Processing of personal data - GDPR

At the University of Gävle, we have a long experience of storing and processing personal data and information as part of our activities. It is important for us that you feel safe and confident that we process your personal data in a legal and transparent manner. We would like you to know how we use your personal data and inform you about your rights. On this page, you can read about how the University’s webpage falls within the scope of GDPR. You will also find contact details to the Data protection group.

The General Data Protection Regulation (GDPR) came into effect on 25 May 2018, replacing the twenty-year-old Data protection directive PuL (Personuppgiftslagen). The purpose of GDPR is to strengthen the protection of the individual in processing of personal data, while creating a uniform application of rules within the EU.

Your personal privacy is important to us

The ways in which we process your personal data ensure that you are able to participate safely and easily in our study programmes, our research and other activities within our organisation.

We process your personal data in a safe and secure manner

We process your personal data in a legal and transparent manner. As an individual, you have the right to be informed about what personal data we process, the right to object to the processing of your personal data, and in some cases, the right to be forgotten, that is erased from our systems. As a public authority, we have a right to process your personal data to carry out our activities within education and research. When you are employed by the University, or if you are one of our suppliers, the processing of your personal data is regulated in agreements.

If you have consented to our processing of your personal data for a purpose which does not fall within our official role as a public authority or an agreement, you always have the right to withdraw your consent or to have your personal data erased. You always have the right to have your name, address or telephone number corrected.

What is personal data?

Personal data is all information which can directly or indirectly be related to you as an individual. It could be your personal identity number, name and address, an IP address, personal information regarding health, allergies or other personal data that we need to fulfil our official tasks as a university. We only store personal data for as long as it is necessary, and the length of the period is determined by the reason for keeping personal data or if there are laws and regulations requiring that we store data for a certain period of time.

To be able to offer you our services as a university, it is sometimes necessary for us to share personal data with other actors or suppliers that work for us. We demand that they follow the exactly same demands on confidentiality and security that we do.

Which personal data do we share

Services whose primary purpose is for the benefit of research and education have access to approximately the same personal data which are automatically sent with an everyday email, that being name, email address, user identity, if the user is a student or employee (or similar active role) and that the user has an account at University of Gävle. Registered services that via GÉANT Data Protection Code of Conduct adhere to the European Union’s data protections directives, in Sweden the Personal Data Act, get access to the same information.

What does consent mean and what should it look like?

Consent should be freely given and be a clear, affirmative action in which the one concerned, after having been informed, accepts the processing of personal data about himself or herself.

Consent does not have to be in written form, but that is often appropriate.

The form for consent (print-out and sign it, if you consent to the fact that we publish, for instance, your picture or your name)

ConsentPdf, 78 kB. Pdf, 78.1 kB. External link.