Data Protection (GDPR)

The University processes personal information to fulfil its obligations as a government agency and university, which is to conduct research, provide education and operations in collaboration with the community. We also process personal information to be able to review and develop our operations, and to comply with applicable Swedish laws.

The processing of personal information within the University is connected to these purposes. Only necessary personal information must be processed.

More details on how your specific information is processed is available to you as an employee, student or external party in respective specific descriptions.

There are various reasons for the processing of personal information by the University. The most common reasons are that you are a student, researcher, participant in a study, employee, participant in a conference or other event, applicant for a position of for some other reason have interactions or collaboration with the University.

The type of personal information we process depends on the purpose, and includes but is not limited to the following:

• Contact information such as name, address, telephone number and e-mail. The personal identification number is needed to confirm your identity or for coordinating your information between systems to ensure that your information is consistent.
• Bank information and other financial information is needed for payment of salary and other reimbursement, or for invoicing purposes.
• Personal information collected in the scope of research studies.
• Information on study results and other information about your studies at the University or other educational institution.
• Information in regards to participation in conferences or courses.
• Personal information that is required when you apply for a position at the University, and for processing of employment matters.

As a government agency and educational institution, and depending on the purpose of the processing, we may use the following legal grounds for processing of personal information:

Information of public interest

Means: Directives from the parliament and the government

Examples from our operations:

• Education
• Research
• Collaboration
• Student projects

Performing government duties

Means: Necessary for performing government duties

Examples from our operations:

• Exams
• Disciplinary matters

Contracts

Means: To fulfil contracts with the data subject

Examples from our operations:

• Employment contracts
• Collaboration contracts
• Purchase contracts

Legal obligations

Means: Complying with laws and regulations

Examples from our operations:

• Act of public records and archives
• Working Environment Act
• Law on annual leave

Consent

Means: Must be voluntary, informed and documented.

Examples from our operations:

• Student projects (if sensitive personal information)
• Marketing

We collect most of the information from you directly. In certain cases, we collect information from other sources, such as the Tax Agency, the Swedish Board of Student Finance, Ladok or universityadmissions.se.

Much of the information at the University is considered public records. If your personal information is present in a public document, anyone who requests the document will be able to access your personal information, unless the privacy in the Law on Official Secrets and Public Records (2009:400) prevents access.

In addition to relevant members of the staff at the University of Skövde, the information may also be accessed by other government agencies in certain cases. External suppliers of IT-systems may sometimes have access to your personal information. In those cases, contracts are in place to ensure correct and legal processing. In the case of transfer outside the EU/EEC, adequate protection levels must be ensured.

We retain your personal information for as long as they are needed for the purpose for which they were collected and for as long as is required by law and other regulations. For more information, we refer to the specific descriptions for the respective registration categories.

• If you are employed, we process your personal information for as long as it is needed to manage the employment, and after that, for as long as is required by law and other regulations.
• If you are a student, we process your personal information for as long as you are a student at the University, and after that, for as long as is required by law and other regulations.
• If you are a participant in a study, we process your personal information for as long as it is needed to ensure quality of the research.

The same rules apply for all processing of personal information, regardless of its origin. Personal information in documents is retained in accordance with the Swedish Act of public records and archives (1990:782) and the Public Records Office regulations. In many cases, this means that your personal information will be retained between a number of years and for all future in the University records. In regards to personal information in public records, it may be shared in accordance with the Act on access to public information.

• You have the right to information on how we process your personal information and to have access to the information.
• You have the right to correct erroneous information.
• In certain cases, you may request to delete the information, that the processing be limited or that the personal information be moved (data portablility).
• You have the right to object to the use of your personal information for marketing purposes. In certain cases, you may object to other processing of your personal information.
• You have the right to object to automated decision-making and profiling, if applicable.
• You have the right to withdraw any consent.
• If you believe that we are in violation of the rules for processing of personal information, you may file a complaint with the Data Protection Agency.

Requests for extracts from the records, requests for corrections or requests regarding any other rights must be made in writing and be signed by you. Send your request to the Controller.

Controller

Högskolan i Skövde
Address: Box 408, 541 28 Skövde, SWEDEN
Email: registrator@his.se
Telephone: +46 500-44 80 00
Organisation number: 202100-3146

If you have any questions about how the University processes your personal information, you may contact the University's data protection officer.

Data protection officer

Email: dataskyddsombud@his.se

If you discover an incident regarding personal data, information or cyber security, report this as soon as possible:

• Email: helpdesk@his.se (or in the form below)
• Telephone: +46 500-44 88 00

Example of incidents:

• Unauthorized access to personal data
• Destruction of personal data
• If you have lost your mobile phone, laptop or tablet belonging to University of Skövde
• Hijacked login
• Virus on laptop or similar belonging to University of Skövde
• Inaccessable system
• Fraud attempts via email
• Stolen research information

Leave following information:

• Your contact information
• Time for incident, or time for when you discovered it
• Description of the incident and what happened