Menu

Javascript is not activated in your browser. This website needs javascript activated to work properly.
You are here

Processing of personal data at Lund University

Lund University processes personal data in accordance with the EU’s General Data Protection Regulation (GDPR) 2016/679, the Data Protection Act 2018:218 and other relevant legislation.

•    Personal data responsibilities
•    Obligations as a public authority
•    Time limit for personal data retention
•    The rights of the data subject 
•    Questions and complaints

Personal data responsibilities

Lund University processes personal data in order to fulfil its task as a public authority and university.

The University’s task is to provide research and education, collaborate with society, communicate its activities and enable the utilisation of research results produced at the University.

All processing of personal data within the University is conducted in order to carry out these tasks. Only personal data required for these purposes will be processed.

Lund University (Corporate identity number 202100-3211) is the data controller for such processing of personal data for which the University has a set purpose and means.

Obligations as a public authority

Much of the information at Lund University consists of public records, as the University is a public authority.

The records are registered and can be disclosed on request if the data is not covered by the Public Access to Information and Secrecy Act (2009:400).

This means that personal data in such records can be disclosed in accordance with the principle of public access to information. In normal cases, the University does not have the right to investigate the identity of the data recipient.

Lund University is obliged to transfer certain personal data to other public authorities such as the Government Offices of Sweden, the National Audit Office, the Swedish Agency for Government Employers and Statistics Sweden. This is done to coordinate and follow up on the state’s activities and to check that state funding is used in the right way.

Time limit for personal data retention

According to the legislation on archives, the University, as a public authority, is responsible for retaining public records. The University may only excise public records in accordance with applicable disposal regulations and decisions.

Personal data that is not included in public records is saved only for as long as necessary for the purpose for which it is processed.

The rights of the data subject

The data subject has several rights in accordance with the EU’s GDPR.

However, Lund University wants to emphasise that a public authority must always follow the regulations that apply for public authorities concerning aspects such as public records, public access to information and secrecy, registration, archiving and disposal of records.

This means that your rights may be limited in cases where your personal data is processed as part of the University’s task as a public authority.

The right to access

You can request an answer concerning how Lund University processes personal data about you and in such a case receive a copy of the data, i.e. an extract from the register, together with certain more detailed information.

Contact us in writing (via letter or email) and state your name, personal identity number, postal address and email address. An extract from the register is normally sent free of charge to your registered address within a month.

If your request is complicated, it may take longer, and if your request is clearly unjustified or unreasonable, Lund University may charge an appropriate fee or decline the request.

The right to withdraw consent

In cases where Lund University processes your personal data after you have given your consent, you have the right to withdraw your consent.

The University will then cease to process your personal data regarding the purpose for which you gave your consent.

Other rights

If you consider that personal data about you is incorrect or incomplete, you can request to have the information corrected or supplemented.

When Lund University processes personal data within the framework of exercising public authority or to be able to conduct other tasks in the public interest, you have the right at any time to object to the processing.

If the University cannot demonstrate that there are compelling, legitimate reasons to continue processing the data, the University must stop processing the personal data.

In certain cases, you have a possibility to request a limitation on the processing of your personal data, or even to have personal data deleted. Both of these rights are limited regarding  public authorities and do not apply, for example, when your personal data is required in order for Lund University to fulfil its tasks in education, research or collaboration.

If Lund University processes personal data about you to fulfil an agreement, you have, in some cases, a possibility to receive personal data about you from the University in order to use it somewhere else – transferring information to another data controller, for example.

Questions and complaints

If you have any questions about how Lund University processes your personal data, please contact the University’s data protection officer at dataskyddsombud [at] lu [dot] se.

If you have a complaint about how Lund University processes your personal data, you can contact the Swedish Data Protection Authority:
Complaints and tips – datainspektionen.se (in Swedish)

Contact information

Data Protection Officer at Lund University
dataskyddsombud [at] lu [dot] se