Privacy Policy

ECIU UNIVERSITY PLATFORMS PRIVACY STATEMENT

General Description of Privacy Statement

All personal data of the user is collected, stored, and retained with the intention to provide the best possible service. ECIU University treats this data with the utmost care. This statement provides an explanation as to the data ECIU University collects, the way these are collected and stored, the reason why it is collected and how users of our digital services may exercise their rights. Personal data collected in accordance with this privacy policy will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 (GDPR).

Transfer of personal data to ECIU University when using federated login

Description of the ECIU University Service (engage.eciu.eu)

ECIU is developing this service (hereinafter called ECIU University) directed towards (Continuous) Learners, Teachers, Researchers and Stakeholders from all around Europe. ECIU uses this service to control the assurance level of a user before activating the ECIU account or resetting the password of the ECIU account. The user needs to successfully sign into an external Identity Provider to complete the account creation/password reset.

Processing of personal data

Transfer of personal data

Personal data is transferred from the Identity Provider (your login service) to the service to ensure correct and verified personal information and to provide you with a user-friendly interface. When logging in to this service, the following personal data are requested from the identity provider you use:

• ‍Unique Identifier: Used to identify the user from the Home University (technical representation: eduPersonPrincipleName)
• ‍Display Name: The name is used in lists within the service (technical representation: displayName)
• ‍E-mail Address: Used to be able to contact you by e-mail and to be able to forward your ECIU e-mail to your Home University e-mail address (technical representation: Mail)
• ‍The Assurance: To verify that the user has the correct level of the login assurance level to complete the process (technical representation: eduPersonAssurance)
• ‍The Date of Birth: To be able to collect statistics about age-groups taking Learning Opportunities (technical representation: schacDateOfBirth)
• ‍First Name: To build the username and e-mail address (technical representation: givenName)
• ‍Last Name: To build the username and e-mail address (technical representation: sn)
• ‍European Student Identifier: The European Student Identifier is used in digital credentials (technical representation: schacPersonalUniqueCode)

In addition to direct personal data, indirect personal data is also transferred, such as which organization the user belongs to, and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.

Other processing of personal data within the service

You can add more personal data to your user profile. You can also be asked to add more personal data when applying to an ECIU Learning Opportunity or by using services in the ECIU University services. By entering personal data in ECIU University services you agree that ECIU is allowed to process the data for you to perform essential services or for reporting purposes.

Transfer of personal data to third parties

Your personal data can be shared with other Member Universities within ECIU and other associated organizations with the main purpose of delivering essential services. Such occasions include:

• The service of issuing micro-credentials via the European Digital Credentials for Learning platform (EDCI) and Europass. More information can be found in the Terms and Conditions.

Lawful basis

• When using ECIU University services the lawful basis is: Processing is necessary for the purpose of the legitimate interests.
• When applying and attending to a Learning Opportunity the lawful basis becomes: Processing is necessary for compliance with a legal binding and contract implementation.
• When you add personal data to gain a better experience the lawful basis is: Data subject has given consent.

Right of access, right of rectification and right of erasure of personal data

For access, rectification and erasure of your personal data, contact the Personal data controller. Rectification of personal data that was transferred at the moment of login has to be done in the identity provider that you use to log in. This information is corrected in the service at the moment of the first login after the personal information has been corrected in the identity provider.

Purging of personal data

ECIU University provides services for Continuous Learners. All users will be treated as Continuous Learners and personal data will not be automatically purged after an amount of time. If you want to have your personal data removed, please contact our data protection officer.

List of privacy policies and statements of ECIU Member Universities

As soon as the data is transferred from ECIU University to the ECIU Member Universities for further processing of registration to local systems (SIS), admission purposes and access to learning, the individual Privacy Policies each Member University has are in effect. More information about data privacy can be found below:

• ‍University of Twente (Netherlands)
• ‍Tecnológico de Monterrey (Mexico)
• ‍Kaunas University of Technology (Lithuania)
• ‍University of Aveiro (Portugal)
• ‍University of Stavanger (Norway)
• ‍Universitat Autònoma de Barcelona (Spain)
• ‍University of Trento (Italy)
• ‍Dublin City University (Ireland)
• ‍Hamburg University of Technology (Germany)
• ‍Linköping University (Sweden)
• ‍Lodz University of Technology (Poland)
• ‍Tampere University (Finland)
• ‍INSA Lyon (France)
• ‍INSA Rennes (France)
• ‍INSA Rouen Normandie (France)
• ‍INSA Strasbourg (France)
• ‍INSA Toulouse (France)
• ‍INSA Centre Val de Loire (France)

Marketing Analytics

To better understand how visitors interact with our website and improve user experience, we use the Microsoft Clarity analytics tool.

