General

ALICE is specific research-oriented IT services provided by the LU and LUMC and as such are covered by the Services Privacy Notice. The basis for the use of personal data is consent, explicitly given at the time of user account application and implicitly upon each connection to ALICE as per the banner warning if present.

This local policy document explains in more detail what information is held about individual people (ALICE account holders) by ALICE systems, how it is gathered and how it is used. Details of the data held or logged are given below. This information is used to support user access to the resources of the ALICE systems, to enable communication with you about the status of the system and your use of it as required, for system administration and bug tracking, for the detection of improper use, and for producing usage statistics for management and planning purposes.

Access to these logs and user-specific data is restricted to appropriate staff or contractors of ALICE.

These logs are currently held indefinitely subject to the availability of storage space, but might not be recovered as a result of an accidental or deliberate removal action.

Summary statistics are extracted from this data. Some of these may be made publicly available, but those that do not include the identity of individuals.

Relevant subsets of this data may be passed to computer security teams (e.g. Leiden CERT) as part of investigations of specific incidents of computer misuse involving ALICE systems.

If suspicious activity is detected Leiden University network data held as described in the Privacy Notice may be passed to ALICE management for investigation.

Data about particular projects may also on occasion be passed to the appropriate people (e.g. Principal Investigators or nominated deputies) responsible for direction and management of those projects. Otherwise, the information is not passed to any third party except where required by law.

Data is stored on disk storage systems and may be backed up. These backups are made to enable reinstatement of the data, e.g. in the event of failure of a system component, or accidental deletion. Details of backup and other policies applicable per file system are available on the file system page. User data, log data and backups are at all times physically held in secure University premises, or transferred over the LU and LUMC network using strong SSH-based encryption.

Any user of the ALICE systems who approaches the Helpdesk or any staff within the ALICE for help with a problem implicitly grants permission to the ALICE staff to investigate that problem by looking at data held on the system and files in their home directories or other personal or group storage areas.

Data collected

Accounting and other user-dependent system data

ALICE management servers hold details of user accounts, thereby enabling a user to log in and use the resources of ALICE systems.

The following data are collected via either the account application process or service usage and held and maintained for each user:

• Name

• User identifier (account name)

• Institution affiliation

• Status

• Project affiliation

• Email address

• Contact telephone number

• User administration history

• Login history (session begin/end times and originating IP address)

• Resource consumption (in the form of job records accumulated by the job scheduler)

• Use of licensed applications (in the course of ensuring license term compliance).

These data are held on the ALICE management systems from the time the user’s account is created, whether or not the user ever makes use of ALICE systems.

Service-specific data remain stored subject to storage capacity until purged as obsolete; basic user information (names, system identifiers and institutional affiliations) regarding Leiden University and Leiden University Medical Center users is duplicated from central user administration records, see the University IT Facilities and Services Privacy Notice. Names, system identifiers and affiliations about external users are stored indefinitely so that historical usage of research computing systems can be properly attributed.

Other data held

Research data held in home directories or other personal or group storage areas is stored, as required for the fulfilment of ALICE services. This data is stored until purged by the user, or by the ALICE team to enforce advertised policy, or automatically as obsolete in the case of tape re-use.

Besides applications, including but not limited to login shells, may record command history in files contained in the user’s home directory. Such files will survive until purged by the user, or by the ALICE team to enforce advertised policy, or automatically as obsolete in the case of tape re-use.

From time to time we may gather publication data from external journal or preprint listings to assess research outputs facilitated by research computing services.