Data Repository logo

Privacy policy

This document provides the complete additional policy and terms regarding your privacy. Please refer to the general SURF Privacy Policy documents for a complete overview of all privacy policies.


The following definitions are important and used throughout the rest of this document, unless explicitly stated otherwise:

  • 'Repository' or 'service': the Data Repository service as provided by SURF
  • 'Digital Object': an entity containing metadata and possibly a bundle of files served by the Repository service
  • 'Visitor': any visitor to the site, whether registered, logged in or solely visiting anonymously
  • 'User': any registered user that is logged in
  • 'Producer': any user creating new records and uploading data to the service
  • 'Consumer': any user or vistor downloading files of a dataset

What is covered in this document?

  • This document covers the privacy policy of data stored in the Data Repository service as provided by SURF

To what service does this document apply?

This document applies to the Data Repository service as provided by SURF, Amsterdam.

What information is collected?

The following policies apply:

  • For a user to register itself: personal information, including full name, affiliation and email address, is collected which uniquely identifies the user and allows us to contact that user on his personal behalf
  • For registered users: up- and downloads are tracked in order to track which users are have downloaded specific data sets
  • Any other usage information, such as error logs and recovery logs are stored on our servers and solely used to resolve issues or optimize the service infrastructure


  • No other means of tracking are being done
  • Your information cannot be accessed by anyone except the employees of SURF

Where is this information stored?

  • Your personal information is stored on the servers of SURF which is only accessible by employees of SURF and directly connected services where applicable
  • All personal information is stored completely separated from all data of the research data platform in our user administration service

How is personal information used?

A user's personal information is used in order to identify him/her and to give access to our storage services and infrastructure. Furhermore, this information may be disclosed, via secured mechanisms, only for the same purposes and only as far as necessary to other services within the SURF infrastructures.

How is this information protected?

  • Only employees of SURF can view personal information supplied by users of the service
  • SURF is ISO 27001 certified for security information (2016)

What happens when changes are made to the policy?

  • We will inform every user at least 30 days in advance when any changes are made to this privacy policy

What happens when your account is deleted?

  • Your personal information will be anonymized where appropriate
  • In case you have made any deposits or created new information on this website, it might be necessary to keep that information since it might be referred from somewhere else

Displaying registration data of data consumer

Some datasets in this Repository are only accessible for download to users that have gained explicit access to closed-source datasets. The data consumer agrees that his or her registration data may be held for validation and statistical purposes and to manage the service.

How to contact us?

You can find our contact details on the About page.