Personal Data Processing Policy

1 Background

We process your personal data primarily to fulfil and manage our legal obligations and requirements from government agencies, as well as to comply with and fulfil concluded agreements. We do not process any personal data beyond what is needed for the purposes, and we always strive to use the least sensitive information.

We may also need your personal data to carry out course evaluations and market surveys, and to provide you with good service, for example when it comes to marketing, follow-up and information about your participation in our activities.

2 Aim

We will protect your privacy. We want you to feel safe trusting us with your personal data. We have therefore produced this policy, which is based on current data protection legislation, to clarify how we work to safeguard your rights and your privacy.

The aim of this policy is for you to know how we process your personal data, what we use it for, who can access it and under which circumstances and how you can safeguard your rights.

3 Guidelines

What personal data do we process?

We only process personal data when we have a legal basis to do so. We do not process your personal data in any other case than when it is needed to meet obligations in agreements with government agencies, our general terms and conditions and legislation, as well as to provide popular education, which is a task in the public interest. The following are a few examples of the personal data that we process:

  • Name
  • Address
  • E-mail address
  • Telephone number
  • Personal identity number/LMA number
  • User name
  • Photographs/images/videos/audio recordings
  • Charge and credit card numbers, account numbers and other bank details
  • Participation in courses
  • Information that you have provided voluntarily

How do we gain access to your personal data?

We primarily gain access to your personal data when you yourself give it to us in connection with signing up for a course or a programme. We may also gain access in the following ways:

  • Information that you give us directly
  • Information that is registered when you visit our website
  • Information that we receive from public records
  • Information that we receive when you sign up for our lectures, courses, programmes or seminars
  • Information that we receive when you sign up for newsletters and other mailing lists
  • Information that we receive when you answer questionnaires and surveys
  • Information that we receive when you contact us, apply for a job with us, visit us or otherwise contact us
  • Information that we receive during a credit rating
  • Information that we receive in conjunction with an assignment from a government agency

In which ways and on what basis do we process your personal data?

Through provisions in the ordinance relating to government funding for popular education, it has been established in Swedish law that the folk high schools’ and adult educational associations’ pursuit of educational and cultural activities is a task in the public interest. Popular education activities that are subject to a local authority decision are also considered tasks in the public interest. Medborgarskolan processes personal data based on the public interest in order to manage course activities and communicate with course participants, and to meet regulatory requirements as well as the requirements set by the Swedish National Council of Adult Education and other funders in regard to follow-up, evaluation and quality review of Medborgarskolan’s activities (for example through participant surveys and statistical studies).

We also process personal data in accordance with the law, i.e., due to a legal obligation, such as requirements set out in the Bookkeeping Act.

In addition to our processing of personal data on the basis of public interest or legal obligation, we also process your personal data in accordance with the agreement that you enter with us in conjunction with participating in course activities. We process your personal data for the express purposes stated in the agreement and to the extent required for us to fulfil the agreement and provide our educational service.

In some cases, we also process personal data on the basis of “legitimate interests”. This happens primarily when processing is done for marketing or information purposes.

When it comes to the processing of personal data that is not necessary for the fulfilment of the agreement, or for which there is no basis in terms of public interest or legislation, we will ask for your consent in conjunction with obtaining such personal data. This refers to

  • Information that you may provide in a declaration of health
  • If we plan to use images of you or your child when talking about our activities, for example in a newsletter, course brochure or website.

You have the right at any time to revoke your consent to the type of processing described above. We will then stop processing your personal data or obtaining new data, provided that it is not necessary in order to fulfil our contractual or legal obligations.

What information do we give you?

When we collect your personal data for the first time, we will inform you of how we obtained the personal data, what we will use it for, what your rights are pursuant to the data protection legislation and how you can assert those rights. In practice, this is done in reference to the policy at hand. You will also be informed of who is responsible for the processing of your personal data and of how you can contact us if you have any questions, or if you need to submit a request or inquiry in reference to your personal data and/or rights.

Is your personal data being securely processed?

We have procedures and methods in place to ensure that your personal data is being processed securely. Only people who need to use the personal data to carry out their tasks and to fulfil Medborgarskolan’s commitments shall have access to such personal data.

