TF-CSIRT, TRANSITS and Trusted Introducer are supported by the Open CSIRT Foundation (OCF), who is the data controller for these activities. The OCF currently works with GÉANT and Presecure to offer these services, and information is shared with these partners as data processors.
The following information applies specifically to TF-CSIRT, TRANSITS and Trusted Introducer.
OCF will process personal information gathered for TF-CSIRT and TRANSITS events in accordance with the relevant provisions of the General Data Protection Regulation and will only ask for information necessary for running events and supporting the operations of the Trusted Introducer service. OCF will not use this information for any other purpose unless prior consent has been given. OCF will delete or anonymise all information as soon as it is no longer necessary.
Information gathered for each event will be limited to: full name, TF-CSIRT / Trusted Introducer team affiliation, e-mail address, dietary requirements and any appropriate requests to attend specific sessions / events. For TRANSITS, appropriate information for billing (organisational address and finance contacts) will also be collected.
The information will be used in order to:
- Manage attendance and registration at TF-CSIRT / TRANSITS events.
- Track team attendance at events in conjunction with the Trusted Introducer team.
- Publish names to a public attendee list. Attendees may opt-out of publication by request. No email addresses or other data will be shared to any other parties.
- Process payments as and when appropriate.
The OCF will take appropriate technical and organisational measures to safeguard information against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. These measures shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data to be protected, having regard to the state of the art and the cost of their implementation.
The OCF will, without undue delay, report all suspected privacy or security breaches (including unauthorised disclosure or compromise, actual or possible loss of Organisation or its Agent).
The OCF may take photos at events to be used for promotional purposes on the TF-CSIRT website. If you do not want your image to be used, please contact the TF-CSIRT Secretary.
TF-CSIRT manages a mailing list on behalf of the TF-CSIRT community. This is a closed mailing list, and access is moderated by the TF-CSIRT Secretary and Chair. Participants may manage their own subscriptions at anytime by visiting https://lists.geant.org/.
The OCF may from time to time carry out surveys of CSIRT teams to ensure that the services being offered to the community met its needs. The OCF may ask third parties to act as data processors but will at all times take the role of data controller. As part of information gathering, The OCF will restrict requests for personal data to the absolute minimum required. Data will only be shared with the OCF, the data processor and the TF-CSIRT Steering Committee. Data gathered in surveys may be anonymised (not attributed to any person or any team) and shared with the wider TF-CSIRT community.
The Trusted Introducer Privacy Notice is available on the Trusted Introducer website.
The GÉANT Privacy Notice is available on the GÉANT website.