Transfer of personal data to Sunet CDN Manager when using federated login
Description of Sunet CDN
Sunet CDN is a service developed and deployed by Sunet to provide a secure and scalable Content Delivery Network. The Manager is the customer portal to configure the workings of the CDN.
Processing of personal data
Transfer of personal data
Personal data is transferred from the identity provider (your login service) to Sunet CDN Manager.
When logging in to the service, the following personal data is requested from the identity provider you use:
Unique identifiers | To match user against a pre-configured user ID. | subject-id (mapped from eduPersonPrincipalName if subject-id is missing) |
Assurance level | To allow restriction of logins to a specific assurance level. | eduPersonAssurance |
First Name | To be able to present a friendly greeting | givenName |
Last Name | To be able to present a friendly greeting | sn |
For communication to system users regarding the service |
In addition to direct personal data, indirect personal data is also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, this can be used to uniquely identify a person.
Other processing of personal data within the service
Sundet CDN Manager stores technical logs for debugging purposes and security related incidents. These technical logs contain information regarding all authentications made to the service and the personal data transferred.
Potential personal data in log files managed by Sunet CDN, as configured by a user of the service, is outside the scope of this document.
Transfer of personal data to third parties
No personal data is transferred to third parties.
Lawful basis
Personal data is processed on the basis of authentication. Personal data must be transferred in order to match a user to a preconfigured user account.
Right of access, right of rectification and right of erasure of personal data
For access, rectification and erasure of your personal data, contact the Personal data controller.
Purging of personal data
Personal data as described above is not automatically purged from the service.
Personal data controller
Personal data controller for the processing of personal data is The Swedish Research Council, Sweden. If you have questions about how personal data is processed within the service, please contact noc+cdn@sunet.se.
Contact information for The Swedish Research Council’s data protection officer can be found at https://www.vr.se/behandling-av-personuppgifter.html.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA which are used in research and higher education.
Contact us
Please contact info@sunet.se