Processing of your personal data

Admission to studies at first- and second-cycle level is mainly administered through the Swedish Council for Higher Education's (Universitets- och högskolerådet, UHR) admission system, antagning.se and universityadmissions.se. UHR processes personal data on behalf of the University of Gothenburg within the framework of the admission process. 

Read more about UHR's processing of personal data here: Processing of personal data 

Examples of processing 

The university processes information about you as an applicant, such as name, Swedish personal identity number or coordination number, application number from universityadmissions.se, contact details, grades and other merits. Depending on the education, the university may also process work samples, portfolios, CVs, personal letters and interview results. 

If you are an international applicant, passport details, language test results and information about tuition fee payments may also be processed in order to assess eligibility and carry out the admissions process. 

Legal basis 

The processing is necessary for the performance of a task carried out in the public interest and in the exercise of official authority according to Article 6.1 e GDPR. The university's responsibility for eligibility, selection and admission is governed by the Swedish Higher Education Act and the Higher Education Ordinance. 

Certain parts of the processing are also necessary to comply with legal obligations pursuant to Article 6.1 c GDPR, including determining fee status, administering tuition fees and fulfilling other requirements under legislation, such as the Ordinance on Application Fees and Tuition Fees at Higher Education Institutions.  

Recipients of data 

Personal data processed in the admissions process is shared with UHR in connection with processing via antagning.se or universityadmissions.se and with the national study documentation system Ladok when you are admitted to an education. 

For international applicants, data may be shared with the Swedish Migration Agency (Migrationsverket) in matters concerning residence permits and with the Legal, Financial and Administrative Services Agency (Kammarkollegiet) if insurance issues need to be handled. 

Data may also be provided to the Swedish Board of Student Finance (Centrala studiestödsnämnden, CSN) for student finance matters, to the Swedish Institute (Svenska institutet) for scholarship or mobility programmes, and to Statistics Sweden (SCB) for official statistics. Student unions may access certain data to the extent permitted by regulations.  

Source of the data 

The information comes mainly from you via antagning.se or universityadmissions.se and from UHR in connection with the admission process. Information may also be obtained from the BEDA grade database, from the national study documentation system Ladok, and from the Swedish Tax Agency to verify identity information. 

For international applicants, additional information may come from the Swedish Migration Agency. 

The university processes your personal data in order to handle the admission process for doctoral studies.

Examples of processing

The university processes data such as your name, Swedish personal identity number or coordination number, contact details, grades and other merits needed to assess your application. Depending on the subject of the doctoral studies, the university may also process your CV, personal letter, interview results, portfolio, references and work samples. 

For international applicants, passport details and language test results may be processed to verify eligibility and complete the admission process.

Legal basis

The processing is necessary for the performance of a task carried out in the public interest and in the exercise of official authority according to Article 6.1 e GDPR. The university's responsibility for eligibility, selection and admission to doctoral studies is governed by the Swedish Higher Education Act and the Higher Education Ordinance.

Recipients of data

Personal data is shared with the national study documentation system Ladok if you are admitted to doctoral studies. For international applicants, data may be shared with the Swedish Migration Agency (Migrationsverket) in matters concerning residence permits and with the Legal, Financial and Administrative Services Agency (Kammarkollegiet) if insurance issues need to be handled.

Data may also be provided to the Swedish Board of Student Finance (Centrala studiestödsnämnden, CSN) for student finance matters, to the Swedish Institute (Svenska institutet) for scholarship or mobility programmes, and to Statistics Sweden (SCB) for official statistics. Student unions may access data to the extent permitted by regulations.

Source of the data

The information comes primarily from you when you apply for doctoral studies. If necessary, information is retrieved from the national study documentation system Ladok and from the Swedish Tax Agency (Skatteverket) to verify identity information. 

For international applicants, additional information may come from the Swedish Migration Agency. 

The university processes your personal data to administer your studies throughout your entire period of education, right up until graduation.

