Privacy policy

1. Purpose

This Privacy Policy outlines the Personal Information handling practices of New Zealand eScience Infrastructure (NeSI). It governs the collection, use, storage, disclosure and disposal of Personal Information held by NeSI. NeSI is committed to handling personal information in accordance with applicable privacy laws, and in line with the privacy principles outlined in the New Zealand Privacy Act 2020.

This Privacy Policy may be amended from time to time by NeSI. When this occurs, users will be notified, and use of NeSI services after the change will be taken as acceptance of the updated terms.

2. Collection of Information

Computing and data analytics services

We collect and process Personal Information about our users through registration and project request forms. This may include:

  • legal name along with (optionally) your preferred name

  • ORCID identifier

  • employer or tertiary institution

  • a contact telephone number

  • an email address issued by employer or tertiary institution (primary email address), along with (optionally) a preferred contact email address

  • user ID

  • if a student, course of study and main academic supervisor or course coordinator

  • projects, team memberships, and allocations

  • grants and publications

  • support tickets and survey responses

We also gather certain information and store it in log files when you interact with our services. This information may include job history, file/directory ownership, as well as IP addresses, browser type, internet service provider, URLs of referring/exit pages, operating system, date/time stamp, information you search for, locale and language preferences, identification numbers associated with your devices, and system configuration information.

Websites

NeSI also collects and processes Personal Information about users of our websites for the primary purposes of delivering any services or functionality requested by users and for improving the online experience for our users. We make use of "cookies” on www.nesi.org.nz to track usage patterns and to compile data in an aggregated and anonymised manner enabling us to improve our website for future visitors. If you do not want information collected through the use of cookies, there is a simple procedure in most browsers that allows you to deny or accept the cookie feature.

3. Storage and Security of Information

NeSI maintains robust Information Security management processes and confidentiality protocols to help ensure that it is protected against misuse, loss and unauthorised access, use, modification or disclosure as detailed in our Security Policy. These include:

  • firewalls and modern encryption standards

  • use of two-factor authentication (2FA)

  • access to the Personal Information is limited only to NeSI staff members who have a legitimate business requirement to use it

  • access is monitored and traceable via logs

  • information is backed up regularly, and backups are held in secure storage facilities

A national or overseas third-party provider may be used to manage and store the Personal Information and other information collected, and NeSI will ensure that any such provider has sufficient security measures in place to protect Personal Information.

NeSI will promptly notify customers if we become aware of a data breach that affects them, take all reasonable efforts to ascertain the nature, causes and effects of the incident, and share the results of those investigations. NeSI staff will report known privacy breaches in accordance with the Privacy Act 2020.

 

4. Use of Information

NeSI processes (uses) Personal Information for a number of reasons. This includes providing expertise and capability in computational and data intensive research, hosting and providing access to repository data, employing our staff, use of NeSI websites, and organising conferences.

NeSI may use Personal Information for the following purposes:

  • To provide services, including provisioning projects

  • To maintain and improve services, including user experience and capacity planning

  • To create and provide new services

  • For communication purposes, including news and service messages

  • For administering the NeSI Access Policy

  • To meet our obligations under the NeSI Crown Funding Agreement, NeSI Collaboration and Service Agreements, and licensing/contractual compliance.

  • To implement and maintain security

  • To carry out maintenance and fault investigation of NeSI infrastructure

  • To manage data stored on NeSI infrastructure

We may publish the names of project owners and project team members along with their respective institutions in connection with particular projects through case studies. This is only done with the permission of those involved.

5. Disclosure of Information

NeSI uses third party providers for certain services and shares only the minimum required Personal Information in the provision of these services. NeSI also has partner institutions for example, the University of Auckland, in order to manage access to shared events and facilities or more generally to collaborate scientifically.

NeSI takes all reasonable precautions to ensure that any third party contractor, service provider or partner institution who may access Personal Information on its behalf keeps this personal information secure and processes it lawfully and in accordance with our instructions. NeSI does not sell or rent Personal Information to any other party for any purpose. Some personal information is shared as part of using shared HPC facilities, for example, where jobs are processed via a common queue.

Personal Information will only be disclosed for the purposes for which users supplied it, or for directly related purposes that would be reasonably expected, or if the Privacy Act 2020 allows its disclosure, or if the user agrees.

6. Access to Information

Users have the right to request a copy of any Personal Information about them held by NeSI. Such requests or any questions about Personal Information may be directed initially to NeSI Support (support@nesi.org.nz). We will endeavour to respond to any such request within three working days and access will be provided free of charge. In limited circumstances, access to Personal Information may be declined in accordance with privacy laws. 

7. Correction of Information

NeSI will endeavour to ensure that all personal information is accurate, complete and up-to-date whenever it is used. Users must assist with this by informing NeSI of any changes, errors, or discrepancies in the information held. If any Personal Information held is inaccurate, incomplete, or out-of-date, users may update it through the MyNeSI portal (https://my.nesi.org.nz) or email NeSI Support (support@nesi.org.nz) to request that records be amended. 

8. Deletion of Information

NeSI will delete Personal Information on request, provided that, notwithstanding such request, this information may be retained for as long as the requestor maintains an account for NeSI Services, or as needed to provide NeSI services and manage assets, maintain integrity of records and logs, to comply with legal obligations, or resolve disputes.

Requests for record deletion can be sent via email to NeSI Support (support@nesi.org.nz).

 

 

Version History

VersionDateChange description
1.031 March 2021Initial release
1.131 May 2022Updates
1.201 November 2023Security Policy alignment