The Zenodo collaboration does not track, collect or retain personal information from users of Zenodo, except as otherwise provided herein. In order to enhance Zenodo and monitor traffic, non-personal information such as IP addresses and cookies may be tracked and retained, as well as log files shared in aggregation with other community services (in particular OpenAIREplus partners). User provided information, like corrections of metadata or paper claims, will be integrated into the database without displaying its source and may be shared with other services.
-Zenodo will take all reasonable measures to protect the privacy of its users and to resist service interruptions, intentional attacks, or other events that may compromise the security of the Zenodo website.
-If you have any questions about Zenodo's privacy policy, please don't hesitate to contact us.
+Zenodo is hosted at CERN and subject to CERN's special legal status as an Intergovernmental Organization (IGO) and thus enjoys certain privileges and immunities under international law. Processing of personal data at CERN is governed by CERN's Operational Circular 11 (OC11) that offers data protection at the same high standards and is comparable to EU's General Data Protection Regulation (GDPR).
Each service at CERN is responsible for compiling its own Privacy Notice regarding the data it processes.
- | IP address |
- User account security and rate limiting |
+ Your account name |
+ [User] To identify you as a Zenodo user; To provide you with the service; For technical support and troubleshooting; To display publicly on Zenodo; To prevent spam and misuse of Zenodo |
Legitimate interest of CERN |
- Inferred from the request client |
+ Your input |
- | Your IP address, visited URLs and corresponding timestamp |
-
- User support, website debugging, security auditing and to produce
- anonymous aggregated statistics
- |
+ Your full name and affiliation |
+ [User] To identify you as a Zenodo user; Allowing others to find you on Zenodo; Pre-filling your information in forms when logged in; To display publicly on Zenodo; To prevent spam and misuse of Zenodo; For auto-completion of personal names in the record metadata |
Legitimate interest of CERN |
- Our web server logs |
+ Your input or derived from your ORCID |
- | Account name |
- Display in the Zenodo communities page when you are the curator |
+ Your email address |
+ [User] To identify you as a Zenodo user; To provide you with the service; For technical support and troubleshooting; To communicate with you; To send you e-mail notifications; Allowing others to find you on Zenodo; Pre-filling your information in forms when logged in; To display publicly on Zenodo (if enabled by you); To prevent spam and misuse of Zenodo |
Legitimate interest of CERN |
Your input |
- | E-mail address |
-
- Unique identifier for your Zenodo account, used to sign in, grant access
- rights, and send email communications
- |
+ Your institutional affiliation |
+ [User] To verify your account; To generate summary statistics; To prevent spam and misuse of Zenodo |
Legitimate interest of CERN |
- Your input |
+ Inferred from the email address domain |
- | Name |
- Used in email communication and to pre-fill the support form |
+ Your user preferences (language, time zone, profile/email visibility, notification preferences, profile picture and display preferences) |
+ [User] Improving your experience while using Zenodo, adapting the interface to your preferences; To allow you to control if others can find you; To allow you to control if and what public information is displayed about you. |
Legitimate interest of CERN |
Your input |
- | ORCID ID |
-
- Used for authentication purposes and also it is displayed when you are
- the author of a publication (only when inputed manually)
- |
+ Your account status (e.g. blocked, verified, unverified) |
+ [User] To prevent spam and misuse of Zenodo; To rank search results |
Legitimate interest of CERN |
-
- From ORCID, when you use it to sign in, or from the record submitter
- when you are the author of the publication
- |
+ Zenodo service; Inferred from your institutional affiliation; Inferred by spam classifier |
- | GitHub ID |
-
- Used for authentication purposes and also to facilitate the integration
- with GitHub allowing automatic submissions to Zenodo
- |
+ Your specific authorizations |
+ [User] To grant you to access to protected features on Zenodo upon your request |
Legitimate interest of CERN |
-
- From GitHub when you use it to sign up, or when you activate the
- synchronisation between GitHub and Zenodo
- |
+ Zenodo service |
- | Access token |
- Used for authentication purposes when using our REST API |
+ Your granted quota/limits |
+ [User] To grant you additional resources on Zenodo upon your request |
Legitimate interest of CERN |
- Generated by Zenodo upon your request |
+ Zenodo service |
- |
- Which deposits you have created, records you have published and
- communities you create and manage
- |
- Allow you to manage and edit content you create |
- Legitimate interest of CERN |
+ Your historic login information (last login timestamp and login count) |
