-
Notifications
You must be signed in to change notification settings - Fork 10
Personal Data
This document provides an overview of the personal data that is stored in Stepup. For the purpose of this document we define personal data as defined in article 4.1 of the final version of the EU General Data Protection Regulation:
'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
In this document, we focus on the (personal) data that is stored by the Stepup applications (i.e. Stepup-Gateway, Stepup-SelfService, Stepup-RA, Stepup-Middleware, Stepup-Tiqr and the keyserver). The supporting infrastructure and the Stepup applications generate logging. This logging can contain personal data, basically, anything that is sent to Stepup or that is Stored in step could appear in logging. Because logging looses its relevance over time, automatically deleting log data after at set period is a good way to manage this. We do not further describe the information that could appear in the logging.
The majority of the data is Stepup is managed by Stepup-Middleware. Other components that manage data are:
- Stepup-Tiqr and the keyserver - Stepup-Tiqr and the keyserver have their own databases
- U2F support in the gateway - The information required to manage U2F tokens is stored in a table in the gateway database
A description of the personal data managed by each component is stored in the repository of the component, and referenced below: