Transfer of personal data to Ladok when using federated login
Ladok is a central service for study administration aimed at students and study administrative staff at higher education institutions in Sweden.
The system is owned by the higher education institutions together through the Ladok Consortium. At present, 41 higher education institutions are part of the consortium.
Management and operation is common for all higher education institutions, but each higher education institution owns and is responsible for the contents of its own register.
Processing of personal data
Transfer of personal data
Personal data is transferred from the identity provider (your login service) to the service to ensure that the service knows who you are and what permissions you should have.
While logging in to this service, the following personal information is requested from the identity provider you use:
Ladok for students
| Personal data | Purpose | Technical representation |
| Unique identifier | To identify your higher education institution | eduPersonPrincipalName |
| Personal identity number | To give you access to your information | norEduPersonNIN, personalIdentityNumber |
| Date of birth | To give you access to your information | schacDateOfBirth |
| Assurance level | To verify the identification of you | eduPersonAssurance |
| Organisation affiliation | To categorise your employment status | eduPersonScopedAffiliation |
Ladok for employees
| Personal data | Purpose | Technical representation |
| Unique identifier | To give you access to your information and roles | eduPersonPrincipalName |
| Name | To name your identity in the service | givenName, sn |
| Assurance level | To verify the identification of you | eduPersonAssurance |
| Organisation affiliation | To categorise your employment status | eduPersonScopedAffiliation |
In addition to direct personal data, indirect personal data are also transferred, such as which organisation the user belongs to and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.
Other processing of personal data within the service
All processing of personal data in Ladok relates either to Förordning (1993:1153) om redovisning av studier m.m. vid universitet och högskolor or to employees at higher education institutions. The table below shows which personal data is processed and which category each data belongs to.
| Personal data | Category |
| Name | Student data |
| Personal identity number | Student data |
| Registered address | Student data |
| Contact information: phone number, e-mail address, temporary address | Student data |
| In case of protected identity; data regarding pseudonym and interim personal identity number | Student data |
| Access | Student data |
| Selection criterion | Student data |
| Obligation to pay application fees and tuition fees | Student data |
| Payment of application fees and tuition fees | Student data |
| Admission | Student data |
| Participation in study and examination | Student data |
| Study results | Student data |
| Grades | Student data |
| Credited education or other credited activities | Student data |
| Qualification criterion | Student data |
| Data for presentiation of results | Student data |
| Student cases- decisions | Student data |
| Name | Employment |
| User identity | Employment |
| Contact information: phone number and e-mail address | Employment |
| User roles | Employment |
| Course connection as a reporter and a certifier | Employment |
Personal data is also stored in log files at the service in order to maintain traceability and to simplify troubleshooting.
Transfer of personal data to third parties
Ladok transfers personal data to third parties according to Förordning (1993:1153) om redovisning av studier m.m. vid universitet och högskolor 2 kap 6 §.
Lawful basis
The processing of personal data in Ladok is regulated within the Swedish legislation Förordning (1993:1153) om redovisning av studier m.m. vid universitet och högskolor. The processing of personnel’s personal data and personal data transferred from identity providers while logging in is processed within the framework of public interest and the exercise of authority as this takes place by staff assigned rights within the framework of their employment within the authorities.
Right of access, right of rectification and right of erasure of personal data
For access, rectification and deletion of your personal data, contact the personal data controller at the higher education institution where the data is registered.
Correction of personal data transferred from your identity provider during login is done at your identity provider.
Purging of personal data
In accordance with Förordning (1993:1153) om redovisning av studier m.m. vid universitet och högskolor 2 kap 7 § och 8 § only some information related to students that never begun their studies after registration are purged.
Log files with personal data are cleared when they are no longer deemed necessary for traceability or troubleshooting.
Personal data controller
Personal data controller for student data is the the respective higher education institution where the student are registered. Contact information of the personal data controllers are available at the respective higher education institution.
The data protection coordinator within the Ladok Consortium is Gunnar Råhlén, gunnar.rahlen@bth.se.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.