Our security systems have been developed with your privacy in mind, and they provide a very high level of protection against breach, destruction and other incidents that may entail a risk to your privacy. We have IT security agreements in place with our IT suppliers in order to ensure that your personal data is securely processed.

When do we share your personal data?

We do not transfer personal data to third parties, unless we have express grounds in the Agreement or other legal basis in accordance with this policy, and we never transfer personal data outside of the EU/EEA.

We are obligated, upon request, to share the personal data that the Swedish National Council of Adult Education, government agencies and local authorities deem necessary for the exercise of their official authority.

In some cases, personal data is transferred to our subsuppliers, for example, for marketing, information and follow-up purposes and storage. See more on processors in point 5 below.

Erasure procedures

We will save your personal data as long as is necessary to fulfil the Agreement with you and to assert our rights, or where we have a basis in legislation or guidelines and decisions from the Swedish National Council of Adult Education. To give an example, we are obligated in accordance with the Bookkeeping Act to store attendance records and cultural programme reports for seven years.

We never save your personal data for longer than the current calendar year plus two years after a completed course or programme, unless we are required to do so to fulfil our public task or have a legal basis. In the event that we are processing personal data due to a legitimate interest, we will save the data as long as you may have an interest in the subject of our marketing and information.

4 Your rights

Revoke consent

If you want to revoke your consent to our processing of your personal data, you can contact us using the contact information stated under point 6 below.

Request for correction or erasure

You have the right to request that your personal data be corrected or erased. You are also entitled to request that the processing of your personal data is limited, or to object to processing in the manner set out in the General Data Protection Regulation or national privacy legislation. Following such a request, we will assess whether there are grounds for such a change. If you wish for correction or deletion, please contact us using the contact details provided in section 6 below

Request for register excerpt

You are entitled to request an excerpt from Medborgarskolan and our registers/systems where your personal data is being processed, and through such an excerpt be informed of which personal data Medborgarskolan is processing and how. When requesting a registry extract, contact us using the contact details provided in section 6 below. You will need to provide identification when you collect your registry extract.

Swedish Authority for Privacy Protection (DPA)

The Swedish Authority for Privacy Protection (DPA) is the supervisory authority for personal data processing and data protection in Sweden. You have the right to make a complaint regarding the processing of your personal data to this public authority. Contact information can be found at

5 Controller and processors

Medborgarskolan is the controller of your personal data, which means that we are responsible for how your personal data is processed and for safeguarding your rights.

Medborgarskolan consists of nine legal entities, eight regional organisations and one head office. Each legal entity is responsible for the personal data processing that takes place within their operation. If you want to know which of the nine legal entities is the controller of your personal data, contact us according to point 6 below.

Reporting and follow-up of popular education activities in accordance with the ordinance relating to government funding for popular education take place in a joint system used by all the regional organisations within Medborgarskolan and by the head office. The head office reports activities that are entitled to government funding to Statistics Sweden in accordance with instructions from the Swedish National Council of Adult Education.

Medborgarskolan has data processing agreements in place with suppliers and partners, whereby we ensure that personal data is processed in accordance with this policy.

6 Contact information

If you have any questions regarding the processing of personal data or if you feel that the data is incorrect, you want to request a correction, erasure or limitation, or you want to object to the processing, please contact us . See the map of the regional division here


  • Studieförbundet Medborgarskolan, C.I.N. 817600-7089 Head Office
  • Medborgarskolan Region Mitt, C.I.N. 889200-5813
  • Medborgarskolan Mälardalen, C.I.N. 817600-7097
  • Medborgarskolan Nord, C.I.N. 894701-8308
  • Medborgarskolan Stockholmsregionen, C.I.N. 802006-0524
    Controller for Medborgarskolan Stockholmsregionen is Jonas Felixon
  • Medborgarskolan Syd, C.I.N. 842000-5673
  • Medborgarskolan Värmland Örebro, C.I.N. 875000-6150
  • Medborgarskolan Region Väst, C.I.N. 849400-1913
  • Medborgarskolan Öst, C.I.N. 826000-8209

E-mail address:

Telephone number: +46 (0)10-157 57 57

Address: Dataskydd, Medborgarskolan, Box 2028, 75002 Uppsala

/Medborgarskolan 2023-12-18