Processing of Personal Data

If you contact us, we will process your personal data to communicate with you and handle the matter that has been submitted. The data processed is usually contact information (name, email address) and any additional personal data that you have provided in your contact with us. The legal basis for the processing is a task of public interest.

The university uses several different social media platforms, such as Facebook, LinkedIn, Instagram, and Twitter. There, we publish interviews and photos from our activities, for example, of our researchers, which means that we process, for example, images and names. On social media, personal data processing also occurs when you interact with MDU's posts and pages in various ways (likes, comments, visits).

The purpose of personal data processing on social media is to inform about our activities and communicate with our target audience. The legal basis for personal data processing is public interest.

MDU removes inappropriate content from social channels, such as in comment fields. Read about social media guidelines.

The university has several official websites, such as mdu.se, where information about the university's activities is published. On these websites, the university is responsible for personal data that is published on the site, such as names and contact information, and the purpose is to inform about our activities. The legal basis for the processing is public interest.

MDU's website also uses cookies. The purpose of the cookies is to improve the website for you as a visitor and to develop the website.

About this website and cookies

MDU has an alumni network that is intended for everyone who has studied at Mälardalen University (formerly college). When you choose to join the alumni network by registering, your personal identification number is processed to verify your identity. You can also provide contact information and information about your employer and LinkedIn profile so that the alumni network can send you information about lectures, newsletters, and your program or subject area. When you join the network and register for activities and events or otherwise show interest in participating in the activities, the legal basis is consent.

For other alumni activities, the legal basis is public interest. The processing is carried out to collaborate with the surrounding community and inform about the university's activities, as well as to ensure that research results from the university are utilized.

If you are a student at MDU, we process your personal data, such as name, personal identification number, and information about study results and other information related to your studies at the university.

The personal data you provide when applying for admission is registered in the national admissions system for universities (NyA). If you are admitted to a program, the personal data is transferred to the university's study documentation system (Ladok), which is used to document students' results and compile statistics for both internal use and for Statistics Sweden (SCB).

The university is responsible for handling applicants' and students' personal data in the aforementioned registers. The handling is regulated by the ordinance on the reporting of studies, etc., at universities and colleges (1993:1153).

For admission, examination, and credit transfer of courses, the legal basis is that the processing of personal data is a necessary step in the university's exercise of authority. For other personal data processing necessary for you to be a student at MDU, the legal basis is public interest.

MDU processes your personal data as long as you are a student at the university. When you are no longer a student at the university, your personal data is processed as required by law.

When registering for conferences, lectures, and other events organized by the university, we process your personal data to manage the activity and conduct follow-ups. The university process contact information such as name, email address, and any dietary requirements. Our processing is necessary to perform a task in the public interest (Article 6.1 e GDPR). Personal data is deleted after the event has been completed.

During these activities, we may also take photographs and record videos. The visual material captured will be used for marketing purposes to promote our activities and operations. This material may be featured on various platforms such as LinkedIn, Facebook, and Instagram. Our processing of this visual material, where you may appear, is necessary to perform a task in the public interest (Article 6.1 e GDPR). Clear signage will be in place to indicate that audio and/or video recording is taking place during these activities.

MDU conducts research as part of the university's mission as a research institution. If you participate in a research study, you will receive specific information from the responsible researcher about how and why your personal data is processed in connection with your participation. Your personal data will be processed as long as necessary to ensure ongoing research.

MDU processes personal data in connection with job applications. The personal data is processed to enable MDU to administer the applications and fill the position. The processing for filling the position is part of MDU's exercise of authority and other processing is to perform a task of public interest. Data is stored for at least two years to fulfill legal obligations according to the Discrimination Act.

In order to administer contractual relationships and fulfill agreements, MDU processes personal data about contractors and suppliers. The personal data processed includes names, contact information, and financial information necessary for making payments or invoicing. The legal basis is the contract. Personal data that appears in public records is stored according to applicable archival regulations. Other data is deleted when the contract ends

You have the right to request information on whether the university processes personal data about you. You also have the right to receive a free copy of the personal data being processed. If you request extracts repeatedly, MDU will charge a fee to cover administrative costs for this. When handling a request for a register extract, the university will also provide information about the processing, purpose, legal basis for the processing, and anticipated storage periods.

You have the right to receive information about the processing of personal data when your personal data is collected or at the first point of contact if it is collected from someone else. You have the right to be informed in clear and plain language about, among other things, why your personal data is being processed, how long it will be stored, and, where applicable, who will have access to your data.

If you believe that the personal data concerning you is incorrect or incomplete, you can request to have the data corrected or supplemented.

You have the right to have your personal data deleted from the university's systems if the data is no longer needed to fulfill the purpose for which it was collected. If your personal data has been disclosed to another party, the university will take all reasonable steps to inform these parties of your request for deletion.

You also have the right to request the deletion of specific personal data, for example, if you appear in a photo on a webpage managed by the university or if your email address is on a newsletter distribution list.

There may be legal requirements and regulations that require the university to retain your personal data, such as rules on public records or documentation of studies and research. We will evaluate your request to be forgotten against applicable legislation.

You have the right to request that the processing of your personal data be restricted, which means that the university ensures that personal data is only processed for specific purposes. MDU will restrict processing in the following cases:

If you inform us that your personal data is incorrect and the university needs time to verify the accuracy of the data. If the university no longer needs the data, but you request that it continue to be stored because you need it to assert legal claims. If you object to processing carried out by the university. In such cases, the processing will be restricted until a balance has been struck between your reasons for the objection and the university's compelling legitimate reasons.

You have the right to object to MDU processing your personal data in certain cases, such as in research or educational activities. The university will then cease the processing unless MDU has compelling reasons to continue it, or if the processing is required to assert legal claims.

If MDU processes personal data about you to fulfill a contract, you may, in certain cases, have the opportunity to obtain personal data concerning you to use elsewhere, for example, to transfer the data to another data controller. This right is called data portability.