Nikhef General Privacy Statement

Nikhef values the privacy of both its collaborators and of visitors to its websites. When we ask you for your personal details, we handle them with care: you can read all about this in this privacy statement.

When we request or process your personal data, we tell you why we do that. For example, if you register for an event we need your data to plan meeting logistics and allow you in - but will remove that data once it is no longer needed. When you visit the web site, use our compute and storage processing services, or join an experiment or collaboration, we process it for legitimate purposes: to keep the service operational, secure, and stable. If you use our federated infrastructure, we have to share some data with our federation members (like WLCG or EGI) in order to make you enjoy the service. We apply security measures (secure connections, organisational and physical access controls) to keep your data safe.

Nikhef may process your personal data because

  • We need it to provide you with a service you've requested

    If you don't provide us with the required personal data, we can try to provide the service, but it may be impossible or irresponsible to do so. And some data you will release just by communicating with us, like your internet address. We will keep your data whilst it is needed to deliver the service, and for an additional period of up to twelve months in case you have any further queries and for security response and dispute resolution purposes.

    For services whose usage is accounted on an annual basis, like the compute and storage resources for our data processing facility and the worldwide LHC Computing Grid, accounting records are kept for eightteen month to permit proper recourse in case the anonymised aggregation of accounting data needs to be re-done.

    If another organisation helps us to provide the service, we also make your data available to them. If this involves transferring information to a country not recognised as providing equivalent protection, we will use additional safeguards so that these other organisations keep your information as safe as we do.

  • We need it to identify problems or ways to make the service better or more secure

    We'll keep your personal data for up to twelve months after you use the service; after that, unless we need it for a particular investigation or for accounting purposes, we'll delete it.

    If there are attacks on our services, or other criminal activity, we may share information for such security purposes only with partners and infrastructure peers that are bound to our joint policies, or share it with law enforcement.

    All these uses are checked to make sure they create a benefit, rather than a risk, for individuals. If you have particular circumstances that may increase your risk you may contact our security team (see below) to ask for a review of that assessment.

  • You have asked us to do so, for example you joined one of our collaborations, set up a user profile page, or subscribed to a newsletter

    We'll keep your personal data until you ask us to change or delete it, or for at least three years after you last use the service, in order to perform the agreement.

Individual Nikhef services may have their own privacy notices with further information about how they use your personal data.

We do not use automated decision making affecting individuals - where we do have automated notification mechanisms in place (for security and operational purposes to keep our services stable and safe), a human always reviews the results. And that human may actually be you yourself - e.g. if you connect to our services from a place we have not seen you use before.

By law you have certain rights over your personal data that we hold: to receive a copy of the data, to ask us to correct any errors, or to delete it once we no longer need it. To contact us regarding those rights, or anything else in this privacy notice, please write to our security team by email ( or at our registered postal address: Science Park 105, NL 1098 XG Amsterdam, The Netherlands.

If you don't feel we've dealt with your request appropriately, you can appeal to the Autoriteit Persoonsgegevens.