Processing of personal data at 果冻传媒

果冻传媒 is a public authority governed by the state. The university processes personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, otherwise known as the General Data Protection Regulation (GDPR).听

If you have questions about the university鈥檚 processing of personal data in specific situations or if you want to exercise any of your data subject rights, please contact the operational representative or project coordinator or course convener. You can also contact the university by e-mail or mail.

registrator@kau.se听听
果冻传媒s universitet, Registrator, 651 88 果冻传媒.

You will find contact details for 果冻传媒鈥檚 data protection officer below, under the heading Data protection officer.听

General information about the university鈥檚 personal data processing

果冻传媒 acts as data controller for the personal data processing that takes place within the scope of university operations.听

The main obligation of the university is to provide education, research and development work. This also includes collaborating with the surrounding community and disseminating information about the university鈥檚 activities, as well as ensuring that the research results of the university are put to good use.听

The purpose of all personal data processing within the university is to support these obligations. The data processing that takes place is based primarily on the following lawful grounds: to carry out a task in the public interest or to carry out duties as an authority, to fulfill a legal obligation, to fulfill a contract, or based on the data subject consenting to the data processing. Other lawful grounds may also apply.

The principle of public access to official documents

Much of the information held by 果冻传媒 constitutes public documents. As a rule, the documents are registered and, upon request, the documents can be accessed in accordance with the Public Access to Information and Secrecy Act (2009:400), unless a document contains confidential information. In other words, the public has the right to view certain personal data in accordance with the principle of public access. Normally, the university does not have the right to investigate who has requested access to data, as long as it is not of crucial importance for the confidentiality assessment.

The processing of personal data required by the Public Access to Information and Secrecy Act, the Archives Act and the Administrative Procedure Act for proper handling of the university鈥檚 public documents, and which is carried out with support of the GDPR, is considered necessary for reasons of important public interest.

What is personal data?

Any information that directly or indirectly identifies a person, for example, name, personal identity number, photo, e-mail address and IP address.

What personal data do we process?

The university processes the personal data of students within the framework of our courses and study programmes. Research involves the processing of personal data of those who participate in a research study.

The university also processes personal data of employees, of participants in conferences or other events, and of 果冻传媒 Library patrons. There are also other situations where the university processes personal data, such as contacts and collaborations with individuals or other organisations.

In most cases, personal data are collected directly from the individual. This usually takes place through contacts between the individual and the university. In some cases, personal data can also be collected from someone other than the individual him-/herself.听

Information to students

Personal data (name, personal identity number, address, telephone number, and email address) as well as information on fulfillment of entry requirements, selection criteria, obligation to pay registration or study fees and admission are stored in the admissions database NYA. Your personal data are processed by the Swedish Council for Higher Education and 果冻传媒 when we decide whether you fulfill entry requirements and assess your qualifications before selection.

The personal data of each student are stored in the study administrative database Ladok (name, personal identity number, address, telephone number and email address) and in addition to the data processed in NYA, other information such as participation in courses and programmes and examinations, results, grades, transferred credits or recognition of prior experience and degrees obtained are also stored in Ladok. Ladok also needs to store the information 果冻传媒 needs to supply to Statistics Sweden.

The NYA and Ladok databases are regulated in the ordinance (1993:1153) on reporting study results at higher education institutions. The ordinance allows for data from these databases to be made available to third parties, e.g. other higher education institutions, the Swedish Higher Education Authority, the Swedish Board of Student Finance, and 果冻传媒 Student Union.听听听

Personal data of students are also processed in other study administrative systems necessary to complete courses and programmes.

Information to staff

Personal data are processed in the different staff administration systems to the extent necessary to fulfill employment contracts, adhere to requirements in current legislation and collective agreements and in different additional systems that 果冻传媒 needs to fulfill its obligations. Data processed include personal data (name, personal identity number, address, telephone number and email address) as well as the form, scope and term of employment, other assignments and management titles, work duties, work hours, side-line occupations, pay, taxes and social security contributions, leave, parental leave, sick leave, medical certificates, membership in labour unions, etc. Data may be made available to third parties, for example to fulfill legal requirements regarding the reporting of taxes and social security contributions. Data are made available to, for instance, the Swedish Tax Agency, Statistics Sweden, the Swedish Agency for Government Employers, the Swedish Social Insurance Agency, the National Government Employee Pensions Board, and labour unions.听

Information to participants in conferences and other events

Personal data (name, address, telephone number and email address) and other information supplied in connection with registration are only stored as long as necessary for the administration of the conference or event, i.e. for distribution of information or material and evaluation surveys. Since fees are paid for conferences and other events, invoice data are saved as per current bookkeeping regulations. If you agree to receiving further offers, your data are saved in accordance with the information supplied in connection with this agreement. You can withdraw consent at any time, but this does not affect data processing that took place before withdrawal.听听

Information to 果冻传媒 Library patrons

Personal data (name, personal identity number, address, email address and telephone number) are recorded in the library鈥檚 user database. Borrowed and returned books are registered, as well as use of the library鈥檚 digital environments. If a user does not return books at the end of the borrowing period, a fine may be payable, and personal data may be made supplied to collection agencies and the Swedish Enforcement Authority.

Information to participants in research studies

As a rule, information about the processing of personal data is provided with the invitation to participate in a research study. This often comes in the form of a written information letter describing, among other things, the background and purpose of the study using clear and plain language, together with a separate consent form where you agree to participate in the research study. The information letter contains all the necessary information you need to make an informed decision to participate in the study, including information about personal data processing. If you have questions about how 果冻传媒 processes your personal data in a research study, please start by contacting the researcher in charge. You will find the contact details in the information letter.听

Information to users of the university鈥檚 computer network

When you connect to 果冻传媒鈥檚 computer network, all network traffic is logged and analysed. This includes storing user names and IP addresses. The purpose of this to ensure that all services meet set requirements regarding laws and regulations as well as performance and security, both for you as a user and for 果冻传媒鈥檚 resources.

