Access & Identity Management
Eduserv Background Image Go to main textinnovative technology services
Home
Athens
Chest
Web Solutions
Foundation
You are in :    Eduserv > Athens > Privacy policy
Log on to

In this section

Privacy Policy

The Eduserv Athens corporate website uses web analytics products, Google Analytics and ClickDensity to analyse user traffic to the site. These analytical tools use 'cookies' to collect standard internet log information and visitor behaviour information in an anonymous form. The information generated by the cookie about your use of the website (including your IP address) is transmitted to Google and ClickDensity. This information is then used to evaluate visitors use of the website and to compile statistical reports on website activity for Eduserv Athens.

In providing the Athens service (MyAthens and administrators interfaces), Eduserv holds and uses the personal information of registered Athens users and administrators. As such, Eduserv is a data controller for the purposes of the Data Protection Act 1998 ("the Act") and subject to certain obligations with respect to the processing of that personal information. This privacy policy sets out the basis on which Eduserv holds and uses personal data in relation to the provision of the Athens service.

1. Athens

Athens is the access and identity management software, owned and operated by Eduserv, which is used for controlling access to web based subscription services.

Organisations wishing to use the Athens service are required to register with Eduserv. Once registered, Athens accounts may be created for individuals within or affiliated to the organisation. Athens' registered organisations are required to nominate a systems administrator responsible for creating and maintaining Athens accounts.

2. Personal Information

2.1. Registered users (classic Athens)

When an Athens account is created, the registered user is required to provide a variety of personal data either directly to Eduserv over its web site or to the systems administrator of their organisation, who will create the Athens account and transmit the relevant personal information to Eduserv.

This personal data is held by Eduserv in a database on servers located at Eduserv principal place of business and not less than two other locations within the United Kingdom. The personal data held may include name, organisational identifier, department, email address, username, role and other relevant information which Eduserv requires to provide the Athens service.

Personal information about your account is made available to Athens systems administrators via the Athens Administration Interface. It may be used by the administrator to identify and contact the individual and to generate statistics about usage of Athens accounts. Athens systems administrators are appointed by their organisation to perform this role, and are subject to Athens Terms and Conditions, which include a requirement to meet appropriate privacy legislation.

2.2. Registered users (local authentication)

Your organisation may operate an Athens-enabled local authentication service (such as Shibboleth or AthensDA), where users are not issued with Athens accounts. In those circumstances your organisation will not pass any personal information to Eduserv, and your organisation will be the data controller of that information for the purposes of the Act. When you seek to access a resource using your Athens-enabled account, your organisation's systems will pass the same information to Eduserv systems that Eduserv provides to resource providers as described below. The only information recorded by Eduserv for this category of users is the Persistent UID or targetedID which is used purely for statistical purposes. It cannot be linked to any personal data held by Eduserv.

2.3. Athens Administrators

Each Athens administrator is required to provide Eduserv with the following personal data about themselves: name, email address and telephone number.

Eduserv will hold this personal information on the Athens database and use it to contact the systems administrator in relation to the Athens accounts for which they are responsible.

Organisations must also provide Athens with at least one of the following: contact name, telephone number, email address or URL to enable registered users to contact their Athens administrator with Athens-related enquiries. The information supplied will be made publicly available on Eduserv websites.

Eduserv will retain the personal data of systems administrators whilst they remain the nominated Athens administrator for their organisation, and will delete it when the account is deleted.

2.4. Account deletion

Eduserv will keep the personal data of registered users whilst they remain registered users and it will be deleted when the account is deleted by the systems administrator. Athens may hold personal data as part of its backup procedures for a period of up to twelve months after account deletion.

Following account deletion, Athens will still hold statistical information about the account, however this information will be linked only to the username and/or Persistent ID and it will not be possible to obtain any personal information about the individual.

3. Information passed to resource providers

When you log into your Athens account using your username and password, the Athens database will be searched to verify your account details. When you seek to access a resource to which your organisation (the university or college, company, firm or other entity which has arranged access to a resource on your behalf and authorised you to access that resource pursuant to its arrangements with the resource provider) subscribes, Eduserv's computer systems will confirm to the resource provider whether the Athens database indicates that you are entitled to access the resource concerned.

As part of this process, two pieces of information associated with your account will be disclosed to the resource provider:

A persistent ID contains information which enables the resource provider to track your usage of the relevant resource, but does not contain any personal information about you. This enables the resource provider to compile statistics about the use of the resource and build up a profile of your usage so that the presentation of the resource can be adapted to reflect your own personal preferences when you access it.

The resource provider may optionally request further information about the organisation that issued the user account:

Athens may also be used by online suppliers of goods and services to authenticate certain attributes about you to determine whether you qualify for discounts or promotions when purchasing those goods and services. If you seek to purchase goods and services from such suppliers using your Athens account then Eduserv may receive a request to disclose additional personal information that Eduserv hold about you to the supplier. You will be asked to confirm your consent to the provision of that information before Eduserv disclose it. If you do not agree to the disclosure of that information to the supplier then you may be unable to purchase the goods or services from the supplier using your Athens account. In those circumstances you will need to make alternative arrangements with the supplier for the purchase.

