Privacy Policy for Member Portal
Description of Member Portal
Member Portal is a service directed towards Student Unions and students at universities in Sweden.
The service handles membership payments online on behalf of the Student Unions using the service. Students can sign in to the Member Portal to see the membership invoices created for them and pay them immediately.
Processing of personal data
Transfer of personal data
Personal data are being transferred from the identity provider (your login service) to the service to ensure that you as a user have access to your information in the service and to provide you with a user-friendly interface.
When logging in to this service, the following personal data are requested from the identity provider you use:
| Personal data | Purpose | Technical representation |
| Unique identifier, Swedish identity number |
To give you access to your information | norEduPersonNIN |
In addition to direct personal data, indirect personal data are also transferred, such as which organization the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.
Other processing of personal data within the service
Personal data in the user’s profile is transferred from the membership system called Agera Medlem. The source of this personal data is one or a combination of sources below.
- The system for study documentation, Ladok, used by all universities in Sweden.
- Personal data which the users has provided themselves or edited though the Member Portal.
- Personal data which has been added to the service by the membership system administrator, requested by the user.
This personal data is managed according to each individual Student Union’s Data Protection Policy. Montania System AB has Data Processing Agreements signed with all Student Unions using the service. These agreements describes both parties’ rights and obligations as well as which personal data is used for which purpose.
The service’s logging retains personal data until the Data Controller (the Student Union) actively deletes a subject’s data, or terminates the service agreement with Montania. The Student Unions using the Momber Portal have their own individual policys for Data protection, which states how long they are retaining personal data. There is also a requirement for every student to accept the Student Union’s Data Protection Policy before paying their fee through the Member Portal.
Transfer of personal data to third parties
The personal data retained in the system are transferred to the student discount providers Mecenat and Studentkortet, according to agreements between these companies and the Data controller. The end user accepts this by becoming a member of their Student Union. The system has functionality to manually stop a user’s data from being transferred to these third parties. Users who have Protected personal information can be flagged with Protected Identity, which stops any personal data to be shared with any third party. This flag also works as an extra notice for the membership system administrator, in regards to this user and their personal data need extra caution.
Personal data is also automatically transferred from certain Student Unions’ systems to the housing queues in Gothenburg, SGS Studentbostäder and Chalmers Studentbostäder. When this is the case, it is requested by the Data controller. The personal data transferred is matched against the data available at the third parties mentiond above, to verify membership status and provide queue time in the housing queue.
Lawful basis
Montania System AB bases its data processing on a legally binding agreement between Montania System AB and the Data controller (the Student Union), in which Montania System AB commits to provide the Data controller with systems for membership management as well as hosting and maintenance. As a part of fulfilling this agreement, Montania System AB is processing personal data according to the instructions and on behalf of the Data controller. Data Processing Agreements which regulates the processing is established between the two parties.
Right of access, right of rectification and right of erasure of personal data
For access, rectification and erasure of your personal data, contact the Personal data controller.
Rectification of personal data that was transferred at the moment of login has to be done in the identity provider that you use to log in. This information is corrected in the service at the moment of the first login after the personal information has been corrected in the identity provider.
Purging of personal data
The administrators of the membership system has access to tools to purge personal data, which should no longer be retained according to their Data Protection Policy. Montania System AB keeps an encrypted copy of the system and its containing data for 3 months after the service agreement is terminated. On the Data controller’s request, the data can be deleted at an earlier state.
Personal data controller
Personal data controller for the processing of personal data is respective Student Union. If you have questions about how personal data are processed within the service, please contact your Student Union service desk or office.
Contact information for the Student Unions’ Data Protection Officer can be found on respective Student Union’s website.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.