Examples of processing

The university uses your name, Swedish personal identity number and contact details to give you access to premises, learning platforms and libraries, and to connect you with teachers and other students in your education. Processing also takes place to administer examinations, manage student mobility, follow up on your study results and issue your degree or course certificate. Your data is registered and stored in the Ladok study documentation system, where information about participation, credits, grades and degrees is also stored.

Legal basis

The processing is necessary for the performance of a task carried out in the public interest and in the exercise of official authority according to Article 6.1 e GDPR. The implementation and administration of education is governed by the Swedish Higher Education Act and the Higher Education Ordinance.  

Documentation of study results and degrees is carried out in accordance with the ordinance on reporting studies at universities and colleges, “Förordningen om redovisning av studier m.m. vid universitet och högskolor.”

Recipients of data

Data may be shared with IT system providers that provide services for, for example, learning platforms, access cards, library systems and study documentation.

Source of the data

The data is mainly obtained from the Swedish Council for Higher Education (Universitets- och högskolerådet, UHR) via antagning.se and universityadmissions.se, from Ladok and from you yourself.

The university processes your personal data to administer commitments related to studies within the framework of the Swedish National Sports University (Riksidrottsuniversitetet, RIU) and to follow up on the collaboration.

Examples of processing

The university processes your name and Swedish personal identity number together with information about your studies and your sporting activities when you study as a national sports student. The information is used to assess support needs, plan study adaptations and follow up on activities.

Legal basis

Processing that takes place to adapt studies for an elite athlete student is based on ana contract in accordance with Article 6.1 GDPR, as the commitments within the framework of the National Sports University are based on an individual agreement between the student and the university.

Processing for follow-up and collaboration within the Swedish National Sports University is necessary for the performance of tasks carried out in the public interest according to Article 6.1 e GDPR. This forms part of the university's educational mission under the Swedish Higher Education Act and the collaborative tasks arising from the Higher Education Ordinance.

Recipients of data

Your personal data may be shared with the Swedish Sports Federation (Riksidrottsförbundet, RF) and other partners within the Swedish National Sports University when necessary to administer and follow up on activities (e.g. the City of Gothenburg, RF: SISU Västra Götaland).

Source of the data

The data comes from you when you enter into an agreement to study at the Swedish National Sports University. 

The university processes your personal data to administer and implement disability study support if you have a documented, permanent disability.

Examples of processing

When you apply for disability study support, the university processes your name, Swedish personal identity number, contact details, information about your disability, information about your education and information about recommended or approved support. The information is used to assess whether you are entitled to support, what support is appropriate, to administer your application and to implement and follow up on the support.

Legal basis

The processing is necessary for the performance of a task carried out in the public interest and in the exercise of official authority according to Article 6.1 e GDPR. The university's responsibility to provide disability study support to students with permanent disabilities follows from the Swedish Higher Education Act and the ordinance on the responsibility of state authorities for the implementation of disability policy.

The processing also includes data on disabilities, which means the processing of special categories of personal data. Such processing is necessary for reasons of substantial public interest according to Article 9.2 g GDPR and is carried out in accordance with the Data Protection Act.

Recipients of data

Your personal data is processed in the National Administration and Information System (NAIS), which is a national system owned by the Swedish Council for Higher Education (Universitets- och högskolerådet, UHR). Other higher education institutions that use NAIS cannot see the information you have provided to the University of Gothenburg via NAIS.

Source of the data

The data comes from you, including the documentation you submit to prove a permanent disability. The university also has access to your Swedish personal identity number or equivalent through your login to NAIS. 

The university processes your personal data in order to receive, administer and prepare scholarship applications, and to make payments when scholarships are managed or administered in collaboration with foundations.

Examples of processing

Personal data is processed to register your application, assess eligibility and merits, make decisions, communicate decisions and make payments. The processing may include your name, Swedish personal identity number, contact details, bank account details, information about your studies and, in some cases, income details when these are required under the foundation's regulations.

Legal basis

When the university administers scholarships on behalf of a foundation, the processing of personal data is part of fulfilling an assignment from the foundation and is regulated by the agreement between you and the foundation. The legal basis for the foundation's own processing is an agreement in accordance with Article 6.1 b GDPR.  

