Data protection policy

Karolinska Institutet, 202100-2973, (KI) is the controller for the processing of personal data that takes place within Karolinska Institute business. In this privacy policy we will explain how your personal data is being processed at KI and what rights you have as a data subject.

Why we process your personal data

We process your personal data in order to fulfill our missions, which is providing education and conducting research. We are also obligated to inform about our activities and to interact with the public. The most common reasons for us to process your personal data is that you are a student, researcher, participant in a research study, employee, participant of a seminar, participant of a conference or celebration, partner or similar. If you have been in contact with us, we may process your personal data in accordance with the Archive Act. In addition to these purposes, we also process personal data to comply with legal obligations to which KI is subject.

How we collect your personal data

Karolinska Institutet collects personal data that you provide to us for the reasons mentioned above. In some cases, we may also collect personal data from other sources, such as county councils, the National Board of Health and Welfare, Statistics Sweden, the Swedish Tax Agency or other universities.

Disclosure of personal data

A lot of the information of Karolinska Institutet is public. If your personal data can be found in an official document, these may be disclosed in accordance with the Public Access to Information and Secrecy Act.

Your personal data may also be shared if it is necessary in order for us to fulfill an agreement with you, in order for us to perform a task of public interest or a task in order to complete our mission as a public authority. Before information is disclosed or shared, a confidentiality check will be carried out.

Transfer of personal data to third countries

In some situations, Karolinska Institutet may transfer personal data to countries outside of the EU/EES. For example, in international research projects, student exchanges or in other situations where a transfer is necessary. In these situations, Karolinska Institutet will take the necessary measures to protect your personal data in accordance with applicable requirements, for example, by requiring the receiving party to protect your personal data in accordance with applicable data protection regulation. When you provide your personal data to us, you will be informed if a transfer to a third country will take place.

How long do we keep your personal data at Karolinska Institutet?

We will keep your personal data for the amount of time necessary to fulfill the purposes they were collected for. Since Karolinska Institutet is a public authority, we may also need to save personal data after the purpose is fulfilled if it is required to do so by law. This is done, for example, within the educational activities at Karolinska Institutet, where student grades are saved even after you have completed your studies to comply with the Archive Act and The Higher Education Ordinance. Within research projects at Karolinska Institutet, personal data are saved after the completion of research projects in order to comply with the Archive Act and ensure the quality of research.

Your rights as data subject

  • You have the right to receive information about what personal data we process about you.
  • You have the right to have incorrect information about you corrected.
  • You have the right to have data about you deleted in certain situations.
  • You have the right to request to limit the processing of some of your personal data and to withdraw a given consent.

If you want to exercise any of these rights, have questions regarding data protection or are dissatisfied with how we process your personal data, please contact KI through e-mail to or a letter to KI’s Registrar, Karolinska Institutet, 171 77 Stockholm. Visiting address: Nobel's Road 5, Solna.

If you are not satisfied with our way of responding to your questions, you can file your complaint with the supervisory authority, currently the Data Protection Authority (Datainspektionen) in Sweden.

Content reviewer:
Märta Philp