compute canada banner

Agreements

Loading ...

Compute Canada has adopted a set of policies related to privacy and cyber security. In order to obtain and renew a Compute Canada account, you must accept the following policies: Privacy and Data Protection Policy; Consent to Collect, Use and Disclose Personal Information; and End User Acceptable Use Policy.

End User Acceptable Use Policy (AUP)

Compute Canada Acceptable Use Policy

You must accept this AUP (revised on Feb 4, 2014) before applying for a new account or renewing an existing account.

By obtaining an account with Compute Canada one must abide by the following policies:

  1. An account holder is responsible for all activity associated with their account.
  2. An account holder must not share their account with others or try to access another user's account. Access credentials must be kept private and secure.
  3. Compute Canada resources must only be used for projects/programs for which they have been duly allocated.
  4. Compute Canada resources must be used in an efficient and considerate fashion.
  5. Compute Canada resources must not be used for illegal purposes.
  6. An account holder must respect the privacy of their own, other users' and the underlying systems' data.
  7. An account holder must provide reporting information in a timely manner and cite Compute Canada in all publications that resulted from work undertaken with Compute Canada resources.
  8. An account holder must observe computing policies in effect at the relevant centre and their residing institution.
  9. An account holder may lose access if any of these policies are transgressed.

Compute Canada Regional Divisions Rights and Responsibilities

Regional Divisions within Compute Canada have the following rights and responsibilities. They:

  1. have the right to monitor and record all use of resources.
  2. will not use staff privileges to examine user data except in the course of resolving problems and where access to such information is necessary.
  3. will first contact the CEO of Compute Canada as well as the director of the centre prior to examining any user data because of situations not related to the normal maintenance performed by centre staff. This includes but is not limited to investigating a suspected violation of the AUP.
  4. are responsible for operating and maintaining facilities, as well as providing training and user support, to meet the needs of researchers.
  5. are responsible for ensuring that resources are used in an efficient fashion and have the right to request, and assist in collecting, application performance information to guarantee that resources are being used efficiently.
  6. are responsible for ensuring that any transgressions of the acceptable use policy are expeditiously communicated to all other Compute Canada centres.
  7. will use best efforts to meet industry standards to protect the integrity and security of user data.
  8. have the right to augment and extend Compute Canada policy with their own acceptable use policies and rights and responsibilities.

I agree to the End User Acceptable Use Policy (AUP)

Compute Canada Personal Information Consent

Consent to Collect, Use and Disclose Personal Information

Compute Canada (CC) may, in the course of its operations, collect, use and disclose certain aspects of your personal information in order to fulfill its mandate and to run its services. Only necessary and relevant information as mentioned below will be collected, and this information will only be shared with your consent. It is important that everyone using a CC service understand what information CC consider important to collect versus what information CC considers out-of-scope and thus private to users.

Information we collect

We collect information that you provide to us when you sign up and use one of CC's managed systems or services. Information such as where you logged in from, how long you used the system, and details of how you used system resources while logged in are all examples of information that we collect and use to help better secure, manage and run our systems. It is important that we collect such information for us to protect privacy and integrity of data on our systems. Several types of information are collected to fulfill our reporting obligation to funding agency or to manage access to resources.

The following personal information may be collected, used, and disclosed by CC:

  • Identity information (CC Identifier, username, CC role(s), etc)
  • Session information (login IP, geolocalisation, session preference, login IP, etc)
  • Contact information (telephone, email)
  • Academic information (institution membership, department, field or research, etc)
  • CV information (CCV or similar)
  • Sponsor information (list of sponsored users under your account or who sponsored you)
  • Project information (project identifier, project membership, project title, project description, research area, etc)
  • Usage information (allocation identifier, allocation membership, resource utilization, service utilization, event attendance, etc)

Information we do not collect

It is important to note that CC does not, in the course of its operations, inspect, collect or disclose information related to the actual data that users store, process or transmit while using a CC system. Such information is considered out-of-scope and private to users with the following important exceptions:

  • Where CC is legally obliged to disclose such information
  • When granted explicit permission to do so by the data owners (for example, to help troubleshoot a technical problem)
  • When mandated to do so and subject to the conditions given and authorized by the data classification policy or guideline
  • During the course of investigating a security incident that may compromise the privacy and protection of data on a CC managed system

