Donders Repository Privacy Policy

This privacy policy describes how the Donders Repository (in the following called "the service") processes and stores data about its users.

The service is provided by the Donders Institute for Brain, Cognition and Behaviour (Kapittelweg 29, 6525 EN Nijmegen, The Netherlands), which is part of the Radboud University.

The service has the following objectives:

  1. Data preservation and reuse in the DI
  2. Documentation of the research process
  3. Open access data sharing

The service processes and stores two types of data about its users: (a) information obtained from the user's identity provider (IdP) and (b) information pertaining to the user's interaction with the service.

The following data are obtained from your IdP upon login:

  1. Your name (given name and surname)
  2. The name of the home organization of your IdP
  3. The personal identifier assigned to you by your IdP
  4. The email address assigned to you by your IdP

The following data are obtained from your interaction with the service:

  1. Your roles in the system that allow you to access collections (i.e., organized sets of data), and when changes in roles were made
  2. The modifications that you make to a collection's files and/or attributes
  3. Your access to collection's files and/or attributes

The personal data stored by the service is not accessible to other users of the service, unless this is required for the objectives of the service. To realise these objectives, the following is required:

  1. A collection manager, who is responsible for the access to the collection, must know who currently has access to this collection and who has had access in the past.
  2. All users of a collection must be informed about changes to this collection's files and/or attributes, who has made these changes and when these were made.

Therefore, if you get access to a collection, the collection's managers will always be informed about this, even if this collection was intended for sharing outside the DI (i.e., a closed Data Sharing Collection). In addition, if you make changes to a collections, these will be visible to everyone who has access to this collection.

The personal data stored by the service are not shared with other services, unless required for the objectives of the service.

Personal data are stored for as long as is required for the objectives of the service. If collections are deleted, then also the personal data associated with those collections are deleted.

This privacy policy is in agreement with the GEANT Data Protection Code of Conduct (version 1.0, 14 June 2013) and with the Dutch law on the protection of personal data.