Privacy Policy

In European University Foundation (EUF) we take user privacy very seriously. This Privacy Policy (the “Policy”) describes the ways we collect, store, use and manage the information – including any personal information – that our users provide or the information we collect, in connection with our websites and mobile applications, including https://learning-agreement.eu, http://erasmus-dashboard.eu, as well as the Erasmus+ App (the “sites”) or any other element provided in Apple iOS, Android, or any other platform (collectively, the “Services”). Please note that the scope of this Policy is limited to information collected or received by EUF through use of the Services. EUF takes reasonable measures to ensure that the actions of third parties, physical or legal entities, the content of their sites, the use of information the users provide to them or any products or services they may offer are in line with the EU General Data Protection Regulation (2016/679). Yet any link to those sites does not constitute our sponsorship of or affiliation with those people or companies. By confirming the acceptance of the Privacy Policy, you the user are expressing your agreement to this Policy and the processing of your data, including your personal information, in the manner provided in this Policy. If you have questions or concerns about our privacy policy or practices, please contact us at [email protected].

1. GENERAL (Applies to Students, HEIs and Organisations)

  1. HEI & Organisation
    We only collect personal data required by the Erasmus+ learning agreement for student mobility for studies or traineeships for the purposes of executing the Online Learning Agreement process.
     
  2. User Support
    We may collect your email address when you contact our support service group and we may use that email address to contact you about your experience with EUF Services and notify you about our news and promotions only after acquiring your explicit consent.
    In line with the EU General Data Protection Regulation (2016/679) users’ Data Protection Rights, under certain circumstances, by law users have the right to:
    • Request information about whether we hold personal information about the user, and, if so, what that information is and why we are holding/using it.
    • Request access to user’s personal information (commonly known as a "data subject access request"). This enables the user to receive a copy of the personal information we hold about the user and to check that we are lawfully processing it.
    • Request correction of the personal information that we hold about the user. This enables the user to have any incomplete or inaccurate information we hold about them corrected.
    • Request erasure of the user's personal information. This enables the user to ask us to delete or remove personal information where there is no good reason for us continuing to process it. The user also has the right to ask us to delete or remove the user’s personal information where the user has exercised their right to object to processing.
    • Object to processing of the user’s personal information where we are relying on a legitimate interest (or those of a third party) and there is something about the user’s particular situation which makes them want to object to processing on this ground.
    • Object to automated decision-making including profiling that is not to be subject of any automated decision-making by us using the user’s personal information or profiling of them.
    • Request the restriction of processing of the user’s personal information. This enables the user to ask us to suspend the processing of personal information about them, for example if they want us to establish its accuracy or the reason for processing it.
    • Request transfer of the user’s personal information in an electronic and structured form to the user or to another party (commonly known as a right to “data portability”). This enables the user to take their data from us in an electronically useable format and to be able to transfer their data to another party in an electronically useable format.
    • Withdraw consent. In the limited circumstances where the user may have provided their consent to the collection, processing and transfer of the user’s personal information for a specific purpose, the user has the right to withdraw their consent for that specific processing at any time. Once we have received notification that the user has withdrawn their consent, we will no longer process their information for the purpose or purposes the user originally agreed to, unless we have another legitimate basis for doing so in law.
       
  3. Location of the Data
    We take reasonable measures to protect user information from unauthorised access or against loss, misuse or alteration by third parties. All connections are encrypted and authenticated using secure protocols; encryption is also used in the links circulated through the email notifications. The data collected is stored on servers located in Ireland and Germany and may be stored on servers in other countries within the European Union as well as the US. The respective databases are registered with the Luxembourg National Commission for Data Protection (“CNPD") and the legally binding terms of use forbid the EUF-CE to disclose student data to third parties (sending/receiving HEIs and receiving Organisations not included). The headquarters of the EUF-CE is located in Luxembourg:

    31, rue du Parc,
    L-5374 Munsbach,
    RCS Luxembourg G190.
    Administrative Office:
    16C rue de Canach
    L-5353 Oetrange
    Luxembourg

     
  4. International Transfer
    We may transfer information that we collect about you to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. In such cases the appropriate measures have been taken to ensure that the Service Providers comply with the EU General Data Protection Regulation (2016/679).
     
