Data protection (GDPR)

Your personal data

Aarhus University (AU) is the data controller of the personal data that we process in connection with your enrolment and your further studies at the university.

This means that AU only processes personal data concerning you if this is required by legislation, or you have given your consent to this processing. AU has security measures that help to ensure that your personal data is processed in accordance with applicable legislation. 

Processing and storage

AU treats personal data as confidential. 

Personal data will be processed and stored in the university’s various case handling systems. When data is no longer required for the purpose for which it was collected, it will be erased or archived in the designated filing systems.

Find out more


Your data will not be disclosed to other parties without you being informed thereof, unless AU is obliged to disclose the data to other government agencies and public institutions.  

Find out more

Right of access

As a student, you always have right of access to your personal data in AU's systems. Please contact Educational Law ( if you wish to apply for access to your personal data.


Via student self-service ( students have access to view and print the university’s records in the study administration system (STADS). Through this, there is access to the ITX-FLEX system in which you can also see the records made concerning you.

SU (student grants and loans)

If you require access to your personal data concerning your SU (student grants and loans) situation, you must contact the data controller, which is the Danish Agency for Institutions and Educational Grants. This request must be made in writing via

Find out more

Projects and Master’s theses 

If you as a student process personal data in connection with a project or Master’s thesis, it is important that you are familiar with the EU’s General Data Protection Regulation (GDPR) and the Danish Data Protection Act, and that you consider a number of aspects in this respect.

Processing of personal data includes collection, registration, storage and disclosure, and may constitute a potential risk for the person which the data concerns. See this as if the person concerned has lent their data to you, subject to the condition that you do your utmost to take care of the data and do not do anything that might harm the person concerned.  

We are currently awaiting guidelines from the Danish Data Protection Agency with regard to students’ processing of personal data in connection with projects and Master’s theses. 

Find more information.