Account - the primary means of accessing to the non-public portions of Erasmus Dashboard and for using the Services. The term Account includes your personal profile and is used to identify you as well as to provide you with a variety of administrative tools. Accounts created on behalf of HEIs are divided into two different subgroups: “Main Institutional Accounts” and “Staff Accounts”.
Student - a natural person applying to study at an HEI, using the OLA system, namely via the Online Learning Agreement platform or any Services.
Dear Data Subject, We wish to inform you that the GDPR provides for the protection of individuals with regard to the processing of Personal Data as a fundamental right.
Last updated: 27 April 2021
Type of data Processed
Automatically collected data. The computer systems and applications dedicated to the functioning of the Dashboard detect, during their normal operation, some data (whose transmission is implicit in the use of Internet communication protocols) potentially associated with identifiable users. Among the data collected are IP addresses and domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) of requested resources, the time of the request, the method used to submit the request to the server, the size of the file obtained in reply, the numerical code indicating the status of the response from the server (successful, error, etc..) and other parameters regarding the operating system, browser and computer environment used by the user. These data are processed, for the time strictly necessary, for the sole purpose of obtaining statistical information on the use of the site and to check its regular operation. The provision of such data is compulsory as it is directly related to the web browsing experience.
Origin of Processed Personal Data
The Personal Data that EUF holds in connection with the Dashboard and related Services is collected directly from the Data Subject or uploaded by the relevant HEI.
The Data Controller is European University Foundation - Campus Europae, 16C rue de Canach 5353 Oetrange, Luxembourg
Purpose of data Processing and legal basis
The processing of users’ Personal Data has its legal basis in their consent and is carried out for the following purposes:
EUF may also process the users’ data in order to pro-actively analyse the system architecture, data models and infrastructure resources in order to offer the Service in the best possible way. This includes, for example, analysis of slow-running database queries, predicting the growth rate of data (in order to allocate resources ahead of time), and analysis of the data contents and format in order to choose the most performant and fitting data models. It is unavoidable that in order to be able to provide the best possible service, the Provider must be able to understand the data, as well as emergent trends in the data. Such analysis is done, whenever practical, in an anonymized manner and with only the above, purely technical or service-oriented purposes in mind.
Mandatory nature or not of the consent
The user’s consent is compulsory while using the Dashboard, and in particular to be able to have Main Institutional and/or Staff accounts, for what concerns the purposes under points 1, 2, and 4 above. For the purposes under points 3 and 8 above, the consent is optional, but the lack thereof may worsen the provision of the Services. For the purposes under points 5, 6, and 7 the consent is optional and will not compromise in any way the provision of the Service, should you desire not to provide your consent for one or more specific purposes, please inform us at the time your Personal Data is communicated to us, or at any time thereafter, by contacting us at the e-mail address firstname.lastname@example.org.
Within the limits pertinent to the Processing purposes indicated, users’ data may be communicated to partners, consulting companies, private companies, appointed by the Data Controller as Data Processors or for legal obligations or to fulfil some users’ specific requests. In such cases we take all the necessary technical and organisational measures to protect the confidentiality and security of your Personal Data from unauthorised access or against loss, misuse or alteration by third parties.
Lastly, EUF may share your information in connection with potential merger, de-merger, acquisition, change of ownership, change of control, or in general extraordinary transaction. In such cases, the users will be notified via email and/or notice on our site of any change in ownership of the Personal Data.
Period and place of Data retention
The data collected will be stored for a period of time not exceeding the achievement of the purposes for which they are processed (“principle of limitation of storage”, art. 5, GDPR) or according to the deadlines provided for by law, to comply with our legal obligations, to resolve disputes, and enforce our agreements. The verification of the obsolescence of the data stored in relation to the purposes for which they were collected is carried out periodically.
Rights of the Data Subjects
Pursuant to GDPR, users (and/or the Users who communicated the relevant Data) have the right to access the Personal Data provided to us (art. 15 GDPR) and to ask to receive copy of such Data in an intelligible format in order to transmit it to another data controller (art. 20 GDPR). They have the right to obtain their update, rectification or integration (art. 16 GDPR), and to obtain their erasure (art. 17 GDPR). Users also have the right to request the restriction of the Processing of their Personal Data (art. 18 GDPR) or to object, on legitimate grounds, to such Processing (art. 21 GDPR). We inform you, however, that the exercise of such rights may be subject to limitations or exclusions pursuant to the GDPR or other relevant regulations.
Lastly, the Data Subjects concerned (and/or the Users who communicated the relevant Data) may at any time communicate their intention to withdraw their consent. In such cases, EUF may continue to Process the relevant Personal Data only in presence of an alternative legal basis for such further Processing.
Modalities of data processing
The Personal Data provided to us will be processed in compliance with the GDPR and the obligations of confidentiality that govern the activity of the Data Controller. The data will be processed both with computer tools and on paper or any other suitable support, in compliance with the appropriate security measures under Article 5 par. 1 letter F of the GDPR.
Our Policy Regarding Minors
We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to use our Services. If you are under such age, please do not send any information about yourself to us, including your name, address, telephone number, or email address. In the event that we learn that we have collected Personal Data from an individual under the age of 18, we will delete such Data as quickly as possible. If you believe that we might have received any Personal Data from or about an individual under the age of 18, please contact us at the address email@example.com.
Changes to the Policy