Policy for the management of personal information within the scope of the Identity Provider

Information about the Policy for the management of personal information within the scope of the Identity Provider (IdP) as determined by Swedish Higher Education Authority.

The Identity Provider performs authentication at the request of a service which Swedish Higher Education Authority recognises, either via metadata provided by the SWAMID identity federation or because the service and Swedish Higher Education Authority has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the Swedish Higher Education Authority’sidentity provider, one or more pieces of personal data are transferred from Swedish Higher Education Authority’scatalogue and authorization system to the requesting service. This procedure follows the intent of the Swedish personal data protection legislation.

Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations, see below.

Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, which being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at Swedish Higher Education Authority. Registered services that via REFEDS Data Protection Code of Conduct, and the older GÉANT Data Protection Code of Conduct, adhere to the European Union’s General Data Protection Regulation (GDPR) get access to the same information.

The service adheres to the policy for the handling of personal data (link to policy) which has been published by Swedish Higher Education Authority in accordance with Swedish law.