How your personal information is used within AAI
Your Home Organization stores personal data about you. Some of it, the so-called Authorization Attributes, is used within the AAI to control your access to protected resources of SWITCHaai participants. The use of these Authorization Attributes is subject to certain rules and regulations:
- The AAI bases on legal regulations already in force like the applicable data protection law. Participants in the AAI can only act within these boundaries.
- Moreover, all Home Organizations and Resource Owners have agreed to a common set of guidelines - the AAI Policy - which describes the rules of good conduct and lists the legal regulations already in force.
- Each SWITCHaai participant ensures that appropriate technical and organizational measures are taken against unauthorized or unlawful processing of your data. They also take precautions against its accidental loss or destruction.
- Home Organizations release attributes only to SWITCHaai participants; and only those attributes requested by a particular Resource Owner.
- Resource Owners may only request attributes that are relevant to their application.
- Home Organizations are responsible to keep your personal data accurate.
- The transfer of personal data from the Home Organization to the resource is encrypted.
- In its function as the provider of central AAI Services, SWITCH neither receives, decrypts nor stores any of your personal data. In the role as owner of an AAI-protected resource, SWITCH underlies the same rules as any other resource owner.
- The AAI does not store any personal data as cookies in your browser.
- According to the data protection acts you have the 'right of information' for your personal data. For details get in contact with your Home Organization.