To the top

Page Manager: Webmaster
Last update: 12/4/2018 9:51 AM

Tell a friend about this page
Print version

Processing personal data - About the website, University of Gothenburg, Sweden Till startsida
Sitemap
To content Read more about how we use cookies on gu.se

Processing personal data

The University of Gothenburg is responsible for all processing of personal data that takes place as part of the university's day-to-day activities. The university safeguards all information entrusted to us.

The university applies the General Data Protection Regulation (GDPR) with supplementary legislation.

We have assembled information about processing of personal data within the University of Gothenburg. If you have additional questions about processing at the university, please contact us.

  • The university processes personal data as part, and in support, of our mission

    The university deals with personal data as part, and in support, of the university's mission as a provider of higher education and a research institution as well as in liaison with the larger society, that is, the "third assignment". The intention of all processing of personal data at university is to support this mission.

  • What does personal data mean?

    Any information that can be directly or indirectly linked to an identifiable person, such as their name, social security number, image, email address and IP address.

  • What personal data does the university collect?

    The university processes personal data for various purposes within our mission. In education, students' personal data is processed. Research involves researchers processing personal data of subjects, that is, those who participate in a research study.

    Personal data of employees as well as participants in conferences or other events is also processed. There are also other situations where the university processes personal data, such as contacts and collaborations between individuals and other organizations.

    In most cases, personal data is collected directly from the individual. This usually happens through contact between the individual and the university. In some cases, collection of personal data may also occur from someone other than the individual.

    In some cases, the university, as a public authority, is required to disclose personal data to others. For example, in order to leave students’ study results to the Central Student Support Commission (CSN) or employees' and contractors' salary information to the Swedish Tax Agency.

    What personal data is processed depends entirely on the purpose of the processing in each individual case. This may include:

    • Contact information such as name, address, telephone number and email address and, if applicable, personal identification number,
    • Information needed, for example, for student and employee assistance measures,
    • Bank details and other financial data for financial transactions,
    • Information obtained within the framework of participation in a research study,
    • Information about study results and other information related to studies,
    • Information collected during visits to university websites in order to improve their user-friendliness, e.g. through cookies,
    • Information when attending conferences or courses, or
    • Information required for employment or when applying for employment.
  • How is personal data protected?

    The university is responsible for protecting personal data by applying appropriate technical and organizational measures. The university thus ensures a level of security that is in keeping with the associated risks concerning processing personal data.

    Security aspects include risk assessment with regard to confidentiality, integrity and availability. Technical security controls may include, for example, ensuring only authorized persons have access to the information and that personal data is encrypted at rest or stored in protected locations.

  • Who may access personal data?

    The University of Gothenburg is a public authority, which demands that the publicity principle applies to the university. This means that everyone has the right to request access to any information the university holds. That information may contain personal data. Disclosure will occur, unless privacy rules pursuant to the Public Information and Privacy Act (2009: 400) applies to the personal data in question.

    The university also has other tasks and duties that may result in the disclosure of personal data to other parties. This may be, for example, information needed to perform a task of public interest, which forms part of exercising of authority or because of a legal obligation.

    The university may also provide personal data to partners, for example, as part of a research project, to a supplier or to another party because of agreements between the university and data subjects.

    Upon transfer to another party, the university undertake all reasonable legal, organizational and technical measures that are required to protect personal data. In cases regarding transferring personal data to another organization, the university provides the data subject with required information about the transfer.

    In addition, transfer of personal data is prohibited unless there is a legal obligation to do so.

  • For how long is your personal data saved?

    Personal data is stored for only as long as needed to fulfil the purpose of processing. In some cases, there may be laws and other provisions that require retention of information for a longer period.

    In the case of public documents, handling of personal data is in accordance with the Press Freedom Regulation (1949:105), the Archives Act (1990:782) and the National Archives Act. This may entail that personal data is stored for longer or shorter periods and in some cases forever in the university's archives.

  • Transfer of personal data to third countries (outside EU/EEA)

    The university may transfer personal data to third countries, i.e. to non-EU/EEA countries. Under such conditions, special legislation applies. Under such circumstances, the university will take all reasonable legal, organizational and technical measures required to achieve an appropriate level of protection for personal data. In each case, the data subject receives specific information regarding the transfer.

  • The rights of the data subject

    The General Data Protection Regulation states that the data subject has certain rights.

    Right of access (register extract)

    The data subject is entitled to request information regarding what personal data the university holds on him or her, free of charge, once per calendar year. To exercise this right, send a written request to dataskydd@gu.se.

    Right to rectification

    The data subject is entitled to request that his or her personal data, held by the university, is corrected if it is not correct. To exercise this right, send a request to your nearest contact person, course manager, line manager or other authorized person. The university is required to correct erroneous personal data without undue delay.

    The right to be forgotten

    The data subject is entitled to have his or her personal data erased when no longer needed for purpose it was collected. There may be other legislation that supersedes this rule, which means that personal data cannot always be allowed to be erased.

    In case of disclosure of personal data to another party, the university shall take reasonable steps to notify this party about the erasure. In cases where there are legal barriers to erasure of personal data, the university will limit the processing of this data only to the extent of legal requirements.

    The right to limitation of personal data

    The data subject is entitled to request that the processing of personal data be limited to certain specific purposes only. The right to limitation can be exercised in the following cases:

    • If personal data is incorrect and the university needs time to inspect the accuracy of the data.
    • If personal data is no longer required for the university's activities, but the data subject requests further retention due to legal action.
    • If the data subject opposes processing performed by the university. The processing is limited in that case until a balance is reached between the reasons of the data subject and the university's compelling legitimate reasons.
    • In the event that the data subject requests that the university delete their personal data, but for some reason, the university cannot accept this.

    Right to object to processing

    In some cases, the data subject may object to the processing of their personal data. If there are no compelling reasons for the university to continue processing the personal data, such as for meeting legal requirements, then the university will cease processing.

Contact information

If you have questions about how the university process personal data, please contact the person responsable for a project, course or system. 

You can also contact the Data protection officer, Kristina Ullgren, at dataskydd@gu.se.  

Page Manager: Webmaster|Last update: 12/4/2018
Share:

The University of Gothenburg uses cookies to provide you with the best possible user experience. By continuing on this website, you approve of our use of cookies.  What are cookies?