Utskrift från Malmö universitets webbplats www.mah.se

Processing of personal data at Malmö University

On this page you will find information on how Malmö University, as a public authority, processes personal data. The University complies with the General Data Protection Regulation (GDPR).

Malmö University is responsible for all processing of personal data within its operations. This web page describes how your personal data is processed at the University.

Malmö University processes personal data in accordance with EU regulation 2016/679 of the European Parliament and of the Council. This regulation is referred to as the General Data Protection Regulation (GDPR).

How do we use your personal data?

Malmö University processes personal data in order to fulfill our assignment as a public authority and university, specifically within research and education, and in order to collaborate with broader society. We also process this data in order to review and develop our operations, and to comply with Swedish law.

All processing of personal data at the University occurs in order to promote these purposes in some form. Processing must also have a legal basis. We only process personal data that is needed for a particular purpose.

Your teacher, manager or head of research at Malmö University can provide you with more information on how your personal data as an employee, student or external stakeholder is processed. If you have not received any information, you can contact the University’s Data Protection Officer (dataskyddsombud@mau.se).

What personal data do we collect?

At Malmö University, there are various reasons for collecting personal data. The most common reasons are that you are a student, researcher, employee, patient, participant at a conference or other event, job applicant, or that you have contacted or collaborated with the University for some other reason.

Most of this information will be collected directly from you. In certain cases, we also collect data from other sources such as the Swedish Tax Agency or the Swedish Board of Student Finance (CSN).

What personal data we process depends on the information we need. The following information is often necessary:

  • contact information such as your name, address, phone number and email;
  • personal identification numbers, when we need to ensure your identity or to coordinate your information between systems to ensure uniform information;
  • bank or other financial information in order to disburse a payment or send an invoice;
  • personal data that has been collected within the framework of participation in a research study;
  • study results or other information regarding your studies at Malmö University;
  • information that we need about you as a patient, either at our dental clinic or at the Student Health Service;
  • information on how to use our websites, for example cookies, which are used to improve user-friendliness;
  • information for conference or course participants; and
  • personal data which is necessary for employment or if you have applied for a job.

How is your personal data protected?

Malmö University must ensure that all processing of personal data is protected through
technological and organisational measures. The measures must ensure a security level appropriate to the risk. The security aspects must include confidentiality, integrity and availability as well as adequate technological protection. This may involve only giving those authorised access to the information, encrypting the information, storing it in specially protected locations and making a processing copy. The University has an information security management system that continuously reviews all administrative systems in which risk and vulnerability analyses are carried out, classifies the information, charts the system dependence, and follows up on the practical work.

Who can access your personal data?

A lot of information at Malmö University is defined as part of public records. If your personal data can be found in a public record, anyone who requests access to this document can view your personal data, unless the Public Access to Information and Secrecy Act (2009:400) prevents this.

In addition, your personal data may be disclosed to Malmö University’s partners during research projects, to suppliers, or to other parties that need access to this data due to an agreement between yourself and the University. Data may also be disclosed to external parties if it is needed for a public interest task, as part of the operations of an official authority, or because of a legal obligation that Malmö University has.

A public interest task is a task Malmö University must fulfill according to law, or according to decisions based on laws, but which is not directly part of Malmö University’s assignment as a public authority.

When transferring personal data to another party, Malmö University takes all legal, organisational and technological precautions necessary in order to protect your data. You will be informed if we plan to disclose information about you to other organisations.

Malmö University will only transfer personal data to other parties if there is a legal basis for this.

For how long do we store your personal data?

We only store your personal data for as long as is necessary for the purpose of the processing, or as long as is required by law.

  • If, for example, you are an employee, we process your personal data for as long as we need to manage your employment conditions.
  • If you are a student, we process your personal data as long as you are associated to Malmö University; in practice this means six months after the last course registration has ended, unless you notify us earlier.
  • If you are a participant in a study, we process your personal data for as long as is necessary to ensure the quality of the research.

In regard to official documents, personal data is managed in accordance with the Freedom of the Press Act (1949:105), the Archives Act (1990:782) and the Swedish National Archive's regulations. In many cases, this means that your personal data may be stored in Malmö University’s archive between five years and in perpetuity.

Transfer of data to a non-EU/EEA country

Malmö University may transfer personal data to a third country outside the EU/EEA, primarily as part of international research projects. The University will then take all reasonable legal, organisational and technological precautions necessary to achieve an adequate security level for your personal data. You will also be informed if this should occur. Personal data may also be transferred to third countries in connection with procured IT services, but the University will only do so if the security of the data can be guaranteed.

Rights under the General Data Protection Regulation


If you have any questions on data protection, please get in touch with your university contact or the University’s Data Protection Officer (dataskyddsombud@mau.se).


The University’s Data Protection Officer (dataskyddsombud@mau.se).

Read more

Last updated by Maya Acharya