Örebro University is the controller of the personal data processing that takes place in the course of the University's activities. Örebro University is a government authority which means that messages and other information sent to us take on the status of public documents. This means that anyone has the right to read it.
Personal data is stored for as long as it is necessary for the purpose of the processing and in accordance with legislation in force and the University's information management plan. The data is in some cases processed in external cloud services. Under the Personal Data Act (as of 25 May 2018, the General Data Protection Regulation [GDPR]), you are entitled to access, free of charge, all the data that is being processed about you and, when required, have any inaccurate personal data rectified. You also have the right to have your personal data erased, ask for restricted processing, or object to the processing of your personal data. You can also lodge a complaint to the Swedish Data Protection Authority.
Information for students
In the admissions register NyA, identity data (name, personal identity number, address, telephone number and email address) as well as data on admission requirements; selection criteria; liability for tuition and application fees; and admission is stored. Your data is processed by the Swedish Council for Higher Education and Örebro University when we assess whether you meet the entry requirements and when we evaluate your qualifications prior to selection.
In the Ladok student register, each student's identity data (name, personal identity number, address, telephone number and email address) and, in addition to those data processed in NyA, data on participation in courses, study programmes and examinations; study result; grades; transfer of credits awarded for courses and study programmes or other activities; and degrees is stored. The student register shall in addition contain such data that is required to facilitate transfer of data by Örebro University to Statistics Sweden.
Provisions on the NyA and Ladok registers are laid down in the ordinance on reporting studies etc. at universities (Förordningen [1993:1153] om redovisning av studier mm vid universitet och högskolor). Disclosure of data from these registers may be made to third parties (e.g. other universities or the Swedish Board of Student Finance) in accordance with the list provided in the ordinance.
Processing of data concerning you as a student also takes place in other study administrative systems that are essential for effecting your course or study programme.
Information for participants in conferences and other events
Personal data (name, personal identity number, address, telephone number and email address) and other data provided when you sign up for an event is only stored for as long as it is necessary for the administration of the conference or event, i.e. for mailing of information and material as well as evaluation surveys. Since there is a fee for conferences and other events, invoicing data is stored in accordance with current bookkeeping regulations. If you have given your consent to receiving further offers, your data will be stored in accordance with the information supplied at the time of consent. You can withdraw your consent at any time. A withdrawal of consent will however not affect any processing prior to the withdrawal.
Information for borrowers at the University Library
Personal data (name, personal identity number, address, telephone number and email address) is registered in the Library borrower's register. In the borrower's register, books on loan and returned books are registered. The use of the library's digital environments is logged. If the borrower does not return the books after the return date, overdue fines may be issued and personal data may be transferred to debt collection agencies and the Swedish Enforcement Authority.
Information for employees
Personal data is processed in various HR systems to the extent necessary to honour employment contracts and meet criteria in current legislation and collective agreements. Personal data is also processed in various systems otherwise needed for Örebro University to exercise its prescribed responsibilities. Categories of personal data processed include identity data as (name, personal identity number, address, telephone number and email address); form and scope of employment; term of employment; additional assignments and management positions; workload plans; work schedules; secondary employment; salaries; taxes and social security contributions; holiday; parental leave; sick leave; doctor's certificates; trade union memberships etc. Disclosure of data to third parties may be made, for instance in compliance with legal requirements such as the reporting of taxes and social security contributions. Organisations to which disclosures are made include the Swedish Tax Authority; Statistics Sweden; Swedish Agency for Government Employers; Swedish Social Insurance Agency; Swedish Higher Education Authority (UKÄ); National Government Employee Pensions Board (SPV); and trade unions.
More information (offered in both Swedish and English) on GDPR and information sessions can be found on Inforum / Stöd och service / Informationssäkerhet, and on the Swedish Data Protection Authority's website.
If you have questions on the University's processing of personal data, please contact our data protection officer, see contact details below.
Data Protection Officer
You can read more about processing of personal data and the forthcoming General Data Protection Regulation (GDPR).
Swedish Data Protection Authority
The Personal Data Act, Swedish Data Protection Authority