WaTTS privacy policy and description

Description of the service

The service WaTTS is a Token Translation Service (TTS) that provides a layer where identities, enrollment, group membership and other attributes and authorization policies on distributed resources can be managed in an homogeneous way. In particular, the WaTTS acts as a central service for authentication and authorization management for linked Helmholtz Data Federation services. The service is operated by the Karlsruhe Institute of Technology (KIT).

What personal data is collected and why (purpose of data processing)

Each time you access WaTTS the following information is collected:

This data is necessary for account management purposes (e.g. to contact you to inform you of changes to the service or for security purposes), and for the reasons given in the paragraph below.

Log records of your access to and actions on WaTTS are retained. These records contain:

This data is necessary to ensure that the WaTTS service is reliable and secure, such as for assisting in the analysis of reported problems, contacting you if a problem is identified with your account and responding to security incidents. This data may also be used for authorised services acting on behalf of authorised users.

Who your personal data is disclosed to

The collected personal data is only accessible by the authorised personnel of KIT, and then only for reasons outlined above. Your data may be disclosed to outside parties part in accordance to [relevant HDF security policy/GEANT Code of Conduct v2 draft], as part of incident response procedures.

How to access, rectify, and delete your personal data

WaTTS receives personal data from the OIDC provider. If used provider permits or support info editing functionality, you may edit the data there. Please be aware that changing certain data (e.g. identifier sent by the OIDC provider), may render some of the functionality inaccessible.

For the data retained by WaTTS, you may use service manager contacts provided below to access or rectify information.

How long your personal data will be retained

Records of your use of WaTTS, collected for reasons of security (described in 4 above) will be deleted, at latest, 24 months after your last use of the service.

Other personal data can be deleted immediately or on request as described above.

Contact information

Service managers: watts-prod@lists.kit.edu

Data controller: watts-prod@lists.kit.edu

Supervisory authorities (DPAs):