NeSI Privacy Policy

1. Purpose

This privacy policy outlines the personal information handling practices of New Zealand eScience Infrastructure (NeSI). It governs the collection, use, storage, disclosure and disposal of Personal Information held by NeSI.

NeSI is committed to handling personal information in accordance with applicable privacy laws, and in line with the privacy principles outlined in the New Zealand Privacy Act 2020. This Privacy Policy may be amended from time to time by NeSI. When this occurs, users will be notified.

2. Collection of Information

NeSI processes (uses) personal data for a number of reasons. This includes for providing expertise and capability in computational and data intensive research, hosting and providing access to repository data, employing our staff, using this website and organising conferences.

High Performance Computing and Analytics services

We collect and process personal information about our users through registration and project request forms. This may include:

  • legal name along with (optionally) your preferred name,

  • date of birth,

  • nationality or nationalities,

  • employer or tertiary institution,

  • a contact telephone number

  • an email address issued by employer or tertiary institution (primary email address), along with (optionally) a preferred contact email address,

  • if a student, course of study and main academic supervisor or course coordinator.

  • projects, team memberships & allocations

  • grants & publications

  • support tickets & survey responses

We also gather certain information and store it in log files when you interact with our services. This information may include job history, file/directory ownership, as well as IP addresses, browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, and system configuration information.

Websites

NeSI also collects and processes personal information about users of our websites for the primary purposes of delivering any services or functionality requested by users and for improving the online experience for our users. We make use of "cookies on www.nesi.org.nz to track usage patterns and to compile data in an aggregated and “non-user” specific form enabling us to improve our website for future visitors. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.​

3. Storage and Security of Information

NeSI maintains robust information security management processes and confidentiality protocols to help ensure that it is protected against misuse, loss and unauthorised access, use, modification or disclosure. These include:

  • firewalls and modern encryption standards

  • use of 2 Factor Authentication

  • access to the personal information limited to those NeSI staff members who have a legitimate business requirement to use it

  • access is monitored and auditable

  • Information is backed up regularly, and backups are encrypted and held in secure storage facilities

A national or overseas third-party provider may be used to manage and store the personal and other information collected, and NeSI will ensure that any such provider has sufficient security measures in place to protect Personal Information.

NeSI will promptly notify customers if we become aware of a data breach that affects them, take all reasonable efforts to ascertain the nature, causes and effects of the incident, and share the results of those investigations. NeSI Science Engagement Manager or Business Operations Manager must be contacted in the event of a privacy breach.

4. Use of Information

NeSI may use Personal Information for the following purposes:

  • To provide services, including provisioning projects

  • To maintain services and improve, including user experience & capacity planning

  • To create and provide new services

  • For communication purposes, including news and service messages

  • For administering the NeSI Access Policy

  • To meet our obligations under the NeSI Crown Funding Agreement, NeSI Collaboration and Service Agreements and licensing/contractual compliance.

  • To implement and maintain security

  • To carry out maintenance and fault investigation of the network

  • To manage data stored on NeSI infrastructure

We may publish the names of project owners and project team members along with their respective institutions in connection with particular projects through case studies. This is only done with the permission of those involved.

5. Access to Information

Users have the right to request a copy of any Personal Information about them held by NeSI. Such requests or any questions about Personal Information may be directed initially to NeSI Support (support@nesi.org.nz). 

Requests will be responded to within three working days We will endeavour to respond to any such request within three working days and access will be provided free of charge. In limited circumstances, access to Personal Information may be declined in accordance with privacy laws. 

6. Correction of Information

NeSI will endeavour to ensure that all personal information is accurate, complete and up-to-date whenever it is used.  Users must assist with this by informing of any details change  or errors or discrepancies in information held.  If any Personal Information held is not accurate, or is incomplete or out-of-date, users may also update through the MyNeSI portal or request that records be amended. 

7. Deletion of Information

NeSI will delete Personal Information on request, provided that, notwithstanding such request, this information may be retained for as long as the requestor maintains an account for NeSI Services, or as needed to provide NeSI services and manage assets, to comply with legal obligations, or resolve disputes.

8. Disclosure of Information

NeSI takes all reasonable precautions to ensure that any third party contractor or service provider who may access Personal Information on its behalf keeps this personal information secure and processes it lawfully and in accordance with our instructions. Personal Information will only be disclosed for the purposes for which users supplied it, or for directly related purposes that would be reasonably expected, or if the Privacy Act 2020 allows its disclose, or if the user agrees.

 

Version 1.0 – 2021-03-31