How we handle personal data

With the new Data Protection Ordinance (GDPR) your privacy and security are strengthened as to how we as an authority will process and protect your personal data. In order for you to know that we are handling your personal data in a safe and secure way, we have summarized the most common personal data processing practices in Uniarts' privacy policy. It describes in more detail how and why we save your personal information and what rights you have.

Responsibility for processing personal data

Uniarts is responsible for processing personal data and is responsible for processing personal data in accordance with applicable legislation.

Public access to information

Uniarts is a state authority. Upon contact with us, your questions and answers will normally be a public document and, in most cases, possible for others to request and read.

Legal basis for processing personal data

Personal data is all kinds of information that can be linked to a person in life such as information about names, social security numbers, e-mail addresses and photographs.

In order to process personal data, there must be support in current data protection regulations, a so-called legal basis. This means that if Uniarts' processing is to be legal it should be either

  • necessary to complete an agreement/contract with you,
  • to fulfill legal obligations,
  • necessary to protect interests that are of fundamental importance for the registered or for another physical person,
  • that the processing is necessary for carrying out a task of public interest or public authority.

Personal data can also be processed if there is a consent from you to do so.

All processing of personal data should be listed. This allows Uniarts to systematically check that processing of personal data have a legal basis. For access to the list, contact the Uniarts’ registry.

Collecting and processing of personal data

Uniarts only collects and processes personal data relevant to a specified purposes with support from one of the legal basis.

How Uniarts processes personal data about employees and contractors

As an employer, Uniarts may lawfully process personal data about employees and contractors to the extent necessary to fulfill the employment or engagement agreement.

How Uniarts processes personal data about jobseekers

Personal data will only be used by Uniarts for recruitment purposes and statistical follow-up. The data is only accessible to recruiting staff. Anyone seeking a job through Uniarts's recruitment tool agrees to personal data processing via the web. Your information in connection with your application, CV, personal letter and other information you provide will be stored in the recruitment database for two years after the recruitment process has been completed in accordance with the Swedish National Archives regulations.

The personal data of the employee will be archived in full along with the name and social security number of the other applicants for the job.

How Uniarts processes personal data about applicants for education

The personal data will only be used by Uniarts for processing your application and statistical follow-up. The data is only accessible to staff at the university. You who apply for an education through Uniarts' application system agree to personal data processing via the web. Your data in the application documents and other information you provide will be stored in the application system for two years after the admission period has been completed in accordance with the the Swedish National Archives regulations.

The personal data of the accepted to the education will be archived.

How Uniarts processes personal data regarding information materials, newsletters, notifications for seminars and conferences and more

Personal data provided in connection with a subscription or ordering of information material is only saved as long as you are a subscriber or as long as it is required to make the sendout or process your order. You agree to the personal data processing and may at any time unsubscribe.

Personal data provided in connection with notifications to seminars, conferences and other events will only be saved as long as it is required to administer the event.

Storage data

Personal data is cleared, deleted or unidentified on a regular basis. The personal data Uniarts collects is processed for different purposes and thus saved for a long period of time depending on their use and obligations under law. However, personal data will never be stored for a longer period than is necessary for the purposes for which they are processed.

Some of the personal data for employees are deleted shortly after termination of employment. This refers, for example, to the employee's e-mail account or contact information on Uniarts' website. Other personal data are necessary to preserve, for example, information that is necessary for the payment of a pension.

Is personal information distributed to other recipients?

In accordance with the the principle of public access to official documents, public documents may be disclosed to journalists and individuals requesting access to public documents. Uniarts is required to submit personal data to, for example, the Swedish Agency for Government Employers, the Swedish Tax Agency, The National Government Employee Pensions Board (SPV), Statistics Sweden and others. Personal data may also be provided to our contractors and IT providers.

Within Uniarts' operations, a number of different IT services and IT systems are used. Some systems are installed locally with us, and only Uniarts’ personnel have access to their personal data. In these cases, no transfer will be made to third parties. Some systems are installed at the supplier or are cloud solutions and then personal data is transferred to the supplier. In these cases, the supplier is a personal information officer and handles personal data on Uniarts' assignment and according to our instructions.

Safety measures

Uniarts takes technical and organizational measures to ensure that all information processed by Uniarts is protected from unauthorized access, change and destruction.

All development of our systems, services and operations in general takes place with respect for personal integrity and with due regard to data protection legislation.

Your rights

Uniarts is responsible for processing your personal data in accordance with applicable legislation.

Uniarts will, at your request or on its own initiative, rectify or supplement personal information that is found to be incorrect, incomplete or misleading.

Depending on the legal basis on which the treatment is based, you are entitled to delete your personal information. This means that you are entitled to request that your personal information be removed if they are no longer required for the purposes for which they have been collected. However, there may be legal requirements that will prevent Uniarts from immediately deleting your personal information. Uniarts will then end the processing being done for purposes other than complying with legislation.

Depending on the legal basis on which the treatment is based, you are entitled to data portability. It implies the right to, under certain conditions, extract and transfer your personal data in a structured and machine-readable format to another personally responsible person.

You are entitled to lodge any complaints regarding the processing of your personal data to Swedish Data Protection Authority.

Request for registry

You are entitled to receive, upon request, information about the personal data that Uniarts’ registers and processes in your records about you. Contact us via registry registrator@uniarts.se.

Cookies

On Uniarts’ website, we use so-called cookies to create a good user experience. A cookie is a small file that is placed on your computer when you visit a website.

If you do not wish to accept cookies, your browser may be set to automatically deny cookies or you will be notified when a web page contains cookies. Through the browser, previously stored cookies can be deleted. See your browser's help pages for more information on how to do this.

Questions and complaints

Personal Data Responsible is Uniarts. For questions or complaints, please email: gdpr@uniarts.se.

If you want to know more about GDPR, you can visit the Swedish Data Protection Authority's website: www.datainspektionen.se.

Complaints about our handling of personal data can also always be made to the Swedish Data Protection Authority.