You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Include (reference to) terms and conditions in each user facing application: [https://www.clarin.eu/content/terms-use-and-disclaimer](https://www.clarin.eu/content/terms-use-and-disclaimer)
Recommendations on what kind of user information applications should collect
SERVER SIDE:
In general store as little as possible.
- Username
- IFF user needs to be identified uniquely; there is some kind of persistent
user specific state/profile
- Password / token
- IFF AAI solution is not available/applicable
- Names
- IFF prompted (user has full control)
- Should not be adopted from the IdP
- email address
- IFF requirements include communicating to the user via e-mail
- Note: if username is e-mail address it can be stored as such, but therefore
not recommended
- Note: EPPN cannot be assumed to be a (working) e-mail address
- IP address
- IFF required for white/black listing
- If possible, securely hashed
- If possible, anonymized
- behavioural data (stats)
- Should be anonymized; use Matomo
- Trace of actions (e.g. last login or full audit log)
- IFF functionality depends on it, and user is informed and/or on opt-in basis
It must be possible to delete personal data if requested.
