...
Personuppgiftsansvarig för behandlingen av personuppgifter är <organisation>, <land>. Har du frågor om hur personuppgifter används och hanteras inom tjänsten tag kontakt med <e-postadress till tjänsteföreträdare>.
Dataskyddsombud är <namn>, <organisation>, <kontaktinformation>. alternativt Kontaktuppgifter till <organisation> dataskyddsombud finns på på <URL till informationssida med kontaktuppgifter till dataskyddsombudet>.
...
It is important to clearly describe which data is being transferred and for what purpose. The information must be clear to the persons for whom the document is intended. The technical representation is used for troubleshooting and should be attribute names defined in the attribute's LDAP specification.
Personal data is are being transferred from the identity provider (your login service) to the service to ensure that you as a user have access to your information in the service and to provide you with a user-friendly interface.
When logging in to this service, the following personal data is are requested from the identity provider you use:
...
In addition to direct personal data, indirect personal data is are also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.
...
Keep in mind that the lawful basis for consent places very high demands on voluntariness and can because of this very rarely be used for services that a person uses in their employment or in their studies.
Right of access, right of rectification and right of erasure of personal data
Here, the user's rights according to the Data Protection Regulation (GDPR) must be described. Particularly important is access to personal data, rectification of personal data and erasure of personal data.
For access, rectification and erasure of your personal data, contact the personal Personal data controller.
Correction Rectification of personal data that was transferred at the moment of login has to be done in the identity provider that you use to log in. This information is corrected in the service at the moment of the first login after the personal information has been corrected in the identity provider.
...
Here, a general description of the service's routines regarding automated purging of personal data, incl. how long the personal data is saved are stored after the user no longer uses the service, should be entered.
...
Here, contact information for to the personal data controller and its representative (the person within the who the organisation who is responsible / administrator for the service) are described. Contact information must also be specified to the data the data protection officer. OrganizationDisplayName in the service's registered metadata in SWAMID must be the same as the name the name in this section.
Personal data controller for the processing of personal data is <organisation>, <country>. If you have questions about how personal data is used and handled are processed within the service, please contact <e-mail address for service representatives>.
...
Nedan finns exempel på när mallarna på denna sida har använts.
- SWAMID Entity Category Release Check - Privacy Policy
- Överföring av personuppgifter till vid inloggning i Sunets Wiki and Jira
- Överföring av personuppgifter till Ladok i samband med federerad inloggningPrivacy Policy for the SWAMID Identity Provider Test Suite