Privacy Policy

TitlePrivacy Policy

Explanation

Generally applicable privacy policy (for websites, services, repositories, etc.)

It is highly recommended to collect and prepare the following information in advance:

the type of private information collected
reasons and legal bases for collecting private information
third-party services you are using that collect private information
details about handling private information (retention period, sharing, removal)
rights and responsibilities (to whom questions and complaints are submitted

Panels and input elements

General Information

Label / ID / Description	Type / Mandatory	Displayed - "value" (default: green)
Service name service_name Enter the name of the website, service or repository for which you wish to generate a policy.	ONELINE *
Use ‘the’ before Service name service_name_the Check this field if the name of the service requires the use of a definite article. It is not used before a proper name or acronym pronounced as a single word. If the name begins with ‘University’, you must use it.	BOOLEAN	✓true
Service URL service_url	ONELINE
Owning institution service_owner Provide the name of the legal entity or body/unit owning the service. This field is mandatory because the policy must be bound to an entity.	ONELINE *
Use ‘the’ before Owning institution service_owner_the Check this field if the name of the owning institution requires the use of a definite article. It is not used before a proper name, company name or acronym pronounced as a single word. If the name begins with ‘University’, you must use it.	BOOLEAN	✓true
Date of the policy document policy_date	DATE	✓current_date

Legal

Label / ID / Description	Type / Mandatory	Displayed - "value" (default: green)
Legal basis for collecting personal data legal_basis Check all that apply.	SELECTMANY	Contract - "contract" Legal obligation - "legal obligation" Legitimate interest - "legitimate interest" ✓Consent - "consent"
Compliance with compliance_includes Check all that apply.	SELECTMANY	✓GDPR - "GDPR" ✓National legislation - "national legislation" Other - "other"

Data Collection

Label / ID / Description	Type / Mandatory	Displayed - "value" (default: green)
Personal identification information from the users is collected using these methods collection_methods Check all that apply. Specify any services that collect personal data.	SELECTMANY	✓Main service - "main service" ✓Data from identity providers - "data from identity providers" Web analytics - "web analytics" Cookies - "cookies" ✓Registration - "registration" ✓Feedback form - "feedback form" ✓Newsletter - "newsletter" Services in subdomains - "services in subdomains" Third-party services - "third-party services" Other - "other"
Reasons for data collection collection_reasons Check all that apply. Specify all applicable reasons for service/website collection of personal data.	SELECTMANY	Required for service operation - "required for service operation" Service operation or usage monitoring - "service operation or usage monitoring" Technical support - "technical support" Enhancement of service experience - "enhancement of service experience" Service usage statistics - "service usage statistics"
Types of data collected by use of the service collected_data cm_main_service collection_methods contains "main service" Check all that apply.	POOLPICKER	✓IP address or Internet domain of the accessor - "IP address" ✓Date and time - "date and time" ✓Pages visited - "pages visited" HTTP header field 'Referer' with the webpage from which the resource was linked - "HTTP 'referer'" Type of device, browser and operating system and screen size - "type of browser and operating system" Location - "location"
Types of data collected from identity providers collected_data_from_idp cm_idp collection_methods contains "data from identity provider" List user information required from identity providers in order to use the service, e.g., what university or institution you are logging in from.	POOLPICKER	✓Person’s name (first name and surname) - "person’s name (first name and surname)" ✓Personal email - "personal email" ✓Person’s organisation - "person’s organisation" ✓Affiliation in broad categories such as student, faculty, staff, etc. - "affiliation in broad categories such as student, faculty, staff, etc." ✓Indication of rights to specific resources (entitlement) - "indication of rights to specific resources (entitlement)" ✓Home organisation - "home organisation" Institutional email - "institutional email" Organisational unit - "organisational unit" Office telephone number - "office telephone number" Computer system login name or person’s identifier with - "computer system login name or person’s identifier with" Person’s interinstitutional or national educational identifier - "person’s interinstitutional or national educational identifier" ORCID iD - "ORCID iD" Preferred language - "preferred language" Compliance with specific standards for identity assurance - "compliance with specific standards for identity assurance"
Used web analytics tools web_analytics_tools cm_web_analytics collection_methods contains "web analytics" Check all that apply.	SELECTMANY	✓Google Analytics - "Google Analytics" Matomo - "Matomo" Other - "other"
Cookies cookies cm_cookies collection_methods contains "cookies"	SELECTONE	Used, but not required - "used, but not required" Required - "required"
Cookie policy URL cookie_policy_url cm_cookies collection_methods contains "cookies"	ONELINE
Third-party cookies third_party_cookies cm_cookies collection_methods contains "cookies"	BOOLEAN	✓false
Country of data processor processor_country Indicate the country of external processor (e.g., cloud provider), if any	ONELINE
Data is stored as long as it is necessary. stored_as_necessary	BOOLEAN	✓true
Duration of storage (months) duration_of_storage limited_storage stored_as_necessary == "false"	INTEGER
IP addresses are stored as long as it is necessary. stored_ip_as_necessary	BOOLEAN	✓true
Duration of storage for IP addresses (months) duration_of_storage_ip limited_ip_storage stored_ip_as_necessary == "false"	INTEGER
Data may be shared data_sharing Specify cases when personal data may be shared.	BOOLEAN	✓false
Personal data may be transferred outside the EEA. possible_transfer_outside_eu In some cases, it may be necessary to transfer personal data to countries outside the European Economic Area (EEA). By choosing this option, you warrant that this will be done in line with relevant legal and technical data protection regulations.	BOOLEAN	✓false
Data erasure may limit service data_erasure_may_limit_service Data erasure may have negative consequences on service functionality.	BOOLEAN	✓true
Some data may be subject to automatic processing. automated_processing	BOOLEAN	✓false
Personal information may be erased. data_erasure	BOOLEAN	✓true
Age limit for personal data in years age_limit Children younger than indicated are prohibited from using the service.	INTEGER

