The software service CAESAR (“Service”) is operated by INAF (“Provider”). Elements of the Service (“Service Elements”), be it technology, algorithms, documents, data, other services, processes and other resources, are also provided by third-parties (“Other Providers”).
INAF is a research institute in astronomy and astrophysics with full name “Istituto Nazionale di Astrofisica” est. 1999 in Italy, funding and operating twenty separate research facilities, which employ scientists, engineers and technical staff. INAF headquarters are located in Viale del Parco Mellini n°84 00136, Rome, Italy.
Specific Service Elements (the CAESAR web UI and the CAESAR RESTful APIs) have been produced and maintained with the co-funding of the European Commission, under NEANIAS project [GA 863448]. Service Elements are the sole responsibility of the Provider. Nothing in the Service shall be considered as reflecting the views of the European Commission.
Protecting your personal data is very important to us. Our Privacy Policy is intended to help you understand why we collect your personal information and how we use it. It provides detailed information about when and why we collect your personal information, how we use and process it, how long we keep it, and finally, under what terms we can share it with others.
This Privacy Policy applies to all of you who access and use our Service.
This policy applies solely to personal data and information that the Service collects through its usage or through any electronic communication of the User with the Provider, as indicated on the Service (herein referred to as “Personal Data”).
We may also collect information from you in other ways, including information collected during technical support contacts. If we provide a separate or supplemental notice when we collect personal data from you, that notice will control to the extent of any conflict.
It does not apply to any website of third-party services that the Service may link to. The Service does not endorse, nor is responsible for the content of these websites or third-party services, or their policies or practices.
The Service manages different types of data, all in compliance with the current European legislation on Data Protection. Any Data concerning the User is collected to allow the Provider to provide the services.
Personal Data
The provision of the Service requires that certain pieces of personally identifiable information are processed. Personal data of yours we process:
· name
· email address
Registration information
The Service may utilize services of unaffiliated third-party providers for providing additional features. Those may require that these providers have access to Personal Data such as name, affiliation and email address. These vendors may also provide the Service with this information, so that the Service can keep track of User’s linking to those third-party services. In this case, the information that the User may provide as part of this registration will be subject to both this Privacy Policy and the corresponding statement of the third-party Service.
Operational data
Services and infrastructure management software automatically gather general information from Users, such as IP address, computer type, screen resolution, OS version, domain name, location, date and time of the visit, page(s) visited, time spent on a page, origin from where the User may come into the service, requests to the CAESAR backend services for logging and accounting purposes, etc. Some of this information is provided directly by the User's client software (e.g. the CAESAR Web UI) while the remainder is obtained through tracking technologies.
The Service is not intended for children.
The Service does not collect knowingly any Personal Data from or about children.
The Personal Data required by our Service are processed for the following purposes:
· Fulfilment of requests: The Service uses Personal Data to deal with inquiries, contact the user (via the service management system) and deliver notifications.
· Service operation: The Service uses JWT tokens to identify users in order to adapt / grant its capabilities, grant access to specific Service areas, grant access to relevant information, filter content etc.
· Statistical analysis: Aggregated data about Service usage (which do not identify a specific user), such as the number of users who have performed certain processing on the Service, or how long users are spending on a particular session, are used to feed statistics as to the use of the Service.
· Internal business purposes: The Provider uses the collected information for internal business purposes, such as for audits or to track service feature use and behavior, justification of resource usage, extraction of operational KPIs, etc.
· Service and products design: Aggregated and Personal Data are used by the Provider so that improvements, adjustments and refinements are performed, as well as new Services and Products are designed to address general or user-specific needs.
· Displaying User information: Data concerning the User are presented by the service to allow Users to identify ownership, provenance and allocation of various resources.
Our Service guarantees that your personal data will not be used for purposes other than those set forth in this policy, without prior notice and where your approval is required.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated.
The Provider considers User Personal Data as an asset that is not for sale and will never sell User Personal Data to any third-party.
Access to personal data and transaction information is only authorized by employees, affiliates and third parties who process the above data at the Provider’s discretion and only when and to the extent necessary for the above purposes. Personal data may only be transmitted, for the purposes of the above processing, to specific recipients who are employees, and generally affiliates as well as third parties affiliated with the Provider. In addition, the Provider may, without prior notice, disclose your information to the competent judicial and/or administrative authorities to the extent required by applicable laws and regulations, or by judicial decision and/or administrative act.
