Description of a service for verification of Assurance Level
This is a service that administers the user's Assurance Level for students or staff at Mid Sweden University.
This service is part of the administration process of Assurance Level and is used to verify people using EduID.
Processing of personal data
Transfer of personal data
Personal data is transferred from the identity provider to the service, in order to ensure that the person is allowed to access information supplied with the service and also to provide a degree of personalization in the service.
With a successful authentication with the service, the following personal data (attributes) will be requested from the identity provider:
Personal data |
Purpose |
Technichal name |
Unique identifier |
Used to verify personal data against the university's system. |
eduPersonPrincipleName |
norEduPersonNIN |
||
samlSubjectID |
||
Identifier of person |
Used to verify personal data against the university's system.
|
personalIdentityNumber |
schacDateOfBirth |
||
givenName |
||
Sn |
||
eduPersonAssurance |
||
schacDateOfBirth |
||
givenName |
||
sn |
||
|
||
mailLocalAddress |
||
|
||
displayName |
||
Assurance level |
Used for verification of Assurance level. |
eduPersonAssurance |
Affiliation |
Type of affilitation with the organization |
eduPersonAffiliation |
eduPersonScopedAffiliation |
||
Country |
Country name |
c |
co |
||
Organization |
Information on the organization |
o |
norEduOrgAcronym |
||
schacHomeOrganization |
||
schacHomeOrganizationType |
Aside direct personal data, related information, such as the person’s home organize and which identity provider that was used, is also transferred. These items of information can in combination with the requested attributes be used for unique identification.
Other processing of personal data within the service
Depending on which function with the service is used, different personal data is handled in different ways. This may include user-provided information received, data from Ladok or personal data already present in Mid Sweden University’s information domain.
Our service also produces technical logging for the purpose of error handling and security monitoring. These logs may also include personal data.
Transfer of personal data to third parties
Personal data used for creating the student’s user account within Mid Sweden University’s network will be synchronized with the Mid Sweden University agreement with Microsoft Azure Ad services.
Refer to https://www.miun.se/en/contact/personaldata.
Lawful basis
There must always be legal grounds for the processing of personal data. The most common ones at Mid Sweden University are:
- that the processing of personal data is essential to complete a task of general interest or the exercise of authority, such as the examination of students. This can also include publishing of photos from an event, as we are obliged to inform the public about our activities.
- that the processing of personal data is essential to comply with an agreement or a legal obligation.
- that there is a consent from the registered person, for instance when registering for a conference.
Refer to https://www.miun.se/en/contact/personaldata.
Right of access, right of rectification and right of erasure of personal data
Refer to https://www.miun.se/en/contact/personaldata.
Purging of personal data
Refer to https://www.miun.se/en/contact/personaldata.
Personal data controller
Mid Sweden University is the formal data controller responsible for handling personal data. The responsibility for this service is currently delegated to: Helena Wallskog, https://www.miun.se/helenawallskog
Data Protection Officer: Dataskyddsombud@miun.se
Refer to https://www.miun.se/en/contact/personaldata
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct (https://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.