EdenNet 21 FP 2106

Privacy Considerations for EdenNet

DN1000007909
Issue: 1-1
Privacy Considerations for EdenNet DN1000007909 1-1 Disclaimer

The information in this document applies solely to the hardware/software product (“Product”) specified herein, and only as specified herein.

This document is intended for use by Nokia' customers (“You”) only, and it may not be used except for the purposes defined in the agreement
between You and Nokia (“Agreement”) under which this document is distributed. No part of this document may be used, copied, reproduced,
modified or transmitted in any form or means without the prior written permission of Nokia. If you have not entered into an Agreement
applicable to the Product, or if that Agreement has expired or has been terminated, You may not use this document in any manner and You
are obliged to return it to Nokia and destroy or delete any copies thereof.

The document has been prepared to be used by professional and properly trained personnel, and You assume full responsibility when using
it. Nokia welcome Your comments as part of the process of continuous development and improvement of the documentation.

This document and its contents are provided as a convenience to You. Any information or statements concerning the suitability, capacity,
fitness for purpose or performance of the Product are given solely on an “as is” and “as available” basis in this document, and Nokia reserves
the right to change any such information and statements without notice. Nokia has made all reasonable efforts to ensure that the content of
this document is adequate and free of material errors and omissions, and Nokia will correct errors that You identify in this document. But,
Nokia' total liability for any errors in the document is strictly limited to the correction of such error(s). Nokia does not warrant that the use of
the software in the Product will be uninterrupted or error-free.

N O WA RRA NT Y O F AN Y KI ND , EI T HER EXPR ES S OR I M P L I E D , I N C L U D I N G B U T N O T L I M I T E D TO A N Y

WARR ANT Y OF AVA IL ABI LI T Y, AC CU RAC Y, R EL I A B I L IT Y, T I T L E , N O N - I N F R I N G E M E N T, M E R C H A N TA B I L I TY
OR F IT NE SS FO R A PA RT ICU LAR PU RPO SE, I S M A D E IN R E L AT I O N TO T H E C O N T E N T O F T H I S D O C U M E N T.
IN NO EVEN T WI L L NOK IA B E LI ABLE F OR AN Y DA M A G E S , I N C L U D I N G B U T N O T L I M I T E D TO S P E C I A L ,
D IRE CT, IN D IRECT, I NCI DE NTAL OR C ON SEQ UE N T IA L OR A N Y L O S S E S , S U C H A S B U T N O T L I M I T E D TO LO SS
OF PRO F IT, REVE NU E, B US IN ESS IN T ER RU PT I ON , B U S I NE S S O P P O RT U N I T Y O R D ATA T H AT M AY A R I S E
FRO M T HE USE O F TH IS DO CU M EN T O R T HE IN F OR M AT IO N I N I T, E V E N I N T H E C A S E O F E R R O R S I N O R
OM IS SI O NS FRO M T HI S DOC UM EN T O R IT S CO NT E N T.

This document is Nokia’ proprietary and confidential information, which may not be distributed or disclosed to any third parties without the
prior written consent of Nokia.

Nokia is a registered trademark of Nokia Corporation. Other product names mentioned in this document may be trademarks of their
respective owners, and they are mentioned for identification purposes only.

Copyright © 2021 Nokia. All rights reserved.

Important Notice on Product Safety

This product may present safety risks due to laser, electricity, heat, and other sources of danger.
Only trained and qualified personnel may install, operate, maintain or otherwise handle this product and only after having carefully read the
safety information applicable to this product.
The safety information is provided in the Safety Information section in the “Legal, Safety and Environmental Information” part of this
document or documentation set.

Nokia is continually striving to reduce the adverse environmental effects of its products and services. We would like to encourage you
as our customers and users to join us in working towards a cleaner, safer environment. Please recycle product packaging and follow the
recommendations for power use and proper disposal of our products and their components.
If you should have questions regarding our Environmental Policy or any of the environmental services we offer, please contact us at Nokia for
any additional information.
Privacy Considerations for EdenNet DN1000007909 1-1 Table of Contents

Contents
1 Summary of changes...................................................................................................................................... 4

2 Introduction...................................................................................................................................................... 6

3 Privacy approach at Nokia............................................................................................................................. 7

4 Engineering privacy........................................................................................................................................ 8

5 Privacy goals....................................................................................................................................................9

6 Privacy considerations................................................................................................................................. 10

EdenNet 21 FP 2106 © 2021 Nokia 3

Privacy Considerations for EdenNet DN1000007909 1-1 Summary of changes

1 Summary of changes

Release Change description

EdenNet 21 FP 2106 No change.