The Provider makes every effort to control and evaluate when selecting its affiliates to whom it transmits the personal data of those concerned. There is a written agreement between the Provider and any third party, according to which the processing of personal data is carried out under the control of the Provider and only on its order and is subject to the same data protection policy.
The Service allows the User to interact with Identity Providers (herein referred to as “third-party Platform”), directly from the user interface of the Service. The information acquired by the Service through this interaction is always subject to the User's privacy settings related to the third-party Platform.
The time period for storing data is decided on the basis of the following specific criteria, as appropriate:
· Where processing is required by provisions of the applicable legal framework, your personal data will be stored for as long as the relevant provisions require.
· When processed on a contract basis, your personal data is stored for as long as necessary for the performance of the contract and for the foundation, exercise, and/or support of legal claims under the contract.
· For other purposes, your personal information is kept until your consent is withdrawn. This can be done at any time. Withdrawal of consent does not affect the legality of the consent-based treatment during the period prior to its withdrawal. You can revoke your consent at any time by selecting the link provided in the emails we send to you.
As defined in the Regulation (EU) 2016/679 (General Data Protection Regulation), you (as the data subject) have the following Rights:
· Right to have access to the Personal Data that is held about you by the Provider - what data we have collected, for what purpose, how it is processed and how long it is stored (article 15).
· Right to rectification (article 16). You have the right to obtain from the Provider the rectification of inaccurate personal data and to have incomplete personal data completed.
· Right to erasure (‘right to be forgotten’) (article 17). You have the right to obtain from the Provider the erasure of personal data concerning you.
· Right to restriction of processing (article 18). You shall have the right to obtain from the Provider restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested, (b) the processing is unlawful, or (c) the Provider no longer needs the personal data for the purposes of the processing.
· Notification obligation regarding rectification or erasure of personal data or restriction of processing by the Provider (article 19). The Provider will communicate any rectification or erasure of personal data or restriction of processing carried out to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The Provider shall inform you about those recipients if you request it.
· Right to data portability (article 20). You have the right to receive the personal data concerning you, in a structured, commonly used and machine-readable format and have the right to transmit those data to another Party without hindrance from the Provider.
· Right to object (article 21). You have the right to object to processing of your personal data. The Provider shall no longer process the personal data unless the Provider demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Before we are able to provide you with any information or correct any inaccuracies, we may ask you to verify your identity and/or provide other details to help us respond to your request.
The Provider reserves the right not to respond to requests generated through third-party applications or automated processes without direct validation of the requests by data subjects using the resources provided by the Service for the exercise of these rights as described in this Policy.
The Provider takes care to guard the security of your personal data. We apply appropriate physical, technical and organizational measures that are reasonably designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access, and against all other unlawful forms of processing. We maintain a security program that is proportionate to the risks associated with the processing.
The Service is provided via its project managed instance, whose servers are located in Italy and Greece and provided by a multitude of Providers: INAF Astrophysical Observatory of Catania- OACT (IT), NKUA Data Center (GR), CITE – Communication & Information Technologies Experts SA (GR), GARR - Gruppo per l'Armonizzazione delle Reti della Ricerca (IT).
The Data is processed at the infrastructures of the aforementioned providers and in any other places where the parties involved in the processing are located. For further information, please contact the Provider.
The Provider processes Personal Data in a proper manner and takes appropriate security measures to prevent unauthorized access, disclosure, modification, or destruction of them.
In addition to the Provider, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of the Service (administration, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Provider. Specifically:
· NKUA, CITE and GARR Providers of the NEANIAS AAI, Logging and Accounting services,
· Google and Microsoft Identity Providers for Authentication.
The updated list of these parties may be requested from the Provider at any time.
As the Service relies on a list of distributed services, in the process of supporting a user request we might have to share Personal Data with Other Providers.
We store personal data on servers located in the European Economic Area (EEA). Each organization is required to safeguard personal data in accordance with our contractual obligations and data protection legislation.
The Provider may use or disclose Personal Data to any third-party (a) if required to do so by law; (b) to comply with legal processes or respond to requests from governmental or public authorities; (c) to prevent, investigate, detect, or prosecute criminal offenses or attacks on the technical integrity of the Service or network; (d) to enforce Terms and Conditions; or (e) to protect the rights, privacy, property, business, or safety of the Provider, its business partners, employees, members, Service Users, or the public. Unless prohibited by applicable law, the Provider shall inform the User if a third-party requests access to Personal Data about the User.
