If you have any questions about Zenodo's privacy policy, please don't hesitate to contact us.
Zenodo is hosted at CERN and subject to CERN's special legal status as an Intergovernmental Organization (IGO) and thus enjoys certain privileges and immunities under international law. Processing of personal data at CERN is governed by CERN's Operational Circular 11 (OC11) that offers data protection at the same high standards and is comparable to EU's General Data Protection Regulation (GDPR).
Each service at CERN is responsible for compiling its own Privacy Notice regarding the data it processes.
This Privacy Notice is part of CERN’s Layered Privacy Notice and details the processing that is unique to Zenodo. It does not address processing by other services on which this service may rely and which have their own Privacy Notice.
The personal data we have, and how it's used:
| Personal Data | Purpose | Basis | Source |
|---|---|---|---|
| Your account name | [User] To identify you as a Zenodo user; To provide you with the service; For technical support and troubleshooting; To display publicly on Zenodo; To prevent spam and misuse of Zenodo | Legitimate interest of CERN | Your input |
| Your full name and affiliation | [User] To identify you as a Zenodo user; Allowing others to find you on Zenodo; Pre-filling your information in forms when logged in; To display publicly on Zenodo; To prevent spam and misuse of Zenodo; For auto-completion of personal names in the record metadata | Legitimate interest of CERN | Your input or derived from your ORCID |
| Your email address | [User] To identify you as a Zenodo user; To provide you with the service; For technical support and troubleshooting; To communicate with you; To send you e-mail notifications; Allowing others to find you on Zenodo; Pre-filling your information in forms when logged in; To display publicly on Zenodo (if enabled by you); To prevent spam and misuse of Zenodo | Legitimate interest of CERN | Your input |
| Your institutional affiliation | [User] To verify your account; To generate summary statistics; To prevent spam and misuse of Zenodo | Legitimate interest of CERN | Inferred from the email address domain |
| Your user preferences (language, time zone, profile/email visibility, notification preferences, profile picture and display preferences) | [User] Improving your experience while using Zenodo, adapting the interface to your preferences; To allow you to control if others can find you; To allow you to control if and what public information is displayed about you. | Legitimate interest of CERN | Your input |
| Your account status (e.g. blocked, verified, unverified) | [User] To prevent spam and misuse of Zenodo; To rank search results | Legitimate interest of CERN | Zenodo service; Inferred from your institutional affiliation; Inferred by spam classifier |
| Your specific authorizations | [User] To grant you to access to protected features on Zenodo upon your request | Legitimate interest of CERN | Zenodo service |
| Your granted quota/limits | [User] To grant you additional resources on Zenodo upon your request | Legitimate interest of CERN | Zenodo service |
| Your historic login information (last login timestamp and login count) | [User] For account security and debugging; To generate summary statistics; To prevent spam and misuse of Zenodo | Legitimate interest of CERN | Automatically recorded when you authenticate on Zenodo |
| Which deposits you have created and records you have published, incl. timestamp | [User] To allow you to manage and edit records you upload; To prevent spam and misuse of Zenodo; To monitor compliance with Zenodo's policies | Legitimate interest of CERN | Your input |
| Which communities you have created and manage, incl. timestamps | [User] To allow you to manage communities you create; To prevent spam and misuse of Zenodo; To monitor compliance with Zenodo's policies | Legitimate interest of CERN | Your input |
| Which records you have been granted access to | [User] To allow you to access restricted content from other users | Legitimate interest of CERN | Access granted by another user to records they own |
| Your authorized third-party applications | [OAuth] To allow you to authenticate with your Zenodo account on third-party websites; To provide third-party websites with API access to your account | Consent | Your input |
| Your access tokens and developer applications | [OAuth] To authenticate you on the REST API; To allow you to authenticate Zenodo users in your third-party website | Consent | Your input or generated upon your request |
| Your browser sessions (IP address, corresponding timestamp, country, browser and device) | [Session] For account security, debugging and rate limiting; To allow you to logout from your devices remotely; To prevent spam and misuse of Zenodo; to infer the country from the IP address of your devices. | Legitimate interest of CERN | Automatically detected from the web browser you are using |