  5. Online Learning Agreement and EUF sites
    While you are browsing the Services sites, your mobile or computer operating system, Internet Protocol (IP) address, access times, browser type and language as well as referring website addresses may be logged automatically. This constitutes anonymous usage data that does not identify or precisely locate the user (non-personally identifiable information). We may use this information only in anonymised and aggregated form to monitor, develop and analyse your use of the Services in order to be able to foresee technical updates needed, optimise the system as well as plan future updates in line with the users’ needs. In addition, we may ask you to submit and we may process data that is personal to you, including, but not limited to, your name, email addresses as well as links and usernames to your profiles on social networking websites and other third-party websites. The usage of such information will be only to fulfil the agreement outlined in this Privacy Policy and Terms and Conditions and ensure the Services to the users.
     
  6. Cookies
    A cookie is a small text file that we transfer to your computer and/or device, to identify a user’s computer/device and to "remember" things (details) about your visit, such as your preferences or a username and password. Information contained in a cookie may be linked to your personal information, such as your user ID, for purposes such as improving the quality of our Services, tailoring recommendations to your interests, and making the Services easier to use. You can disable cookies at any time, although you may not be able to access or use features of the Services.
     
  7. Third Party Services
    Our services may contain third-party tracking tools from our service providers, examples of which include email service provider as well as push-notification service provider. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyse user information on our behalf. The third parties may have access to information such as your device identifier, MAC address, IMEI, locale (specific location where a given language is spoken), geo-location information, and IP address for the purpose of providing their services under their respective privacy policies. We take all the necessary technical and organisational measures to protect the confidentiality and security of your information from unauthorised access or against loss, misuse or alteration by third parties when entering contracts with such third parties. In line with the GDPR you can always request information we collect, how we collect it, what we use it for, who we can share it with, and how we keep it safe.
     
  8. How we use Information
    Users can request all the information we have about them by contacting us at 16c rue de Canach, 5353 Oetrange, Luxembourg or at [email protected] for student users and at [email protected] for HEIs and Organisations. Student users can request the deletion of their Online Learning Agreement account to the EUF-CE by sending an email to [email protected].
    When the information or account is deleted we make sure that we delete all concerned information. We cannot be held responsible for the improper or illegal use of your accessible information by other users - please be careful to manage this information adequately at the moment of your registration.
    In case you are student user some of your personal information, such as name and surname, email address and other contact information, gender, nationality, studies, home university and country, host university and country, receiving organisation and country for traineeship where the exchange mobility programme is undertaken, as well as other information concerning your curriculum can be made accessible to HEIs or European Union agencies.
    In case of a HEI or an Organisation some of the personal information of the relevant persons (contact and/or responsible person at HEI and contact person, mentor and /or supervisor at Organisation) mentioned in the learning agreement for traineeships can be made accessible to European Union agencies and other relevant recipients under governance of the GDPR.
    The Provider reserves a limited right to access the data in order to proactively analyse the system architecture, data models and infrastructure resources in order to offer the service in the best possible way. This includes, for example, analysis of slow-running database queries, predicting the growth rate of data (in order to allocate resources ahead of time), and analysis of the data contents and format in order to choose the most performant and fitting data models. It is unavoidable that in order to be able to provide the best possible service, the Provider must be able to understand the data, as well as emergent trends in the data. Such analysis is done, whenever practical, in an anonymised manner and with only the above, purely technical or service-oriented purposes in mind.
     
  9. Disclosure of your information
    We do not share your personal data except as approved by you or as described below:
    With student user consent, when they agree to our sharing the data with other third parties with which we already have valid agreements for the Services we provide, such as other HEIs or Third Party Service Providers.
    With student providing data for relevant personnel of HEI’s or Organisation for Traineeshipto fulfill the contractual purpose.
    This information is also subject to the specific third party separate privacy policies. If you no longer wish to allow us to share your information with third parties, please contact us at [email protected] in case you are a student user and at [email protected] if you are a HEI or an Organisation. If you no longer wish to receive any communications from Third Parties, please contact that third party directly.
    The EUF may engage other companies and individuals to perform services on our behalf. Example of these services include analysing data and providing user support. These agents and service providers may have access to your personal information in connection with the performance of services for EUF. In such cases we take all the necessary technical and organisational measures to protect the confidentiality and security of your information from unauthorised access or against loss, misuse or alteration by third parties.
    We may release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organisations for fraud protection.
    EUF may share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our affairs to another entity. You will be notified via email and/or notice on our site of any change in ownership or users of your personal information.
     
