InCommon Privacy Policy
I. Introduction
The InCommon Federation (“InCommon”) recognizes and respects the privacy interests of its users. This document describes InCommon’s privacy policy with regard to data that InCommon collects from users of InCommon services. InCommon is operated by Internet2, but this policy – and not any of Internet2’s privacy policies – applies to InCommon.
II. What This Policy Covers
This policy applies to the following systems and services:
- InCommon services: any service provided directly by InCommon;
- InCommon e-mail: e-mail between InCommon staff members; e-mail involving InCommon aliases (such as help@incommon.org); and InCommon mailing lists (such as participants@incommon.org), including those listed at https://lists.incommon.org/sympa/lists.
- InCommon’s web sites: any web site administered by InCommon or used by InCommon to provide information to the InCommon Community, including www.incommon.org and https://spaces.internet2.edu/display/InCCollaborate/Home.
III. What Information Is Collected
Some InCommon services collect data from InCommon participant executives, administrators, delegates and other roles used in collaboratively operating the services. This information is limited to operational information used to uniquely identify, contact, interoperate with and handle service management operations both between InCommon and its participants, and between participants. This operational information could include name, job title, phone number, and email address. If a participant exports metadata to interfederation service(s) such as eduGAIN, a limited subset of this operational data associated with that/those systems may be exported to participants of other federations or services participating in interfederation.
The identity data collected by InCommon participants and used in transactions which are federated via the InCommon Federation is not collected by InCommon except where specifically released to InCommon by the institution for purposes of interacting with applications owned and operated by InCommon such as wikis, blogs, forums, and mailing lists. This information is limited in scope (e.g., email address, name, user ID).
If you sign up for an InCommon mailing list, InCommon also may collect user information such as your name, job title, address, verified phone numbers, and email address. Mailing list content, including some user information, may be routinely archived by InCommon and made available to present and future list subscribers or to the public, depending upon the list.
When you visit an InCommon website, our web server software automatically collects certain information. Specifically, our web servers typically log the requesting IP address, the page requested, the time of the request, referrer information, information about the browser being used, and the status of the request (for example, if a page does not exist, a 404 error code will be returned).
Like many websites, InCommon uses cookies and similar technologies to make our website work best for our users. A cookie is a text file that is sent from a web server to your browser and may be stored by your browser or on your computer’s hard drive. The text file is then sent back to the server each time the browser requests a page from that server. This enables the web server to identify and track the web browser. Cookies cannot read data off your hard disk and will not damage your system. You can set your browser to refuse any cookie or to alert you when a cookie is being sent. If you refuse cookies, some portions of our website may not function optimally.
With respect to “do not track” requests, InCommon does not support such requests and continues to collect information as described in this policy.
No part of the InCommon website is directed to children under the age of 13, and InCommon does not knowingly collect or maintain information from children under the age of 13.
IV. Why We Collect This Information
Much of the information that InCommon collects enables us to operate the services provided by InCommon. For example, we collect information from individuals who have been designated with official roles on behalf of their organizations in order for those specified individuals to carry out their duties in a trusted manner. Similarly, we collect information when you sign up for an InCommon mailing list to enable us to provide you with content you requested.
With respect to information automatically collected when users browse our websites, InCommon collects this information to optimize the design of our websites and the user experience, to identify website errors, and for other operational purposes.
V. Sharing of Data with Third Parties
In order to provide some InCommon services, we may share some of the information we collect with third party contractors. In such cases, we only provide the minimal amount of information needed for these contractors to provide technical, operational, or service management services in support of the InCommon mission.
InCommon may publish names and email addresses in shared email distribution lists, working group lists archived on a public website, or on working group documents. InCommon publishes operational information such as Identity Provider and Service Provider administrative, technical, and security contacts, which are maintained for use by participants, in the public-facing metadata aggregate service(s).
Other third parties in the community often have access to user information, such as name and email address, as a result of their role on a committee, working group, or other interest group.
Phone numbers are stored in shared systems with other Internet2 projects. Certain phone numbers used for identity and access management are guarded and not shared with third parties, with the exception of a third-party contractor assisting in managing second factor security.
VI. How Data Is Protected
Data is protected in all systems in accordance with InCommon technical and administrative policies. For further information regarding these policies, please see the InCommon Federation Operational Policies and Practices at https://incommon.org/federation/fopp/.
Additionally, InCommon issues passwords and credentials to administrative users of services that InCommon offers, which are protected under the InCommon technical and administrative policies. InCommon’s third party contractors also may issue passwords and protect them with due diligence described in their own documentation.
VII. Access to Personal Information and Opportunity to Update Information
InCommon allows participants to update operational information for each service they participate in, via a variety of means, depending on the system and service (e.g., email list manager, wiki, internal relationship manager databases, and partner databases for subscribed systems and services). In addition, users may email help@incommon.org with questions about how to update their information with respect to a specific service.
VIII. Notice For Updates And Changes To Policy
InCommon will update this policy from time to time, and the most current version will always be posted at www.incommon.org. We encourage you to review this statement regularly.
If you have any questions about the InCommon Privacy Policy, please contact help@incommon.org.
Effective date: 2024-06-03