Privacy/Records of processing activities

From Nasqueron Agora
Revision as of 12:52, 4 March 2022 by Dereckson (talk | contribs) (+P-001. Operations PII)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

These records of processing activities document the procedures by which personal data / personal identity information are processed.

It includes significant information about data processing, including data categories, the group of data subjects, the purpose of the processing and the data recipients.

By transparency, these records are made public.

Privacy actors

The responsable du traitement des données / data controller is the Nasqueron privacy SIG, the entity inside Nasqueron with the mission to organize procedures related to privacy regulations.

Categories

P-001. Operations PII

  • Category
    • Category number: P-001
    • Category name: Operations PII
  • Processing
    • Processing entity: Nasqueron Operations SIG
  • Data collected
    • Who are concerned? Members of the Nasqueron Operations SIG (inside use)
    • Personal data type: IP, e-mail, phone number
    • Datasource: given by the person concerned
    • Goals: internal contact, technical restriction based on this data, contact points for infrastructure incidents
    • How long data is kept? as long as the person belongs to Nasqueron Operations SIG, and then, as long there is a legitimate interest to keep the data
  • Security:
    • ACL. Only Nasqueron Operations SIG members can view, edit, audit the data
    • Storage.
      • Vault. Data is stored in Vault in an encrypted fashion, to be deployed to servers. Some data like IP addresses may be published in clear text in configuration files, but those can only be accessed by Nasqueron Operations SIG members, with a protection by SSH keys.
      • Private Git repository. Some data may be maintained as a Git repository, but this repository is put in the "Nasqueron Operations private" space on DevCentral and NOT replicated to third-party services; the Git repository is stored on a server only reachable by Nasqueron Operations SIG members.
      • Encrypted backup. The data may be backed up, but only in encrypted form, with keys not leaving our infrastructure premises.
    • Transfers of data. Data is kept in servers located in the European Economic Area (EEA).
  • Policy: Privacy/Operations PII