Name of the service IDEM Entity Register
Description of the service This Service Provider hosts the resource IDEM Entity Registry that permits to register the entities into the italian Identity Federation (IDEM GARR AAI).

Authenticated users can read limited the pages. Writing is permitted only to authorized users, tipically the commitees' members and the GARR staff.

Data controller and a contact person Consortium GARR, info @
Jurisdiction IT, Italy
Personal data processed

1. For all users

  • IP address
  • Referrer address (the web page a user is coming from)

2. For authenticated users
Following data is retrieved from your Home Organisation:

  • your unique user identifier (SAML persistent identifier) ePTID (O) to obtain reading access,
  • ePPN (O) to obtain the ownership of his IdP or SP),
  • mail (O) to receive notification by the system,
  • givenName (O) to configure the name of the user logged on the system,
  • surname (O) to configure the surname of the user logged on the system
Purpose of the processing of personal data The IP and referrer addresses of all web page visitors are stored in the web server log file for statistical purposes (e.g. to find out from which countries users are accessing the wiki) and for accountability (e.g. in case of misuse of the wiki).

For authenticated users, personal data is used to identify users (who applied which changes to which page), for access control (e.g. only authenticated users can edit wiki pages), for customization (personal preferences) and to (optionally on request) notify users in case a wiki page changed.

Third parties to whom personal data is disclosed No raw data will be released to third parties.

Authenticated users editing wiki pages must be aware that their name and potentially email address are visible to other users of the wiki.

How to access, rectify and delete the personal data Contact idem-help @
To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk.
Data retention When the user record is going to be deleted or anonymised? Remember, you cannot store user records infinitely. It is not sufficient that you promise to delete user records on request. Instead, consider defining an explicit period.
Personal data is deleted on request of the user or if the user hasn't used the service for two years.
Data Protection Code of Conduct Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy.

This privacy policy is based on the Data protection Code of Conduct Privacy policy guidelines for Service Providers