Your personal information is not used for any other purpose by Eduserv.

4. Transfer of Information Overseas

Some of the resource providers which use Athens authentication, and which registered organisations subscribe to, are based in the United States of America. The laws governing data protection and privacy in the USA differ from those in the United Kingdom. It will be necessary to disclose the personal information of registered users to those resource providers in the manner described above, in order to provide the Athens service in relation to those resources.

Eduserv will only disclose that information however to resource providers who operate under the "safe harbour" arrangements operated within the USA which provide protection for the security and confidentiality of your personal information or where Eduserv have entered into contractual or other suitable arrangements with the relevant resource provider to provide what Eduserv considers to be adequate levels of protection.

5. Business Transfer

If Eduserv or the Athens service is sold or integrated with another business, your Athens details will be passed on to the new owners of the business.

6. Cookies

A "cookie" is a text-only string of information that a web site transfers to the cookie file of the browser on your computer's hard disk so that the web site can record and read a small amount of information.

Eduserv use two types of cookies when you use Athens:

Session Cookies which remain in the cookie file of your system for a maximum of eight hours after they were initially created or are automatically removed if your browser session is terminated before the eight hour period has elapsed. These cookies contain the Athens username and an Athens token and are used to facilitate the Athens single sign on service, enabling you to access all of the Athens registered resources which you are entitled to access using your Athens account. Neither the Athens username nor the token contain any personal information.

Persistent Cookies which remain in the cookie file of your browser until they are deleted or if earlier, eighteen (18) months from their creation. These cookies contain information to identify the login point for the user's Athens organisation and are only used where your organisation operates Athens DA.

You can set your browser to warn you before accepting cookies and refuse the cookie when the browser alerts you to its presence. You can also refuse cookies by adjusting the appropriate setting in your browser, but you may not be able to use the Athens single sign-on service, nor use Athens in circumstances where your organisation operates using AthensDA. You can easily delete any cookies that have been installed in the cookie folder of your browser. See your browser help for details.

Please note that resource providers may also use cookies when you are accessing the resource which they provide. Such cookies are not the responsibility of Eduserv and you should contact the resource provider directly if you encounter any problems.

More information about cookies can be found at http://www.allaboutcookies.org/cookies/.

7. Access to your personal information

You can view the personal information held about you by logging in to MyAthens with your username and password.

Your Athens administrator is responsible for the continued maintenance of your Athens account. Accordingly, in the event that you require the information which Eduserv hold about you to be updated or amended, please contact your Athens administrator in the first instance. If the relevant information is not amended to your satisfaction, then please contact Eduserv data protection officer at the address given below.

Alternatively, you have a right to request a copy of the personal information which Eduserv holds about you and to have any inaccuracies corrected. Eduserv levy a small charge for the provision of such information which will be notified to you when Eduserv receives an information request. Please address all such requests to the data protection officer at the address given below.

8. Scope of this privacy policy and updates

This privacy policy applies only to the use of your personal information by Eduserv in connection with the Athens service. The use of personal information by your organisation or any resource provider will be governed by their own privacy policies from time to time. Eduserv are unable to accept responsibility for the use of any of your personal information by your organisation or any resource provider.

Eduserv may update this privacy policy from time to time, and an updated version will be placed on this page. Regularly reviewing this page ensures that you are always aware of the information Eduserv collects, how it is used and under what circumstances, if any, Eduserv will share it with any other parties.

9. Security of your personal information

Eduserv is required to take appropriate technical and organisational measures to secure your personal data. In order to comply with this requirement, the servers containing your personal data are located in secure data centre locations with physical access limited to authorised staff. All data transmissions to and from the Athens database are securely encrypted. Furthermore, any password you send or submit to Eduserv is one-way encrypted before it is stored in the Athens database. The data is processed automatically by Eduserv's systems without any human intervention. Only in the event of a technical problem will any Eduserv staff become involved.

All Eduserv staff have been instructed in the importance of adherence to the principles of the Act and Eduserv endeavours to ensure that they comply with the terms of this privacy policy. The personal data which Eduserv holds is never modified or disclosed to a third party other than as described in this policy. Eduserv continually monitors measures which seek to ensure the security and confidentiality of the information that Eduserv collects, and its proper use.

10. Data Protection Officer

Eduserv, a company limited by guarantee under no. 03763109 whose registered office is at 13 Queen Square, Bath, BA1 2HJ, is a data controller of your personal data for the purposes of the Act. As discussed above, your organisation and each resource provider may also be a data controller and their use of your personal information will be governed by their own privacy policies.

Eduserv have appointed a Data Protection Officer with responsibility for ensuring that Eduserv complies with the Act and for liaising with data subjects in relation to issues relating to the Act. All questions or enquiries about this privacy policy or Eduserv's compliance with the Act should be addressed in the first instance to the Data Protection Officer, Eduserv, Queen Anne House, 11 Charlotte St, Bath, BA1 2NE.


 
About us | Contact us | Site map
© Copyright Eduserv - All rights reserved | Terms and Conditions | Privacy policy