The person whose personal data are processed has certain rights under the General Data Protection Regulation (GDPR). These include the right to information, the right to have personal data erased and the right to obtain extracts from the register.
A general description of how Umeå University processes personal data can be found on the page www.umu.se/gpr.
Information for data subjects
Umeå University will, in connection with the collection of personal data concerning individuals (hereinafter referred to as "data subjects"), provide data subjects with information about the processing of personal data. The data subject has the right to receive information both before processing and upon request. In some cases, special information may also need to be provided to the data subject — for example, if there is a data breach or similar incident (a personal data breach) at the University. The information is to be provided free of charge in an easily accessible, written form (which may be in electronic form) and in clear and simple language.
To ensure that the correct information is submitted, use the checklist and template provided on this page (in Swedish).
Handling of received requests regarding rights under GDPR
When a request based on the rights stated in GDPR, such as a request for erasure or an extract from the register, is received by the University, the recipient of the request is to immediately forward the request to the registrar.
The Legal Affairs Office handles cases concerning this type of request. Various people in the organisation, such as heads of department, may be contacted to assist in handling the case. These cases need to be handled expediently, since the data subject has the right to receive a ruling on the matter within 30 days.
If you are unsure whether what you have received constitutes a request under GDPR, you should immediately contact the Legal Affairs Office via email@example.com.