Privacy policy


The Zenodo collaboration does not track, collect or retain personal information from users of Zenodo, except as otherwise provided herein. In order to enhance Zenodo and monitor traffic, non-personal information such as IP addresses and cookies may be tracked and retained, as well as log files shared in aggregation with other community services (in particular OpenAIREplus partners). User provided information, like corrections of metadata or paper claims, will be integrated into the database without displaying its source and may be shared with other services.

Zenodo will take all reasonable measures to protect the privacy of its users and to resist service interruptions, intentional attacks, or other events that may compromise the security of the Zenodo website.

If you have any questions about the Zenodo privacy policy, please contact us.

How is your data used

Each service at CERN is responsible for compiling its own Privacy Notice regarding the data it processes.

This Privacy Notice is part of CERN’s Layered Privacy Notice and details the processing that is unique to Zenodo. It does not address processing by other services on which this service may rely and which have their own Privacy Notice.

Personal Data we process

The personal data we have, and how it's used:

Personal Data Purpose Basis Source
IP address User account security and rate limiting Legitimate interest of CERN Inferred from the request client
Your IP address, visited URLs and corresponding timestamp User support, website debugging, security auditing and to produce anonymous aggregated statistics Legitimate interest of CERN Our web server logs
Account name Display in the Zenodo communities page when you are the curator Legitimate interest of CERN Your input
E-mail address Unique identifier for your Zenodo account, used to sign in, grant access rights, and send email communications Legitimate interest of CERN Your input
Name Used in email communication and to pre-fill the support form Legitimate interest of CERN Your input
ORCID ID Used for authentication purposes and also it is displayed when you are the author of a publication (only when inputed manually) Legitimate interest of CERN From ORCID, when you use it to sign in, or from the record submitter when you are the author of the publication
GitHub ID Used for authentication purposes and also to facilitate the integration with GitHub allowing automatic submissions to Zenodo Legitimate interest of CERN From GitHub when you use it to sign up, or when you activate the synchronisation between GitHub and Zenodo
Access token Used for authentication purposes when using our REST API Legitimate interest of CERN Generated by Zenodo upon your request
Which deposits you have created, records you have published and communities you create and manage Allow you to manage and edit content you create Legitimate interest of CERN Your input
List of your GitHub public repositories, GitHub releases that you created, and the meta-data associated with both of them (only when the synchronisation is active) Used to provide you with the feature that integrates Zenodo and GitHub allowing automatic submissions to Zenodo Legitimate interest of CERN From GitHub when you activate the synchronisation between GitHub and Zenodo
List of shared links (requests from anyone with an email address and name, that wishes access to your closed access records) Manage access to your closed access records Legitimate interest of CERN Links generated by Zenodo; email and name inputed by the requester
Submission Information Packages (SIP) containing: IP Address, e-mail address, the record metadata and files Preservation of archival content Legitimate interest of CERN Your input

Description of legal basis for processing of Personal Data by Zenodo

  • Contract: To fulfil a contractual relationship with the individual, or in preparation for a contract with the individual
  • Legal Obligation: To comply with a legal obligation of CERN.
  • Consent: By having received and recorded consent from the individual.
  • Legitimate interest of CERN: In the legitimate interests of CERN supporting the professional activities of the individual or their security and safety.

Personal Data we keep

The personal data we store, for how long and why:

Personal Data Retention Period 1 Purpose
IP address Until your next login (this will change in the near future to "Until session expiration") User account security and rate limiting
Your IP address, visited URLs and corresponding timestamp 13 months from date of action User support, website debugging, security auditing and to produce anonymous aggregated statistics
Account name Lifetime of your Zenodo account Display in the the Zenodo communities page when you are the curator
E-mail address Lifetime of your Zenodo account Unique identifier for your Zenodo account, used to sign in, grant access rights, and send email communications
Name Lifetime of your Zenodo account Used in email communication and to pre-fill the support form
ORCID ID Lifetime of your Zenodo account or if you disconnect the account Used for authentication purposes and also it is displayed when you are the author of a publication (only when inputed manually)
GitHub ID Lifetime of your Zenodo account or if you disconnect the account Used for authentication purposes and also to facilitate the integration with GitHub allowing automatic deposits
Access token Until deletion or expiration (1 year validity) Used for authentication purposes when using our REST API
Which deposits you have created, records you have published and communities you create and manage Lifetime of your Zenodo account Allow you to manage and edit content you create
List of your GitHub public repositories, GitHub releases that you created, and the meta-data associated with both of them (only when the synchronisation is active) Lifetime of your Zenodo account or deactivation of the synchronisation with GitHub Used to provide you with the feature that integrates Zenodo and GitHub allowing automatic submissions to Zenodo
List of shared links (requests from anyone with an email address and name, that wishes access to your closed access records) Lifetime of your Zenodo account or when you revoke access Manage access to your closed access records
Submission Information Packages (SIP) containing: IP Address, e-mail address, the record metadata and files Forever or until deletion request Preservation of archival content

Who at CERN has access

In addition to yourself, personal data collected by Zenodo is accessible by the following services, teams or individuals at CERN:

Personal Data Who Purpose
IP address Zenodo administrators and CERN Services administrators (Database on demand) User support and service operations
Your IP address, visited URLs and corresponding timestamp Zenodo administrators and CERN Services administrators ( Monitoring, Sentry Application Logging, Piwik, and Cloud Infrastructure services) User support and service operations
Account name Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
E-mail address Zenodo administrators and CERN Services administrators (Database on demand) User support and service operations
Name Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
ORCID ID Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
GitHub ID Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
Access token Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
Which deposits you have created, records you have published and communities you create and manage Zenodo administrators and CERN Services administrators (Database on demand and ElasticSearch on Demand services) User support and service operations
List of your GitHub public repositories, GitHub releases that you created, and the meta-data associated with both of them (only when the synchronisation is active) Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
List of shared links (requests from anyone with an email address and name, that wishes access to your closed access records) Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations
Submission Information Packages (SIP) containing: IP Address, e-mail address, the record metadata and files Zenodo administrators and CERN Services administrators (Database on demand service) User support and service operations

Personal Data we may transfer to others

Personal data we share with entities or individuals outside the Organization:

Personal Data 3rd Parties Purpose
Account name Public Display in the Zenodo communities page when you are the curator
Which deposits you have created, records you have published and communities you create and manage Public The main goal of Zenodo is to archive and share research data with other researchers around the world. All information that has been published by you, will be searchable and harvestable through our User Interface and our API

For more detailed information about personal data and privacy please refer to the Data Privacy web site.

For questions regarding this Privacy Notice, please contact us.

For questions regarding personal data and privacy please contact the Office of Data Privacy.

To request to exercise data subject rights please fill and submit the following online form.

This Privacy Notice is subject to revision.

Last revision: 13-08-2020 17:33:45

1 The retention period may be temporarily extended for special circumstances, in accordance with the provisions of the operation circular governing data privacy.