Mytoken Privacy Policy and Description

Description of the service

The service Mytoken is a service providing easy access to OpenID Connect access tokens. The service is operated by the Karlsruhe Institute of Technology.

What personal data is processed and why

Users of the mytoken service use it to manage and obtain OpenID Connect tokens. Therefore, mytoken receives these tokens and stores them. All tokens are only stored encrypted.
Personal information (e.g. emails, names) mytoken receives from the OpenID provider are discarded, and not further processed.

The data processed (OpenID Connect tokens) is necessary in order for the user to obtain access tokens.

Usage of the mytoken service generates logs, which are retained. These records contain:

  • The network (IP) address from which you access mytoken
  • The user agent used to connect to the mytoken service
  • Time and date of access
  • Details of actions you perform

This data is necessary to ensure that the mytoken service is reliable and secure, and are used for assisting in the analysis of reported problems and responding to security incidents. Part of this data is also used, so users can check how their mytoken tokens were used.

The legal basis for processing the personal data is legitimate interest, Article 6.1(f), GDPR.

Disclosure of personal data

The collected personal data is only accessible to the authorised personnel of Karlsruhe Institute of Technology, and then only for reasons outlined above. The processed OpenID Connect tokens are secured in a way that they are not accessible by the personnel. Personal data is not regularly disclosed to third parties.

How to access, rectify, and delete personal data

For the data retained and processed by mytoken, you may use service manager contacts (provided below) to access or rectify information. To rectify the data released by an OpenID provider, contact the providers' operators.

Data protection code of conduct

Personal data will be handled according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect the users' privacy.

How long your personal data will be retained

Tokens and data related to them are stored until the tokens are revoked or you delete your account. Network logs are deleted, at the latest, 12 months after the users' last use of the service.

Contact information

Service Operator:
Service Operator Privacy: