The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, replacing the twenty-year-old Data protection directive PuL (Personuppgiftslagen). The purpose of GDPR is to strengthen the protection of the individual in processing of personal data, while creating a uniform application of rules within the EU.
Your personal privacy is important to us
The ways in which we process your personal data ensure that you are able to participate safely and easily in our study programmes, our research and other activities within our organisation.
We process your personal data in a safe and secure manner
We process your personal data in a legal and transparent manner. As an individual, you have the right to be informed about what personal data we process, the right to object to the processing of your personal data, and in some cases, the right to be forgotten, that is erased from our systems. As a public authority, we have a right to process your personal data to carry out our activities within education and research. When you are employed by the University, or if you are one of our suppliers, the processing of your personal data is regulated in agreements.
If you have consented to our processing of your personal data for a purpose which does not fall within our official role as a public authority or an agreement, you always have the right to withdraw your consent or to have your personal data erased. You always have the right to have your name, address or telephone number corrected.
What is personal data?
Personal data is all information which can directly or indirectly be related to you as an individual. It could be your personal identity number, name and address, an IP address, personal information regarding health, allergies or other personal data that we need to fulfil our official tasks as a university. We only store personal data for as long as it is necessary, and the length of the period is determined by the reason for keeping personal data or if there are laws and regulations requiring that we store data for a certain period of time.
To be able to offer you our services as a university, it is sometimes necessary for us to share personal data with other actors or suppliers that work for us. We demand that they follow the exactly same demands on confidentiality and security that we do.
Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at University of Gävle. Registered services that via GÉANT Data Protection Code of Conduct adhere to the European Union’s data protections directives, in Sweden the Personal Data Act, get access to the same information.