Legal information

Here you will find information which by law Mälardalen University must provide when using the University’s electronic services.


At Mälardalen University’s website ( cookies are used. Cookies are small text files stored on the visitor’s device and which are possible to use to monitor what the visitor does on the website.

There are two types of cookies

1. A permanent cookie remains on the visitor’s device for a specified time.

2. A session cookie is temporarily stored in the device memory during the time a visitor is using a website. Session cookies disappear when you close down your web browser.

No personal information about the visitor, such as emails or names, is saved.

Mälardalen University uses cookies to manage choices of language. They are also used on the Student Portal, to identify the user during the time the person is logged in, and in the Alumni Network, to keep track of the user identity.

To avoid cookies

If you do not accept cookies being used you can close these down in your web browser’s security settings. Please note that the Student Portal requires cookies in order to work; if you have closed down cookies in your web browser you cannot use the Student Portal.

You can also set your web browser so that you get a question each time the website tries to place a cookie on your device. By means of the web browser, previously stored cookies can be deleted; see the web browser’s help pages for more information.

More information about cookies

The Swedish Post and Telecom Authority, which is the supervisory authority in this area, provides further information about cookies on their website.

Post and Telecom Authority’s Q&A about cookies

Personal data

Personal data are all kinds of information that can be linked directly or indirectly to a physical living person.

Processing personal data

Every measure which involves personal data, automatic or manual, constitutes a processing of personal data.

Examples of processing can be: collecting, registering, storing, using, disclosing, disseminating, coordinating or disposing of personal data.  

Data Protection Officer

The Data Protection Officer's task is to ensure that GDPR is followed within the organization. For data protection issues contact

Data Protection Officer at MDH is Ann-Marie Alverås Lovén.


The aim of GDPR is to protect people from violation of their personal integrity through the processing of their personal data.

The main rule of GDPR is that personal data may be processed if the person registered has been informed of the processing and its purpose, and also that the person registered has given consent to the processing.

Exceptions to the requirements for consent

The University may process personal data without consent if the processing is necessary in order to:

  • Fulfil agreements
  • Satisfy legal obligations
  • Protect vital interests of the registered person
  • Be able to carry out work assignments of general interest
  • Exercise authority

The University may also process personal data without consent in cases where the University’s need to process personal data outweighs the individual’s need of integrity.

Information that processing is taking place and what its purpose is must be divulged even if consent is not necessary.

Processing students’ personal data

The personal data submitted by the applicant when applying for admission is registered in the universities’ national admissions system. When an applicant is admitted to a course or study programme the personal data are transferred to the University’s system for student documentation Ladok, which is used to document the students’ results and to compile statistics both for internal use and for Statistics Sweden (SCB).

The University is responsible for the processing of applicants and students’ personal data in the above register. Processing is regulated in the Ordinance on the Reporting of Studies etc. at Universities and University Colleges (1993:1153).


Website search

Our website uses an external service for indexing and displaying search results. The external service neither saves or processes personal data.