SURFdrive privacy statement
Below you will find the SURFdrive privacy statement
SURFdrive is a service that has been developed to make it easy to share files and collaborate on files. Both within and outside the organization, therefore also within the education / research target group. For sharing and collaborating, it is necessary to grant rights to certain people (for example, to give someone access to a folder), and a certain identifier is required for that. That is why this identifier (often a name and e-mail address) can be searched for when you are going to share files. And because there is also cooperation between institutions, you can also look for people who are not part of your own organization. The ability to search for people is seen here as a necessary part of the collaboration service of SURFdrive. To make it easier to search for other users, search suggestions are provided. If you don’t want to be included in the list of search suggestions, this is also possible. As a result, users can only find you if they know your username or your full name (as you are known in SURFdrive). You can find more information about this feature in our FAQ.
We process the following personal data:
- first name (from the user and purchaser)
- last name (from the user and purchaser)
- e-mail address (from the user and purchaser)
- organization (from the user and purchaser)
- access and identification information (from the user)
- log data (from the user)
- IP address (from the user)
- Other personal data: you can use SURFdrive to save, synchronize and share files. These files may contain (sensitive) personal data, but as a service provider we do not know the contents of the files and we do not want to know them either. You are responsible for these files and their content. We also process the file name and associated metadata for service purposes.
We want to inform you that whenever you use our app (Android/iOS/Windows/MacOS), in case of an error we *don’t* collect data and information by default. Rather, users can choose to switch on logging in the app settings and then can manually send those logs manually to us, if they so choose. Logs encompass technical information that is important to understand and fix the error or problem. No sensitive and personal information is enclosed in the logs. The user name and server name as well as the display name may appear. Any other authentication information is redacted. Logs are *never* shared with 3rd-party-apps.
- We store log data 180 days (half a year). We chose for this period because sometimes we get questions about problems that have occurred in recent months. If we still have the log data, we can check what went wrong. After 180 days we delete the log files.
- We also save your eduPersonPrincipalName (ePPN). That is your login name in the form ' username @ institution name'. We store your ePPN to collect statistics, for accounting and to comply with legal tax rules. For the latter purpose we have to keep your ePPN for 10 years, but we do this in accordance with the guidelines of the tax authorities: after 180 days your username is replaced by a string, for example: ' nth8uztcyi5vc7ew8tpt @ institution name', so it can no longer be traced.
- We keep all other data mentioned above as long as you use the service.
- If your account is deleted from SURFdrive all data will be deleted from our servers and backups after 60 days.