Transfer of personal data to NaisSP when using federated login (Privacy Policy)
Description of NaisSP
Nais is a service directed towards universities and colleges work with administering study support to students with disabilities.
UHR is a governmental agency with many responsibilities in higher education. One of those is to provide an IT-system för the management of study support. This responsibility is shared with Stockholm University, the product owner of Nais.
Processing of personal data
Transfer of personal data
Personal data are being transferred from the identity provider (your login service) to the service to ensure that you as a user have access to your information in the service and to provide you with a user-friendly interface.
When logging in to this service, the following personal data are requested from the identity provider you use:
| Personal data for students | Purpose | Technical representation |
|---|---|---|
| Unique identifier | To give you access to your information | eduPersonPrincipleName |
| Name | The name is used in lists within the service | displayName, sn, cn |
| E-mail address | Used to be able to contact you by e-mail | |
| Personal identity number | To give you access to your information | norEduPersonNIN, personalIdentityNumber |
| Assurance level | To verify the identification of you | eduPersonAssurance |
| Personal data for administrative staff | Purpose | Technical representation |
| Unique identifier | To give you access to your information | eduPersonPrincipleName |
| Name | The name is used in lists within the service | displayName, sn, cn |
| E-mail address | Used to be able to contact you by e-mail | |
| Assurance level | To verify the identification of you | eduPersonAssurance |
In addition to direct personal data, indirect personal data are also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.
Other processing of personal data within the service
The service process personal data added to Nais by students and personal. Personal data is also saved in log files to enable logging and trouble shooting.
| Data about students |
|---|
| Name |
| Personal identity number |
| Telephone number, email address |
| Type of disability |
| Doctors note et cetera to prove disability |
| Notes about what kind of study support the student is granted |
| Campus |
| Level of education |
| Study programme |
| Data about employees |
| Name |
| User identity |
| Email address |
| User role |
| Assignment as student mentor |
Transfer of personal data to third parties
No data is transferred to third parties. Exemption being contractors to UHR för system development and system management.
Lawful basis
Nais follows the requirements of the Data Protection Regulation (GDPR). As Nais handles data of sensitive nature (a person’s health or disability), the norm is that all data is secret according to Public Access to Information and Secrecy Act (2009:400).
Right of access, right of rectification and right of erasure of personal data
For access, rectification, and deletion of your personal data, contact the personal data controller at the higher education institution where the data is registered.
Correction of personal data transferred from your identity provider during login is done at your identity provider.
Purging of personal data
Personal data in Nais, except the data that must be archived (as outlined in regulation from the Swedish National Archives), is purged when no longer needed.
Personal data controller
Personal data controller for personal data is the respective higher education institution where the student or employee are registered. Contact information of the personal data controllers are available at the respective higher education institution.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.
Tillbaka till inloggningen