EdenNet 21 FP 2105 No change.

EdenNet 21 FP 2104 No change.

EdenNet 21 FP 2103 Updated section:

• Privacy considerations

EdenNet 21 Updated section:

• Privacy considerations

EdenNet 20 FP 2011 No change.

EdenNet 20 FP 2010 No change.

EdenNet 20 FP 2009 No change.

EdenNet 20 FP 2008 No change.

EdenNet 20 FP 2007 No change.

EdenNet 20 No change.

EdenNet 19A FP 2004 No change.

EdenNet 19A FP 2003 Updated section:

• Privacy considerations

EdenNet 19A FP 2002 No change.

EdenNet 19A FP 2001 No change.

EdenNet 19A FP 1912 No change.

EdenNet 19A FP 1911 No change.

EdenNet 19A Updated section:

• Privacy considerations

EdenNet 19 FP 1907 No change.

EdenNet 19 FP 1906 No change.

EdenNet 19 FP 1905 No change.

EdenNet 19 FP 1904 No change.

EdenNet 21 FP 2106 © 2021 Nokia 4

Privacy Considerations for EdenNet DN1000007909 1-1 Summary of changes

Release Change description

EdenNet 19 No change.

EdenNet 18 SP1 1901 No change.

EdenNet 18 SP1 1812 No change.

EdenNet 18 SP1 1811 No change.

EdenNet 18 SP1 No change.

EdenNet 18 This is a new document which provides information on the product

features that impact privacy.

Table 1: Summary of changes

EdenNet 21 FP 2106 © 2021 Nokia 5

Privacy Considerations for EdenNet DN1000007909 1-1 Introduction

2 Introduction
This document provides information on the product features that impact privacy and the measures tak-
en to protect such data.

Any free and open-source software or third party products included in the product may have additional
or different privacy considerations that may not be covered as part of this document.

EdenNet 21 FP 2106 © 2021 Nokia 6

Privacy Considerations for EdenNet DN1000007909 1-1 Privacy approach at Nokia

3 Privacy approach at Nokia

The Nokia Privacy Vision and Principles on which it relies are aligned with globally recognized privacy
frameworks and serve as the basis for requirements for our products and operations. Nokia respects
privacy and has a commitment to be an accountable company. Nokia has established a comprehen-
sive company-wide privacy program that is based on relevant laws, best practices, and standards. The
Nokia privacy program is based on a risk-based approach that ensures a regular assessment of the
status and effectiveness of the privacy controls and procedures applied to Nokia products.

EdenNet 21 FP 2106 © 2021 Nokia 7

Privacy Considerations for EdenNet DN1000007909 1-1 Engineering privacy

4 Engineering privacy
Privacy is a key consideration in the creation and delivery of Nokia products. Our product teams have
integrated privacy (Privacy by Design) and security (Design for Security) into their Product Develop-
ment Lifecycle (PDL). Privacy engineering and assurance procedures ensure identification and mitiga-
tion of privacy impacts, building of privacy elements into all Nokia products, and verification of compli-
ance with Nokia's requirements.

EdenNet 21 FP 2106 © 2021 Nokia 8

Privacy Considerations for EdenNet DN1000007909 1-1 Privacy goals

5 Privacy goals
Nokia applies privacy requirements related to the following privacy goals for products:

Accountability means having in place privacy compliance mea-

sures, as well as monitoring and enforcing com-
pliance to a set of industry accepted privacy prin-
ciples

Privacy by Design means privacy is a key consideration in the cre-

ation, delivery, and support of all Nokia products

Transparency means privacy notices and information about our

collection and use of personal data are provided

Data minimization means personal data collection, storage, and us-

age are limited to data that is relevant, adequate,
and absolutely necessary for carrying out the pur-
pose for which the data is processed

Unlinkability means data shall not be linked across different

domains and is processed and analyzed only for
the purpose for which they were collected

Intervenability means data subjects, as well as the controller or

supervisory authority have control over personal
data

Confidentiality means no person can access personal data with-

out authorization

Integrity means information technology processes and

systems continuously conform to their specifi-
cations for the execution of their intended func-
tions, and the data to be processed remains in-
tact, complete, and up to date

Availability means personal data must be available and can

be used properly in the intended process

Table 2: Privacy goals

EdenNet 21 FP 2106 © 2021 Nokia 9

Privacy Considerations for EdenNet DN1000007909 1-1 Privacy considerations

6 Privacy considerations
These privacy considerations are related to the product delivered or to be delivered to the customer.

