Processing of personal data - IDP

Policy for the management of personal information within the scope of the Identity Provider (IdP) as determined by University of Gävle

The Identity Provider performs authentication at the request of a service which [ORGANISATION] recognises, either via metadata provided by the SWAMID identity federation or because the service and University of Gävle has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the University of Gävle’s identity provider, one or more pieces of personal data are transferred from University of Gävle’s catalogue and authorization system to the requesting service. This procedure follows the intent of the Swedish personal data protection legislation.

Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations, see below.

Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at University of Gävle. Registered services that via GÉANT Data Protection Code of Conduct External link. adhere to the European Union’s data protections directives, in Sweden the Personal Data Act, get access to the same information.

Services whose purpose is for students to process admissions, course registrations, examination sign-up, degree applications, internships, grant applications, self-service account administration and for employees self-service for University of Gävle’s HR-system have access to the user’s Swedish personal identity number or Swedish higher education interim personal identity number for foreigners.

This page was last updated 2024-04-10