Personal data processing

This page contains information about how Södertörn University processes personal data. The university complies with the General Data Protection Regulation (GDPR).

Södertörn University is responsible for all processing of personal data within its activities. This page explains how your personal data is processed by Södertörn University.

Södertörn University processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council. This regulation is referred to below as the General Data Protection Regulation, or GDPR.

What does the university do with personal data?

Södertörn University must process personal data to do its duty as a public authority and higher education institution, i.e. to provide research, education, and third stream activities. We also do it to evaluate and develop our activities and to follow Swedish law. All personal data processing that takes place at the university must contribute to this in some way. The processing must also have a legal basis. Only the personal data required for that purpose is processed.

If you are a member of staff, student or external party, you can obtain more detailed information about how your personal data is processed via your contact person, course coordinator, manager or project manager at the university. If you feel you have not received information from them, please contact Södertörn University’s data protection officer using the contact details at the bottom of the page.

What personal data does the university collect?

The university has numerous reasons for processing your personal data. The most common reasons are that you are a student, researcher, employee, participating in a conference, other event, or research project, applying for a job, or if you have contacted the university or are cooperating with it in some way. Most of this information is collected directly from you. In some cases, we may also collect data from other sources, for example the Swedish Tax Agency or Centrala studiestödsnämnden (CSN).
Depending on the reason for processing the personal data, the type of data may vary. At Södertörn University, this may include:

  • Contact details such as name, address, telephone number and e-mail. When necessary, personal ID numbers are processed to confirm your identity or to coordinate your data between systems to ensure the information about you is correct.
  • Contact details you provide when applying for a library card at the university library. This information is necessary for loaning out library materials and administering loans and purchases.
  • Banking and other financial information for making payments or invoicing.
  • Personal data that is collected as part of participation in a research study.
  • Information about credits awarded and other information about your studies at Södertörn University.
  • Information about how you use our websites, for improving user experience, such as via cookies.
  • Information when participating in conferences or courses.
  • Personal data necessary for employment or if you apply for a job.

How is your personal data protected?

Södertörn University must ensure that personal data processing is protected by appropriate technical and organisational measures. These measures must guarantee an appropriate level of security in relation to the processing risk. Aspects of security must include confidentiality, accuracy and accessibility, as well as a satisfying level of technical protection. For example, there may only be one person authorised to access the data, data must be encrypted, data must be stored in specially protected areas and copies are made of the processing.

Who can access your personal data?

A great deal of the information held by Södertörn University is official documents. If your personal data is in an official document, anyone who requests this document can access to your personal data, unless confidentiality pursuant to Public Access to Information and Secrecy Act (2009:400) prevents this. In addition, your data may be provided to Södertörn University’s partners as part of research projects, to suppliers, or to other parties that need the data due to an agreement between you and Södertörn University, due to a duty that is in the public interest, as part of public administration or due to a legal obligation that the university must fulfil. A duty that is in the public interest is one that Södertörn University is legally obliged to fulfil to comply with legislation or a decision supported by legislation, but which is not directly included in our tasks as a public authority.

When transferring personal data to another party, we take all the appropriate legal, organisational and technical measures that may be required to protect your personal data. You will be informed if we are planning to provide your information to other organisations.

Södertörn University will not give personal data to other parties without a legal basis for doing so.

How long does the university save personal data?

We save your personal data only as long as the purpose of the processing requires, or as long as legally required by law.

  1. For example, if you are an employee, we process your personal data as long as this is necessary to administer your employment.
  2. If you are a student, we process your personal data as long as you are a student at the university.
  3. If you are participating in a study, we process your personal data for as long as is necessary to guarantee the quality of the research.

For official documents, the personal data in these is managed in accordance with the Freedom of the Press Act (1949:105), Archives Act (1990:782) and the regulations of the Swedish National Archives. In many cases, this means that your personal data may be saved in Södertörn University’s archive for periods from five years to indefinitely.

Data to countries outside the EU/EEA (third country)

Södertörn University may transfer personal data to a third country outside the EU/EEA, particularly with reference to international research projects or student exchanges. The university will take all reasonable legal, organisational and technical measures necessary to achieve the appropriate level of security for your personal data. You will be informed about this.

Your rights

Right to access

You have the right to request to know whether Södertörn University processes your personal data, and to receive a free copy of the personal data that is processed. If you make repeated requests we will charge a fee to cover the administrative costs this incurs. In association with such a request, the university also provides additional information about this processing, such as its purpose, the categories of personal data that are processed, predicted storage time, etc.

Right to withdraw consent

When you provide your consent, you are also entitled to withdraw it at any time if you wish to do so. You do this by informing the person who processes your data that you would like to withdraw your consent. Withdrawal of consent does not apply to processing that is performed on a legal basis other than consent (e.g. the exercise of authority or public interest).

Right to data portability

In some cases, you are entitled to receive your personal data in a generally used format so you can transfer it to another data controller.

Right to correction

If you are registered, you have the right to have incorrect personal data about you corrected without delay. Considering the purpose of the processing, you also have the right to supplement incomplete personal data.

Right to erasure (to be forgotten)

In some cases, you have the right to have your personal data erased if it is no longer necessary for the purpose for which it was collected. For example, if you decide to stop studying and want us to erase your personal data.

There are exceptions to the right to erasure and the obligation for the data controller to inform others: if it is necessary to fulfil other important rights, such as the right to freedom of speech and information, to fulfil a legal duty, perform a task of public interest or as part of an exercise of public authority.

Right to submit a complaint to the Swedish Data Protection Authority

You have the right to complain to the Swedish Data Protection Authority about our processing of your personal data.

More information about your rights

Read more about your rights on the Swedish Data Protection Authority’s websiteexternal link


If you have questions about data protection, you can always contact your contact person at the university, the person responsible for a project or course. Södertörn University’s data protection officer con be contacted via


Facebook Mail Twitter

Page updated