Your Privacy

The European General Data Protection Regulation (GDPR) (Dutch: Algemene Verordening Gegevensbescherming) requires us to disclose the information that we gather about you, what we use it for, and for how long we store this information. Please note that under the GDPR, you have certain additional rights (the right to see the information we have about you, the right to be forgotten, etcetera). We invite you to read the GDPR, and if you want to exercise any of these rights, please let us know (hpc-systems@lists.umcutrecht.nl) and we'll help you to the best of our abilities.

The HPC facility falls under the jurisdiction of the UMC Utrecht, so all the terms and regulations that are listed in the UMC Utrecht privacy statement (URL not known yet, will be added later) apply to us as well. Below, we will outline what we specifically, as HPC, gather and store about you.

Some personal information

The HPC user database contains your name, your e-mail address, and in some cases your telephone number. We need your e-mail address to be able to inform you about current affairs (e.g., planned downtime). We use the telephone number to be able to contact you for urgent incidents (e.g., anomalous use of the system, suspected account abuse). We keep this data for as long as your account is active, and a maximum of 6 months after that. After this period, your personal data will be removed from the account. The account itself is kept, in a disabled state, because not all your files are removed (see below), and they need an owner.

Your files

The HPC is not a place to store "personal" files. We expect your files to contain work-related material only.

File security is based on the standard Unix filesystem security, in which the "owner", the "group" and "others" can have certain permissions (read/write/execute). By default, these permissions will be set to a secure state (see below). Note that the HPC administrators have the ability to read/write/execute your files, but will not do so without your permission.

There are several places to store your HPC files.

• Your homedirectory, which by default is only readable by you. Other users cannot read this directory, unless you set more permissive permissions yourself. This directory will be removed 6 months after your HPC account is deactivated. It should contain things like login-scripts, personal configuration files, etc.

• Several group directories (/hpc/local, /hpc/shared, /hpc/groupname). By default, these locations are readable by the other members of your group, but are not accessible by people in other groups. Files and directories you create here should contain the majority of your research data. These files and directories will not be removed after your account has been disabled, as they may be relevant for other group members.

Login data

When you log in to our systems, we store the time that you log in and out, and the IP address you came from. We keep this information for 6 months.

We need this information to monitor account usage, and to be able to detect anomalous logins: "This person is suddenly logging in from several places around the globe; perhaps the account is hacked".

Job data

For every HPC job you submit, some data is stored in our database. Most information is purely technical (which node did it run on, what is the job number, how much CPU and memory did it use), and some information could be construed to be personally identifiable.

These are: your username, the group you submitted the job for, the submission time, and the job name.

The data gathered about user jobs is basically the core register of the HPC system. We need it to monitor, diagnose, and predict how our groups are using our system, for billing and capacity planning. Therefore, we keep this data for no less than 7 years.