Nikhef General Privacy Statement


Nikhef values the privacy of both its collaborators and of its visitors and users. When we ask you for your personal details, we handle them with care: you can read all about this in this privacy statement.

When we request or process your personal data, we tell you why we do that. For example, if you register for an event we need your data to plan meeting logistics and allow you in - but will remove that data once it is no longer needed. When you visit the web site, use our compute and storage processing services, or join an experiment or collaboration, we process it to perform the service and for our legitimate interests: to keep the service operational, secure, and stable. If you use our federated infrastructure, we have to share some data with our federation members (like WLCG or EGI) in order to make you enjoy the service. We apply security measures (secure connections, organisational and physical access controls) to keep your data safe. And some processings also have a more specific notice to tell you how we handle your data therein.

Nikhef may process your personal data because

  • We need it to provide you with a service you've requested
    or, you have entered or are about to enter into a contract with us

    If you don't provide us with the required personal data, we can try to provide the service, but it may be impossible or irresponsible to do so. And some data you will release just by communicating with us, like your internet address. We will keep your data whilst it is needed to deliver the service and/or perform the (implicit) contract, and for an additional period of up to thirteen months in case you have any further queries and for security response and dispute resolution purposes (which is our legitimate interest), or - if that is longer - for as long as we are legally required to do so.

    For services whose usage is accounted on an annual basis, like the compute and storage resources for our data processing facility and the worldwide LHC Computing Grid, accounting records are kept for up to eighteen months to permit proper recourse in case the anonymised aggregation of accounting data needs to be re-done.

    If another organisation helps us to provide the service, we also make your data available to them. If this involves transferring information to a country not recognised as providing equivalent protection, we will use additional safeguards so that these other organisations keep your information as safe as we do.

  • We need it to identify problems or ways to make the service better or more secure

    We'll keep your personal data for up to thirteen months after you use the service; after that, unless we need it for a particular investigation or for accounting purposes, we'll delete it.

    If there are attacks on our services, or other criminal activity, we may share information for such security purposes only with partners and infrastructure peers that are bound to our joint policies, or share it with law enforcement.

    Identifying issues and improving the service and its security are our legitimate interests. All these uses are checked to make sure they create a benefit, rather than a risk, for individuals. If you have particular circumstances that may increase your risk you may contact our security team (see below) to ask for a review of that assessment.

  • You have asked us to do so, for example you joined one of our collaborations, set up a user profile page, or subscribed to a newsletter

    We'll keep your personal data until you ask us to change or delete it, or for at least three years after you last use the service, in order to perform the (implicit) agreement.

    If you participate in collaborations and for example contribute comments or pages, some of your personal details - indicated during submission, typically your name - will be persistently associated with such a post or page. This is done to sustain the community, provide a trustworthy collaboration environment with attributable results and information provenance, and to follow good research practices. You can request this to be reviewed at any time via the service owner or the Nikhef security team.


Individual Nikhef services and processes may have their own privacy notices with further or more specific information about how they use your personal data. There are specific policies for job applications, for visitors and staff (employees, students, interns, emeriti) ‐ specifically in the context of NWO-I business support processes, and for site access management, for the RCauth.eu authentication service, and for the DutchGrid CA authentication service. For the worldwide LHC Computing Grid, the WLCG Privacy Notice augments this statement.

We do not use automated decision making affecting individuals - where we do have automated notification mechanisms in place (for security and operational purposes to keep our services stable and safe), a human always reviews the results. And that human may actually be you yourself - e.g. if you connect to our services from a place we have not seen you use before.

When we obtain (some of) your personal data from federation peers, that data is processed in accordance with the GEANT Data Protection Code of Conduct.

By law you may have certain rights over your personal data that we hold: to receive a copy of the data, to ask us to correct any errors, or to delete it once we no longer need it. To contact us regarding those rights, or anything else in this privacy notice, please write to our security team by email (privacy@nikhef.nl) or at our registered postal address: Science Park 105, NL 1098 XG Amsterdam, The Netherlands.

If you don't feel we've dealt with your request appropriately, you can appeal to the Autoriteit Persoonsgegevens.