Privacy Policy
PN00024 - Privacy Notice: CERNBox Service
Each Service at CERN is responsible for compiling its own Privacy Notice(s) regarding the data it processes as a controller.
This Privacy Notice is part of CERN's Layered Privacy Notice and details the processing that is unique to this Service. It does not address:
- processing by other services on which this Service may rely and which have their own Privacy Notice,
- processing activities carried out by this Service as a processor on behalf of other services, as processing services are not obliged to document their processing activities.
Personal Data we process
The personal data we have, and how it's used:
| Personal Data | Purpose | Basis - Explanation | Source |
|---|---|---|---|
| Your Name and Account name | (user data) to identify you and to allow sharing with individual users | Legitimate interest of CERN | Single Sign On and Account Management Services |
| Picture | (user data) optional, uploaded directly by you through the UI, to be displayed to other users of the service | Consent | You |
| Your settings and preferences | (user data) to tailor the service to your needs | Legitimate interest of CERN | You |
| E-mail address | (user data) Used to send messages to the user (sharing notifications) | Legitimate interest of CERN | Single Sign On and Account Management Services |
| CERN authentication information (when you signed into the service, and the log of the authentication session) | (user data) collected each time you sign in with CERN SSO; used for service provision and troubleshooting | Legitimate interest of CERN | Single Sign On and Account Management Services |
| E-group membership | (user data) used to identify whether the user can have access to service functionalities (project spaces, sharing) | Legitimate interest of CERN | Single Sign On and Account Management Services |
| IP address | (operations metadata) used for service provision (client rollouts), security investigations and service operations (debugging) | Legitimate interest of CERN | automatically collected from the device you are using |
| Your approximate location (nearest country) | (operations metadata) used for anonymised service maps and troubleshoot Internet routing issues | Legitimate interest of CERN | automatically collected from the device you are using (derived from the IP address) |
| Type of your operating system, incl. your CERNBox client type and version | (operations metadata) collected at each connection, used for service provision and optimization, and logged for statistics and user support, to detect old versions of your CERNBox client or those with known defects and to invite you to upgrade | Legitimate interest of CERN | automatically collected from the device you are using |
| Your data and its associated metadata | (user data) To back-up the data in order to guarantee business continutity, to optimize service operations and to assure integrity of the data | Legitimate interest of CERN | You |
| Log of your CERNBox operations (type of activity, date and time) | (operations metadata) Service functioning, to provide user support and troubleshooting. To audit and maintain the integrity of the archive | Legitimate interest of CERN | automatically collected from the device you are using |
| Standard personal data collected by ServiceNow for support. Details here |
Service support | Legitimate interest of CERN | SNOW |
Personal Data we keep
The personal data we store, for how long and why:
| Personal Data | Retention Period | Purpose |
|---|---|---|
| Your data and its associated metadata | 6 months after the end of the lifetime of your data | Service functioning and data recovery, including a backup depth of at least 6 months |
| Your data and its associated metadata | 12 months after the end of your contract | To transfer ownership of your data to the appropriate successor service or person |
| all data above referenced under "operations metadata" | 13 months after the date of the log | Service operations, debugging, statistics, data recovery |
| Log of your CERNBox operations (type of activity, date and time) | 5 years | To audit and maintain the intergrity of the archive |
Who at CERN has access
In addition to yourself, personal data collected by this Service is accessible by the following services, teams or individuals at CERN:
| Personal Data | Who | Purpose |
|---|---|---|
| all data above | CERNBox service | To provide the service |
| Your account name, Log of your CERNBox operations regarding sharing activities and logins, and Your settings and preferences | DB operation team | To store the data |
| Your account name, Log of your CERNBox operations (type of activity, date and time) | Monitoring team | To store the data |
| Your Name and Account Name | Authenticated Users | Sharing autocompletion |
| Upon a failure of the web application we process your username, URL, browser, platform, time and date, and the action triggering the crash. | Sentry service | To debug crashes and improve the service |
Personal Data we may transfer to others
Personal data we share with entities or individuals outside the Organization:
| Personal Data | 3rd Parties | Purpose |
|---|---|---|
| Document content | Microsoft (various locations) | CERNBox uses the Microsoft cloud for processing certain Office documents. Whenever you open or edit a Word, Powerpoint or Excel document online using the CERNBox web interface, using the default "Open in MS 365 on Cloud" option, the document content is transferred to Microsoft. Further details are available at https://privacy.microsoft.com/en-us/privacystatement. Operations on other types of document are not affected, nor are standard CERNBox operations such as file browsing, syncing and sharing. |
| Your IP address | Microsoft (various locations) | To establish a connection with the Microsoft cloud when you edit Word, Powerpoint or Excel documents through the web interface. |
| Account name | Microsoft (various locations) | To identify you on collaborative sharing sessions and track changes when you edit Word, Powerpoint or Excel documents through the web interface. |
| Name | Microsoft (various locations) | To identify you on collaborative sharing sessions and track changes when you edit Word, Powerpoint or Excel documents through the web interface. |
| File name and path | Microsoft (various locations) | To display the file and path when you edit Word, Powerpoint or Excel documents through the web interface. |
| Browser and platform | Microsoft (various locations) | Your browser will directly transmit details including your operating system and choice of browser software. |
For more detailed information about personal data and privacy please refer to the Data Privacy web site .
For questions regarding this Privacy Notice, please contact this Service.
For questions regarding personal data and privacy please contact the Office of Data Privacy .
To request to exercise data subject rights please fill and submit the following online form.
This Privacy Notice is subject to revision.
Last revision: 13-09-2022 09:07:53
Cannot find what you need here? Do you simply need advice or assistance? The Service Desk is here to help.
Call the Service Desk on: 77777 (07:00 - 18:30 work days, Geneva time)