CVMFS Privacy Notice
24 Jun 2021
- Ian Collier



Version 1.0 of the STFC CVMFS Content Distribution Service Privacy Notice. ​




CernVM File System (CVMFS) is a software distribution system, developed to assist collaborations to deploy software on the worldwide-distributed computing infrastructure used to run data processing applicationsImplemented as a POSIX read-only file system with a single source of (new) data. This single source, the repository Stratum 0, is maintained by a dedicated release manager machine or publisher. A read-writable copy of the repository is accessible on an uploader host, where Content Managers set new data to be distributed 


The Science and Technology Facilities Council (STFC) provides the STFC CVMFS Content Distribution​ service on behalf of This Privacy Notice describes what personal data is collected from you when you use CVMFS Stratum-0, why it is collected and how this data is used. 


STFC is part of UK Research and Innovation (UKRI). For more information visit stfc.ukri.orgUKRI and STFC comply with the requirements of the UK General Data Protection Regulation regarding the collection, storage, processing and disclosure of personal information and are committed to upholding the GDPR's core data protection principles. A full notice of UKRI's position with regards to Freedom of Information and theThe Data Protection Act 2018 (DPA 2018) & UK GDPR can be found at: 

What personal data is collected from you and why? 

1. Information recorded to allow access to the STFC CVMFS Content Distribution service 


When you request access to the service, you will be asked for the Distinguished Name (DN) from your personal certificate. This DN will grant you secure interactive login to the service. 


2. Log records of your access to the STFC CVMFS Content Distribution service 

Each time you log into the STFC CVMFS Content Distributionservice, the following information is logged: 

  • The DN from your personal certificate. 

  • The IP address of the host you are loging in from. 

  • The date and time of accessing the service. 

This data is necessary to ensure that the CVMFS service is reliable and secure, such as for assisting in the analysis of reported problems, contacting you if a problem is identified with your usage of the service, and responding to security incidents. 


Who is your personal data disclosed to? 


System administrators for the purpose of service management and trusted third parties for the purpose of security incident response. 


Other transfers are not allowed except where legally required.  


How to request change or deletion of your data? 


Requests for a change or removal of your data should be submitted through an email to 


How long will your personal data be retained? 


Your DN is retained until we are notified access to the service is no longer needed.  


Records of your access to the CVMFS Stratum-0, collected for reasons of security (described above), are retained for 30 weeks. 


How is your personal data protected? 


Your personal data is kept safe and protected against unauthorised disclosure according to the requirements of the EGI Policy on the Processing of Personal Data, available here: 

Contact information 


If you have any questions about this Privacy Notice, or to raise concerns or report problems with the CVMFS Stratum-0 service, please in the first instance contact the Service Managers at the address below. 

Service managers: 


Further details on how to raise concerns or report problems exercising your rights regarding your personal data can be found here: 



Additional information 


Data controller: Science and Technology Facilities Council, part of UK Research and Innovation. 


Data protection officer: 


Supervisory authority: The UK Information Commissioner’s Office ( 


Jurisdiction: United Kingdom of Great Britain and Northern Ireland (GB-UKM) 


This Privacy Notice is subject to revision.  


This is Version 1.0 of the RAL CVMFS Stratum-0 Privacy Notice. ​

Contact: Collier, Ian (STFC,RAL,SC)