Privacy policy

Name of the Service


Description of the Service

The EGI Notebooks service (hereinafter referred to as: "the service" or "Notebooks" provides a browser-based tool for interactive analysis of data using EGI storage and compute infrastructures based on the JupyterHub technology.

This privacy notice describes how we, the EGI Foundation (hereinafter referred to as "we" or "the Data Controller"), collect and process data by which you can be personally identified ("Personal Data") when you use the service.

Data controller

The EGI Foundation Science Park 140 1098 XG Amsterdam The Netherlands

Data Protection Officer

The EGI Foundation Data Protection Officer Science Park 140 1098 XG Amsterdam The Netherlands

Jurisdiction and supervisory authority

Jurisdiction: NL, The Netherlands

EGI Foundation's lead supervisory authority is the Dutch Data Protection Authority. They can be contacted at

Personal data processed

In addition to any personal data incorporated in notebooks managed by end users using the Notebooks service, the following categories of personal data are processed by the EGI Foundation as part of providing the aforementioned service:

The service may process the following personal data:

Identification data: Behavioural data: Data allowing conclusions on the personality:

Purpose of the processing of personal data

The purpose of the collection, processing and use of the personal data mentioned above is:

Legal basis

The legal basis for processing personal data is: Legitimate interests pursued by the controller or by a third party according to Art. 6 (1) (f) GDPR.

Third parties to whom personal data is disclosed

Personal data will not be used beyond the original purpose of their acquisition. If a forwarding to third parties should be necessary to answer an inquiry or to carry out a service, the consent of the data subject is considered to have been given when using the respective function or service. In particular, the data you provide to us will not be used for advertising purposes.

For the purpose given in this privacy policy, personal data may be passed to the following third parties:

Within the EU / EEA: Outside the EU / EEA:

Any data transfer to a third country outside the EU or the EEA only takes place under the conditions contained in Chapter V of the GDPR and in compliance with the provisions of this privacy policy and any related policies adopted by the EGI Federation.

Your rights

You can exercise the following rights at any time by contacting our data protection officer using the contact details provided in the Data Protection Officer section:

You can complain at any time to the supervisory data protection authority (DPA) responsible for you. Your responsible DPA depends on your country and state of residence, of your workplace or of the presumed violation. A list of the supervisory authorities with addresses can be found at

You can contact EGI Foundation's lead supervising authority using the contact details provided in the Jurisdiction and Supervisory Authority section.

Data retention and deletion

The records of your use and technical log files produced by the service components will be deleted or anonymised after, at most, 18 months.


We take appropriate technical and organisational measures to ensure data security and the protection against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure or access.

A comprehensive overview of the technical and organisational measures taken by EGI Foundation can be found at EGI Documentation Database.

Data Protection Code of Conduct

EGI Foundation is conforming to GEANT Code of Conduct and your personal data will be processed in accordance with the Code of Conduct for Service Providers and the EGI-doc-2732-v3: Policy on the Processing of Personal Data.


This privacy policy is based on the AARC Policy development kit (licenced under CC BY-NC-SA 4.0)