Transfer of personal data to NaisSP when using federated login (Privacy Policy)


Description of NaisSP

Nais is a service directed towards universities and colleges work with administering study support to students with disabilities.

UHR is a governmental agency with many responsibilities in higher education. One of those is to provide an IT-system för the management of study support. This responsibility is shared with Stockholm University, the product owner of Nais.

Processing of personal data

Transfer of personal data

Personal data are being transferred from the identity provider (your login service) to the service to ensure that you as a user have access to your information in the service and to provide you with a user-friendly interface.

When logging in to this service, the following personal data are requested from the identity provider you use:

Personal data for students Purpose Technical representation
Unique identifier To give you access to your information eduPersonPrincipleName
Name The name is used in lists within the service displayName, sn, cn
E-mail address Used to be able to contact you by e-mail Mail
Personal identity number To give you access to your information norEduPersonNIN, personalIdentityNumber
Assurance level To verify the identification of you eduPersonAssurance
Personal data for administrative staff Purpose Technical representation
Unique identifier To give you access to your information eduPersonPrincipleName
Name The name is used in lists within the service displayName, sn, cn
E-mail address Used to be able to contact you by e-mail Mail
Assurance level To verify the identification of you eduPersonAssurance

In addition to direct personal data, indirect personal data are also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.

Other processing of personal data within the service

The service process personal data added to Nais by students and personal. Personal data is also saved in log files to enable logging and trouble shooting.

Data about students
Name
Personal identity number
Telephone number, email address
Type of disability
Doctors note et cetera to prove disability
Notes about what kind of study support the student is granted
Campus
Level of education
Study programme
Data about employees
Name
User identity
Email address
User role
Assignment as student mentor

Transfer of personal data to third parties

No data is transferred to third parties. Exemption being contractors to UHR för system development and system management.

Lawful basis

Nais follows the requirements of the Data Protection Regulation (GDPR). As Nais handles data of sensitive nature (a person’s health or disability), the norm is that all data is secret according to Public Access to Information and Secrecy Act (2009:400).

Right of access, right of rectification and right of erasure of personal data

For access, rectification, and deletion of your personal data, contact the personal data controller at the higher education institution where the data is registered.

Correction of personal data transferred from your identity provider during login is done at your identity provider.

Purging of personal data

Personal data in Nais, except the data that must be archived (as outlined in regulation from the Swedish National Archives), is purged when no longer needed.

Personal data controller

Personal data controller for personal data is the respective higher education institution where the student or employee are registered. Contact information of the personal data controllers are available at the respective higher education institution.

GÉANT Data Protection Code of Conduct

This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.


Tillbaka till inloggningen