At IRUS, we take the responsibility of looking after personal data in our possession seriously. This policy explains what we do with individuals' personal data, particularly with reference to the General Data Protection Regulation (GDPR). In this context:
- 'Personal Data' means data relating to a living individual who can be identified from that data, or can be identified from that data taken together with other information that we may or may not hold.
- 'Data Controller' means the persons or organisation responsible for determining how and why your personal data is used.
- 'Data Processor' means the persons or organisation responsible for processing personal data on behalf of a data controller.
Who are we?
We are IRUS - a service managed by Jisc and Cranfield University, which generates COUNTER-conformant statistics for participating institutional repositories.
What personal data we collect, where we get it from, what we do with it and why
The following information is needed for us to manage your participation in the IRUS service. We'll use it, as described in the Jisc standard privacy notice, to provide the service you've requested, as well as to identify problems or ways to make the service better.
The personal data we collect and use can be divided into two key types:
- Primary contact information - names and email addresses - for institutions participating in the IRUS service
- IP addresses that have been transmitted to us by our participating repositories for the purposes of processing their raw download usage data into COUNTER-conformant statistics
We collect your name and email address solely to contact you as a participant in the IRUS service; the information is needed for us to manage your participation in IRUS.
In this context we are the data controller.
As part of the service, we will add the IRUS primary contact name to our IRUS Jiscmail list which is used to communicate any issues or updates. View the JiscMail service policies.
We'll keep the information until we are told that you are no longer a representative for your institution.
IRUS receives IP addresses relating to usage events transmitted to us by participating repositories via the Tracker Protocol [PDF]. This identifying data is necessary to create proxies for user sessions for the initial processing of raw usage data in order to identify and discount robot and rogue usage, as required under the COUNTER Code of Practice. In addition, these IP addresses are used to present country level statistics, derived via geolocation.
In this context Jisc is the data controller.
The lawful basis under which we use IP addresses is legitimate interest, that is, without the IP address information we would not be able to provide you with credible, high-quality statistics.
The COUNTER Code of Practice requires usage statistics to be available for a minimum of current and previous 2 calendar years. To support this requirement we retain the raw data for current and previous 2 calendar years, and then destroy it. We only retain raw data after the completion of initial processing into COUNTER-conformant statistics, in order to:
- restate statistics if required, e.g. if we subsequently discover an error in our processing or if some other unforeseen circumstance arises
- to carry out periodic analyses of the raw usage dataset for the purpose of improving our robotic and rogue usage detection
Keeping personal data secure
We take appropriate security measures to protect personal data from unlawful or unauthorised processing and accidental loss, destruction or damage.
You can contact us regarding your rights under GDPR, or anything else in this privacy notice:
See also: the Jisc standard privacy notice