CnaaS NMS is a network management system used in CNaaS at Sunet connected organizations.
Personal data is transferred from the identity provider (your login service) to CnaaS NMS to login to a CNaaS NMS instance.
When logging in to the service, the following personal data is requested from the identity provider you use:
Personal data | Purpose | Technical representation |
---|---|---|
Unique identifiers | To match user against a pre-configured NMS user ID. | eduPersonPrincipalName |
Assurance level | To allow restriction of logins to a specific assurance level. | eduPersonAssurance |
In addition to direct personal data, indirect personal data is also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, this can be used to uniquely identify a person.
CnaaS NMS stores device configurations to manage a computer network. These configurations can contain user data like usernames and ssh-keys.
In addition to the data from identity providers described above, CnaaS NMS stores an email address associated with each user account.
Potential personal data in the managed device configuration handled by CnaaS NMS, as configured by a user of the service, is outside the scope of this document.
No personal data is transferred to third parties.
Personal data is processed on the basis of authentication. Personal data must be transferred in order to match a user to a preconfigured user account.
For access, rectification and erasure of your personal data, contact the Personal data controller.
Personal data as described above is not automatically purged from the service.
Personal data controller for the processing of personal data is The Swedish Research Council, Sweden. If you have questions about how personal data is processed within the service, please contact noc@sunet.se.
Contact information for The Swedish Research Council’s data protection officer can be found at https://www.vr.se/behandling-av-personuppgifter.html.
This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA which are used in research and higher education.