+ [User] For account security and debugging; To generate summary statistics; To prevent spam and misuse of Zenodo |
+ Legitimate interest of CERN |
+ Automatically recorded when you authenticate on Zenodo |
+
+
+ | Which deposits you have created and records you have published, incl. timestamp |
+ [User] To allow you to manage and edit records you upload; To prevent spam and misuse of Zenodo; To monitor compliance with Zenodo's policies |
+ Legitimate interest of CERN |
Your input |
- |
- List of your GitHub public repositories, GitHub releases that you
- created, and the meta-data associated with both of them (only when the
- synchronisation is active)
- |
-
- Used to provide you with the feature that integrates Zenodo and GitHub
- allowing automatic submissions to Zenodo
- |
- Legitimate interest of CERN |
-
- From GitHub when you activate the synchronisation between GitHub and
- Zenodo
- |
+ Which communities you have created and manage, incl. timestamps |
+ [User] To allow you to manage communities you create; To prevent spam and misuse of Zenodo; To monitor compliance with Zenodo's policies |
+ Legitimate interest of CERN |
+ Your input |
- |
- List of shared links (requests from anyone with an email address and
- name, that wishes access to your closed access records)
- |
- Manage access to your closed access records |
- Legitimate interest of CERN |
-
- Links generated by Zenodo; email and name inputed by the requester
- |
+ Which records you have been granted access to |
+ [User] To allow you to access restricted content from other users |
+ Legitimate interest of CERN |
+ Access granted by another user to records they own
+ |
- |
- Submission Information Packages (SIP) containing: IP Address, e-mail
- address, the record metadata and files
- |
- Preservation of archival content |
- Legitimate interest of CERN |
- Your input |
+ Your authorized third-party applications |
+ [OAuth] To allow you to authenticate with your Zenodo account on third-party websites; To provide third-party websites with API access to your account |
+ Consent |
+ Your input
+ |
+
+
+ | Your access tokens and developer applications |
+ [OAuth] To authenticate you on the REST API; To allow you to authenticate Zenodo users in your third-party website |
+ Consent |
+ Your input or generated upon your request
+ |
+
+
+ | Your browser sessions (IP address, corresponding timestamp, country, browser and device) |
+ [Session] For account security, debugging and rate limiting; To allow you to logout from your devices remotely; To prevent spam and misuse of Zenodo; to infer the country from the IP address of your devices. |
+ Legitimate interest of CERN |
+ Automatically detected from the web browser you are using
+ |
+
+
+ | Your support requests and enquiries (including name, affiliation and email address) |
+ [Support] To provide you with the requested service; To manage the handling of your request; To investigate compliants |
+ Legitimate interest of CERN |
+ Your input
+ |
+
+
+ | Your linked accounts (GitHub, ORICD and OpenAIRE IDs) |
+ [Linked accounts] To allow you to use GitHub, ORCID and OpenAIRE AAI to signup and authenticate; To facilitate integration with GitHub, ORCID and OpenAIRE; To generate summary statistics; To prevent spam and misuse of Zenodo; |
+ Legitimate interest of CERN |
+ From GitHub, ORCID or OpenAIRE when you use them to sign up, authenticate or link your external account
+ |
+
+
+ | Your subscription to our newsletters |
+ [Newsletter] To send you email newsletters about Zenodo |
+ Consent |
+ Your input
+ |
+
+
+ | Which communities you are a member of, your role in them, and your membership visibility |
+ [Memberships] To grant you access to a specific community and its content; To display your membership to other members; To display your membership publicly (if requested); To prevent spam and misuse of Zenodo |
+ Legitimate interest of CERN |
+ Your input by accepting an invitation to join a community
+ |
+
+
+ | Which communities you have been invited to and which invitations you have sent, and the corresponding timestamp with you action. |
+ [Invitations] To allow you to invite other users to become members of a community; To allow you to accept/decline invitations and for the community manager to see your response; To prevent spam and misuse of Zenodo |
+ Legitimate interest of CERN |
+ Your input by inviting users; Your input by accepting/declining an invitation to join a community
+ |
+
+
+ | Your requests, your comments/assignments/reviews on requests, and actions you perform on requests |
+ [Requests] To allow you to make requests to other users and administrators and perform actions on those requests; To communicate with other users; To allow other users involved in the request to see your actions on the request as well as see historic requests |
+ Legitimate interest of CERN |
+ Your input
+ |
+
+
+ | Your access requests (including email address, name and justification) to restricted/embargoed records |
+ [Requests] To allow you to request access to restricted content from other users without having a Zenodo account |
