- MicroData Skandinavien AB
Legal name: MicroData Skandinavien AB
Address: Trädgårdsgatan 14, 702 12 Örebro, Sweden


- Description of MicroWeb Personalarkiv KI
A system for managing and archiving personnel related information. The system reduces the daily human resources work and helps organizations to gain control of all information concerning the staff. 

- Transfer of personal data
When logging in to our service the following personal data is transfered: 

KI ID
This is an unique identifier provided by the idP. It is used as an unique identifier within our service. This attribute is required and represented as "kiid".

Email
This is the user email address which is used for when the user needs to be contacted by MicroData Skandinavien AB employees or user triggered system events. This attribute is optional and represented as "email".


- Other processing of personal data within the service
Users have the option to supplement their own profile within our service, which may be used for conctact purposes or other internal service operations. Our service does not link personal data provided by the identity provider with personal data from third-party services. Personal data may appear in our system logging service, if provided by the system user. The following user data is stored: 

IP Address
This is stored in all user sessions within our service. 

KI ID
The primary reason for the storage of this information is to match users from the identity provider to the local user accounts within our system. This is also stored as the local username in case the user wants to log in manually, without the use of the service provider. 

Email 
This is stored as contact information on the user profile, if it is provided by the identity provider. Our only purpose for storing this attribute is user password management and it may be used for user triggered system events. 

Full name
This is an optional attribute that can be added by the user and its purpose is to easier distinguish the owner of the user account. 

Phone number
This is an optional attribute that can be added by the user and its purpose is to give the user the possibility to receive notifications from the system, in the form of text messages. 

Logs
Our system stores logs containing most of the executed operations within our service. These logs are used for security purposes and also for troubleshooting potential technical issues that may appear. Together with the above attributes these logs may be used to identifying a single user.


- Transfer of personal data to third parties

Email provider
Our service use a third party email provider in order to send emails through the service to end users. We provide this feature to the system administrator who have the ability to enable it. The system administrtor also have the possibility to use their own SMTP-server which may be outside our service. The receiver of the emails is configured by the system administrator and is not handled by MicroData Skandinavien AB. Our service do not use email adresses for other reasons than internal service operations or user triggered events. 

Text messages
Our service contains a feature, which the system administrator can enable, to send text messasges to cellphones. All text messages that are being sent through our service is triggered by a service user which configures both the content and the destination of each text message. 

Other identity providers
Our service offers other authentication integrations which may use personal data in order to match users within the federation. Each integration is optional and needs to be activated by a system administrator in order to function. Our service do not share any personal data to other third parties outside of each federation. 


- Lawful basis
Personal data is handled based on the legal basis of public interest. The personal data must be transferred to give users access to login-protected information needed for their work.

- Right of access, right of rectification and right of erasure of personal data
Personal data stored in the login service is automatically corrected based on the personal data transferred from your identity provder in connection with the login. To delete your personal information in the login service, contact dpo@microdata.nu. For register extracts, contact dpo@microdata.nu

- Purging of personal data
Personal data is purged on a schedule configured by the system administrator. Manual purging may also be used.

- Personal data controller
Our data protection officer is respsonsible for the handling of personal data. If any questions are raised regarding the handling of personal data in our service, consider contacting dpo@microdata.nu

- GÉANT Data Protection Code of Conduct
This service follows the international framework GÉANT Data Protection Code of Conduct for the transfer of personal data from identity providers to the service. The framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education. Link to the Code of Conduct is found here: http://www.geant.net/uri/dataprotection-code-of-conduct/v1