| Your support requests and enquiries (including name, affiliation and email address) | [Support] To provide you with the requested service; To manage the handling of your request; To investigate compliants | Legitimate interest of CERN | Your input |
| Your linked accounts (GitHub, ORICD and OpenAIRE IDs) | [Linked accounts] To allow you to use GitHub, ORCID and OpenAIRE AAI to signup and authenticate; To facilitate integration with GitHub, ORCID and OpenAIRE; To generate summary statistics; To prevent spam and misuse of Zenodo; | Legitimate interest of CERN | From GitHub, ORCID or OpenAIRE when you use them to sign up, authenticate or link your external account |
| Your subscription to our newsletters | [Newsletter] To send you email newsletters about Zenodo | Consent | Your input |
| Which communities you are a member of, your role in them, and your membership visibility | [Memberships] To grant you access to a specific community and its content; To display your membership to other members; To display your membership publicly (if requested); To prevent spam and misuse of Zenodo | Legitimate interest of CERN | Your input by accepting an invitation to join a community |
| Which communities you have been invited to and which invitations you have sent, and the corresponding timestamp with you action. | [Invitations] To allow you to invite other users to become members of a community; To allow you to accept/decline invitations and for the community manager to see your response; To prevent spam and misuse of Zenodo | Legitimate interest of CERN | Your input by inviting users; Your input by accepting/declining an invitation to join a community |
| Your requests, your comments/assignments/reviews on requests, and actions you perform on requests | [Requests] To allow you to make requests to other users and administrators and perform actions on those requests; To communicate with other users; To allow other users involved in the request to see your actions on the request as well as see historic requests | Legitimate interest of CERN | Your input |
| Your access requests (including email address, name and justification) to restricted/embargoed records | [Requests] To allow you to request access to restricted content from other users without having a Zenodo account | Legitimate interest of CERN | Your input |
| Your GitHub repositories, releases that you created, and the metadata associated with both of them | [GitHub] To allow automatic submissions of releases from your GitHub repository into to Zenodo | Consent | From GitHub if you activate the synchronisation between GitHub and Zenodo |
| Your IP address, visited URLs on Zenodo, any errors you experienced, and corresponding timestamp | [Logs] To provide you with user support for website debugging, security auditing and to produce anonymous aggregated statistics; To prevent spam and misuse | Legitimate interest of CERN | Automatically detected when you are browsing on the Zenodo web sites |
| Any actions you perform in a community including on records part of the community and corresponding timestamp while logged in | [Community audit logs] To provide transparency for actions performed by the community, to facilitate collaborative editing and team work | Legitimate interest of CERN | Automatically recorded when you perform actions |
| Any actions you perform while logged in | [Audit log] For security auditing and troubleshooting; To prevent spam and misuse | Legitimate interest of CERN | Automatically recorded when you perform actions |
| Your names, affiliations, persistent person identifiers (e.g. ORCID, ISNI or GND) | [Vocabularies] To uniquely identify you as an author; To facilitate search for authors; For auto-completion of personal names in the record metadata | Legitimate interest of CERN | ORCID; OpenAIRE Graph |
| Your names, affiliations, persistent person identifiers (e.g. ORCID, ISNI or GND) and role as part of the record metadata, record files and references/citations | [Research outputs] For the scientific justification of published records and cited/citing sources; To curate metadata of records | Legitimate interest of CERN | Your and other users input; Automatically through deduplication and enrichment of record metadata |
| Your Submission Information Packages (SIPs) containing IP Address, email address, the record metadata and files | [SIP] For quality assurance, for instance to be able to recover your published record in case of technical issues; For scientific justification of published records. | Legitimate interest of CERN | Your input |
The personal data we store, for how long and why:
| Personal Data | Retention Period 1 | Purpose |
|---|---|---|
| All data labelled [User] | Lifetime of your Zenodo account | To provide you with the Zenodo service |