Note: Any customer-specific customization, development or modification of the product may

introduce privacy impact beyond that described here.

The privacy considerations describe the processing of personal data by this product, possible privacy
impact from that processing and applicable privacy measures.

By 'processing' Nokia means any essential feature operation or set of operations performed by the
product on personal data or on sets of personal data, whether or not by automated means, such as
collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation,
use, disclosure by transmission, dissemination or otherwise making available, alignment or combina-
tion, restriction, erasure, or destruction.

The data subject is Customer employee. The following categories of customer employee personal da-
ta may be collected and/or processed by EdenNet and could be classified as:

• Account Information
• Contact Information
• Usage Information

Account Information

The data elements in the account information category are Login name, First name, Last Name, User
Group and so on.

These data elements are stored encrypted in secure LDAP and EdenNet DB. They are used by the
EdenNet administrator while creating a user. EdenNet uses this information to allow customers to log
in to the system. The storage of account information is customer configurable. The Admin user can
delete the account information that is not required. Personal data is not shared outside of EdenNet. It
is accessible via the GUI, secure LDAP, and EdenNet DB. The Admin user can access the details of
all other users configured on the EdenNet system.

In EdenNet, only the Username and Password are mandatory data to log in to the EdenNet applica-
tion. Additional data processing is not done by EdenNet.

User group is stored in a secure EdenNet database. EdenNet uses this information to provide specific
roles to the customer employee user to perform the EdenNet role-based access control functionality.

The Admin user can delete the assigned user group of the required user in case of internal or external
LDAP without group support. In case of customer having external LDAP with group support, only those
users in customers LDAP, which have specific SON roles are synchronized to the EdenNet DB. The
synchronization is customer configurable. Examples of user group are SON Module Executor, SON
Monitor, and SON Module Manager. EdenNet uses this information to provide specific roles to the
customer employee user for using the EdenNet functionality.

EdenNet 21 FP 2106 © 2021 Nokia 10

Privacy Considerations for EdenNet DN1000007909 1-1 Privacy considerations

Contact Information

The data element in the contact information category is the email address. This is usually the cus-
tomer employee email address or any other support email address used by the customer. EdenNet us-
es this information to inform the user about the status of module execution (if the user has subscribed
to it).

The email address is added during account creation or while performing module configuration. It is
stored encrypted in the secure LDAP or EdenNet DB. The retention period is customer configurable.
The Admin user can remove the email address and user account from EdenNet in case of internal
LDAP users only. In case of external LDAP servers, the user account and their email address will re-
main on external LDAP servers. A specific user can also remove the email address configured in the
respective account or change it to a support/non-personal email address.

The email address is accessible via the GUI, secure LDAP, or EdenNet DB. The email address is not
shared outside of EdenNet. It is available in log files. The retention of log files is customer configurable
for some log files. For other log files, such as OEM log files, it is default settings within the OEM.

Usage Information

The data element in the usage information category is timestamp. This is the system timestamp of
user activity logged in the audit log files on the particular EdenNet node, for example, on GUI node,
DB Node, and so on.

EdenNet uses this information to inform the user about the various operations performed, and the time
of the operations. Timestamp is present as text. It is a mandatory information in log files. Only the root,
vson, administrator, and logged in user with privileges can view the information.

The data element in this category is the Keycloak API key. This is generated on the EdenNet GUI for
a specific SDK user. EdenNet uses the API key to authenticate and authorize the user to use the SDK
feature.

API key is customer configurable. With the support of Admin user, the API key for a user can be re-
generated. It is stored encrypted in Keycloak.

EdenNet 21 FP 2106 © 2021 Nokia 11