SSH-OIDC Server privacy policy and description

Description of the service

The service ssh-oidc is a simple ssh server that provides shell access to its users.

User accounts are dynamically created, depending on the attributes that you send make available to us, by sending your OIDC Access Token.

What personal data is collected and why (purpose of data processing)

Each time you access the service, the following information is collected:

• First name
• Last name
• Email address
• Unique identifier
• Eduperson_assurance
• Eduperson_entitlement.

We receive these data as released by the OIDC Provider (OP).

This data is necessary for account management purposes (e.g. to contact you to inform you of changes to the service or for security purposes), and for taking the authorisation decision whether or not to create a Unix account for you.

Log records of your access to and actions on the service are retained. These records contain:

• Information mentioned above (personal name, email, identifier)
• The network (IP) address from which you access the service
• Time and date of access
• Details of actions you perform

This data is necessary to ensure that the service is reliable and secure, such as for assisting in the analysis of reported problems, contacting you if a problem is identified with your account and responding to security incidents. This data may also be used for authorised services acting on behalf of authorised users.

Who your personal data is disclosed to

The collected personal data is only accessible by the authorised personnel of KIT, and then only for reasons outlined above. Your data may be disclosed to outside parties part in accordance to [relevant Helmholtz-AAI security policy/GEANT Code of Conduct v2 draft], as part of incident response procedures.

How to access, rectify, and delete your personal data

This service receives personal data from the OIDC provider. If the used provider permits or support information editing functionality, you may edit the data there. It will be updated during the next login. Please be aware that changing certain data (e.g. identifier sent by the OIDC provider), may render some of the functionality inaccessible.

For the data retained by the service, you may use the service manager contacts provided below to access or rectify information.

How long your personal data will be retained

Records of your use of the service, collected for reasons of security (described in 4 above) will be deleted, at latest, 24 months after your last use of the service.

Other personal data can be deleted immediately or on request as described above.

Contact information

Service managers: m-ops@lists.kit.edu

Data controller: m-ops@lists.kit.edu

Supervisory authorities (DPAs):

• German DPA. Details for raising concerns for the German DPA can be found here

• Baden-Württemberg DPA. Link to file a complaint.