Policy for the management of personal information within the scope of the Identity Provider (IdP)

The Identity Provider performs authentication at the request of a service which Stockholm University recognises, either via metadata provided by the SWAMID federation or because the service and Stockholm University has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the Stockholm University's IdP, one or more pieces of personal data are transferred from Stockholm University's catalogue and authorization system to the requesting service. This procedure follows the intent of the Data Protection Regulation (GDPR).

All web services have access to a unique identifier which makes it possible for the user to save preferences after logging in such that the user has access to the same preferences during a subsequent login. This unique identifier is unique to that specific service and cannot be shared or traced between different web services.

Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations, see below.

Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at Stockholm University. Registered services that via GÉANT Data Protection Code of Conduct adhere to the European Union’s data protections directives, in Sweden the Data Protection Regulation (GDPR), get access to the same information.

Services whose purpose is for students to process admissions, course registrations, examination sign-up, degree applications, internships, grant applications, self-service account administration and for employees self-service for Stockholm University's HR-system have access to the user’s Swedish personal identity number or Swedish higher education interim personal identity number for foreigners.

Data Protection Regulation, or GDPR regulates how personal information is to be handled. The Regulation comes into effect May 25, 2018 and will replace the Swedish Data Act (PuL).

Last updated: October 13, 2020
Page editor: Mia Söderbärj
Source: IT Services

Tell a friend

Contact

IT Services

Contact Helpdesk

For IT support go to Serviceportalen - su.se/serviceportalen

You can find answers to frequently asked questions (800+ articles)
Questions, error reporting and orders can be placed via contact forms
Open 24 hours a day

If you have an urgent IT problem you can call IT-support