DPO Contact

Label / ID / Description	Type / Mandatory	Displayed - "value" (default: green)
Name dpo_name Name or the DPO position title in the local language.	ONELINE *
Organization dpo_organization	ONELINE *
Address dpo_address	ONELINE *
Country dpo_country	ONELINE *
Email dpo_email	ONELINE *
Telephone dpo_telephone	ONELINE *

Supervisor Contact

Label / ID / Description	Type / Mandatory	Displayed - "value" (default: green)
Name supervisor_name	ONELINE
Organization supervisor_organization	ONELINE *
Address supervisor_address	ONELINE *
Country supervisor_country Assumed as the country of the service in terms of legal jurisdiction.	ONELINE *
Email supervisor_email	ONELINE *
Telephone supervisor_telephone	ONELINE *

Policy Updates

Label / ID / Description	Type / Mandatory	Displayed - "value" (default: green)
Policy update notifications policy_update_notifications Check if you plan to send policy update notifications to registered users.	BOOLEAN	✓false

Conditions

Condition ID	Expression
gdpr	compliance_includes contains "GDPR"
national_legislation	compliance_includes contains "national legislation"
compliance_other	compliance_includes contains "other"
cm_main_service	collection_methods contains "main service"
cm_idp	collection_methods contains "data from identity provider"
cm_web_analytics	collection_methods contains "web analytics"
cm_cookies	collection_methods contains "cookies"
cm_registration	collection_methods contains "registration"
cm_feedback	collection_methods contains "feedback form"
cm_newsletter	collection_methods contains "newsletter"
cm_subdomains	collection_methods contains "services in subdomains"
cm_third_party_services	collection_methods contains "third-party services"
cm_other	collection_methods contains "other"
use_google_analytics	web_analytics_tools contains "Google Analytics"
use_matomo	web_analytics_tools contains "Matomo"
web_analytics_other	web_analytics_tools contains "other"
supervisor_exists	NOT(EMPTY(supervisor_name) AND EMPTY(supervisor_organization) AND EMPTY(supervisor_address) AND EMPTY(supervisor_country) AND EMPTY(supervisor_email) AND EMPTY(supervisor_telephone))
dpo_exists	NOT(EMPTY(dpo_name) AND EMPTY(dpo_organization) AND EMPTY(dpo_address) AND EMPTY(dpo_country) AND EMPTY(dpo_email) AND EMPTY(dpo_telephone))
limited_storage	stored_as_necessary == "false"
limited_ip_storage	stored_ip_as_necessary == "false"

Panels and input elements

General Information

Legal

Data Collection

DPO Contact

Supervisor Contact

Policy Updates

Conditions

No triggers defined for this form.