...
Name of the service | SWAMID Identity Provider Test Suite is combined of the following test Service Providers
|
---|---|
Description of the service | This is a test service for Identity Provider administrators to test that they follow the SWAMID Best Current Practice for Entity Category Attribute Release. |
Data controller and a contact person | Swedish Research Council SWAMID Operations Manager Pål Axelsson, pax@sunet.se |
Jurisdiction | SE Sweden |
Personal data processed | A. Following data is retrieved from your Home Organisation: - your unique user identifier (SAML persistent identifier) - your role in your Home Organisation (eduPersonAffiliation attribute) ... B. Following data is gathered from yourself: - your profile ... Please make sure the list A. matches the list of requested attributes in the Service Provider's SAML 2.0 metadata Each test instances in the SWAMID Identity Provider Test Suite request a subset of the attributes defined in the Entity Category attribute release in SWAMID. The subsets ensure that the test suite validates that properly requested and required attributes are released and nothing else. |
Purpose of the processing of personal data | Don't forget to describe also the purpose of the log files, if they contain personal data (usually they do)Personal data transfered to the tests suite is only used to validate the home organization identity provider. All personal data is automatically discared after thay are shown on the test instance result webpage. |
Third parties to whom personal data is disclosed | Notice section 2.f: Third Parties of the Code of Conduct for Service Providers Are the 3rd parties outside EU/EEA or the countries whose data protection EC has decided to be adequate? If yes, notice also section 2.lNo personal data is disclodes to Third Parties. |
How to access, rectify and delete the personal data | Contact the contact person above No personal data is saved in the test instances and is hence not available after test is concluded. To rectify the data released by your Home Organisation, contact your Home Organisation's IT helpdesk. |
Data retention | When the user record is going to be deleted or anonymised? Remember, you cannot store user records infinitely. It is not sufficient that you promise to delete user records on request. Instead, consider defining an explicit period. Personal data is deleted on request of the user or if the user hasn't used the service for two yearsAll personal data is automatically discared after the test is conluded. |
Data Protection Code of Conduct | Your personal data will be protected according to the Code of Conduct for Service Providers, a common standard for the research and higher education sector to protect your privacy. |
...