compute canada banner


Loading ...

Compute Canada has adopted a set of policies related to privacy and cyber security. In order to obtain and renew a Compute Canada account, you must accept the following policies: Privacy and Data Protection Policy; Consent to Collect, Use and Disclose Personal Information; and Terms of Use.

Compute Canada Privacy Policy

Privacy and data protection policy

Version 1.1, February 23rd, 2017 Adopted

  1. Objectives
  2. Definitions
  3. Scope
  4. Inventory
  5. Policy statement
  6. Implementation and revision

1 – Objectives

In the course of its operation, Compute Canada stores, transmits and uses personal and confidential data. This policy aims to inform all relevant parties of the Compute Canada commitment to protect the information collected and of the policies that apply to such information.

This policy is established in accordance with the law and in consideration of policies and protective measures in force in the partner academic institutions and any other Compute Canada stakeholders.

2 – Definitions

  • Information System: any system that can store, transmit or process information and which is governed or regulated by Compute Canada.

  • Information: any information or data transmitted, stored or processed by an Information System.

  • Personal Information: any information about an identifiable individual where there is a serious possibility that an individual could be identified through the use of that information, alone or in combination with other available information. Business contact Information is not personal Information.

  • Personal Health Information: any information about an identifiable individual pertaining to health, health care, or any health related information concerning that individual.

  • Sensitive Information: any Information whose disclosure may cause harm to Compute Canada, a Compute Canada stakeholder, a User or to any Partner, individual or entity concerned by this Information. Personal Information and Personal Health Information are Sensitive Information.

  • Public Information: any Information that is neither Personal Information nor Sensitive Information.

  • User: any individual with access to Information or to an Information System.

  • Owner: a User that stores, creates or is responsible for some Information. The Owner is also the data curator.

  • CC Team Member: any individual employed by, bound to or working on behalf of Compute Canada.

  • Partner: funding agency or member institution operating services or an Information System on behalf of Compute Canada.

3 – Scope

All Information is covered by this policy. The Information as well as Personal Information and Sensitive Information present at Compute Canada can be divided into three categories:

  • Information collected by Compute Canada;

  • Information collected by a third party organization and shared with Compute Canada;

  • Information stored, transmitted or processed by a User on an Information System.

Personal Information collected by Compute Canada is that which is necessary for the pursuit of its duties or the fulfillment of a mandate under its responsibility. It is mandatory to provide them, with the exception of certain information for which collection is optional and identified as such.

Compute Canada or a CC Team Member may have to ask a User to disclose Personal Information about another individual. Compute Canada then assumes the User has obtained the consent of that individual. It is the User’s responsibility to seek any required consent.

4 – Inventory

4.1 Personal Information collected by Compute Canada

Any Personal Information collected by Compute Canada must be inventoried. The inventory must contain:

  • the nature, origin and justification for the need of that information;

  • the lifecycle and expiration for the data, including the schedule and mechanism for disposal;

  • a list of individuals or groups of individuals having access to the information;

  • the information System(s) on which data will reside;

  • the identity of the data curator.

Personal Information collected by a third party organization and to which Compute Canada has access will be considered the same as Personal Information collected by Compute Canada for the purpose of this policy. Additional policies or measures requested by the third party organization could also be in force.

4.2 Personal Information owned or curated by a User

Any Personal Information processed or stored by a User must be declared. This declaration must include the following elements:

  • the identity of the data Owner;

  • a list of Users having access to the data;

  • the data lifecycle and expiration, including the schedule and mechanism for disposal;

  • the Information System used and description of the security and privacy measure or requirements that apply.

5 – Policy statement

5.1 Policies for Information and Personal Information Collected by Compute Canada

Policies in force for Information and Personal Information collected by Compute Canada are:

  1. Only Personal Information essential to the operation of Compute Canada, required as part of our mandate or under our obligations to our partners is collected. It is mandatory for the User to provide it to Compute Canada, with the exception of certain Information for which disclosure is optional and identified as such.

  2. Some Personal Information or Sensitive Information will be shared with partner organizations. The information shared will be identified as such at collection time and consent will be requested at collection time or prior to sharing.

