Privacy Notice

The DutchGrid CA service provides identity assertions to individual persons for use in electronic authentication. By their very nature, these identity assertion are linked to your personal data -- they are used to provide your identity to third parties with which you communicate.

During the application and certification process with the DutchGrid CA, your personal data will be processed and stored. Why?

Of the data you provide, the contents of the certificate itself, in particular the subject name will be disclosed to the general public. Keep in mind that your certificate data will be exchanged in cleartext whenever you send your certificate to establish a secure connection. If your certificate contains your email address (but this is optional and not the default!), this email address will be publicly visible. Since you are the one initiating the use of your certificate for authentication or email, protecting the data in your certificate during its daily use is outside the control of the CA.

The DutchGrid CA consists of the DutchGrid CA Management Authority and the DutchGrid CA Operator. They will not share your data with any other party.

What Data Do We Collect

The following information is collected from the application on the registration form (the registration form is then kept on paper only, in a locked, secure environment with recorded access):

When contacting the RA, you will be asked to show your ID. In particular, your name is checked against the data on there, and only your date and place of birth and the type and number of your national ID is archived; no copies of it are stored by the RA or CA. These details are kept off-line, except for the last four digits of your ID serial number.

Some information is also kept on-line. The on-line information systems contain:

Access to this on-line information is limited to CA management and operators only, but an off-site backup exists. A determined attacker might use physical violence to get access to this data.

Note that all data at the CA could be used by law enforcement officials if ever your certificate use is subject to a criminal investigation. The CA cannot legally prevent access to this information in that case.

Getting Information About Your Data

You can request access to information regarding all your data at any time. And you can of course request your data to be corrected.
Due to the nature of the certificate service, you will have to agree to storage of your data with the CA, for the purpose for issuing, validating and renewal of identity assertions. You have been been or will be notified in advance that your data will be stored -- as a warning at the top of the electronic application form, and via the CP/CPS with which you officially agreed when signing the paper-based application form. The electronic mail with your certificate also notifies you of the processing of your personal data by the CA.

You can request that all your information will be shielded. In that case, your certificate will be revoked and removed from the on-line repository. We cannot be responsible for leakage of this information if you yourself continue to present your certificate to third parties.

For information, please contact:
DutchGrid CA
P.O. Box 41882
NL 1009 DB Amsterdam, The Netherlands
phone: +31 20 592 2000
fax: +31 20 592 5155
or send an electronic mail to ca@dutchgrid.nl.