Processing of personal data

Umeå University is responsible for processing of all personal data collected within the scope of the University's operations, ranging from the individual student's project reporting to the major administrative systems and research projects that require ethical review.

There shall always be a legal ground for the processing of personal data. The most common legal grounds that Umeå University follows are:

  • the processing is necessary to carry out a task of general interest, such as research, or for the exercise of public authority, such as awarding degrees to students
  • the processing is necessary in order to fulfil a contract or a legal obligation, such as with international students and the investigation of occupational injuries.
  • consent from the individual who registers, for example when registering for conferences

What rights does the individual have?

You as an individual have more rights against Umeå University:

  • The right to information – you will get information about when personal data are handled and in some special situations, such as computer hacking (aka personal data breaches)
  • The right to rectification – you will have the opportunity to correct, supplement and adjust your own personal information data
  • The right to deletion ("right to be excluded") – in some cases, you have the right to have your personal data deleted
  • The right to the reduction of processing – in some cases, you have the right to request that the handling of data is reduced. This can be done by having the personal data marked so that in the future it will only be processed for specifically defined  purposes
  • Data portability – under certain circumstances the individual has the right to obtain and transfer the personal data to another location (for example, another organisation)
  • In some cases, the right to object to further processing
  • Complaints and damages - you have the right to file a complaint with Umeå University and the Swedish Data Protection Authority (Datainspektionen)

Requirements that Umeå University shall comply with

Umeå University shall ensure that individual rights are safeguarded during all stages of the processing of personal data and regardless in what manner. We do this by:

  • We will ensure that we always have a legal basis for the processing of personal data.
  • We will ensure that personal information is relevant and not excessive in relation to the purpose of the collection, processing or securing.
  • We do not store personal data for longer than necessary for the purpose. What will be collected and retained is presented in the Umeå University records management plan.
  • We take technical and organisational measures to ensure adequate protection so that the personal data are not likely to end up in the wrong hands or be manipulated.
  • We are actively working with data protection, including to ensure that the systems, cloud computing or other places that we use to collect, process or store personal information is designed so that the data protection regulation is maintained.


Umeå University’s personal data officer
Petra Kanon, or +46 (0)90-786 68 30

Read more about the protection of personal data in the EU

Personal data processing in sociala media

Umeå University may collect personal data also in so-called social media, like Facebook, Twitter and others – because postings on the authority's "areas" are considered public documents, and therefore may be archived, usually temporally.

Personal data that might be stored when archiving, will only be store in "unstructured form".

Personal data that may occur in, for example, surveys, competitions and "apps" will not be stored.

Umeå University will never forward personal data to third parties. However, companies and providers of communication platform – like Facebook – normally have their their own privacy policies.