The service Mytoken is a service providing easy access to OpenID Connect access tokens. The service is operated by the Karlsruhe Institute of Technology.
Users of the mytoken service use it to manage and obtain OpenID Connect tokens. Therefore, mytoken receives
these tokens and stores them. All tokens are only stored encrypted.
Personal information (e.g. emails, names) mytoken receives from the OpenID provider are discarded, and not further processed.
The data processed (OpenID Connect tokens) is necessary in order for the user to obtain access tokens.
Usage of the mytoken service generates logs, which are retained. These records contain:
This data is necessary to ensure that the mytoken service is reliable and secure, and are used for assisting in the analysis of reported problems and responding to security incidents. Part of this data is also used, so users can check how their mytoken tokens were used.
The legal basis for processing the personal data is legitimate interest, Article 6.1(f), GDPR.
The collected personal data is only accessible to the authorised personnel of Karlsruhe Institute of Technology, and then only for reasons outlined above. The processed OpenID Connect tokens are secured in a way that they are not accessible by the personnel. Personal data is not regularly disclosed to third parties.
For the data retained and processed by mytoken, you may use service manager contacts (provided below) to access or rectify information. To rectify the data released by an OpenID provider, contact the providers' operators.
Personal data will be handled according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect the users' privacy.
Tokens and data related to them are stored until the tokens are revoked or you delete your account. Network logs are deleted, at the latest, 12 months after the users' last use of the service.