| All data labelled [Newsletter], Your email address | Until you unsubscribe or email address bounces twice, whatever comes first | To send you email newsletters about Zenodo |
| All data labelled [OAuth] | Lifetime of your Zenodo account, or until your token expires (1 year validity) or until you delete it, whatever comes first | To allow you to authenticate with your Zenodo account on third-party websites; To provide third-party websites with API access to your account; To authenticate you on the REST API; To allow you to authenticate Zenodo users in your third-party website |
| All data labelled [Session] | Lifetime of your Zenodo account, or 30 days after your last activity, whatever comes first | For account security, debugging and rate limiting; To allow you to logout from your devices remotely; To prevent spam and misuse of Zenodo; |
| All data labelled [Linked accounts] | Lifetime of your Zenodo account or if you disconnect the linked account or the link expires, whatever comes first | To allow you to use GitHub, ORCID and OpenAIRE AAI to signup and authenticate; To facilitate integration with GitHub, ORCID and OpenAIRE; To generate summary statistics; To prevent spam and misuse of Zenodo; |
| All data labelled [Support] | 7 years after the closure of your request | To provide you with the requested service; To manage the handling of your request; To investigate complaints and disputes that may arise after the closure of the request; To facilitate the handling of future similar cases |
| All data labelled [Memberships] | Lifetime of your Zenodo account or until you leave the community, whatever comes first | To grant you access to a specific community and its content; To display your membership to other members; To display your membership publicly (if visibility is set to public); To prevent spam and misuse of Zenodo |
| All data labelled [Invitations] | Lifetime of your Zenodo account or 1 year after the invitation was created, whatever comes first | To allow you to invite other users or to become members of a community; To allow you to accept/decline invitations and for the community manager to see your response; To prevent spam and misuse of Zenodo |
| All data labelled [Requests] | Lifetime of your Zenodo account or 1 year after granted access expires, whatever comes first | To allow you to make requests to other users and administrators; To communicate with other users; To allow other users involved in the request to see your actions on the request; To allow you to request access to restricted content from other users without having a Zenodo account; To facilitate the management of access requests by providing transparency |
| All data labelled [GitHub] | Lifetime of your Zenodo account or deactivation of the synchronisation with GitHub, whatever comes first | To allow automatic submissions from your GitHub repository into to Zenodo |
| All data labelled [Logs] | 13 months from date of action | To provide you with user support for website debugging, security auditing and to produce anonymous aggregated statistics; To prevent spam and misuse |
| All data labelled [Community audit logs] | 5 months from date of action | To provide transparency for actions performed by the community, to facilitate collaborative editing and team work |
| All data labelled [Audit logs] | 13 months from date of action | For security auditing; To prevent spam and misuse |
| All data labelled [Vocabularies] | Unlimited | To uniquely identify you as an author; To facilitate search for authors; For auto-completion of personal names in the record metadata |
| All data labelled [Research outputs] and [SIP] | Unlimited | For the scientific justification of published records and cited/citing sources; To curate metadata of records; For quality assurance, for instance to be able to recover your published record in case of technical issues. You have one month after the publication to request the deletion, afterwards the request will only be granted in exceptional circumstances upon justification |
In addition to yourself, personal data collected by Zenodo is accessible by the following services, teams or individuals at CERN:
| Personal Data | Who | Purpose |
|---|---|---|
| All data above | Zenodo Service | To provide you with the Zenodo service; For debugging, security auditing & incident investigation and response; To prevent spam and misuse; For technical support and troubleshooting; To establish anonymous reports and statistics |
| All data above | Database on Demand Service | To store the data and to provide managed database service for Zenodo including replication and backup; For technical support and troubleshooting |
| All data above except those labelled [Newsletter], [Support] | OpenSearch Service | To store the data; To provide managed search engine service for Zenodo; For technical support and troubleshooting |
