Privacy Policy

Description of Account activation at Mälardalen University

Account activation at Mälardalen University is used for creating user IDs for students at Mälardalen University.

Processing of personal data

Transfer of personal data

When logging in, personal information is transferred from It is used to create your student user ID.

When logging in, the following personal data are requested from the identity provider you use:

Personal data


Technical representation

Personal Identity Number

To identify you as a user of the service so that you have access according to the rights you have been granted. norEduPersonNIN
Full name To make sure we have your correct name displayName
First name To make sure we have your correct name givenName
Surname To make sure we have your correct name sn
E-mail address To be able to reset your password for your user ID mail

In addition to direct personal data, indirect personal data are also transferred, such as the organisation that the user belongs to and the identity provider that was used when logging in. This information is not used by the login service for any other purpose other than for technical logging.

Other processing of personal data within the service

The account activation service saves technical logs for troubleshooting and security-related incidents.These technical logs contain information about all logins made, including transferred personal data.

Transfer of personal data to third parties

MDH is a government agency and as such, a lot of the information at the university is public. If your personal data appears in a public document, anyone requesting the document can access your personal data, unless your data is confidential in accordance with the Public Access to Information and Secrecy Act (2009: 400).

In addition, your information may be disclosed to collaborators in research projects, to suppliers and other parties who need to access the information as a result of an agreement between the university and the user due to a task of general interest, as part of the exercise of authority or due to a legal obligation that the university has.

Within the frame for the university's operations, a structured eligibility check takes place. Only the staff who work with a task that includes your personal data can share your personal data. Other staff do not have access to your personal information.

The university has dedicated IT-staff to handle systems, eligibility assignments, backups and infrastructure.

When transferring data to another party, the university takes all reasonable measures that may be required to protect your personal data. If the university plans to disclose information about you to other organisations, you will be notified.

MDH will not transfer personal data to other parties without legal basis.

Legal basis

When creating an account for students, the university will process personal data on the legal basis of general interest (Article 6.1.e Data Protection Ordinance, Chapter 2, Section 2 p 1 of the Data Protection Act (2018: 218) and, among other things, Chapter 1, Section 2 and Section 7 of the Higher Education Act ( 1992: 1434)). This processing is necessary for the university to be able to carry out its official assignment.

Right of access, right of rectification and right of erasure of personal data

To request register extracts, corrections and deletion of your personal data, contact the person responsible for personal data via the form at:

Correction of personal data that is transferred in connection with login is done in the identity provider that you use to log in.

Purging of personal data

Your personal data is subject to processing by MDH for the duration of your studies at the university.

When you are no longer a student at the university, your personal data is processed in the manner required by law. Log files with personal data are cleared when they are no longer deemed necessary for traceability or troubleshooting.

Personal data controller

The personal data controller who is responsible for the processing of personal data can be contacted at

GÉANT Data Protection Code of Conduct

This service complies with the international frameworkGÉANT Data Protection Code of Conduct for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.