Create an account
By creating or using your SWITCH edu-ID account, you agree to the following terms:
The SWITCH edu-ID service provides end users with a personal digital identity (edu-ID) that enables access to SWITCH edu-ID Federation services in Switzerland, and via the Inter-Federation, with other international identity federations. The use of SWITCH edu-ID is open to all natural persons who are interested in creating an edu-ID account to access SWITCH edu-ID Federation services.
3 Establishment, existence and deletion of the edu-ID account
To use SWITCH edu-ID, an edu-ID account is required. At least the following data must be provided:
- full name,
- valid email address
The edu-ID account can be created by the end users themselves or, if applicable, by their organisation.
If end users already have a digital identity from an organisation that operates a self-managed identity provider (IdP), the edu-ID account can also be derived from this digital identity. This creates a link to the account of the corresponding organisation and the existing attributes are automatically transferred to the edu-ID account.
The edu-ID account may also be linked to one or more digital identities of an organisation and/or to additional identifiers after it has been established. Such linking may be necessary if the edu-ID is used to access certain services that require the identifiers of the linked accounts.
3.2 Establishment, existence and deletion of the edu-ID account
As long as end users have an active affiliation with an organisation, SWITCH, as the organisation's contractor, is not authorised to delete the edu-ID account. The edu-ID account of all other end users can be deleted at any time via email@example.com.
Deletion of the edu-ID account results in the loss of the rights to use the edu-ID account and the associated functionalities. When the edu-ID account is deleted, all personal data will be deleted. The deleted edu-ID account cannot be restored.
The deletion of the edu-ID account does not automatically lead to the deletion of the data that the service operators process when using the services. Deletion of this data must be requested from the service operators.
4 Availability of SWITCH edu-ID
SWITCH endeavours to offer the SWITCH edu-ID service as uninterruptedly as possible. However, continuous availability or trouble-free operation are not guaranteed to end users.
5 Obligations of the end users
5.1 Duplicates of edu-ID accounts
End users may not create more than one edu-ID account.
End users undertake to cooperate in preventing and cleaning up edu-ID account duplicates. In particular, they must comply with SWITCH's directives in this regard or respond to SWITCH's enquiries within a reasonable period of time. In the event that duplicates of edu-ID accounts are created or discovered unintentionally, SWITCH must be notified via firstname.lastname@example.org.
5.2 Accuracy of personal data
End users are responsible for ensuring that the personal data they provide (e.g. name, e-mail address, postal address) is correct. They undertake to keep the edu-ID account data up to date. SWITCH sends regular reminders to the end users (e.g. by e-mail).
End users can check their attributes via www.eduid.ch, keep them up-to-date, extend and verify them if necessary.
The attributes of the base identity are declared by the end users. Attributes of affiliations are under control of the organisations.
Furthermore, it may happen that attributes of higher quality levels are required for access to certain services. Such attributes are checked in advance in a corresponding process (verification) and stored (e.g. a verified mobile phone number can be stored). Verifications can be carried out by the end users themselves, SWITCH or an organisation. The quality levels can be seen in the edu-ID account at www.eduid.ch.
5.3 Storage of the means of authentication
End users undertake to protect their edu-ID account carefully and securely from access by third parties and in particular to keep the means of authentication (e.g. user name, password and other authentication factors) safe. The means of authentication may not be passed on or made accessible to third parties. If misuse of the edu-ID account by third parties is suspected, end users are obliged to inform SWITCH immediately via email@example.com and to set a new password.
5.4 Personal responsibility
End users undertake to comply with the legal system when using the edu-ID account or SWITCH edu-ID. They bear sole responsibility for all activities emanating from their edu-ID account. The use of the edu-ID account or the SWITCH edu-ID service for illegal and/or abusive purposes is prohibited.
Duplicates of edu-ID accounts may be merged and/or deleted. This may result in loss of data and restricted access to services. End users will be contacted in advance.
6 Data protection and data security
If the edu-ID account of end users has affiliations with one or more organisations of the SWITCH edu-ID Federation, this organisation or these organisations are responsible for data processing in connection with the edu-ID.
If an edu-ID account is created without affiliation to an organisation or if the affiliation subsequently ceases, SWITCH is responsible for data processing.
SWITCH may engage service providers to provide services within the scope of SWITCH edu-ID.
6.2 Purpose of the data processing
Personal data of end users is primarily processed to provide the SWITCH edu-ID service and to detect, analyse, eliminate or prevent ICT security incidents and problems.
In addition, personal data of end users will also be processed, where permitted and deemed appropriate, for the following purposes:
- Billing and account management
- Fulfilment of statutory duties
- Statistical evaluation of anonymised data sets
6.3 Categories of personal data
The following categories of personal data may be processed as part of the service:
- Attributes of the basic identity (surname, first name, e-mail address, technical identifiers)
- Other attributes according to attribute specification (e.g. date of birth, address, telephone number, SSH key, group information)
- Authentication means (e.g. e-mail address and password)
- Log data (e.g. IP addresses, time, action)
- Support data (surname, first name, email address and edu-ID identifier of the support requestor, time, subject, problem description, attachments provided by the user).
6.4 Origin of the data
The personal data processed by SWITCH originates either directly from the end users or from an organisation with which end users have an affiliation.
6.5 Categories of recipients of personal data
SWITCH may pass on personal data to the following categories of recipients:
- IT service providers who support us in the provision of the service
- Authorities, official agencies and courts (if legally obliged to do so)
- Service operators
These recipients are partly domestic, but can be in any country in the world. Not all of these countries have data protection that is adequate from a Swiss perspective. In such a case, we ensure adequate protection through sufficient contractual guarantees, e.g. through contractual clauses issued or recognised by the competent authorities ("standard contractual clauses"), if the transfer in the individual case is not necessary on the basis of consent, for the performance of the contract, for the establishment, exercise or enforcement of legal claims, for overriding public interests or for your protection.
Services accessed with the edu-ID can also in principle be offered from anywhere in the world. Each time a service is accessed, the service operator can request certain attributes from an IdP of the SWITCH edu-ID federation. In any case, the consent of the end user is required at least for the first access to a service, so that the attributes are released to the service operator by the IdP.
Your personal attributes such as name, email address or date of birth may be used and shared by service operators exclusively for the following purposes:
- Authorisation of end users
- Provision of the service offered
- Support services related to the service
- Required contact with end users as part of service delivery
- Clean-up and identification of duplicates and obsolete attributes
Service operators are independent data controllers within the meaning of data protection laws.
6.6 Data security
SWITCH shall take all reasonable measures to ensure data security at all times in accordance with the recognised state of the art. In particular, SWITCH shall take appropriate technical and organisational measures to guarantee the integrity, availability and confidentiality of the information and undertakes to review, evaluate and, if necessary, adapt these measures.
SWITCH shall be liable to end users without affiliation for direct damage caused by grossly negligent or intentional breach of contract, unless SWITCH proves that it is not at fault. Liability for slight and medium negligence, also with regard to the activities of auxiliary persons, as well as for indirect damage, consequential damage, savings not made and loss of profit or loss of data is excluded to the extent permitted by law.
SWITCH is not contractually liable to end users with affiliation to one or more organisations.
Any non-contractual liability of SWITCH is excluded to the extent permitted by law.
End users may be held liable for any damage caused by the unauthorised use of SWITCH edu-ID and the edu-ID account with SWITCH or third parties.
9 Applicable law and place of jurisdiction
Swiss law is exclusively applicable to the exclusion of private international law and the Vienna Convention on Contracts for the International Sale of Goods.
The exclusive place of jurisdiction is Zurich. Mandatory places of jurisdiction remain reserved.