How your personal information is used within SWITCHaai
Your Home Organization stores personal data about you. Some of it, the so-called Authorization Attributes, is used within SWITCHaai to control your access to protected resources of SWITCHaai participants. The use of these Authorization Attributes is subject to certain rules and regulations:
- SWITCHaai bases on legal regulations already in force like the applicable data protection law. Participants in SWITCHaai can only act within these boundaries.
- Moreover, all Home Organizations and Resource Owners have agreed to a common set of guidelines - the SWITCHaai Federation Policy is chapter 3 of the SWITCHaai Service Description - which describes the rules of good conduct and lists the legal regulations already in force.
- Each SWITCHaai participant ensures that appropriate technical and organizational measures are taken against unauthorized or unlawful processing of your data. They also take precautions against its accidental loss or destruction.
- Home Organizations release attributes only to SWITCHaai participants; and only those attributes requested by a particular Resource Owner.
- Resource Owners may only request attributes that are relevant to their application.
- Home Organizations are responsible to keep your personal data accurate.
- The transfer of personal data from the Home Organization to the resource is encrypted.
- In its function as the provider of central SWITCHaai Services, SWITCH neither receives, decrypts nor stores any of your personal data. In the role as owner of an AAI-protected resource, SWITCH underlies the same rules as any other resource owner.
- SWITCHaai does not store any personal data as cookies in your browser.
- According to the data protection acts you have the 'right of information' for your personal data. For details get in contact with your Home Organization.