Transfer of personal data to the Central Webservice for Örebro University in connection with federated login (Privacy Policy)
Central Webservice for Örebro University. The system handles student activation, re-enrols students and registers existing and new student accounts, as well as acts as intermediary for password changes. EduID is used to validate AL2 accounts.
Description of the Central Webservice for Örebro University
Personal data management
Purpose and scope of the service
Personal data is transferred from the identity provider Antagning.se or eduID to the service to ensure that the user is given access to their information stored with the service, and to provide a user-adapted interface.
In connection with login to this service, the following personal data will be requested from the identity provider used:
List of the required attributes |
||
|
Personal data |
Purpose |
Technical representation |
| Unique identifier | To give the user access to their information | eduPersonPrincipalName |
| Personal identity number | The personal identity number is used to match the user with existing data subjects in our local LDAP catalog | norEduPersonNIN |
| Assurance profile | Know what assurance profile the logged in account has | eduPersonAssurance |
Other personal data processing by the service
Personal identity numbers are saved in local log files on the server as well as on a central log server. Personal identity numbers are used to match the user with existing data subjects in Örebro University’s LDAP catalog. No other personal data processing is undertaken.
Transfer of personal data to third party
There is no transfer of personal data to third parties.
Legal grounds
The university processes the personal data on the basis of public interest as described in the General Data Protection Regulation, GDPR, Article 6.
Right to request register extracts, correction and erasure of personal data
For information on register extracts, correction and erasure of personal data, go to Data protection policy at Örebro University
Correction of personal data which has been transferred in connection with login is done with the identity provider used at login.
Weeding of personal data
In compliance with the regulations in force, personal data saved in our log files is erased after two years. This weeding is done automatically.
Personal data controller
Örebro University, Sweden, is the controller of the personal data processing. Email address: dataskyddsombud@oru.se.
Contact details for Örebro University’s data protection officer can be found at Data protection policy at Örebro University
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct for the transfer of personal data from identity providers to the service. The framework is intended for services in Sweden, the EU and the EEA that are used within research and higher education.