  10. Our Policy Regarding Children
    We do not knowingly collect or solicit personal information from anyone under the age of 13 or knowingly allow such persons to use our Services. If you are under 13, please do not send any information about yourself to us, including your name, address, telephone number, or email address. No one under the age of 13 may provide any personal information. In the event that we learn that we have collected personal information from a child under age 13, we will delete that information as soon as possible. If you believe that we might have any information from or about a child under the age of 13, please contact us by emailing us at [email protected].
     
  11. Transferring your information abroad
    Information supplied by student, whether submitted via this or other websites (or other communications, such as registration forms) will only be transferred abroad by us if adequate measures to safeguard their security and integrity are taken.
     
  12. We will retain user information for as long as needed to provide Services and/or for longer periods for archiving purposes in the public interest, scientific research purposes or statistical purposes. If the student user wishes to cancel their account or request that we no longer use their information to provide services, contact us at [email protected]. We will retain and use the information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
     
  13. Responsible Body
    The manager of the treatment of your data is the Secretariat of the EUF-CE. Specific processors may treat the data on behalf of the manager. If you have any questions about the Terms and Conditions or this Privacy Policy or how we use the personal information we have about you, please feel free to contact us at [email protected] or write to:

    EUF-CE
    Chateau de Munsbach 31,
    rue du Parc,
    L-5374 Munsbach,
    Luxembourg.
    Administrative Office:
    16C rue de Canach
    L-5353 Oetrange
    Luxembourg

     

2. STUDENTS

  1. Information Collection and Use
    We will only collect personal information about you and given by you when you register in our platform as a student, or when a representative of a HEI registers you in our platform. The third party service providers may also collect personal information about you which will only happen to provide you with Services and adequate technical and organisational measures have been in place to ensure the confidentiality and security of your information.
    We may disclose aggregated but not individual statistics, such as the number of users we have, their regional location, etc. If you give your consent, we may send communications to you to provide information about services that you have indicated may be of interest to you. We may store certain personal information and use it to offer you personalised services and information through our systems.
    If you have given your consent but you no longer want us to provide such services to you, you can send an email to [email protected].
    We may also disclose or access your account if required to do so by Law or other governmental body.
     
  2. Purposes for which we use information about students registered on the Platform
    Your information is held by the EUF-CE via our website and the Online Learning Agreement platform application as well as accessible via the Erasmus+ App and the Erasmus Dashboard. We collect information about you for a variety of purposes. These include: to enable you to prepare, negotiate, approve and manage your learning agreement (therefore, we might share data about you with receiving and sending institutions based on the university name provided and their Erasmus Code, and with receiving traineeship Organisations and the relevant personnel stated in agreement); to inform you about the on-going activities of the EUF-CE and the Erasmus Student Network ASBL (“ESN”) if you have given consent for such activities and for research and statistical analysis on student mobility and how the learning agreements are managed.
     
  3. Online Learning Agreement and EUF Sites
    While you are browsing the Services sites, your mobile or computer operating system, Internet Protocol (IP) address, access times, browser type and language as well as referring website addresses may be logged automatically. This constitutes anonymous usage data that does not identify or precisely locate the user (non-personally identifiable information). We may use this information only in anonymised and aggregated form to monitor, develop and analyse your use of the Services in order to be able to foresee technical updates needed, optimise the system as well as plan future updates in line with the users’ needs. In addition, we may ask you to submit and we may process data that is personal to you, including, but not limited to, your name, email addresses as well as links and usernames to your profiles on social networking websites and other third-party websites. The usage of such information will be only to fulfil the agreement outlined in this Privacy Policy and Terms and Conditions and ensure the Services to the users. Personally identifiable information is only collected with the student’s informed knowledge, i.e. when the student knowingly submits it to us or when your HEI submits it, yet prior consent then has to be collected from you. When the third party submits such personal information about you they are bound to receive your consent beforehand. We may use this information to create your user profile and provide you with Services. We may use your email address to contact you about your experience with EUF sites and notify you about news and promotions only after receiving your explicit consent. If you no longer wish to receive our Services or any or all types of communication, you may opt-out from receiving them at any time by e-mailing us at [email protected].
     
  4. Accounts
    By accepting the Privacy Policy and having access to the Services of the Online Learning Agreement platform you are entering into the General Terms and Conditions and Privacy Policy therefore you guarantee that you either are of legal age to do so or have acquired the necessary consent. Each Account is meant for one individual and may not be shared between multiple users. An Account is valid until the request for termination of the Account to [email protected].
    You take full responsibility for safeguarding the access credentials - email and password combination and cover any damages that may be incurred due to the unauthorised disclosure, use and distribution of said credentials. You must immediately notify the Provider of (a) any abuse of your Account; (b) the loss of the credentials to your Account (email address, password); and (c) the unauthorised disclosure, use and distribution of said credentials by or to third parties.
     