+ Legitimate interest of CERN |
+ Your input
+ |
+
+
+ | Your GitHub repositories, releases that you created, and the metadata associated with both of them |
+ [GitHub] To allow automatic submissions of releases from your GitHub repository into to Zenodo |
+ Consent |
+ From GitHub if you activate the synchronisation between GitHub and Zenodo |
+
+
+ | Your IP address, visited URLs on Zenodo, any errors you experienced, and corresponding timestamp |
+ [Logs] To provide you with user support for website debugging, security auditing and to produce anonymous aggregated statistics; To prevent spam and misuse |
+ Legitimate interest of CERN |
+ Automatically detected when you are browsing on the Zenodo web sites
+ |
+
+
+ | Any actions you perform in a community including on records part of the community and corresponding timestamp while logged in |
+ [Community audit logs] To provide transparency for actions performed by the community, to facilitate collaborative editing and team work |
+ Legitimate interest of CERN |
+ Automatically recorded when you perform actions
+ |
+
+
+ | Any actions you perform while logged in |
+ [Audit log] For security auditing and troubleshooting; To prevent spam and misuse |
+ Legitimate interest of CERN |
+ Automatically recorded when you perform actions
+ |
+
+
+ | Your names, affiliations, persistent person identifiers (e.g. ORCID, ISNI or GND) |
+ [Vocabularies] To uniquely identify you as an author; To facilitate search for authors; For auto-completion of personal names in the record metadata |
+ Legitimate interest of CERN |
+ ORCID; OpenAIRE Graph
+ |
+
+
+ | Your names, affiliations, persistent person identifiers (e.g. ORCID, ISNI or GND) and role as part of the record metadata, record files and references/citations |
+ [Research outputs] For the scientific justification of published records and cited/citing sources; To curate metadata of records |
+ Legitimate interest of CERN |
+ Your and other users input; Automatically through deduplication and enrichment of record metadata |
+
+
+ | Your Submission Information Packages (SIPs) containing IP Address, email address, the record metadata and files |
+ [SIP] For quality assurance, for instance to be able to recover your published record in case of technical issues; For scientific justification of published records. |
+ Legitimate interest of CERN |
+ Your input
+ |
- | IP address |
-
- Until your next login (this will change in the near future to
- "Until session expiration")
- |
- User account security and rate limiting |
+ All data labelled [User] |
+ Lifetime of your Zenodo account |
+ To provide you with the Zenodo service
+ |
+
+
+ | All data labelled [Newsletter], Your email address |
+ Until you unsubscribe or email address bounces twice, whatever comes first |
+ To send you email newsletters about Zenodo |
+
+
+ | All data labelled [OAuth] |
+ Lifetime of your Zenodo account, or until your token expires (1 year validity) or until you delete it, whatever comes first |
+ To allow you to authenticate with your Zenodo account on third-party websites; To provide third-party websites with API access to your account; To authenticate you on the REST API; To allow you to authenticate Zenodo users in your third-party website
+ |
- | Your IP address, visited URLs and corresponding timestamp |
- 13 months from date of action |
-
- User support, website debugging, security auditing and to produce
- anonymous aggregated statistics
- |
+ All data labelled [Session] |
+ Lifetime of your Zenodo account, or 30 days after your last activity, whatever comes first |
+ For account security, debugging and rate limiting; To allow you to logout from your devices remotely; To prevent spam and misuse of Zenodo;
+ |
- | Account name |
- Lifetime of your Zenodo account |
-
- Display in the the Zenodo communities page when you are the curator
- |
+ All data labelled [Linked accounts] |
+ Lifetime of your Zenodo account or if you disconnect the linked account or the link expires, whatever comes first |
+ To allow you to use GitHub, ORCID and OpenAIRE AAI to signup and authenticate; To facilitate integration with GitHub, ORCID and OpenAIRE; To generate summary statistics; To prevent spam and misuse of Zenodo;
+ |
- | E-mail address |
- Lifetime of your Zenodo account |
-
- Unique identifier for your Zenodo account, used to sign in, grant access
- rights, and send email communications
- |
+ All data labelled [Support] |
+ 7 years after the closure of your request |
+ To provide you with the requested service; To manage the handling of your request; To investigate complaints and disputes that may arise after the closure of the request; To facilitate the handling of future similar cases
+ |
- | Name |
- Lifetime of your Zenodo account |
- Used in email communication and to pre-fill the support form |
+ All data labelled [Memberships] |
+ Lifetime of your Zenodo account or until you leave the community, whatever comes first |
+ To grant you access to a specific community and its content; To display your membership to other members; To display your membership publicly (if visibility is set to public); To prevent spam and misuse of Zenodo
