Effective as of 21 October 2019
Introduction
-
Humanitarian ID (HID) helps responders coordinate during disasters and crises by providing up-to-date contact lists. As a humanitarian responder, you can create and manage your own profile. HID is managed by the United Nations Office for the Coordination of Humanitarian Affairs (OCHA).
-
HID offers two complementary services: authentication and contact list management. The purpose of HID’s authentication service is to let users log into a range of humanitarian websites with their Humanitarian ID username and password. The purpose of HID’s list management service is to allow users to create and share contact lists, and to connect them with Google Groups or MailChimp, amongst other functions.
-
HID users should always conform to the HID Code of Conduct. Users that become aware of use that conflicts with the Code of Conduct are encouraged to contact info@humanitarian.id.
Using the HID authentication service
-
HID will always require user authorization before enabling a third-party website to access HID and authenticate a user’s details.
-
When a user accesses a third-party website using the HID authentication service, HID shares the following user data:
- Personal identification information (the full structure of the HID account, including name, email address, phone number, country, organization, and job title)
- Date and time of usage (Profile creation and updates, password resets, trusted browsers and devices)
- External authorized applicants (Websites that the user agreed to grant access to his/her data in Humanitarian ID)
-
All user information is managed by HID in line with these Terms of Service, the UN GA 1990 Guidelines for the Regulation of Computerized Data Files and the UN Personal Data Protection and Privacy Principles.
HID profile/list management service
-
The list management service offered by HID allows users to create and share contact lists, for the purpose of communication in different humanitarian response environments.
-
HID profiles are publicly visible by default. Users can determine which information they share publicly and which information they wish to remain private. Information that is marked as private will only be accessible to the following audiences:
- the user to whom the profile belongs;
- users that you have shared it with (through current sharing features for profiles;
- HID system administrators and HID Global Managers (users with elevated privileges).
-
Lists are only visible to the audience chosen by the list creator or manager(s), and to HID system administrators. Visibility of a new list can be set to one of the following levels:
- The list owner and the managers of this list only
- People on the list only
- Verified users only
- Anyone within Humanitarian ID
-
Lists for operations and groups (e.g. Clusters) are integrated within the individual operations pages of HumanitarianResponse.info (HR.info). These group lists follow the same visibility restrictions as defined in point 9 and are only accessible to users who have logged into HR.info using their HID credentials.
-
Specific humanitarian operations may also integrate lists into operation-specific or country-level websites. This currently includes the following;
- The disaster list Pakistan: Drought - Sep 2018 is integrated (and publicly available) in the Pakistan Drought Portal.
-
Members of the list can either be added by the creator or manager(s) of the list, or join themselves. Access for members to join the list can be set to one of the following options:
- Anyone within Humanitarian ID
- Anyone within HID can ask to be checked in
- Only the owner and managers of the list can add users
-
Lists may only be used for purposes of humanitarian communication - other uses including but not limited to advertising are prohibited.
Data security and privacy
-
User authentication on HID takes place securely via OpenID Connect.
-
User-to-service, user-to-client application, client application-to-service, and service-to-service connections are all encrypted using SSL.
-
OCHA and the HID team will not transfer personal data of users to other organisations. As described in points 8 and 9 above, personal data of users that are part of a group/list may be integrated into other platforms and services, as well as exported and shared outside HID by HID users. Use of such exported and/or shared data remains subject to these Terms and Conditions.
-
HID is built using publicly audited open source tools. Security patches are regularly applied to maintain compliance with the UN Office for Information and Communications Technologies standards. Data that is uploaded to HID is stored by an OCHA-managed data centre located in the United States. HID reserves the right to change to a different hosting provider or location.
-
Users that become aware of an infringement on data security or privacy should notify the HID team at info@humanitarian.id.
-
In case of a data breach, the HID team will determine an appropriate course of action, including whether to notify users.
Warranties, disclaimers, privileges and immunities
-
HID reserves the right to modify and/or terminate its authentication and list management services in the future.
-
OCHA aims to uphold a high standard for the accuracy and completeness of information shared through HID. However, OCHA cannot verify the accuracy of all information in HID. Further, OCHA makes no guarantee that information shared on HID will be secure or error-free. Sharing information through HID does not imply the transfer of any rights over this information to OCHA. OCHA disclaims all warranties, whether express or implied. Users who share information on HID are solely responsible for the information that they share. OCHA assumes no liability whatsoever for information shared on HID by users.
-
The designations employed and the presentation of material on the HID service do not imply the expression or endorsement of any opinion on the part of the United Nations concerning the legal status of any country, territory, city or area or of its authorities, or concerning the delimitation of its frontiers or boundaries.
-
Nothing in these Terms of Service or on the HID website shall be deemed a waiver, express or implied, of any of the privileges and immunities of the United Nations, including its subsidiary organs.
Applicable guidance and policy
-
OCHA is mandated by the United Nations General Assembly Resolution 46/182 and guided by the Humanitarian Principles. OCHA is governed by the applicable guidance and policies established by the United Nations General Assembly and the Secretariat. Notably, personal data is processed according to the UN GA 1990 Guidelines for the Regulation of Computerized Data Files.
-
The Personal Data Protection and Privacy Principles were adopted by a broad group of UN agencies, funds and programmes in 2018.
Governance of these terms
-
These Terms of Service provide guidance to users of the platform. It is the sole responsibility of users to ensure that their behavior on the platform is in compliance with these Terms of Service. If you do not agree with these terms, you should discontinue use of the HID service. If you have any questions or comments about these terms or HID, please visit our Frequently Asked Questions or send an email to info@humanitarian.id.
Definitions
Data breach
The loss, destruction, alteration, acquisition, or disclosure of information caused by accidental or intentional, unlawful or otherwise unauthorized purposes, which compromise the confidentiality, integrity and/or availability of information.
Data security
A set of physical, technological and procedural measures that safeguard the confidentiality, integrity and availability of data and prevent its accidental or intentional, unlawful or otherwise unauthorized loss, destruction, alteration, acquisition, or disclosure.
Data transfer
The act of sharing personal data or making them accessible to a third party using any means, such as in hard copy, electronic means or the internet.
Personal data
Personal data is any information relating to an individual person ("data subject") who may be identified by any means reasonably likely to be used, including by reference to a name, an identification number, location data, or one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity. To ascertain what means are reasonably likely to be used to identify the individual, account should be taken of all objective factors, such as the costs of identification and the amount of time required for it, taking into consideration both the technology available at the time of the Processing and technological developments. Therefore, Personal Data does not include anonymous information, that is, information that does not relate to an identified or identifiable natural person or to data rendered anonymous in such a way that the Data Subject is not or is no longer identifiable.