  3. When collecting Personal Information, Compute Canada will obtain consent from the individual and keep proof of that authorization. This consent will include a provision for the use or the sharing of the information with Compute Canada partners where applicable.

  4. Compute Canada commits to use Personal Information for the sole purpose agreed to by the individual at the time of collection. Any other use of this information requires prior consent of the individual.

  5. Compute Canada undertakes to destroy any Personal Information that has reached its end of life.

  6. Compute Canada undertake not to disclose any Sensitive Information or Personal Information without the consent of the individual concerned, except, where necessary, when required by law or subject to the conditions given and authorised by the data classification guideline.

  7. Any Personal Information or Sensitive Information collected by Compute Canada will be kept in a secure environment. Any transmission of such information will also be secured with the appropriate procedures.

  8. Access to Personal Information and Sensitive Information is restricted to CC Team Members who have a legitimate need for the information.

  9. Compute Canada controls access to Sensitive Information and Personal Information, regularly verifies the integrity of the data, and monitor for unauthorized access to this data regularly.

  10. In the event of unauthorized disclosure of Personal Information, the individuals concerned will be notified.

  11. Upon request, Compute Canada will provide a list of Personal Information in its custody and related to the individual making the request, unless there is a legal justification for not doing so. The list will be provided after the verification of the requester’s identity.

5.2 – Policies for Information and Personal Information in Users custody

Policies in force for Information and Personal Information that a User stores, use or transmit on an Information System are:

  1. Any User that stores or processes Personal Information on an Information System must declare the presence of such data. This declaration must include the elements listed in section 4.2.

  2. Not every Information System is appropriate to store, process or transmit Personal Information. Users must use an appropriate Information System for Personal information. CC Team Members can provide guidance with the selection of the appropriate Information System and on the security methods and procedures that apply.

  3. All Personal Information that is stored or processed on an Information System must be declared to Compute Canada. Any undeclared Personal Information will be considered by Compute Canada as any other Information in User custody.

  4. All Personal Information declared must include a lifecycle. Upon data end of life, Compute Canada or any authorized CC Team Member will contact the Owner to confirm or where necessary to arrange destruction of the expired Personal Information. Upon failure to answer within a reasonable period, Compute Canada reserves the right to permanently delete the data in accordance with the lifecycle declaration made by the Owner.

  5. Any request to access Personal Information will be transmitted to the Owner. No access will be granted by Compute Canada, except where required by law, where the Owner demonstrates the legality of such access or where the requester is the individual concerned by the information and no legal justification prevents disclosure.

  6. Any unauthorized access to Personal Information will be reported to the Owner.

  7. The Owner must respond in a timely fashion to requests for access.

  8. Compute Canada and CC Team Members will not access data in User custody except with the consent of the User, where required by law or subject to the conditions given and authorized by the data classification guideline. Compute Canada reserves the right to access such data to Investigate or to preserve Information and Information System integrity. These accesses will be monitored, temporary, minimized and limited to the scope and timeframe of the investigation.

  9. The User is solely responsible and respondent for compliance with laws and regulations concerning the information in their custody. The User’s home institution rules and procedures for data protection and privacy might apply and it is the User’s responsibility to undertake any action required to comply.

  10. Compute Canada will provide the Users with rules, procedures and mechanisms for a reasonable level of security for Information in their custody on an Information System.

6 – Implementation and revision

This Policy is adopted and enters into force on the date of its adoption. It will be review by the Compute Canada Security Council once a year or at any time deemed necessary.

Compute Canada Personal Information Consent

Consent to Collect, Use and Disclose Personal Information

Compute Canada (CC) may, in the course of its operations, collect, use and disclose certain aspects of your personal information in order to fulfill its mandate and to run its services. Only necessary and relevant information as mentioned below will be collected, and this information will only be shared with your consent. It is important that everyone using a CC service understand what information CC consider important to collect versus what information CC considers out-of-scope and thus private to users.

Information we collect

We collect information that you provide to us when you sign up and use one of CC's managed systems or services. Information such as where you logged in from, how long you used the system, and details of how you used system resources while logged in are all examples of information that we collect and use to help better secure, manage and run our systems. It is important that we collect such information for us to protect privacy and integrity of data on our systems. Several types of information are collected to fulfill our reporting obligation to funding agency or to manage access to resources.

