Privacy Policy

Privacy Statement regarding the protection of personal data in the context of ARGO Monitoring

Α public limited company (societe anonyme) under the corporate name "National Infrastructures for Technology and Research S.A.” and the distinctive title “GRNET S.A."
dpo at grnet.gr
ARGO Support Team
argo at grnet.gr
National Infrastructures for Technology and Research S.A. (hereinafter referred to as “GRNET SA") is bound by European Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation – hereinafter referred to as “the GDPR”) and Law 4624/2019 (Government Gazette 137/A/2019) on "Data Protection Authority, measures for the implementation of Regulation(EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and for the incorporation into national law of Directive(EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions”, as in force at any time (hereinafter referred to as “the Law”).

This Privacy Statement details all information necessary for the processing of personal data carried out in the context of Argo Service Monitoring., as well as the policies and procedures implemented by GRNET SA for the protection of the Argo Service Monitoring users privacy. This Privacy Statement sets out the criteria as well as the terms and conditions under which GRNET SA collects, processes, uses, stores and transmits the personal data of the service users, how it ensures the confidentiality of such information, including any law and/or regulation implemented or enacted in accordance with Union and national laws on personal data protection and electronic privacy, as well as any law and/or regulation amending, replacing, issuing or consolidating any of the latter, including any other applicable Union and national laws on the processing of personal data and privacy, which may exist in accordance with applicable law. GRNET SA reserves the right to amend and update this Privacy Statement whenever necessary, whereas any such updates shall become effective five (5) days after they have been posted on the Argo Service Monitoring website.

For the purposes of this Privacy Statement, the terms “processor”, “controller”, “third party”, “supervising authority”, “personal data”, “processing”, “data subject” shall have the meaning ascribed to them by applicable legislation on the protection of personal data.

In addition, for the purposes of the present, the following definitions shall also apply:
  • "Website" – the website accessible via domain name argo.egi.eu including the entirety of the web pages thereof.
  • " Argo Service Monitoring Service" - https://argo.egi.eu
  • “User”- the Argo Service Monitoring online service user, whom the data refers to, whose identity is known or may be verified, namely it may be directly or indirectly determined.

A. Purpose/s for processing the data collected:

i. GRNET SA– as processor – processes its “users" personal data as referred to in the following section, for the following purposes:

  • Authentication of Argo Service Monitoring service users
    • “Users” authentication is carried out through the login service EGI Check-in
  • Providing the Argo Service Monitoring service
    • Seamless operation of the "website" and the Argo Service Monitoring service.
    • Technical support to the "coordinators" of the Argo Service Monitoring service
    • Easy and user friendly operation of the "website".
    • Enhancement of the online experience in providing Argo Service Monitoring services
    • Proof of Acceptance of the Terms of Use and the Privacy Statement
  • Creation of statistical reports and charts to monitor the Argo Service Monitoring service
    • Statistical reports and charts data do not contain any “users” personal data, as they result from anonymized information.
    GRNET SA collects and processes “users” personal data in the context of providing the Argo Service Monitoring service solely for the above mentioned purposes and only to the extent strictly necessary to effectively serve such purposes. These data shall be relevant, appropriate and not more than those required in view of the aforementioned purposes. They shall also be accurate and, if necessary, updated. Furthermore, the aforementioned data shall be retained only during the period required as mentioned hereinabove, in order to accomplish the purposes of their collection and processing and shall be deleted after the end thereof (see below “Retention period of personal data”).
ii. GRNET S.A. – as the processor – collects and processes personal data of "users" using its infrastructure for the purpose of providing the Argo Service Monitoring.

B. Categories of personal data processed:

i. For the Authentication of Argo Service Monitoring “users”

The authentication of the service "users" is carried out through the EGI Check-in service , the local login of individual components. For the sole purpose of the authentication of the service "users", GRNET SA collects through the aforementioned authentication procedure, and processes – as processor- the following personal data per component:
  • ARGO MONITORING - WEB UI
    • Name
    • Surname
    • e-mail address
    • Affiliation, in broad categories such as student, faculty, staff, alum, etc, within a particular security domain representing the organisation or sub-organisation of the affiliation
    • Group membership and role information for the sole purpose of their authorised access to the service
    • In addition to the personal data retrieved through the aforementioned authentication procedure, the service collects the following personal data:
      • Name
      • Surname
      • e-mail address
      • Unique identifier for the sole purpose of their authentication in the service (Persistent Id).
      • Analysis of usage data (Google Analytics): Our website uses Google Analytics, a web analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (“Google”). Google Analytics uses cookies (text files which are stored on your computer and which enable an analysis of your use of the website). The information generated by the cookie about your use of our website will generally be transmitted to and stored by Google on servers in the United States. With the activation of IP anonymization on our website (see below), your IP address will be shortened by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Google will use this information on our behalf to evaluate your use of our website, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics is not combined with other data from Google. You can prevent the collection of the data generated by the cookie and related to your use of our website (including your IP address) and transmission to Google as well as the processing of this data by Google by downloading and installing the browser extension (plug-in) available under this link. For more information about privacy at Google Analytics, please see Google’s privacy policy.
  • ARGO MONITORING - POEM
    • User Name
    • Name
    • Surname
    • e-mail address
    • Last Login
    • Group membership and role information for the sole purpose of their authorised access to the service
    • In addition to the personal data retrieved through the aforementioned authentication procedure, the service collects the following personal data:
      • Distinguished Name
      • Display Name
      • Unique identifier for the sole purpose of their authentication in the service (Persistent Id).
  • ARGO MONITORING - Monitoring box
    • Unique identifier for the sole purpose of their authentication in the service (Persistent Id).
    • In addition to the personal data retrieved through the X509 authentication procedure, the service collects the following personal data:
      • Distinguished Name
      • Display Name
ii. For providing the Argo Service Monitoring service