When the university processes personal data as part of its own activities, such as when paying out scholarships or administering student-related matters, the legal basis is to perform tasks in the public interest in accordance with Article 6.1 e GDPR.

Recipients of data

Your personal data may be disclosed to the foundation that assesses the scholarship, to the foundation's auditor and to the foundation's bank when making payments. Providers of technical services for the application system may have access to personal data as personal data processors.

Source of the data

The data comes primarily from you in connection with your application. The data is supplemented with information from the national study documentation system Ladok when such information is required to assess eligibility or make decisions, for example to verify that you are studying at the university during the scholarship year. 

The university processes your personal data in order to verify degree certificates and academic qualifications upon request.

Examples of processing

The university uses information about your name, Swedish personal identity number, study results and admission to education programmes when verification of degree certificates or academic merits is required, for example at your request or at the request of an external party to whom you have referred.

Legal basis

The processing is necessary for the performance of a task carried out in the public interest according to Article 6.1 e GDPR. The university's responsibility to document, confirm and provide information about study results and degrees follows from the Swedish Higher Education Act and the Higher Education Ordinance.

Verification of degree certificates and academic merits is part of this task and is based on the obligation to maintain and provide accurate study and degree documentation in accordance with the ordinance on reporting of studies at universities and colleges, "Förordningen om redovisning av studier m.m. vid universitet och högskolor.”

Recipients of data

Your personal data may be disclosed when the university verifies degrees or study merits at your request or at the request of an external recipient to whom you have referred. In some cases, data may need to be transferred to countries outside the EU/EEA, in which case the university will take the necessary legal and technical protective measures. You will receive specific information about such a transfer if it concerns your data.

Source of the data

The data is mainly retrieved from the national study documentation system Ladok. 

The university processes your personal data in order to administer remuneration when you carry out assignments within the university's activities, such as student representative assignments or assignments within disability study support.

Examples of processing

The university processes your name, contact details and date of birth or Swedish personal identity number in order to administer your remuneration. For certain assignments, the information is also used to create a personal user account (x account) so that you can carry out your assignment.

Legal basis

Processing that takes place to administer student fees is based on an agreement in accordance with Article 6.1 b GDPR as you provide your data as part of performing an assignment for the university and receiving fees.

In cases where processing is necessary to fulfil the university's legal obligations, for example under tax legislation or requirements to report to authorities, the legal basis is Article 6.1 c GDPR.

Recipients of data

Your name may be published on the Student Portal with an assignment-related email address when the assignment requires it. Data may also be processed in the National Administration and Information System (NAIS) for assignments within disability study support and in the University's personnel and payroll system Primula for the administration of fees.

Source of the data

The data comes from you, from the national study documentation system Ladok and, for assignments related to student representation, from the University of Gothenburg Student Unions (Göteborgs universitets studentkårer, GUS). 

The university processes your personal data so that you can access student health care and so that the university can follow up and develop student health care at an organisational level.

Examples of processing

The university transfers certain information from the national study documentation system Ladok (such as your name, Swedish personal identity number or coordination number, faculty, department and information about your program or course) to the student health care provider so that you can be identified and offered student health care services. All visits are documented by the provider, who is an independent healthcare provider and responsible for record-keeping in accordance with the Patient Data Act.

Legal basis

The processing is necessary for the performance of a task carried out in the public interest according to Article 6.1 e GDPR. The university's responsibility to provide student health care is based on the Swedish Higher Education Act and is part of its mission to support students within the framework of their education.

The university only processes the personal data necessary to enable access to student health care services, such as name, Swedish personal identity number or coordination number, and information about studies. This information is transferred to the student health care provider in order to identify the student and administer the care contact.

The student health care provider is an independent personal data controller for the documenting and processing of health data in accordance with the Patient Data Act. This processing is therefore not covered by the university's legal basis.

Recipients of data

Your personal data is provided to the university's student health care provider, which is responsible for record keeping and other processing in accordance with the Patient Data Act.

Source of the data

The data comes from you and from Ladok.

