Search

Other search services

Courses and programmes Syllabus Welcome letters Staff Job vacancies

Handling of students' personal data

What does this page apply to?


This page is aimed at those who are employed at Mid Sweden University and who, in their work role, handle or use students' personal data. Here you will find an overview of how the University may process students' personal data, according to current rules, and what you as an employee need to think about.

What personal data may be processed?

Personal data about students comes primarily from:

  • Antagning.se (managed by the Swedish Council for Higher Education)
  • Ladok (study documentation system)
  • Information provided by the student himself/herself, or created during the education (e.g. in Moodle)
  • Previous higher education institutions (e.g. credit transfer)

Examples of personal data that is processed:

  • Name, personal identity number, contact information
  • Course and programme affiliation
  • Study results and attendance
  •  Information on exchanges, support measures, disciplinary matters, library use

When and how may the data be used?

You may only use students' personal data in accordance with the purposes established by the University, and which are supported by law or other legal basis.

Examples of approved purposes:

  • Give students access to student accounts, systems and premises
  • Record and document study results
  • Carry out examination and plagiarism control
  • Communicate with the student during the education
  • Provide guidance, resources, and support
  • Manage exchanges and travel grants
  • Create and administer library account
  • Meet reporting and statistical requirements
  • Participate in research or evaluation of education
  • Handle disciplinary cases
  • Archiving according to regulatory requirements

Important: The data may only be used in the service, for these purposes. It is not allowed to use students' personal data for other purposes — for example, private purposes, commercial purposes, or sharing with third parties without a legal basis.

Basic principles you as an employee must follow

  • Data minimisation: Handle only the personal data that is necessary for the purpose.
  • Information security: Ensure that data is handled securely, in the right system, with the right permissions.
  • Clarity towards the student: The student has the right to know why their data is being processed.
  • Special care in sensitive data (e.g. health, disciplinary matters, protected identity).

Disclosure and transfer

Personal data about students may sometimes need to be disclosed to external parties — for example, other higher education institutions, CSN, government agencies, research funders or suppliers of technical services.  and, if necessary, is handled by means of an agreement (e.g. a data processing agreement). If you request disclosure of an official document, please contact the responsible registrar or lawyer.

Storage and thinning

How long personal data may be stored is governed by deletion regulations. Some data is stored forever (degree certificates), others for a shorter period of time (e.g. exam answers for two years), and when data is no longer needed for its purpose, it must be deleted or archived in accordance with the applicable rules.

If you have questions

If you are unsure about what applies — or if you are wondering about a specific situation — always contact the University's Data Protection Officer: dataskyddsombud@miun.se

 

The page was updated 3/19/2026

Content owner:

Digitalization and Services (DOS)