For the use of the Argo Service Monitoring service as well as for the efficient and lawful provision of this service, GRNET SA processes – as processor – the following personal data:
  • The IP address wherefrom the “user “connects to the Argo Service Monitoring service
  • The X509 certificates
  • Service use timestamp
  • “Users” e-mail address.
iii. For communicating with Argo Service Monitoring service “users”

For communicating with Argo Service Monitoring service “users”, GRNET SA processes - as processor - the following personal data:
  • E-mail address
iv. Special categories of personal data

GRNET SA does not collect, process or gain access in any way to specific data categories, as set forth in the provisions of the legislation in force (in particular data relating to racial or ethnic origin, religion, health data, etc.). In the event that a "user" posts any such special category data on the “website” or on the Argo Service Monitoring, such data will be removed as soon as the management team become aware thereof.

C. Legal bases for processing

The processing of “users” personal data is necessary for the performance of the Agreement on the provision of Argo Service Monitoring services, in accordance with the needs (technical and organisational) to provide the best possible services, to serve the "users".

D. Access to personal data:

For providing Argo Service Monitoring services and the seamless operation of such services, access to the “users” personal data shall be granted to the following:
  • To the Argo Service Monitoring service support team, consisting of personnel engaged
    • in a contractual relationship of either a project or an independent service agreement with GRNET SA. hereinafter referred to as "GRNET associates”.
    • From SRCE, CNRS / IN2P3 hereinafter referred to as "GRNET Project Partners”.
The processing of Argo Service Monitoring service “users” personal data by the aforementioned, is carried out under the supervision and only at the request of GRNET SA, within the scope of the mission and the role of each associate. Such associates undertake to comply with the same privacy and personal data requirements as GRNET SA itself in accordance to the present Privacy Statement

E. Recipients of collected personal data:

GRNET SA shall in no way transmit or in any way disclose the Argo Service Monitoring service “users” personal data to any third-party entities, private businesses, natural persons or legal entities, public authorities, agencies or other organizations, other than as expressly set out herein. The Argo Service Monitoring service “users” personal data may be disclosed or transmitted to governmental authorities and/or law enforcement officials, only if necessary for the abovementioned purposes, in the context of enforcement of a court decision or a provision of law or if necessary to secure the legitimate interests of GRNET SA in its capacity as processor, in compliance with the terms and conditions of applicable law.

G. Personal data retention periods

The Argo Service Monitoring service users personal data shall be retained no longer than it is necessary for the needs of the service and the audits the service is subjected to.

More specifically:
Categories of personal data collectedTime and place of retention of personal data
  • IP address
  • Data from website navigation through Cookies
18 months (log retention)
  • Unique User Identifier,
  • User Name
  • Name
  • Surname
  • e-mail address
  • Last Login
  • Distinguished Name
  • Display Name
18 months (db) for the Unique user Identifier , User Name, Name, Surname, e-mail address, Last Login, Distinguished Name, Display Name will be deleted on user request

H. Privacy and Security of Information:

The processing of personal data by GRNET SA is performed in a manner that ensures both confidentiality and security thereof. All appropriate organisational and technical measures shall be taken to safeguard data against any accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access or any other form of unfair processing. The services provided by GRNET SA are constantly evaluated to be in line with the safety requirements of international standards. GRNET’s Information Security Management System (ISMS) has been certified by the accredited certification body, EUROCERT SA In particular:
  • Access to technical log data is restricted and can only be accessed in a secure way by the Argo Service Monitoring service staff.
  • When accessing the Argo Service Monitoring service adequate security controls are in place to keep your personal data safe in accordance with the classification of the personal data we have collected from you.
  • We use encryption (HTTPS) to keep data private while in transit. Data sent using HTTPS is secured via Transport Layer Security protocol (TLS), which provides a) Encryption—encrypting the exchanged data to keep it secure from droppers. b) Data integrity—data cannot be modified or corrupted during transfer, intentionally or otherwise, without being detected. c) Authentication—proves that your users communicate with the intended website.
  • The implementation of the Argo Service Monitoring service ensures that no unauthorized user can log into the service. An authorised user means a service user, who has an active account with the EGI Check-in service, having passed the authentication process mentioned above.
  • We review our information collection, storage, and processing practices, including physical security measures, to prevent unauthorized access to our systems
Although we follow best security practices to ensure your personal data remains secure, there is no absolute guarantee of security when using services online. While we strive to protect your personal data, you acknowledge that:
  • There are security and privacy limitations on the internet which are beyond our control and can have a negative impact on the confidentiality, integrity and availability of the information.
  • We cannot be held accountable for activity that results from your own neglect to safeguard the security of your login credentials and equipment which results in a loss of your personal data. If you feel this not enough, then please do not provide any personal data.
Your personal data will be protected according to the Code of Conduct for Service Providers , a common standard for the research and higher education sector to protect your privacy.

I. Contact:

For any questions or clarifications regarding the present Privacy Statement and as well as in the event of any violation related to personal data issues, "users" may contact the Competent Department of GRNET SA at the e-mail address mentioned hereinabove. They may also contact the Data Protection Officer (DPO) of GRNET S.A., Ms. Vera Meleti, and/or the deputy DPO, Ms. Vasiliki Konstantinopoulou at the e-mail address: dpo@grnet.gr.

K. Recourse/Complaint:

In the event that any Argo Service Monitoring “user” request is not satisfied by the processor, the "user" may at any time address to/ file recourse with the Competent Supervisory Authority, namely the Data Protection Authority https://www.dpa.gr .