Information to users of any of the university鈥檚 public web services

Personal data, including IP address, are registered on the web server used for the public web services to ensure accessibility.

How do we protect the personal data?

The university is responsible for ensuring that personal data are protected by appropriate technical and organisational measures. The appropriate level of security is determined in relation to any risks in connection with the processing of personal data in an individual case. When the university transfers personal data to another party, the university is responsible for taking the legal, organisational and technical measures required to protect your personal data.

For example, technical and organisational protection could mean that only authorised persons have access to the data, that the data are encrypted, that they are stored in specially protected IT environments, and that the data are backed up.听

How long do we store personal data?

We only save your personal data for as long as it is needed for the purpose of the data processing. However, in some cases there are laws and other regulations requiring that the data are stored for a longer period.

With regard to public documents, personal data included in them are treated in accordance with the provisions of the Freedom of the Press Act (1949:105), the Archives Act (1990:782), the Swedish National Archives鈥� regulations and the university鈥檚 information management plan. In some cases, this means that personal data are stored for archival purposes for longer than required to fulfill the original purpose of the processing in the university archives.

Who has access to the personal data?

Employees at 果冻传媒 who need access to personal data in order to carry out their work tasks are allowed access.

In addition to the disclosure of personal data that 果冻传媒 is required to do as a result of the principle of public access to official documents, the University is obliged to transfer certain personal data to other authorities, such as the Swedish Government Offices, the Swedish National Audit Office, the Swedish Agency for Government Employers, the Swedish Board of Student Finance, and Statistics Sweden. This is required in order to coordinate and monitor the activities and operations of public authorities and to ensure that public funds are used correctly.

Personal data may also be disclosed to the university鈥檚 partners, for instance, within a research project. In cases where it is required that specific information is provided regarding personal data being transferred to another organisation, the individual will be provided with this information.

果冻传媒 uses data processors for different types of IT services. The data processors who are hired may only process personal data in accordance with the purposes and instructions provided by the university regarding the processing. Furthermore, the processors and their personnel will never have access to more data than necessary in order to fulfil the service covered by the agreement with the university. Personal data processing run by a data processor is regulated by a so-called data processing agreement between the university and the data processor.

Transfer of personal data to a third country outside of the EU/EEA

The university may transfer personal data to a third country, i.e. a country outside of the EU/EEA. In such cases, special requirements of the GDPR apply. The university is responsible for taking the legal, organisational and technical measures required to achieve an appropriate security level to protect these personal data. Specific information may be given in individual cases to those whose personal data are subject to such a transfer.

The data subject鈥檚 rights according to the General Data Protection Regulation

The GDPR gives you, as an individual, a number of rights in relation to 果冻传媒. The university normally handles requests within a month. In order to meet a request, the identity of the individual must be confirmed.

However, 果冻传媒 would like to emphasise that authorities must comply with the regulations that apply to public documents, public access and confidentiality, recording of documents, archiving and erasure. This means that your rights may be limited in cases where personal data are processed as part of the university鈥檚 obligations as a public authority.

Right to access records

You have the right to request information about the personal data relating to you that the university processes. Contact us via e-mail or mail if you wish to access your personal data held by the university. Please specify if you have come in contact with us as a student, employee, as part of a research project or other capacity.听

registrator@kau.se听听
果冻传媒s universitet, Registrator, 651 88 果冻传媒.

Right to rectification

If you believe that your personal data are incorrect or incomplete, you can request that inaccurate information be rectified or that missing personal data be added.

Right to object

When 果冻传媒 processes personal data to carry out its duties as an authority or to carry out other tasks of public interest, you have the right to object to the data processing at any time. If the university cannot prove that there are compelling, justified reasons for continuing to process the data, the university must cease its processing.

Right to limitation of processing

In certain cases, for example if you have objected to the data processing, you have the right to demand that the processing of your personal data be limited. By requesting a limitation, you have, at least for a certain period of time, the opportunity to stop 果冻传媒 from using the data other than to, for example, defend legal claims. You can also prevent the authority from deleting the data, for example if you need the data to claim damages.

Right to erasure (鈥榬ight to be forgotten鈥�)

In certain cases, you can request that the data relating to you be erased. However, when your personal data are needed for 果冻传媒 to fulfil its obligations or if they appear in a public document, 果冻传媒 will not be able to delete the data.

Right to data portability

When the university processes your personal data with the support of the lawful grounds of consent or contract, you will in certain cases have the right to be given and to use your personal data elsewhere, for example, by transferring the data to another data controller.

Data protection officer

果冻传媒 is a public authority and has thereby, in accordance with article 37 of the General Data Protection Regulation, designated a data protection officer. Conny Claesson is 果冻传媒鈥檚 Data Protection Officer and responsible for managing compliance with the GDPR. The university鈥檚 Deputy Data Protection Officer is Niklas Nikitin.

You can contact 果冻传媒鈥檚 Data Protection Officer by e-mail or mail if you wish to exercise your data subject rights or if you have questions regarding the university鈥檚 processing of your personal data.听

dpo@kau.se听
果冻传媒s universitet, Registrator, 651 88 果冻传媒.

Lodge a complaint with the Swedish Authority for Privacy Protection

If you believe that the university鈥檚 processing of your personal data infringes the GDPR, you have the right to file a complaint with the Swedish Authority for Privacy Protection (IMY). More information on how to submit a complaint can be found on the Swedish Authority for Privacy Protection鈥檚 website.