Transfer of personal data to User account at University of Skövde when using federated login

Description of User account at University of Skövde

User account at University of Skövde is a service directed towards staff and students at the University of Skövde.

The service is intended for activation and renewal of user accounts at the University of Skövde by means of login via antagning.se, eduID.se or with a one-time passcode.

Processing of personal data

Transfer of personal data

Personal data are being transferred from the identity provider (your login service) to the service to ensure that you as a user have access to your information in the service and to provide you with a user-friendly interface.

When logging in to this service, the following personal data are requested from the identity provider you use:

Personal data	Purpose	Technical representation
PersonalIdentityNumber	To give you access to your information, used for identification	norEduPersonNIN personalIdentityNumber schacDateOfBirth
Assurance Level	To ensure the quality of identification	eduPersonAssurance
First name	The name is used within the service	givenName sn
user Identity	Used for identification	eduPersonPrincipalName
E-mail	Used for identification	mail mailLocalAddress

In addition to direct personal data, indirect personal data are also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.

Other processing of personal data within the service

When logging in to the service, information is (if possible) retrieved from Ladok about the swedish population registry address and any active suspensions, information about user accounts at the University of Skövde is retrieved from the user database.
When entering pre-registered contact information, e-mail and SMS, the corresponding information is retrieved (if possible) from Ladok.
Entered and verified contact information, e-mail and SMS, are saved in the user database.
When ordering a one-time code for delivery via e-mail in combination with an SMS, information about current registration and employment is checked against Ladok and Primula, respectively.
All events concerning user accounts are logged in the user database.
Personal data is also stored in log files in the service in order to maintain traceability and to simplify troubleshooting.

Transfer of personal data to third parties

No transfer of personal data to third parties takes place.

Lawful basis

Performing government duties.

Right of access, right of rectification and right of erasure of personal data

For access, rectification and erasure of your personal data, contact the Personal data controller.

Rectification of personal data that was transferred at the moment of login has to be done in the identity provider that you use to log in. This information is corrected in the service at the moment of the first login after the personal information has been corrected in the identity provider.

Purging of personal data

Log files from the service are purged after 24 months, data in the user database is not purged.

Personal data controller

Personal data controller for the processing of personal data is the University of Skövde. If you have questions about how personal data are processed within the service, please contact dataskyddsombudet.

Contact information for the University of Skövde data protection officer can be found at his.se/en/about-us/facts-and-figures/data-protection-gdpr/.

GÉANT Data Protection Code of Conduct

This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.