+ |
- | ORCID ID |
- Lifetime of your Zenodo account or if you disconnect the account |
-
- Used for authentication purposes and also it is displayed when you are
- the author of a publication (only when inputed manually)
- |
+ All data labelled [Invitations] |
+ Lifetime of your Zenodo account or 1 year after the invitation was created, whatever comes first |
+ To allow you to invite other users or to become members of a community; To allow you to accept/decline invitations and for the community manager to see your response; To prevent spam and misuse of Zenodo
+ |
- | GitHub ID |
- Lifetime of your Zenodo account or if you disconnect the account |
-
- Used for authentication purposes and also to facilitate the integration
- with GitHub allowing automatic deposits
- |
+ All data labelled [Requests] |
+ Lifetime of your Zenodo account or 1 year after granted access expires, whatever comes first |
+ To allow you to make requests to other users and administrators; To communicate with other users; To allow other users involved in the request to see your actions on the request; To allow you to request access to restricted content from other users without having a Zenodo account; To facilitate the management of access requests by providing transparency
+ |
- | Access token |
- Until deletion or expiration (1 year validity) |
- Used for authentication purposes when using our REST API |
+ All data labelled [GitHub] |
+ Lifetime of your Zenodo account or deactivation of the synchronisation with GitHub, whatever comes first |
+ To allow automatic submissions from your GitHub repository into to Zenodo
+ |
- |
- Which deposits you have created, records you have published and
- communities you create and manage
- |
- Lifetime of your Zenodo account |
- Allow you to manage and edit content you create |
+ All data labelled [Logs] |
+ 13 months from date of action |
+ To provide you with user support for website debugging, security auditing and to produce anonymous aggregated statistics; To prevent spam and misuse
+ |
- |
- List of your GitHub public repositories, GitHub releases that you
- created, and the meta-data associated with both of them (only when the
- synchronisation is active)
- |
-
- Lifetime of your Zenodo account or deactivation of the synchronisation
- with GitHub
- |
-
- Used to provide you with the feature that integrates Zenodo and GitHub
- allowing automatic submissions to Zenodo
- |
+ All data labelled [Community audit logs] |
+ 5 months from date of action |
+ To provide transparency for actions performed by the community, to facilitate collaborative editing and team work
+ |
- |
- List of shared links (requests from anyone with an email address and
- name, that wishes access to your closed access records)
- |
- Lifetime of your Zenodo account or when you revoke access |
- Manage access to your closed access records |
+ All data labelled [Audit logs] |
+ 13 months from date of action |
+ For security auditing; To prevent spam and misuse
+ |
- |
- Submission Information Packages (SIP) containing: IP Address, e-mail
- address, the record metadata and files
- |
- Forever or until deletion request |
- Preservation of archival content |
+ All data labelled [Vocabularies] |
+ Unlimited |
+ To uniquely identify you as an author; To facilitate search for authors; For auto-completion of personal names in the record metadata
+ |
+
+
+ | All data labelled [Research outputs] and [SIP] |
+ Unlimited |
+ For the scientific justification of published records and cited/citing sources; To curate metadata of records; For quality assurance, for instance to be able to recover your published record in case of technical issues. You have one month after the publication to request the deletion, afterwards the request will only be granted in exceptional circumstances upon justification
+ |
- | IP address |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand)
- |
- User support and service operations |
-
-
- | Your IP address, visited URLs and corresponding timestamp |
-
- Zenodo administrators and CERN Services administrators ( Monitoring,
- Sentry Application Logging, Piwik, and Cloud Infrastructure services)
- |
- User support and service operations |
-
-
- | Account name |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- | E-mail address |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand)
- |
- User support and service operations |
-
-
- | Name |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- | ORCID ID |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- | GitHub ID |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- | Access token |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- |
- Which deposits you have created, records you have published and
- communities you create and manage
- |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand and ElasticSearch on Demand services)
- |
- User support and service operations |
-
-
- |
- List of your GitHub public repositories, GitHub releases that you
- created, and the meta-data associated with both of them (only when the