CC considers the privacy and protection of user data to be of primary importance. More information is available in the CC privacy and data protection policy if you would like to learn details about our commitment toward privacy and data protection:
https://www.computecanada.ca/about/compute-canada-privacy-policy/

Who we might share your personal information with

Some of the personal information we collect may at some point need to be shared with external organizations or individuals in accordance with their legitimate need for such information. For example, a response to a security incident on a CC system may need to be followed up with the user's host institution. The following are considered legitimate recipients of users' personal information collected by CC:

  • CC team members
  • Regional organisations supporting CC activities (WestGrid, Compute Ontario, Calcul Québec, ACENet)
  • Canadian academic institutions operating a service on behalf of CC
  • Host institutions of users
  • External reviewers who take part of resource allocation
  • Law authorities

CC will never disclose any personal information to third parties for the purposes of profit or advertisement or any commercial endeavour.

Retention of personal information

CC retains the right to store any of the personal information listed above and collected during the course of a user interaction with a CC system for as long as it may deem necessary to fulfill its goals of operating and providing a valuable service to the research community, or as required for reporting to the funding agency.

Note that if you do not agree to the collection, use or disclosure of your personal information, compute Canada will not be able to offer you its services and your account will not be activated or renewed.

I agree to the Compute Canada Personal Information Consent

Compute Canada Privacy Policy

Privacy and data protection policy

Version 1.0, August 10th, 2015
Adopted

  1. Objectives
  2. Definitions
  3. Scope
  4. Inventory
  5. Policy statement
  6. Implementation and revision

1 - Objectives

In the course of its operation, Compute Canada stores, transmits and uses personal and confidential data. This policy aims to inform all relevant parties of the Compute Canada commitment to protect the information collected and of the policies that apply to such information.

This policy is established in accordance with the law and in consideration of policies and protective measures in force in the partner academic institutions and any other Compute Canada stakeholders.

2 - Definitions

  • Information System: any system that can store, transmit or process information and which is governed or regulated by Compute Canada.
  • Information: any information or data transmitted, stored or processed by an Information System.
  • Personal Information: any Information that identifies an individual or a set of Information that identifies an individual. The name of a physical person is not personal information, except where it appears with other Information concerning the individual or when its mere mention would reveal personal information about that person.
  • Sensitive Information: any Information whose disclosure may cause harm to Compute Canada, a Compute Canada stakeholder, a User or to any Partner, individual or entity concerned by this Information.
  • Public Information: any Information that is neither Personal Information nor Sensitive Information.
  • User: any individual with access to Information or to an Information System.
  • Owner: a User that stores, creates or is responsible for some Information. The Owner is also the data curator.
  • CC Team Member: any individual employed by, bound to or working on behalf of Compute Canada.
  • Partner: funding agency or member institution operating services or an Information System on behalf of Compute Canada.

3 - Scope

All Information is covered by this policy. The Information as well as Personal Information and Sensitive Information present at Compute Canada can be divided into three categories:

  • Information collected by Compute Canada;
  • Information collected by a third party organization and shared with Compute Canada;
  • Information stored, transmitted or processed by a User on an Information System.

Personal Information collected by Compute Canada is that which is necessary for the pursuit of its duties or the fulfillment of a mandate under its responsibility. It is mandatory to provide them, with the exception of certain information for which collection is optional and identified as such.

Compute Canada or a CC Team Member may have to ask a User to disclose Personal Information about another individual. Compute Canada then assumes the User has obtained the consent of that individual. It is the User's responsibility to seek any required consent.

4 - Inventory

4.1 Personal Information collected by Compute Canada

Any Personal Information collected by Compute Canada must be inventoried. The inventory must contain:

  • the nature, origin and justification for the need of that information;
  • the lifecycle and expiration for the data, including the schedule and mechanism for disposal;
  • a list of individuals or groups of individuals having access to the information;
  • the information System(s) on which data will reside;
  • the identity of the data curator.

Personal Information collected by a third party organization and to which Compute Canada has access will be considered the same as Personal Information collected by Compute Canada for the purpose of this policy. Additional policies or measures requested by the third party organization could also be in force.

