How we process personal data
This is how Fojo and Linnaeus University processes personal data gathered through our website Lnu.se:
Personal data responsibility
Linnaeus University’s board is responsible for the processing of personal data on the website Lnu.se.
Elisabeth Engström is personal data ombudsman at Linnaeus University.
Purpose of processing
Linnaeus University processes your personal data when you:Register for a course, programme, conference or other event arranged by Linnaeus University or apply for a position. Linnaeus University stores information in order to be able to administer and carry out follow-ups on courses, programmes and events.
Transfer of personal data
Your personal data may also be handed out to those who need to take part of the information in connection to electronic document handling, who have their basis in fulfilling an agreement with you, a legal obligation, a task of public interest, or a task in connection to exercise of public authority where processing of the information is necessary.
Right to request information
You have the right to request information about the personal data about you processed by Linnaeus University, regardless of whether this data has been gathered trough the website or in other way.
Personal data on social media
Linnaeus University may process personal data also on social media, like, for instance, Facebook, Twitter etcetera. Since posts on the public authority’s “platforms” are classified as public documents these will also be archived – however, normally only temporarily.
Linnaeus University does not hand out personal data to a third party – note that companies that provide platforms for communication – like, for instance, Facebook – as a rule have their own terms and conditions for how personal data is stored.
The Data Protection Ordinance and Fojo/Linnaeus University
On May 25, 2018, the new Data Protection Ordinance (DSF) came into force and replaced the Personal Data Act (PUL). The data Protection Ordinance is the Swedish name on the EU ordinance GDPR (General Data Protection Regulation).
The new Data protection Ordinance will bring about major changes concerning the processing of personal data. GDPR applies for organisations but not for individuals. The purpose is to strengthen the individual’s right to privacy and to adjust legislation to the digital society. Another aim is to harmonise legislation within the EU, in order to facilitate the flow of information within the union (but not from the EU to third countries!)
Consequences of the new legislation are that all organisations, including Linnaeus University, are required to process personal data with restraint and to document the processing thoroughly. Persons who are registered in any context are to be given clearer and more information.
In short, the GDPR will result in, among other things:
- data minimisation, that is to say, you will not be allowed to process more data than necessary
- storage minimisation, that is to say, personal data cannot be stored longer than necessary
- more focus on integrity and confidentiality of data
- accountability; documentation that the regulations are met
- transfer to third country can only take place with explicit support in the ordinance
GDPR does not affect the present Ethical Review Act, the Freedom of the Press Act, the Fundamental Law on Freedom of Expression, or the Public Access to Information and Secrecy Act.
The new regulations make greater demands on universities concerning the processing of personal data and clarify the processing and responsibility. For more information about GDPR, contact personal data ombudsman Elisabeth Engström at firstname.lastname@example.org