- synchronisation is active)
- |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- |
- List of shared links (requests from anyone with an email address and
- name, that wishes access to your closed access records)
- |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
-
-
- |
- Submission Information Packages (SIP) containing: IP Address, e-mail
- address, the record metadata and files
- |
-
- Zenodo administrators and CERN Services administrators (Database on
- demand service)
- |
- User support and service operations |
+ All data above |
+ Zenodo Service |
+ To provide you with the Zenodo service; For debugging, security auditing & incident investigation and response; To prevent spam and misuse; For technical support and troubleshooting; To establish anonymous reports and statistics
+ |
+
+
+ | All data above |
+ Database on Demand Service |
+ To store the data and to provide managed database service for Zenodo including replication and backup; For technical support and troubleshooting
+ |
+
+
+ | All data above except those labelled [Newsletter], [Support] |
+ OpenSearch Service |
+ To store the data; To provide managed search engine service for Zenodo; For technical support and troubleshooting
+ |
+
+
+ | All data labelled [Logs] |
+ Platform-as-a-Service, Web Application Hosting Service |
+ To provide managed web application hosting for Zenodo; For technical support and troubleshooting
+ |
+
+
+ | All data labelled [Logs] |
+ Web Analytics Service |
+ To provide managed web analytics infrastructure for Zenodo; For technical support and troubleshooting
+ |
+
+
+ | All data labelled [Logs] |
+ Monitoring Service, HADOOP Services |
+ To provide managed logging infrastructure for Zenodo; For technical support and troubleshooting
+ |
+
+
+ | All data labelled [Logs] |
+ Sentry Service |
+ To provide managed error logging and aggregation service for Zenodo; For technical support and troubleshooting
+ |
+
+
+ | All data labelled [Research ouputs] |
+ EOS for Physics Service, Ceph Service, Tape Archive (CTA) Service |
+ To store the data and to provide managed storage infrastructure for Zenodo; For technical support and troubleshooting
+ |
- | Account name |
- Public |
- Display in the Zenodo communities page when you are the curator |
+ All data labelled [Research outputs] |
+ DataCite (Germany), OpenAIRE (Greece), Software Heritage (France) |
+ To register/update a Digital Object Identifier (DOI) for your published record; For fast indexing into the OpenAIRE Scholarly Knowledge Graph; For archiving in Software Heritage of records with public software source code
+ |
+
+
+ | All data labelled [Research outputs] and [Vocabularies] |
+ General public |
+ For the scientific justification of published records and cited/citing sources; For attribution of the work in published records; For dissemination of research. All information that has been published by you, will be searchable and harvestable through our user interface and our API
+ |
+
+
+ | Your account name, full name, affiliation, profile picture, linked accounts (GitHub, ORCID, OpenAIRE) and account status |
+ General public |
+ To display publicly on community members pages (if you set your membership to public); To display publicly on Zenodo (if profile visibility is public) related to content you have uploaded
+ |
+
+
+ | Your account name, full name and affiliation |
+ Zenodo users |
+ Allowing others to find you on Zenodo (if profile visibility is enabled); To display to other members in communities you are a member of; To allow other users to grant you access to their restricted content
+ |
+
+
+ | Your email address (if email visibility is enabled) |
+ Zenodo users |
+ Allowing others to find you on Zenodo and to communicate with you; To allow other users grant you access to their restricted content
+ |
+
+
+ | All data labelled [Invitations] |
+ Zenodo users who owns or manages the community |
+ For the community manager to invite you and see your response and historic invitations
+ |
+
+
+ | All data labelled [Requests] |
+ Zenodo users with whom you are corresponding |
+ To allow you to make requests to other users and administrators; To communicate with other users; To allow other users involved in the request to see your actions on the request and the related resource (e.g. record or community); To allow the owner of the restricted records to evaluate your request for access and see historic requests
+ |
+
+
+ | All data labelled [Community Audit Logs] |
+ Zenodo users who owns the community |
+ To enable community owners to audit actions on the community and it's records
+ |
+
+
+ | Your access token for a third-party application |
+ Third-party applications on which you login with your Zenodo account |
+ To enable you to grant a third-party application access to your Zenodo account and perform actions on your behalf.
+ |
+
+What automated decision making or profiling is being done by Zenodo with your personal data:
+For more detailed information about personal data and privacy please refer to the Data Privacy web site.
@@ -531,7 +602,7 @@ This Privacy Notice is subject to revision.
-