Information regarding personal data processing in SUPR/SAMS at NAISS

Version 2023-01-01

“National Academic Infrastructure for Supercomputing in Sweden” (NAISS) is a national research infrastructure for which Linköpings universitet (LiU) is the host organization. NAISS is established as a centre at LiU and is primarily governed by instructions decided by LiU. Access to supercomputers and storage resources (“Resources”) at NAISS is managed through the SUPR/SAMS system (“the System”). LiU is the controller of the personal data and needs to process your personal data in relation to the use of NAISS through SUPR/SAMS, according to this information.

LiU processes the personal data you enter in the System, which includes: name, personal identification number (in case you apply for an account on a resource where that is needed), email address, address, citizenship, gender, position, phone number, organizational affiliation. You are not forced to provide personal data to LiU but it is necessary to be able to apply for and get access to Resources.

Personal data may also be collected from other sources, including data regarding federated logins (from SWAMID and MyAccessID). Data is collected from your use of the System and Resources through logging, which includes your IP address and your resource usage. Membership in projects or proposals for projects, which may contain personal data, may be entered into the System by your principal investigator (PI).

The overall purpose with the data processing is to facilitate distribution of Resources from NAISS. The System handles proposal rounds, proposals, projects, logging of resource usage and approval of user agreements. With the help of the System, NAISS can ensure safe handling and processing for access to the national research supporting Resources. In addition, the System provides NAISS with data regarding the usage of Resources, which is useful for improvements and making the resource utilization more efficient.

LiU applies the current applicable privacy legislation in all processing of personal data. The legal basis for processing your personal data is both for us to be able to fulfil our commitments in accordance with the agreement following the applications for and use of Resources, and to ensure that LiU can fulfil tasks in the public interest for the running of NAISS. Your personal data will be saved as long as needed for the use, administration and follow-up of the Resources and their utilization, which for now is for the time being.

Provided data is available to the organizations connected to NAISS that need access for the performance of their duties within NAISS. Personal data is available to LiU’s data processors: Chalmers tekniska högskola and Umeå universitet. LiU commission them to process personal data on behalf of LiU by operating the System, providing its servers and databases.

In the System, users can see names, email addresses, departments and organizations of other users, through search functions. Also, project members can see a list of other project members names, email addresses, departments and organizations, as well as their Resource utilization. Personal data may also be made available to external reviewers of project proposals.

In connection with allocation of resources available via the Swedish part of the LUMI (Large Unified Modern Infrastructure) supercomputer, personal data from the user’s MyAccessID identity is saved in the SUPR user profile, including email and name. To facilitate acess to resources available via LUMI, SUPR shares the user’s MyAccessID identity and role within the project with Puhuri, a system that handles access to LUMI resources. Additional information regarding the processing of personal data in connection with allocation of resources available via LUMI can be found in the documentation on processing of personal data made available by MyAccessID, Puhuri and LUMI.

LiU may need to disclose your personal data to a third party, if we are obliged to under mandatory law. In accordance with the principle of public access to information, public documents and information in such documents can be requested by the public and will be disclosed if they are not covered by secrecy in accordance with the Public Access to Information and Secrecy Act (2009:400).

Linköping University, 581 83 Linköping, a Swedish government authority, with organization number 202100-3096 is the controller of the personal data. You have the right to receive information about the personal data we process about you. You also have the right to contact us to have incorrect personal information about yourself corrected, to transfer your personal data or to ask for limitation of the processing, to make an objection to the processing, to ask for the erasure of your personal data or use your other rights in accordance with the GDPR. You can contact us through registrator@liu.se or +46 13 28 10 00. If you have a complaint about our processing of your personal data, you can contact our data protection representative via dataskyddsombud@liu.se. You also have the right to lodge a complaint with the supervisory authority (Integritetsskyddsmyndigheten) if you think that we process your personal data incorrectly.