The following personal information may be collected, used, and disclosed by CC:

  • Identity information (CC Identifier, username, CC role(s), etc)
  • Session information (login IP, geolocalisation, session preference, login IP, etc)
  • Contact information (telephone, email)
  • Academic information (institution membership, department, field or research, etc)
  • CV information (CCV or similar)
  • Sponsor information (list of sponsored users under your account or who sponsored you)
  • Project information (project identifier, project membership, project title, project description, research area, etc)
  • Usage information (allocation identifier, allocation membership, resource utilization, service utilization, event attendance, etc)

Information we do not collect

It is important to note that CC does not, in the course of its operations, inspect, collect or disclose information related to the actual data that users store, process or transmit while using a CC system. Such information is considered out-of-scope and private to users with the following important exceptions:

  • Where CC is legally obliged to disclose such information
  • When granted explicit permission to do so by the data owners (for example, to help troubleshoot a technical problem)
  • When mandated to do so and subject to the conditions given and authorized by the data classification policy or guideline
  • During the course of investigating a security incident that may compromise the privacy and protection of data on a CC managed system

CC considers the privacy and protection of user data to be of primary importance. More information is available in the CC privacy and data protection policy if you would like to learn details about our commitment toward privacy and data protection:

Who we might share your personal information with

Some of the personal information we collect may at some point need to be shared with external organizations or individuals in accordance with their legitimate need for such information. For example, a response to a security incident on a CC system may need to be followed up with the user's host institution. The following are considered legitimate recipients of users' personal information collected by CC:

  • CC team members
  • Regional organisations supporting CC activities (WestGrid, Compute Ontario, Calcul Québec, ACENET)
  • Canadian academic institutions operating a service on behalf of CC
  • Host institutions of users
  • External reviewers who take part of resource allocation
  • Law authorities

CC will never disclose any personal information to third parties for the purposes of profit or advertisement or any commercial endeavour.

Retention of personal information

CC retains the right to store any of the personal information listed above and collected during the course of a user interaction with a CC system for as long as it may deem necessary to fulfill its goals of operating and providing a valuable service to the research community, or as required for reporting to the funding agency.

Note that if you do not agree to the collection, use or disclosure of your personal information, compute Canada will not be able to offer you its services and your account will not be activated or renewed.

Consent to Access User Data

Consent to access users data

When you open a support request, Compute Canada team members may be able to help you more quickly if they are allowed to access your files. Whenever possible, read-only access to a limited number of files will be used to provide the support. On rare occasions, providing the support may require altering some of your files (write access). Such changes will always be limited to what is strictly necessary to resolve the issue. Our team will always inform you of any minor change they make and will ask your consent explicitly for any significant change.

As part of an on-going support request, do you allow Compute Canada team members to access the files as described above without explicitly asking for your consent each time the files need to be accessed?

Terms of Use

Terms of use

Version 1.0, March 2th, 2017


  1. Access to resources
  2. Compliance
  3. Use of resources
  4. Acknowledgement and reporting

1 – Access to resources

  1. By applying for access to Compute Canada’s resources, you must agree to these Terms of use.

  2. You agree to access and use Compute Canada’s resources in a way that is compatible with the Compute Canada Access Policy.

  3. You must never access or attempt to access any of Compute Canada’s resources (or any other user’s data on Compute Canada’s resources) other than those resources or data for which you have been explicitly granted access.

  4. You must always abide by any Compute Canada policies, and any local and applicable policies such as an Acceptable Use Policy of the institution from which you are accessing the resources. In the situation where a conflict exists, you must notify* Compute Canada and comply with any additional directives that Compute Canada will provide to resolve the inconsistency.

  5. You must not allow any other individual to use your credentials to access Compute Canada’s resources. If additional personnel require access to Compute Canada’s resources as part of your research, each individual must apply for an account, and obtain their own credentials.

  6. Compute Canada credentials are confidential and must remain secret and secure. Minimal requirement for credentials are provided in the Compute Canada directive on password management.

  7. You must provide and keep up to date user related information in the Compute Canada Portal (CCDB). Current and valid information is critical for efficient incident response.

