Transfer of personal data to ID-portalen in connection with federated login (Privacy Policy)

 

Description of ID-portalen

The ID portalen for account management is a service aimed at employees (employees, affiliates and doctoral students) and students (international students, accepted for assignment training and other external courses).

The service is intended to confirm the employee's or student's identity and to increase their level of trust in their digital identity, as well as activating the student account and ordering a new activation code if necessary.

Handling of personal data

Transfer of personal data

Personal data is transferred from the identity provider (your login service) to the service to ensure that you as a user get access to your information in the service and to provide you with a user-friendly interface.

In connection with logging into this service, the following personal data is requested from the identity issuer you use:

Personal data

Purpose

Technical representation

Swedish personal identity number/Coordination number eller Ladok’s interim personal identity number

The Swedish personal identity number is used to connect the external identity with an identity in Karolinska Institutet's information catalog (IKAT) and/or Ladok

norEduPersonNIN

Assurance profile

Assurance profile is used to prove sufficient level of trust on the external identity

eduPersonAssurance

Unique user-ID

Saved for future matching at MFA login via EduID

eduPersonPrincipalName

Other processing of personal data in the service

The Swedish personal identity number/coordination number or Ladok’s interim personal identity number is obtained from The salary management system (Primula)/The Affiliation system (UBW) or the student documentation system, Ladok, to create an account.

ID-portalen only activates the account in KI's information directory.

All information is processed in such a way that no unauthorized person can access it.

Transfer of personal data to third parties

No transfer of personal data to third parties takes place.

Legal basis

Personal data is handled based on the legal basis of public interest. The processing of the Swedish personal identity number/coordination number is necessary to be able to make a secure identification of the individual.

Right to register extracts, correction and deletion of personal data

For register extracts, correction and deletion of our personal data, contact the person in charge of personal data.

Correction of personal data transferred in connection with logging in is done by the identity issuer that you use to log in. This information is corrected in the service at the first login after the personal data has been corrected with the identity issuer.

Cleaning of personal data

KI Account does not save any personal data.

 

Personal data controller

Karolinska Institutet is responsible for personal data. According to the EU's data protection regulation, you have the right to access the data about you free of charge, and if necessary to have any errors corrected. You can also request that information about you be deleted and that the processing of your personal data be restricted. If you want to exercise your rights, you should contact Karolinska Institutet. If you are dissatisfied with how your personal data is processed, you have the right to file a complaint with the Swedish Privacy Protection Authority, https://www.imy.se, which is the supervisory authority.

Contact details:

For more information on how Karolinska Institutet processes personal data, see https://medarbetare.ki.se/gdpr

REFEDS Data Protection Code of Conduct

This service follows the international framework The REFEDS Data protection Code of Conduct (CoCo v2), https://refeds.org/category/code-of-conduct/v2. The framework is used both within SWAMID and in the eduGAIN interfederation to make services available to users of the higher education institutions in Sweden and around Europe.