| All data labelled [Logs] | Platform-as-a-Service, Web Application Hosting Service | To provide managed web application hosting for Zenodo; For technical support and troubleshooting |
| All data labelled [Logs] | Web Analytics Service | To provide managed web analytics infrastructure for Zenodo; For technical support and troubleshooting |
| All data labelled [Logs] | Monitoring Service, HADOOP Services | To provide managed logging infrastructure for Zenodo; For technical support and troubleshooting |
| All data labelled [Logs] | Sentry Service | To provide managed error logging and aggregation service for Zenodo; For technical support and troubleshooting |
| All data labelled [Research ouputs] | EOS for Physics Service, Ceph Service, Tape Archive (CTA) Service | To store the data and to provide managed storage infrastructure for Zenodo; For technical support and troubleshooting |
Personal data we share with entities or individuals outside the Organization:
| Personal Data | 3rd Parties | Purpose |
|---|---|---|
| All data labelled [Research outputs] | DataCite (Germany), OpenAIRE (Greece), Software Heritage (France) | To register/update a Digital Object Identifier (DOI) for your published record; For fast indexing into the OpenAIRE Scholarly Knowledge Graph; For archiving in Software Heritage of records with public software source code |
| All data labelled [Research outputs] and [Vocabularies] | General public | For the scientific justification of published records and cited/citing sources; For attribution of the work in published records; For dissemination of research. All information that has been published by you, will be searchable and harvestable through our user interface and our API |
| Your account name, full name, affiliation, profile picture, linked accounts (GitHub, ORCID, OpenAIRE) and account status | General public | To display publicly on community members pages (if you set your membership to public); To display publicly on Zenodo (if profile visibility is public) related to content you have uploaded |
| Your account name, full name and affiliation | Zenodo users | Allowing others to find you on Zenodo (if profile visibility is enabled); To display to other members in communities you are a member of; To allow other users to grant you access to their restricted content |
| Your email address (if email visibility is enabled) | Zenodo users | Allowing others to find you on Zenodo and to communicate with you; To allow other users grant you access to their restricted content |
| All data labelled [Invitations] | Zenodo users who owns or manages the community | For the community manager to invite you and see your response and historic invitations |
| All data labelled [Requests] | Zenodo users with whom you are corresponding | To allow you to make requests to other users and administrators; To communicate with other users; To allow other users involved in the request to see your actions on the request and the related resource (e.g. record or community); To allow the owner of the restricted records to evaluate your request for access and see historic requests |
| All data labelled [Community Audit Logs] | Zenodo users who owns the community | To enable community owners to audit actions on the community and it's records |
| Your access token for a third-party application | Third-party applications on which you login with your Zenodo account | To enable you to grant a third-party application access to your Zenodo account and perform actions on your behalf. |
What automated decision making or profiling is being done by Zenodo with your personal data:
| Personal Data | Automated decision making or Profiling | Purpose |
|---|---|---|
| All data labelled [User], [Linked accounts] |
|
To determine your account status (blocked, verified, or unverified); To prevent spam and misuse of Zenodo; To monitor compliance with Zenodo policies; Used to automatically verify an account; Used to automatically flag an account for review by Zenodo service administrators; Used for training of automatic spam classifier for automatic detection and removal of spam records; Used to automatically verify communities. You can object to all automatic decisions by contacting us on support. |
For more detailed information about personal data and privacy please refer to the Data Privacy web site.
For questions regarding this Privacy Notice, please contact us.
For questions regarding personal data and privacy please contact the Office of Data Privacy.
To request to exercise data subject rights please fill and submit the following online form.
This Privacy Notice is subject to revision.
Last revision: 23-04-2024
1 The retention period may be temporarily extended for special circumstances, in accordance with the provisions of the operation circular governing data privacy.