At IRUS, we take the responsibility of looking after personal data in our possession seriously. This policy explains what we do with individuals' personal data, particularly with reference to the General Data Protection Regulation (GDPR). In this context:
We are IRUS-US - a service managed by Jisc and Cranfield University which generates COUNTER-conformant statistics for participating institutional repositories.
The following information is needed for us to manage your participation in the IRUS-US service. We'll use it, as described in our standard privacy notice at https://www.jisc.ac.uk/website/privacy-notice, to provide the service you've requested, as well as to identify problems or ways to make the service better.
The personal data we collect and use can be divided into two key types:
We collect your name and email address solely to contact you as a participant in the IRUS-US service; the information is needed for us to manage your participation in IRUS-US.
In this context we are the data controller.
We'll keep the information until we are told that you are no longer a representative for your institution.
IRUS-US receives IP addresses relating to usage events transmitted to us by participating repositories via the Tracker Protocol https://irus.jisc.ac.uk/documents/TrackerProtocol-V3-2017-03-22.pdf. This identifying data is necessary to create proxies for user sessions for the initial processing of raw usage data in order to identify and discount robot and rogue usage, as required under the COUNTER Code of Practice. In addition, these IP addresses are used to present country level statistics, derived via geolocation.
In this context Jisc is the data controller.
The lawful basis under which we use IP addresses is legitimate interest, that is, without the IP address information we would not be able to provide you with credible, high-quality statistics.
The COUNTER Code of Practice requires usage statistics to be available for a minimum of 2 years. To support this requirement we retain data for a 2-year period and then destroy it. We only retain data after the completion of initial processing into COUNTER-conformant statistics, in order to:
We take appropriate security measures to protect personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
You can contact us regarding your rights under GPDR, or anything else in this privacy notice:
See also: the Jisc standard privacy notice