2. Collection of Information
NeSI processes (uses) personal data for a number of reasons. This includes for providing expertise and capability in computational and data intensive research, hosting and providing access to repository data, employing our staff, using this website, and organising conferences.
High Performance Computing (HPC) and data analytics services
We collect and process personal information about our users through registration and project request forms. This may include:
legal name along with (optionally) your preferred name
employer or tertiary institution
a contact telephone number
an email address issued by employer or tertiary institution (primary email address), along with (optionally) a preferred contact email address
if a student, course of study and main academic supervisor or course coordinator
projects, team memberships and allocations
grants and publications
support tickets and survey responses
We also gather certain information and store it in log files when you interact with our services. This information may include job history, file/directory ownership, as well as IP addresses, browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, and system configuration information.
3. Storage and Security of Information
NeSI maintains robust information security management processes and confidentiality protocols to help ensure that it is protected against misuse, loss and unauthorised access, use, modification or disclosure. These include:
firewalls and modern encryption standards
use of two-factor authentication (2FA)
access to the personal information limited to those NeSI staff members who have a legitimate business requirement to use it
access is monitored and traceable via logs
Information is backed up regularly, and backups are held in secure storage facilities
A national or overseas third-party provider may be used to manage and store the personal and other information collected, and NeSI will ensure that any such provider has sufficient security measures in place to protect Personal Information.
NeSI will promptly notify customers if we become aware of a data breach that affects them, take all reasonable efforts to ascertain the nature, causes and effects of the incident, and share the results of those investigations. NeSI staff must ensure that any privacy breach they become aware of is reported to the Science Engagement Manager and the Business Operations Manager in line with the data breach procedure
4. Use of Information
NeSI may use Personal Information for the following purposes:
To provide services, including provisioning projects
To maintain services and improve, including user experience and capacity planning
To create and provide new services
For communication purposes, including news and service messages
For administering the NeSI Access Policy
To meet our obligations under the NeSI Crown Funding Agreement, NeSI Collaboration and Service Agreements and licensing/contractual compliance.
To implement and maintain security
To carry out maintenance and fault investigation of NeSI infrastructure
To manage data stored on NeSI infrastructure
We may publish the names of project owners and project team members along with their respective institutions in connection with particular projects through case studies. This is only done with the permission of those involved.
5. Disclosure of Information
NeSI uses third party providers for certain services, for example, Mailchimp, for sending newsletters. NeSI also has partner institutions for example, University of Auckland, in order to manage access to shared events and facilities or more generally to collaborate scientifically. NeSI takes all reasonable precautions to ensure that any third party contractor, service provider or partner institution who may access Personal Information on its behalf keeps this personal information secure and processes it lawfully and in accordance with our instructions. Some personal information is shared as part of using shared HPC facilities, for example, where jobs are processed via a common queue.
Personal Information will only be disclosed for the purposes for which users supplied it, or for directly related purposes that would be reasonably expected, or if the Privacy Act 2020 allows its disclosure, or if the user agrees.
6. Access to Information
Users have the right to request a copy of any Personal Information about them held by NeSI. Such requests or any questions about Personal Information may be directed initially to NeSI Support (firstname.lastname@example.org). We will endeavour to respond to any such request within three working days and access will be provided free of charge. In limited circumstances, access to Personal Information may be declined in accordance with privacy laws.
7. Correction of Information
NeSI will endeavour to ensure that all personal information is accurate, complete and up-to-date whenever it is used. Users must assist with this by informing of any details change or errors or discrepancies in information held. If any Personal Information held is not accurate, or is incomplete or out-of-date, users may also update through MyNeSI portal or request that records be amended.
8. Deletion of Information
NeSI will delete Personal Information on request, provided that, notwithstanding such request, this information may be retained for as long as the requestor maintains an account for NeSI Services, or as needed to provide NeSI services and manage assets, maintain integrity of records and logs, to comply with legal obligations, or resolve disputes.
Version 1.1 – 2022-05-31