Personal data processing

This page contains information about how Södertörn University processes personal data. The university is obliged to comply with the Regulation (EU) 2016/678 of the European Parliament and of the Council of 27 April 2016. This regulation is referred to below as the General Data Protection Regulation, or GDPR.

Södertörn University is responsible for all processing of personal data within its activities. This page explains how your personal data is processed by Södertörn University.

What does the university do with personal data?

Södertörn University must process personal data to do its duty as a public authority and higher education institution, i.e. to provide research, education, and collaborate with the surrounding community. We also do it to evaluate and develop our activities and to follow Swedish law.

All processing of personal data at the university must have a legal basis. As part of our activities we only process personal data as part of our duties as a public agency or to perform a task of general interest. Personal data is only processed during the time required for a particular purpose.

If you are a member of staff, student or external party, you can obtain more detailed information about how your personal data is processed via your contact person, course coordinator, manager or project manager at the university. If you feel you have not received adequate information, please contact Södertörn University’s data protection officer using the contact details at the bottom of the page.

Essay writing - how should students deal with GDPR?

The university has produced a student guide on essay writing and GDPR. The guide is linked below.

Essay writing and GDPR Pdf, 272.1 kB.

Evaluate whether processing personal data is necessary to achieve the aims of your essay. If it is necessary, define the purpose of processing the personal data and evaluate what data must be collected.
Check that sensitive personal data will not be processed. However, if this is going to happen, the intended subject of your essay must undergo ethical review. This is done by your supervisor at the academic school.
Decide how the information will be stored and, in consultation with your supervisor, ensure that it is processed securely during your work on the essay.
In consultation with your supervisor, decide which parts of the information will be erased or retained when work is completed.
Complete the information letter and consent form.
Inform and collect consent from every single person who will participate in the study, gather the necessary personal data, and process the personal data in accordance with what was decided in steps 1-5.
After the essay project has received a pass grade, erase or archive the personal data material in accordance with what you decided in step 4.

What personal data does the university collect?

The university has numerous reasons for processing your personal data. If you are a student, researcher, employee, participating in a conference or other event, applying for a job, or if you have contacted the university or are cooperating with it in some way, we usually collect your personal data. We collect your personal data either through you providing the information yourself, but in some cases we collect information from other sources, such as the Swedish Tax Agency or CSN.

Depending on the reason for processing the personal data, the type of data may vary. At Södertörn University, this may include:

Contact details such as name, address, telephone number and e-mail.
Your personal ID number or coordination number may only be processed without your consent when this is clearly motivated due to the purpose of the processing, the importance of definite identification or another noteworthy reason.
Contact details you provide when applying for a library card at the university library. This information is necessary for loaning out library materials and administering loans and purchases.
Banking and other financial information for making payments or invoicing.
Personal data that is collected as part of participation in a research study, for which you have provided consent.
Information about credits awarded and other information about your studies at Södertörn University.
Information about how you use our websites, for improving user experience, such as via cookies.
Information when participating in conferences or courses.
Personal data necessary for employment or if you apply for a job.

How is your personal data protected?

Södertörn University must ensure that personal data processing is protected by the appropriate technical and organisational measures. These measures must guarantee an appropriate level of security in relation to the processing risk. Aspects of security must include confidentiality, accuracy and accessibility, as well as a satisfying level of technical protection. For example, there may only be one person authorised to access the data, data must be encrypted, data must be stored in specially protected areas and there are backups of the personal data.

Who can access your personal data?

Some documents at Södertörn University are official documents. If your personal data is in an official document, anyone who requests this document can access your personal data, unless confidentiality pursuant to Public Access to Information and Secrecy Act (2009:400) prevents it being issued.
In some cases, Södertörn University will transfer your personal data to Södertörn University’s research project partners, to suppliers or to other parties that require them. A transfer to external parties will only occur if

it is a consequence of an agreement between you and Södertörn University,
it is due to information in the public interest as part of the exercise of public authority,
the university is legally obliged to do so,
you have provided your consent for this personal data processing.

Södertörn University will provide you with information about whether your personal data will be transferred.

When transferring personal data to another party, we take the appropriate organisational and technical measures that may be required to protect your personal data.

Södertörn University will not give personal data to other parties without a legal basis for doing so.

How long does the university save personal data?

We save your personal data for the period necessary for the purpose of the personal data processing or, in other cases, what is legally necessary.

If, for example, you are an employee, we process your personal data during the entire period of your employment so that we can perform administrative routines linked to your employment.
If you are a student, we process your personal data during the period that you are a student at the university.
If you are a participant in a study, we process your personal data during the period that research is being conducted to ensure the quality of the research.

The personal data in official documents is processed in accordance with the Freedom of the Press Act (1949:105), Archives Act (1990:782) and the regulations of the Swedish National Archives. In some cases, this means that your personal data may be saved in Södertörn University’s archive for periods from five years to indefinitely.

Data to countries outside the EU/EEA (third countries)

Södertörn University may transfer personal data to a third country outside the EU/EEA, especially regarding international research projects or student exchanges. The university will take adequate organisational and technical measures necessary to achieve the appropriate level of security for your personal data.

As a data subject, you are entitled to information if your personal data will be transferred ta country outside the EU/EEA.

Your rights

Right to access

You have the right to request a register extract for your personal data that is being processed by Södertörn University. This must be provided to you free of charge. In association with such a request, the university also provides additional information about this processing, such as its purpose, the categories of personal data that are processed, predicted storage time, etc.

However, if you repeatedly request extracts, we will change an administrative fee

Form for requesting an extract from the register Pdf, 198.9 kB.

Right to withdraw consent

When you provide your consent, you are also entitled to withdraw it at any time if you wish to do so. It must be as easy to withdraw consent as to provide it. To withdraw your consent, please inform the employee, researcher or student who collected your personal data.

Right to data portability

In some cases, you are entitled to receive your personal data in a generally used format so you can transfer it to another data controller.

Right to correction

As a data subject, you have the right to have incorrect personal data about you corrected without delay. You also have the right to supplement incomplete personal data.

Right to erasure (to be forgotten)

In some cases, you have the right to have your personal data erased if it is no longer necessary for the purpose for which it was collected.

There are exceptions to the right to erasure. This could be if the personal data processing is necessary to fulfil a legal duty, perform a task of general interest or as part of the exercise of public authority.

Form for deletion or changes to personal data Pdf, 146.8 kB.

Right to submit a complaint to the Swedish Authority for Privacy Protection

You have the right to complain to the Swedish Authority for Privacy Protection about our processing of your personal data.

More information about your rights

Contact

If you have questions about data protection, you are welcome to contact your contact person at the university, the person responsible for a project or course. You can also contact Södertörn University’s data protection officer, Anna Gulle, via dataskydd@sh.se

21-10-2022