Processing of personal data for specific services and systems
Here you will find consolidated information regarding the processing of personal data for specific services and systems.
su.se/activate
Service description
The service is intended for the creation and use of a university account via antagning.se, eduid.se or a single use code.
Processing of personal data
The following information is transferred from antagning.se, eduid.se or Stockholm University’s own identity provider:
Information about personal data
Personal data |
|
|
|---|---|---|
Unique identifier | Provides you with access to your information | eduPersonPrincipleName |
Personal identity number | Personal identity numbers are used to link the external identity to an identity in the Stockholm University user catalogue and/or Ladok. | norEduPersonNIN |
Identity assurance level | Identity assurance levels are used to secure that the external identity has the right level of security and can therefore be used to activate or restore a Stockholm University account. | eduPersonAssurance |
The personal identity number or coordination number is forwarded to the Ladok student registry to access information about the student’s programme and contact details it has stored. Personal data is also saved in the service’s log files in order to maintain traceability and simplify troubleshooting.
All personal data is processed in a way that prevents unauthorised access. Personal data will be saved in the log file as long as is necessary for the purpose and in line with the university’s information management plan. The personal data created in your university account will be processed for as long as the account is active.
Legal basis
Article 6.1 (e) of the General Data Protection Regulation – processing necessary for the performance of a task carried out in the public interest – forms the legal basis when using the password reset service.
Article 6.1 (c) of the General Data Protection Regulation – processing necessary for compliance with a legal obligation – forms the legal basis when using the service to process the identity assurance level and personal identity number.
Right to register extracts, rectification and erasure of personal data
Contact the data controller for personal data extracts and erasure.
To rectify any personal data transferred when signing in, contact the identity issuer providing the log in service. Once the original provider has rectified the data, the information the service uses will change once you log in for the first time following the rectification.
Data controller
Stockholm University, SU, is the data controller. The EU General Data Protection Regulation (GDPR) gives you the right to access information stored about yourself free of charge and, if necessary, have any errors rectified. You can also request that your personal data be erased and the way it is processed be limited. Contact SU if you want to exercise these rights. If you are not satisfied with how your personal data is processed, you are entitled to submit a complaint to the regulatory authority, the Swedish Authority for Privacy Protection.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct for the transfer of personal data from identity issuers to the service. The framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.
www.geant.net/uri/dataprotection-code-of-conduct/v1
Contact
• Registry: registrator@su.se
• Data protection officer: dso@su.se
• IT Services: itsupport@su.se
Confluence
Privacy Policy Stockholm University regarding Confluence
Name of the service | Confluence |
|---|---|
Description of the service | Confluence is used by Institutions at Stockholm University as a space for collaboration, to share documentation and information. |
Data controller and a contact person | Stockholm University, Malin Mäkiranta helpdesk@su.se |
Jurisdiction | SE-AB Sweden Stockholm |
Personal data processed | Following Personal data is processed: displayName -
• E-mail Work • User ID (log in name)
• Personal number/social security number
• Roll
|
Purpose of the processing of personal data | The purpose for processing above mention data is to grant access to Confluence Wiki |
Third parties to whom personal data is disclosed | The personal information (PI) is not shared outside the EU/ESS and not shared with third parties. Only subjects, processor and data controller have access to the PI. |
How to access, rectify and delete the personal data | Contact the contact person above or the Data Protection officer at dso@su.se. |
Data retention | Personal data is deleted if the user hasn't used the service for three years by the owner of the site/information. |
Data Protection Code of Conduct | Your personal data will be protected according to |
The service NFG
Service description
The service is intended for the creation of guest logins for the public wireless network on Stockholm University.
Processing of personal data
The following information is processed by the service nfg.su.se
Information regarding personal data
Personal data | Purpose | Technical representation |
|---|---|---|
Unique identifier | Identify the user | eduPersonPrincipalName |
Affiliation to the university | Be able to decide if the user is an employee or not | eduPersonScopedAffiliation |
Permission atribute | Be able to decide i the user has been granted access to the service | eduPersonEntitlement |
Personal data is also saved in logfiles with the purpose of traceability and to make it possible to troubleshoot.
All data is treated in a way that no unauthorized access is possible. The personal data in the logfiles is saved as long as they are needed in accordance with the university information processing plan.
Legal basis
The users want to use the WiFi and we need to be able to identify them according to the SUNET policy.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.
Identity provider IDP
Policy for the management of personal information within the scope of the Identity Provider (IdP). The Identity Provider performs authentication at the request of a service which Stockholm University recognises, either via metadata provided by the SWAMID federation or because the service and Stockholm University has a specific agreement. Depending upon the type of service involved, the purpose of the service and what relationship the service has to the Stockholm University's IdP, one or more pieces of personal data are transferred from Stockholm University's catalogue and authorization system to the requesting service. This procedure follows the intent of the Data Protection Regulation (GDPR).
All web services have access to a unique identifier which makes it possible for the user to save preferences after logging in such that the user has access to the same preferences during a subsequent login. This unique identifier is unique to that specific service and cannot be shared or traced between different web services.
Services that are categorised in SWAMID’s metadata with entity categories receive attributes in accordance with SWAMID’s recommendations, see below.
Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at Stockholm University. Registered services that via GÉANT Data Protection Code of Conduct adhere to the European Union’s data protections directives, in Sweden the Data Protection Regulation (GDPR), get access to the same information.
Services whose purpose is for students to process admissions, course registrations, examination sign-up, degree applications, internships, grant applications, self-service account administration and for employees self-service for Stockholm University's HR-system have access to the user’s Swedish personal identity number or Swedish higher education interim personal identity number for foreigners.
Data Protection Regulation, or GDPR regulates how personal information is to be handled.
Last updated: 2026-01-12
Source: IT Services