The university processes your personal data in order to communicate with you as a student or prospective student, for example before the start of your studies or in contact with support and service functions.

Examples of processing

The university processes data such as your name and contact details when you book an appointment with a study counsellor or disability study support coordinator via appointment booking services, or when you communicate with university staff via email. 

When you register for events, such as a workshop on academic writing or a seminar on stress management, the university processes your data in order to administer participation and provide relevant information.

Legal basis

The processing is necessary for the performance of a task carried out in the public interest according to Article 6.1 e GDPR. Communication with students is part of the university's educational mission under the Swedish Higher Education Act and is necessary to provide information, support and services within the framework of education.

Communication with prospective students is necessary to carry out admission and information processes in accordance with the Higher Education Ordinance. When a student or prospective student contacts the university, the university also fulfils its service obligation under the Administrative Procedure Act.

Recipients of data

In some cases, data may be shared with providers of appointment booking or event services used to manage contacts and registrations.

Source of the data

The data mainly comes from you when you contact the university, book an appointment, communicate via email or register for an event. 

The university processes your personal data in order to handle public documents in accordance with the principle of public access and applicable archiving legislation. This means that the university must store, organise, register and, upon request, assess whether documents should be disclosed, while complying with confidentiality rules.

Examples of processing  

The university registers and stores documents containing your personal data, such as applications, decisions, study-related documentation and documents relating to support or administration of your studies. Upon request for disclosure, the document is reviewed in accordance with the Public Access to Information and Secrecy Act before it is disclosed. Processing also takes place when documents are sorted or archived in accordance with the Archives Act and the Swedish National Archives’ regulations (Riksarkivet). The disclosure of documents, in both digital and physical form, constitutes personal data processing.

Legal basis 

The processing is necessary to fulfil a public interest according to Article 6.1 e GDPR. The university's obligations to register, preserve, provide and sort public documents are governed by the Freedom of the Press Act, the Public Access to Information and Secrecy Act, the Archives Act and the Swedish National Archives’ regulations.

Recipients of data

Your personal data will be disclosed to anyone who requests access to a public document, provided that the data is not subject to confidentiality under the Public Access to Information and Secrecy Act.

Source of the data

The data comes from you or arises within the university's activities through decisions, assessments, documentation and communication. In some cases, data is retrieved from external systems or authorities when this is included in documents that must be preserved, registered or disclosed in accordance with applicable legislation. 

As data subject, you are entitled to request information regarding what personal data the university holds on you, free of charge, once per calendar year. To do so, please contact us at dataskydd@gu.se. If possible, please specify if you have been in contact with us as student, staff, in a research project, or something else.

As data subject, you are entitled to request that personal data concerning you, held by the university, is corrected if it is not correct. To exercise this right, send a request to your nearest contact person, course manager, line manager or other authorised person. The university is required to correct erroneous personal data without undue delay.

As data subject, you are entitled to have personal data concerning you erased when it is no longer needed for the purpose it was collected.

There may be other legislation that supersedes this rule, which means that personal data cannot always be allowed to be erased.

In case of disclosure of personal data to another party, the university shall take reasonable steps to notify this party about the erasure.

In cases where there are legal barriers to erasure of personal data, the university will limit the processing of this data only to the extent of legal requirements.

As data subject, you are entitled to request that the processing of personal data concerning you be limited to certain specific purposes only. The right to limitation can be exercised in the following cases:

• If personal data is incorrect and the university needs time to inspect the accuracy of the data.
• If personal data is no longer required for the university's activities, but the you request further retention due to legal action.
• If you oppose processing performed by the university. The processing is limited in that case until a balance is reached between the reasons of the data subject and the university's compelling legitimate reasons.
• In the event that you requests that the university delete personal data concerning you, but for some reason, the university cannot accept this.

In some cases, you may object to the processing of your personal data. If there are no compelling reasons for the university to continue processing the personal data, such as for meeting legal requirements, then the university will cease processing.

You have the right to get your personal data from the university or to ask us to transfer your data to another controller. This only applies to personal data that you have given to us and when we are processing your data based on your consent or when processing is necessary for the performance of a contract.