eduSign development
service Privacy Policy
This is a development service used to support
development of the eduSign service. This service does not log or
store any personal data. In all other aspects, the eduSign
privacy policy below apply:
Description
of Sunet eduSign
service
The
eduSign service is used to sign documents electronically.
You should only login to load a document you want to sign or if you
are invited to sign.
Processing of personal data
Transfer of personal data
When logging in,
personal information is transferred from the identity provider you have logged
in with to the eduSign service to give you as a user access to
login-protected information in the service. At time of login, a number of
personal data is requested to identify you as a user and give you access to
service.
The personal data
we obtain from the identity providers is that which is strictly needed for:
Additionally, some of
this data is temporarily kept in logs for traceability and troubleshooting.
When logging in,
the following personal data are requested from the identity provider you use:
Personal data |
Purpose |
Technical representation |
Unique identifier |
Identify
you as a user of the service so that you have access according to the rights
you have been granted. |
eduPersonPrincipalName |
Name |
Identify
yourself to other users in the services. |
displayName |
E-mail
address and E-mail alias |
To
verify that the invited person is similar to the logged in individual. |
mail mailLocalAddress |
Identity assurance profile |
Set of URIs that assert compliance with specific standards for
identity assurance |
eduPersonAssurance |
In addition to
direct personal data, indirect personal data are also transferred, such as
which organisation the user belongs to and which identity provider that has
been used when logging in. This information is
not used by the service more than for technical logs.
Other processing of personal data within the
service
The service saves
technical logs for troubleshooting and security related incidents. These
technical logs contain information about all logins made incl. transferred
personal data.
The service eduSign
only temporarily stores documents when someone is invite to sign a document and
who has been invited to sign until all parties have signed said document.
Transfer of personal data to third parties
No personal data is
transferred to third parties.
Lawful basis
Personal data is
handled based on the lawful basis of public interest. The personal data must be
transferred to give users access to login-protected information needed for
their work at Sunet or in collaboration with Sunet.
Right of access, right of rectification and right
of erasure of personal data
Personal data saved
in the service is
automatically corrected based on the personal data transferred from your
identity issuer in connection with the login.
To delete your
personal information in the identity management service,
contact SUNET NOC.
For access your
personal data, contact the Personal data
controller.
Purging of personal data
Personal data is
manually purged when it is no longer used by the identity management service
or connected services.
Personal data controller
Personal data
controller for the processing of personal data is The Swedish Research Council,
Sweden. If you have questions about how personal data are processed within the
service, please contact SUNET NOC.
Contact information
for The Swedish Research Council's data protection officer can be found at https://www.vr.se/behandling-av-personuppgifter.html.
GÉANT Data Protection Code of Conduct
This service
complies with the international framework GÉANT Data Protection Code of
Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1)
for the transfer of personal data from identity providers to the service. This
framework is intended for services in Sweden, the EU and the EEA that are used
in research and higher education.