4.2 Personal Information owned or curated by a User

Any Personal Information processed or stored by a User must be declared. This declaration must include the following elements:

  • the identity of the data Owner;
  • a list of Users having access to the data;
  • the data lifecycle and expiration, including the schedule and mechanism for disposal;
  • the Information System used and description of the security and privacy measure or requirements that apply.

5 - Policy statement

5.1 Policies for Information and Personal Information Collected by Compute Canada

Policies in force for Information and Personal Information collected by Compute Canada are:

  1. Only Personal Information essential to the operation of Compute Canada, required as part of our mandate or under our obligations to our partners is collected. It is mandatory for the User to provide it to Compute Canada, with the exception of certain Information for which disclosure is optional and identified as such.
  2. Some Personal Information or Sensitive Information will be shared with partner organizations. The information shared will be identified as such at collection time and consent will be requested at collection time or prior to sharing.
  3. When collecting Personal Information, Compute Canada will obtain consent from the individual and keep proof of that authorization. This consent will include a provision for the use or the sharing of the information with Compute Canada partners where applicable.
  4. Compute Canada commits to use Personal Information for the sole purpose agreed to by the individual at the time of collection. Any other use of this information requires prior consent of the individual.
  5. Compute Canada undertakes to destroy any Personal Information that has reached its end of life.
  6. Compute Canada undertake not to disclose any Sensitive Information or Personal Information without the consent of the individual concerned, except, where necessary, when required by law or subject to the conditions given and authorised by the data classification guideline.
  7. Any Personal Information or Sensitive Information collected by Compute Canada will be kept in a secure environment. Any transmission of such information will also be secured with the appropriate procedures.
  8. Access to Personal Information and Sensitive Information is restricted to CC Team Members who have a legitimate need for the information.
  9. Compute Canada controls access to Sensitive Information and Personal Information, regularly verifies the integrity of the data, and monitor for unauthorized access to this data regularly.
  10. In the event of unauthorized disclosure of Personal Information, the individuals concerned will be notified.
  11. Upon request, Compute Canada will provide a list of Personal Information in its custody and related to the individual making the request, unless there is a legal justification for not doing so. The list will be provided after the verification of the requester's identity.

5.2 Policies for Information and Personal Information in Users custody

Policies in force for Information and Personal Information that a User stores, use or transmit on an Information System are:

  1. Any User that stores or processes Personal Information on an Information System must declare the presence of such data. This declaration must include the elements listed in section 4.2.
  2. Not every Information System is appropriate to store, process or transmit Personal Information. Users must use an appropriate Information System for Personal information. CC Team Members can provide guidance with the selection of the appropriate Information System and on the security methods and procedures that apply.
  3. All Personal Information that is stored or processed on an Information System must be declared to Compute Canada. Any undeclared Personal Information will be considered by Compute Canada as any other Information in User custody.
  4. All Personal Information declared must include a lifecycle. Upon data end of life, Compute Canada or any authorized CC Team Member will contact the Owner to confirm or where necessary to arrange destruction of the expired Personal Information. Upon failure to answer within a reasonable period, Compute Canada reserves the right to permanently delete the data in accordance with the lifecycle declaration made by the Owner.
  5. Any request to access Personal Information will be transmitted to the Owner. No access will be granted by Compute Canada, except where required by law, where the Owner demonstrates the legality of such access or where the requester is the individual concerned by the information and no legal justification prevents disclosure.
  6. Any unauthorized access to Personal Information will be reported to the Owner.
  7. The Owner must respond in a timely fashion to requests for access.
  8. Compute Canada and CC Team Members will not access data in User custody except with the consent of the User, where required by law or subject to the conditions given and authorized by the data classification guideline. Compute Canada reserves the right to access such data to Investigate or to preserve Information and Information System integrity. These accesses will be monitored, temporary, minimized and limited to the scope and timeframe of the investigation.
  9. The User is solely responsible and respondent for compliance with laws and regulations concerning the information in their custody. The User's home institution rules and procedures for data protection and privacy might apply and it is the User's responsibility to undertake any action required to comply.
  10. Compute Canada will provide the Users with rules, procedures and mechanisms for a reasonable level of security for Information in their custody on an Information System.

6 - Implementation and revision

This Policy is adopted and enters into force on the date of its adoption. It will be review by the Compute Canada Security Council once a year or at any time deemed necessary.

I agree to the Compute Canada Privacy Policy