This privacy policy may be modified. We will make sure to keep you informed of any changes, but in any event we invite you to visit our website regularly, where the most up-to-date Privacy Policy will be posted.
For exercising your rights, or for any questions, comments, objections or complaints, regarding this Privacy Policy or privacy, security or data protection practices applied, please contact the Provider by email via its designated Data Protection Officer rpd@inaf.it.
We handle your requests with the utmost care to ensure that your rights are protected. For any requests that may require assumption or disclosure of Personal Data, the User will have to demonstrate legitimate grounds for making the respective requests, as well as provide sufficient evident for the identity of the User.
In some cases we may not be able to process your request directly. However, in any event we will inform you of the progress of your request within one month of the submission of your original request.
You always have the right to complain to the “Italian Data Protection Authority (https://www.garanteprivacy.it/home_en)”, if you are concerned about how we have processed your personal data.
Effective Date: 4 June 2021
Last revised on 4 June, 2021
Welcome to “CAESAR”. CAESAR (hereinafter referred to as “Service”) is provided as a service to its users according to these Terms and Conditions (the “Terms and Conditions”). Please carefully read and understand these Terms and Conditions before using this Service. By using this Service, you accept and agree to be bound and abide by the following Terms and Conditions. If you do not agree with these Terms and Conditions, you shall not access or use this Service.
This Service is operated by INAF (“Provider”) on resources provided by INAF, other Providers and cloud platforms. Elements of the Service (“Service Elements”), be it technology, algorithms, documents, data, other services, processes and other resources, may have been or may be currently provided the Provider or by third parties (“Other Providers”). The Provider and Other Providers shall be collectively called “Providers”.
Specific Service Elements have been produced and maintained with the co-funding of the European Commission. Service Elements are the sole responsibility of the respective Providers. Nothing in the Service shall be considered as reflecting the views of the European Commission.
The Service itself, as well as any data or information or other element that may become accessible through the Service, is provided on an "as is" and "as available" basis. Users of the Service assume their own responsibility for assessing the relevance, accuracy and suitability of the Service and any Service Element they may use. The Provider makes effort to ensure, but does not guarantee, the accuracy, completeness or authenticity of the processes, data and information managed and provided by the Service.
The Provider reserves the right to change, edit, or delete any documents, information, or other content related to the Service or these Terms and Conditions from time to time without notice and at its sole discretion. All changes are effective immediately when posted and apply to all access to, and use of, this Service thereafter. Every time you wish to use the Service, please review these Terms and Conditions to ensure that you understand the terms that may apply to you at that time.
The Provider reserves the right to alter, limit or discontinue any part of this Service at its discretion. The same applies for Other Providers, unless otherwise explicitly declared. Under no circumstances shall any of the Providers be held responsible for any loss, damage, liability, or expense suffered that is claimed to result from the use, data or information managed by the Service and Service Elements, including without limitation, any fault, error, omission, interruption, or delay.
Hyperlinks to external to the Service resources do not imply any official endorsement of, or responsibility on the side of Providers for the opinions, ideas, content, or products presented at these locations. Neither do Providers guarantee the validity of the information provided. The sole purpose of links to external resources is to indicate further information available on related topics. The information is provided on the basis that Users of the Service assume their own responsibility for assessing its relevance, accuracy, and suitability for application.
The Provider does not claim any ownership and does not undertake any responsibility on data, information, content, comments, code, processes, or other elements uploaded or embedded into the Service by other Users, if such facilities are offered by the Service. The User is responsible for protecting his/her assets and personal data from any such Element present in the Service.
To the best of Provider’s intention reasonable security measures consistent with practice applicable to the domain of Service operation are applied to protect sensitive information under its control against loss, misuse, and alteration. However, the Provider cannot guarantee the security of physical locations, the hardware, software and networks, the means by which sensitive information is handled and transmitted between computers and applications, or any sensitive information that may be received through or in connection with the Service. The Provider excludes, in so far as allowed, any warranties implied by law.
The Provider and Other Providers reserve all rights of the elements they provide.
The functionalities, data and information made available through this Service are available under terms described in the metadata or other information describing or accompanying the Service.
Users granted access via the process established by the Provider, are licensed to use of the Service under the terms of the license.
