Personal data management

Controller of personal data

Student Health Care is part of the University of Borås, and it is the university that is the data controller and is responsible for ensuring that personal data is processed in a legal way.

How your personal data is processed

Information that you provide about yourself in contact with Student Health Care is used to make an appointment with you, communicate with you, and document contacts with you in your records.  

Legal basis

Every time Student Health Care processes your personal data, it is required by law for this to have a so-called legal basis. Student Health Care may process your personal data because it is necessary

for reasons related to the provision of healthcare (Article 6(1) (e) and (h) of the EU Data Protection Regulation).

Normally, no approval from you is needed for Student Health Care to process your data. In some cases, however, we may ask for your consent, for example for appointment notices by email. It is voluntary to give such a consent and you can withdraw your consent at any time.


Only those who work at Student Health Care have direct access to your personal data and may access the data.

Search term

To search for and retrieve your journal, your Swedish personal identification number is used as a search term. There are no searches for any other purpose or with other search terms.


Student Health Care’s processing of personal data is regulated strictly by law. It is primarily the Patient Data Act and the Swedish National Board of Health and Welfare's related regulations, the General Data Protection Regulation and the Public Access to Information and Secrecy Act that govern how personal data may be used. The laws state how your data may be used and how the data should be protected in the IT systems used. For example, access control, strong authentication, and encryption are used to protect personal data from unauthorised access.


Everyone who works at Student Health Care has a duty of confidentiality. Confidentiality means that it is forbidden to disclose information about you unless permitted by law. Provisions on confidentiality and exemptions from the obligation of confidentiality can be found in particular in Chapter 10 and 25 of the Public Access to Information and Secrecy Act and Chapter 6 of the Swedish Patient Safety Act.

Storage time and culling

Culling (destruction) and archiving of information takes place in accordance with the Archives Act and relevant culling decisions at the university. Medical records and the personal data contained therein are kept in accordance with the rules of the Patient Data Act. Other personal data is deleted when it is no longer necessary.

Your rights

You have the right to access the personal data being processed and request rectification, supplementation, or deletion of these, as well as object to the processing or request that the processing be restricted. You also have the right to receive a so-called log extract. However, some rights are not unconditional and cannot always be met, such as the deletion of personal data.


You may be entitled to damages if your personal data has been processed incorrectly.


If you have questions or comments about the processing of your personal data or if you want to use any of your rights, you are welcome to contact Student Health Care. If you are dissatisfied with how your personal data has been processed, you can contact the university's data protection officer by sending an email to You also always have the right to lodge a complaint with the Swedish Authority for Privacy Protection, which is the supervisory authority.

Read more on other websites