2 – Compliance

  1. Failure to abide by these Terms of use may result in legal action to you or your institution as well as the revocation of access privileges.

  2. You have full responsibility for the activities associated with your account or for the use of resources being assigned to you. You are responsible to clarify with your home institution any responsibility or liability issue resulting from the use of Compute Canada’s resources.

  3. In the situation where your account is compromised or suspicious activity is being recorded on resources assigned to you, you agree to work with Compute Canada, its members and your home institution to resolve the issue.

  4. At no time will you use Compute Canada’s resources for any activity in contravention of Canadian law or any other applicable laws in your jurisdiction. You are responsible to identify with your local institution all applicable laws or regulations that may apply in the use of Compute Canada resources for your research, including the access or use of resources outside of your local province.

  5. You agree that should you ever be investigated or found liable for any contravention of Canadian law, or any other applicable law in your jurisdiction, Compute Canada is in no way responsible or liable for such contraventions. If anyone attempt to make Compute Canada liable for anything related to your research or your use of Compute Canada’s resources, you agree to work with Compute Canada, its members and your home institution to resolve the issue.

  6. Compute Canada reserves the right to proactively monitor for and detect activity that violates Compute Canada policies and applicable laws. You agree to provide information and access to data to Compute Canada to enable this monitoring and any related investigation. Such access to your data or assigned resources will be monitored, temporary, minimized and limited to the scope and timeframe of the investigation.

  7. You must immediately notify* Compute Canada if you become aware of any unauthorized access or use of Compute Canada resources or data or of any event that might affect Compute Canada information security or privacy.

  8. You agree to provide Compute Canada, upon request, with appropriate documentation to demonstrate proper authorisation is in place for the use of CC resources, including ethical approvals of the research being conducted on Compute Canada allocated resources.

3 – Use of resources

  1. You may not knowingly use the Compute Canada resources in any situation where failure or fault of the Service could lead to death or serious injury of any person or animal, or to serious physical or environmental damage.

  2. Should your research involve the use of or contain any personal information, you must inform Compute Canada and only select or use the appropriate resources that provide the required protection for such data. You agree to abide by additional terms applicable to the protection of personal information, such as to those required by Compute Canada privacy and data protection policy.

  3. Should your research involve the use or contain sensitive information, you must institute appropriate safeguards to ensure your data remains secured and confidential. Compute Canada holds no responsibility for the protection of your data.

  4. You may not knowingly introduce malicious software into the Compute Canada environment that may damage, interfere with, or capture any system, program, or data outside of your own assigned resources. Compute Canada reserves the right to quarantine or delete any such software and any related data.

  5. You may not knowingly attempt to probe, scan, penetrate or test for vulnerability Compute Canada services or systems.

  6. You may not knowingly try to access or intercept data not intended for yourself or for the resources that are assigned to you.

  7. You may not send or provide assistance for unsolicited bulk communications.

  8. You may not use applications without valid and adequate licensing.

  9. You may not use software services that would override Compute Canada authentication or policy enforcement.

  10. You may not use software or services that provide unprotected access to shared Compute Canada resources.

  11. You must use Compute Canada’s resources in an efficient manner that does not impede or deny the ability of others to use the resources to which they have been granted access. This includes the removal of deprecated data and software.

  12. You will protect data you have been granted access to and will ensure proper consent is obtained before sharing or disclosing it.

  13. You must complete an annual account renewal process to retain access to resources assigned to you.

  14. If access is revoked or expired, Compute Canada will archive or retain your data for a one year period. Temporary data will not be preserved and may be deleted at any time. Past this grace-period, if no action has been taken to reactivate the account, Compute Canada reserves the right to permanently delete all of your data.

4 – Acknowledgement and reporting

  1. In any publication or communication related to your use of Compute Canada resources, you agree, where possible and appropriate to acknowledge Compute Canada’s contribution as prescribed in Compute Canada’s acknowledgment policy.

  2. You agree to provide Compute Canada with reporting information about your access and use of Compute Canada resources.

* Contact by email at or contact your local Compute Canada representative

Defined in

Temporary data includes any information stored on volatile device not intended for data preservation (e.g. scratch storage, temporary disk allocation, caches, etc.)