The Provider grants license to use this Service freely to its Users, under the terms of this document. Access to the Service though may be limited due to availability of underlying resources. The Provider may revoke this License or change its terms at its own discretion without prior notice to Service Users. It is to the best of Provider’s intentions to try to timely inform Users accessing the Service before such an action, however this may not be guaranteed.
Service Users are required to make a clear reference to the Service use for any products or services that may be created on top of results or use of this Service.
Products or derivatives produced and made available through this Service are licensed under the license declared by their respective owners and not the Provider or Other Providers, except where otherwise explicitly noted. The Providers are not held responsible for the license terms of those elements. See section “How to Cite or Acknowledge Service”.
At any time and without prior notice, the Provider may limit access to the Service to any person, geographic area, or jurisdiction that the Provider chooses, at Provider’s sole discretion.
The Provider does not represent or warrant that the Service is appropriate or available for use in any particular jurisdiction. Users of the Service do so on their own initiative and at their own risk, and are responsible for complying with all local laws, rules, and regulations that apply to them.
By using the Service, the User agrees to all terms of the “Terms and Conditions” document as this may be formed and applies at any point in time.
By using the Service, the User agrees that he/she is entitled to use the Service under the conditions presented to the Provider upon request for access to the Service or as those may be presented explicitly in the section “License” of the document.
Under no circumstances shall a User use the Service for conducting any malicious activity, which may indicatively and not exclusively refer to: access to or exposure of personal or confidential data of other parties or Users, delivery of malicious code to other Service Users or systems, intentional overloading of Service or Providers’ resources, any action causing denial-of-service for the Service or any third party service or resource, impersonation of Provider, its personnel or any Service Users, inflict impact on financial or social status of Provider, its personnel or Service Users etc.
The User commits to use resources provided by the Service, and the Service itself, as intended by the Service, for no other reason and by no other means than the ones intended by the Service. In case of uncertainty of the validity of a use, the User commits to request further information from the Provider before performing such a use.
If the Service offers such facilities, the User under no circumstances shall upload to the Service any data, information, comments, code, processes, or other Elements that he/she does not have the license to use under the Service, or that may be inappropriate in any way or may harm other Users or the Service.
The User commits to promptly inform the Provider about any vulnerabilities or issues he/she has identified or has been informed about, during the use of the Service.
The User commits to promptly inform the Provider of any malicious, or otherwise inappropriate data, information, comments, code, processes, or other element made available on the Service that he/she becomes aware of.
The User is responsible for managing his/her own credentials and the security of his/her account. The User shall notify the Provider as soon as he/she becomes aware of unauthorized use of his/her account.
The Provider reserves the right to take any legal action upon Service misuse to protect the interests of itself as well as of its Users and Other Providers. The Provider may proactively terminate a User account and associated access to the Service without any warning, to prevent the Service, its resources or other Users from suspected erroneous or malicious actions from the User or anyone impersonating the User.
The Provider may alter the “Terms and Conditions” of the Service, without prior notice. It is to the best of Provider’s intentions to notify the User for essential changes in this document or documents that may be addressed by it, however this may not be guaranteed.
The User will be held liable for compensating the Provider if any claims to the Provider rise from breaching any term of this “Terms and Conditions” document by the User. Such compensation may include and is not limited to penalties that may apply, third party damage claims, Provider ethical and financial damage, Provider effort and Legal expenses and any other related costs.
Any work produced by making use of assets made available by the Service should acknowledge the support received and give credit to it. Please include the following reference:
“This work has been produced with the support of ‘CAESAR’ provided by INAF (www.inaf.it) with the co-funding of the European Commission, under NEANIAS project [GA 863448]”
For citing other elements that access to is granted via the Service, please refer to their respective owners for citation information.
If any part of this “Terms and Conditions” document is ineffective for any reason (e.g. unlawful or overridden by other document), the rest of the agreement remains valid excluding the ineffective part.
This “Terms and Conditions” document is between the Provider and the User and under no circumstances may it be transferred to any third party by the User.
Neither the User nor the Provider may be held liable for any breach of the terms of this License occurring due to conditions outside their respective reasonable control (“Force Majeure”).
The Provider may refrain from exercising rights of this “Terms and Conditions” document for any reason the Provider may choose, at any situation and point in time. This shall not be assumed as a withdrawal from the right to exercise its respective rights in the future for the same, similar or different cases.
Your access or use of the Service or/and any resource provided by or accessed through it, in any way signifies that you have read, understand and agree to be bound by the terms of this document.
