This page contains information on how personal data, collected within the scope of Umeå University's operations, are processed at Umeå University as a public authority. The University follows the General Data Protection Regulation, GDPR.
Umeå University is responsible for all processing of personal data in our activities. On this webpage, we explain in greater detail how we process your personal data.
Umeå University processes personal data in accordance with Regulation 2016/679 of the European Parliament and of the European Council. This regulation is henceforth referred to by GDPR – the General Data Protection Regulation.
Umeå University processes personal data in the pursuit of our mandate as a public authority and university. Our mandate is to provide high-class research and education, to collaborate with society and inform of our activities. We do this to follow the applicable legislation, for statistical purposes and to overview and to develop our organisation.
Umeå University uses social media such as Facebook and Instagram. On these accounts, Umeå University is primarily responsible for potential personal data that we publish ourselves. We use social media to disseminate information, opinons, or ideas to the public For personal data that others post or publish, we can only be held responsible in the event that we can affect the content. We strive to remove inappropriate content.
When using IT resources from Umeå University, traces of your activities may be stored for use in the university's IT safety procedures.
All personal data processing at Umeå University takes place in order to somewhat promote these causes. The processing must have lawful ground. Only the personal data required for the purpose may be processed. The lawful grounds the university relies on are:
More detailed information on how your personal data are processed can be obtained through your contact, course coordinator, manager or head of research at Umeå University. If you are not satisfied with the answer they can provide, you can contact Umeå University's data protection officer, see contact details at the bottom of the page.
At Umeå University, we process your personal data for a number of different reasons. The most common reasons are that you are a student, researcher, participant in a study, employee, participant in a conference or other event, that you are applying for a job, or that you have contacted the University or are cooperating with the University for some other reason.
Most of this information is collected from the person in question. In some cases, we also collect information from other sources, such as the Swedish Tax Agency or the Swedish Board of Student Finance (CSN).
What information is being processed depends on the reason for processing the personal data, but can for instance regard:
Umeå University is responsible for ensuring that the processing of personal data is protected by appropriate technical and organisational measures. These measures must be adequate to ensure a security level that is appropriate in relation to the risk that the processing involves. The security aspects include an assessment of confidentiality, accuracy and accessibility, and an adequate technical level of protection. For example, access to data can be restricted to authorised persons, the data can be encrypted, they can be stored in specially protected IT environments and copies can be made.
Much of the information held by Umeå University consists of official documents. If your personal data are a part of an official document, everyone who ask to get copies of that official document can access your personal data, unless there is any cause for confidentiality according to the Public Access to Information and Secrecy Act (2009:400) that prohibits this.
In addition to this, your data may be transferred to our partners in research projects, or in contact with suppliers or other parties that need the data because of an agreement between Umeå University and you, due to information of public interest, in our exercise of official authority, or due to the legal obligations that Umeå University has.
A task of public interest is a task that we have to fulfil by law or pursuant to law, but that does not belong directly among our duties as a public authority. See link to page on official documents on the intranet Aurora at the bottom of this page.
When we transfer personal data to another party, we protect them with the necessary legal, organisational and technical measures. You will be informed if we are planning on transferring information about you to other organisations.
Umeå University will not transfer personal data to other parties unless it is pursuant to law.
We only save your personal data as long as the purpose of the processing requires, or as long as legal provisions require.
With regard to official documents, personal data in them are processed in accordance with the provisions of the Freedom of the Press Act (1949:105), the Archives Act (1990:782) and National Archives regulations. In many cases, this means that your personal data may be preserved between five years and forever in the Umeå University archive systems.
Umeå University sometimes share personal data with countries outside the EU/EEA, mainly in connection with international research projects, student exchanges and in other situations when transferring data is necessary.
Your personal data are primarily processed within the EU/EEA and all our IT systems are located within the EU/EEA. In the event of system support and maintenance, we may have to transfer information to a country outside of the EU/EEA, for instance if we share your personal data with data processors who, by themselves or through subcontractors, have been established or store information in a country outside of the EU/EEA. The data processor may in these cases only access information that is relevant to the task.
Umeå University takes all necessary legal, organisational and technical measures to ensure an adequate level of security regarding your personal data when they are transferred to a third country.
The General Data Protection Regulation gives you, as an individual, certain rights vis-à-vis Umeå University.
You have the right to ask whether Umeå University is processing your personal data and to receive a free copy of the personal data processed. If you wish to do so more than once, Umeå University will charge a fee to cover the administrative costs of this. In connection with such a request, Umeå University also provides additional information about the processing, such as its purpose, the categories of personal data processed, the expected storage period, etc.
You have the right to ask for your personal data at Umeå University to be rectified if they are inaccurate. You can do this, for example, by providing a supplementary statement to your contact person, course director, manager or research director at Umeå University. We are required to rectify inaccurate personal data without undue delay. However, we do not need to correct your data if they are only being processed to document completed research.
You have the right to have your personal data erased from Umeå University's systems as long as they are not needed for the purpose they were collected. This could be if you drop out of your studies and wish for us to remove any such personal data that was processed for this reason.
There could be regulations stipulating that Umeå University does not erase your personal data, for instance the provision about official documents or of documentation of research and studies. If your personal data have been shared with another party, Umeå University will take all reasonable actions to notify these parties of your request of erasure.
You have the right, in certain cases, to request the restriction of the processing of your personal data. Restriction means that the data is marked so that it may only be processed for certain limited purposes in the future.
The right to restriction applies, among other things, when you believe that the data is inaccurate and has requested rectification. In such cases you may also request that the processing of the data is restricted while the accuracy of the data is being verified.
You have the right to object to our processing of your personal data in certain cases, for example in research or educational activities. We will then discontinue the processing unless we have compelling grounds to continue with it, or if the processing is necessary to exercise legal claims that we may have.
If you have any questions about data protection, you are always welcome to contact your contact person at Umeå University, the person responsible for a project or a course, or Umeå University's data protection officer.
Umeå University is a public authority. Emails that you send to the University are stored and become public documents.
Email to Umeå University's data protection officer: pulo@umu.se
You can also submit complaints to the Swedish Authority for Privacy Protection, Box 8114, 104 20 Stockholm, email: imy@imy.se.