Microsoft Clarity

Microsoft Clarity provides insights into user behavior through heatmaps and session recordings. It helps us understand how users navigate and interact with our site. While Clarity may collect usage data, it does so in accordance with GDPR and Microsoft's privacy standards. Data collected is used solely for analytical purposes and is not linked to identifiable individuals.

You can learn more about this tool at Microsoft Clarity Privacy Statement.

Information about the Collection and Processing of Personal Data for ECIU University Newsletters and Event Registration

Description of ECIU University Newsletters and Events Registration services

ECIU decided to prepare and circulate the ECIU University Newsletter(s) and offer ECIU Events Registration, to inform various target audiences about ECIU University activities, learning opportunities and events.

•   In order to achieve the above scope and by participating, you as a user give your free consent*, to ECIU, as the Authorized Processor (contact details: first name, last name, email) to collect and process your Personal Data in accordance with the basic Principles governing the Legislative framework for the protection of Personal Data (General Regulation (EU) 2016/679 and Law Ν.125(I)/2018), i.e. the principles of lawfulness, fairness and transparency, purpose limitation, accuracy, storage limitation and integrity and confidentiality.

•   ECIU processes the Personal Data collected during the subscription, in accordance with the legal obligation under the Regulation. According to Article 6. (a), "the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes".

Source, Collection and Categories of Personal Data

To achieve the above purpose and by being a recipient of the ECIU University Newsletter, you give your free consent to collect and process the following Personal Data concerning your person: your name, surname, and email. The collection and processing of Personal Data will be facilitated via a registration form, which will explicitly request the consent of the user. Should the user deny consent, the Personal Data will not be collected or used.

Confidentiality and Security of Personal Data

Your Personal Data will remain secure. For the security of Personal Data, technical and organizational measures are taken to protect them from accidental or illegal destruction, loss, alteration, unauthorized disclosure, or access.

Data Transmission

The newsletter subscription and event registration are administrated using the Marketing Module tool at Microsoft Dynamics 365. Microsoft is acting as a third party to facilitate this activity and data is handled also in line with Microsoft's Privacy Policies, that can be found here (Microsoft Privacy Statement – Microsoft privacy).

Exercise of Rights of Data Subjects

According to the Legislative framework for the protection of Personal Data you have the following rights which you can exercise at any time within the time period referred to in the above paragraph, \"Data Retention\", for which the data concerning you will be retained:

• Right of Access (Rule 15): You can request confirmation of the processing of your Personal Data, access, and other information.
• Right of correction (Rule 16): You can request the correction of inaccuracies or the completion of incomplete data by contacting the Commission secretariat.
• Right of Deletion (Rule 17): You have the right to request the deletion of your data under the terms of Rule 17 of the Rules.
• Right to restrict processing (Rule 18): You have the right to request that your data be restricted in the cases provided for in Rule 18 of the Rules.
• Right of objection (Rule 21 (1)): You have the right to object, at any time and for reasons related to your particular situation to the processing of Personal Data in accordance with the provisions of Rule 21 (1) of the Rules.

You can exercise the above rights as well as any of your requests by contacting the Data Protection Officer (support@eciu.eu). You also reserve the right if you find that your Personal Data is being processed illegally or that your rights to your Personal Data have been violated. In addition, you have the right to revoke your consent at any time, without prejudice to the legality of the processing based on consent prior to its revocation.

Personal data controller

Personal data controller for the processing of personal data is ECIU University. If you have questions about how personal data is processed within the service, please contact support@eciu.eu.

Cookies

When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your preferences. Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. For the full ECIU privacy policy click here.

‍