Transfer of personal data to ECIU University when using federated login (Privacy Policy)

Description of ECIU University

ECIU University is a service directed towards Lifelong Learners, Teachers, Researchers and Research Attendees from all around Europe.

ECIU University use this service to control the assurance level of a user before activating the ECIU account or resetting the password of the ECIU account. The user needs to successfully sign in to an external Identity Provider to complete the account creation/password reset.

Processing of personal data

Transfer of personal data

Personal data is transferred from the Identity Provider (your login service) to the service to ensure correct and verified personal information and to provide you with a user-friendly interface.

When logging in to this service, the following personal data are requested from the identity provider you use:

Personal data

Purpose

Technical representation

Unique identifier

To identify the user from the Home University

eduPersonPrincipleName

Display Name

The name is used in lists within the service

displayName

E-mail address

Used to be able to contact you by e-mail and to be able to forward your ECIU e-mail to your Home University e-mail address.

mail

The assurance level of the login

To verify that the user has the correct assurance level to complete the process.

eduPersonAssurance

The date of birth

To be able to collect statistics about age-groups taking Learning Opportunities.

schacDateOfBirth

First name

To build the user name and e-mail address

givenName

Last name

To build the user name and e-mail address

sn

European Student Identifier

The European Student Identifier is used in digital credentials.

schacPersonalUniqueCode

 

In addition to direct personal data, indirect personal data are also transferred, such as which organization the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.

Other processing of personal data within the service

You can add more personal data in your user profile. You can also be asked to add more personal data when applying to a Learning Opportunity or by using services in ECIU University. By entering personal data in ECIU University services you agree that ECIU University are allowed process the data for you.

Transfer of personal data to third parties

Your personal data can be shared with other Member Universities within ECIU and other associated organizations.

Lawful basis

When using ECIU University services the lawful basis is:
Processing is necessary for the purpose of the legitimate interests.

When applying and attending to a Learning Opportunity the lawful basis becomes:
Processing is necessary for compliance with a lawful obligation.

When you add personal data to gain a better experience the lawful basis is:
Data subject has given consent.

Right of access, right of rectification and right of erasure of personal data

For access, rectification and erasure of your personal data, contact the Personal data controller.

Rectification of personal data that was transferred at the moment of login has to be done in the identity provider that you use to log in. This information is corrected in the service at the moment of the first login after the personal information has been corrected in the identity provider.

Purging of personal data

ECIU University provides services for Lifelong Learners. All users will be treated as Lifelong Learners and personal data will not be automatically purged after an amount of time.

If you want to have your personal data removed, please contact our data protection officer.

Personal data controller

Personal data controller for the processing of personal data is ECIU University. If you have questions about how personal data are processed within the service, please contact info@eciu.org.

Contact information for ECIU University data protection officer can be found at https://www.eciu.org/data-privacy.

GÉANT Data Protection Code of Conduct

This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.