  5. Access to Student Personal Information
    If student’s personal information changes, or if the student no longer desires our service, the student may correct, update, or delete inaccuracies by making the change within the account settings or by contacting us at [email protected]. We will respond to access request within 30 days.
     
  6. Unauthorised Access to Student Account
    In order to ensure that there is no unauthorised access to the platforms the Provider reserves the rights to request the confirmation of the student status held at the Institution to guarantee that other user’s data is not exposed to illegitimate persons. The student (and the HEI, as the case may be) are solely responsible for making sure that as a student:
    • You are of legal age and have the permission to upload Personal Data on Online Learning Agreement platform.
    • You own all Intellectual Property Rights (IPR) and any other rights, title and interest in your Content or have obtained the respective permissions and authorisations from the respective third party owners before submitting it to the Provider through the Online Learning Agreement platform or the Services for the purposes described in the Agreement;
    • Your Content complies with all applicable laws and regulations, e.g. it is not offensive, harassing, invasive of another’s privacy, hateful or otherwise unlawful;
    • Your Content does not require obtaining a license from or paying any fees and/or royalties by the Provider to any third party for the performance of any Services you have chosen to be performed by the Provider or for the exercise of any rights granted in the Agreement, except as expressly agreed otherwise in the Agreement;
    • Your Content is not harmful (for example viruses, worms and other destructive codes) and does not contain any programs that overload or interfere with the work of the Online Learning Agreement platform or distort the User Content of other users, except as expressly agreed otherwise in the Agreement.
       
    When using the Online Learning Agreement and Services, you may be exposed to User Content of other users from a variety of sources. The Provider takes reasonable technical and organisational measures to ensure the accuracy, usefulness, lawfulness, or IPR and any other rights, title and interest in or relating to such User Content. Please notify the Provider without delay should you notice that there are any instances when the Agreement in this Privacy Policy is compromised.
     
  7. Notifications
    We may occasionally send you notifications through the email indicated upon registration in order to send you service related notifications that may be of importance to you to continue using the Services, and safety/security notifications related to your participation in programmes featured in our Services. You may at any time opt-out from receiving these types of communications by emailing us at [email protected].
     
  8. Security
    Keeping information about you secure is very important to us. However, no data transmission over the Internet can be guaranteed to be totally secured. As a result, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you send to us and you do so at your own risk. The EUF-CE will take precautions to protect against the loss, misuse, and alteration of your user data under our control. Only authorised members and subcontractors will be given access to the information you provide us. It is our policy that you will only receive information from organisations such as educational institutions in accordance with the preferences expressed by you. You are ultimately responsible for the security of your login ID and password. Please take care when using and storing them. We recommend that you do not divulge your password to anyone. You should log out of your account at the end of each computer session to ensure that others cannot access your personal information, especially if you share a computer with someone else or are using a computer in a public place, like a library or Internet café. Do not forget that you are responsible for the use of your account.
     
  9. Google Login
    When you access our Services using your Google login dataset we only use the relevant API to verify your account and ensure security of your data. We only fetch the authentication data and we will never use any of your personal information for purposes beyond the limited and express purpose of our Services or for purposes other than improving your experience without getting specific opt-in consent from you. This Policy and all its restrictions and limitations also apply to the data collected through your Google login.
    We will not use stale data. We can cache or store data we have obtained through the Google+ API but to the extent reasonably possible within the context of our Services we will use fresh data recently fetched in order to ensure that if for example you have deleted/removed your consent we will no longer be able to log you in with your Google+ login dataset.
    We will not attempt to discover the identity of a Google+ user unless the user consents to share their identity with us via the Google-approved authorisation procedure. This prohibition includes identifying users by correlating Google+ button reporting data from Google with our own data.
    We will never sell or transmit to others any data about a user related to the user's use of any Google+ button. For the avoidance of doubt, this prohibition includes, but is not limited to, any use of pixels, cookies, or other methods to recognise users' clicks on a Google+ button, the data of which would then be disclosed, sold, or otherwise shared with other parties.
    Google may analyse our use of a Google+ button including to ensure our compliance with Google policies and to facilitate Google's development of Google+ Buttons. By using a Google+ button, we have given Google permission to utilise an automated software program, often called a "web crawler," to retrieve and analyse Services associated with a Google+ button.