to be included in a certificate: Surname, given name(s), email-address, organisation name and organisational unit name(s) for user certificates; FQDN, optional email addresses for server certificates;
- Contact data: Surname, given name, e-mail-adress, organisation name;
- Certificate and request data: public key, the serial number of issued certificates, the fingerprint of the public key;
- The PIN you entered into the request form;
- Your signature and date of signing;
- Type of ID:
- additionally the last 5 characters of ID document number when registering Registration Authority staff with the eduPKI PMA;
- Signature of Registration Authority approving a request.
Who Do We Share Data With?
Request and contact data is not shared with anyone.
Data about certificate revocations is per its nature public.
Certificates and its contained data may be shared via a public web search, if the subscriber agreed to publish the certificate during certificate application time.
We support the following processes to ensure the security of your data:
- Minimisation of personal data we collect;
- Managing, limiting and controlling access to personal data;
- Resilience of processing systems and services;
- Regular testing of the effectiveness of measures implemented.
You have the right to ensure:
- We process your data fairly and lawfully;
- Your data is accurate (to rectify data released by your home organisation, please contact directly);
- The data we collect is not excessive but only the data we require to provide the service;
- Your data is secure;
- Your personal data is securely destroyed when no longer required
You also have the right to ask what personal data we hold about you, and to complain to the Supervisory Authority (Autoriteit Persoonsgegevens at https://autoriteitpersoonsgegevens.nl) about our data processing activities if you feel your data is not being managed as described here.
Data Controller and Contact
Data Protection Officer
Amsterdam - Zuidoost
Telephone number: +31 20 530 4488
Verein zur Förderung eines Deutschen Forschungsnetzes e. V. (DFN-Verein)
Telephone number: +49 30 88 42 990
Dutch Data Protection Authority
2509 AJ DEN HAAG
Telephone number: +31 70 888 85 00