Terms and Conditions

Glossary

Account - the primary means of accessing to the non-public portions of the Online Learning Agreement platform and for using the Services. The term Account includes the Student’s personal profile and is used to identify them as well as to provide them with a variety of administrative tools.

AUTh or Provider - the Aristotle University of Thessaloniki; the largest university in Greece, which main campus is located in the centre of the city of Thessaloniki and covers an area of about 33.4 hectares. It comprises 10 faculties which consist of 40 schools and 1 single-school faculty. AUTh develops and operates Erasmus Dashboard as well as Online Learning Agreement and offers the Services.

DGEAC - the Directorate-General for Education, Youth, Sport and Culture (DG EAC), a Directorate-General of the European Commission. It is responsible of policies in the field of education, youth, culture, languages, and sport. DGEAC is involved in the identification and promotion of the features of Erasmus Dashboard and Online Learning Agreement.

Erasmus Dashboard - an integrated software solution for Supporting HEIs in managing Erasmus+ mobilities operating in their professional activity. Erasmus Dashboard includes the Erasmus Dashboard web site at www.erasmus-dashboard.eu, as well as all web documents (including images, php- and html files), software, hardware, databases, interfaces, connected media, documentation, applications, updates, version upgrades, and other related components or materials that make up or contribute to the features and functionality of Erasmus Dashboard, including any data, documents, works and other materials added by the Provider.

EUF - non-profit foundation European University Foundation - Campus Europae that, in concert with its member universities, has created and owns Erasmus Dashboard as well as Online Learning Agreement, the Erasmus Without Paper Network, and the Erasmus+ App.

GDPR - the Regulation 2016/679/EU of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.

HEI - Higher Education Institution.

Main Institutional Account - constitutes the reference Account for a given HEI. the holder of this Account has the responsibility over all the Staff Accounts of the relevant institution.

The Main Institutional Account holder, when acting as a Data Processor for the given HEI is responsible for establishing and maintaining a record of all personal data processing activities.

The same HEI, also in the person of the holders of the Main Institutional Account and the relevant Staff Accounts, is also required to ensure that any personal data contained in the various Accounts referable to that HEI has been uploaded, processed and/or communicated in full compliance with the GDPR.

Online Learning Agreement - an integrated software solution for supporting students to manage their Erasmus+ mobilities . Online Learning Agreement includes the Online Learning Agreement web site at www.learning-agreement.eu , as well as all web documents (including images, php- and html files), software, hardware, databases, interfaces, connected media, documentation, applications, updates, version upgrades, and other related components or materials that make up or contribute to the features and functionality of the Online Learning Agreement, including any data, documents, works and other materials added by the Provider. Also referred to as OLA. The Online Learning Agreement platform is hosted on the AUTh premises.

Organisation - the entity which accepts/receives a student for traineeship.

Personal Data - any information relating to an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Processing - any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Services - any services provided or made available by the Provider via the Erasmus Dashboard and the Online Learning Agreement platforms as well as relevant interconnected tools or relating thereto.

Student - a natural person applying to study at an HEI, using the OLA system, namely via the Online Learning Agreement platform or any Services.

User - Student, HEI or an Organisation.

We - indicates jointly DGEAC, AUTh, and EUF.

Terms & Conditions

This document (T&Cs) contains the description of the terms and conditions of use of the Online Learning Agreement platform and the services made available through the relative platform. As further detailed below, these T&Cs apply to Students being registered users of the Online Learning Agreement platform (Registered Users), as well as to HEIs and Organisations who access the platform for the purposes of signing and executing OLAs (Unregistered Users, and jointly with the Registered Users, simply Users).

Acceptance of T&Cs

When creating an Account on the OLA platform, Students are explicitly asked to accept these T&Cs. If for any reason this is not the case, accessing an Account held at the OLA platform, uploading data to any Account, and/or using any of the Services connected to the OLA platform will still be considered as implicit acceptance of these T&Cs. This includes the access to any documentation or data within the platform for the purposes of signing and executing an OLA, with regards to Unregistered Users.

Please also note that acceptance of these T&Cs also implies that you have read, understood and accepted the OLA platform Privacy Policy, which can be found at the following link.

By accepting this T&Cs, and the connected Privacy Policy, the physical persons acting on behalf of an HEI or Organisation represent that they are acting on behalf of such entity and that they either have the legal authority to also bind them to the present T&Cs or the authority to act in the manner and within the limits arising from the permissions and delegations delegated to them, thus binding the relevant HEI or Organisation to the T&Cs.

Please note that these T&Cs are also intended to define certain obligations, commitments and allocations of responsibility between the Provider and the HEIs and Organisations from a Data Protection perspective.

Access to the OLA platform

The Online Learning Agreement platform is open to the following categories of Users:

1) Erasmus+ Students participating in EU funded study mobility programs from and to HEIs being Erasmus Charter for Higher Education holders.

2) Students participating in EU funded traineeship mobility programs to Organisations.

3) HEIs whose Student is participating in a mobility program or which are the recipient of a Student participating in a mobility program.

4) Organisations which are the recipient of a Student participating in a traineeship mobility program.

Students under both categories 1 and 2 may only be individuals of legal age or individuals under their country legal age of majority who have nonetheless obtained specific consent, pursuant to their applicable legislation, to participate in the aforementioned programs.

Users under categories 3 and 4 have a limited access to the platform, limitedly to the necessity to sign and execute the agreements. In particular, the signatory HEIs may access the platform only after receiving the to-be-signed agreement from the relevant Student; and the signatory Organisations may access the platform only after receiving the to-be-signed agreement from the relevant Student and HEI.

Each User is fully responsible for the truthfulness and ongoing updating of all information relating to themselves, regardless of them being a Registered or Unregistered User, as well as the truthfulness of all information uploaded by them, regardless of who such information relates to.

In any case, We reserve the right at any time to ask for confirmation and/or proof of the truthfulness of the above-mentioned information, including confirmation of the positions held by the reference persons of the HEIs and Organisations having access to the Online Learning Agreement platform, as well as the fact that such persons have the power to commit themselves on behalf of said HEIs or Organisations.

Use of the Online Learning Agreement platform and related Services in violation of the terms of these T&Cs, in particular in the absence of the requirements set forth herein, as well as the provision of false information to obtain access to the platform, will result in the immediate termination of any infringing Account, at our sole and absolute discretion.

Account use and access

Each Account must refer to a single natural person, identified at the time of its creation, and may not be shared between multiple users or individual persons in general. Violation of the foregoing may result in termination of Accounts at our sole and absolute discretion.

HEIs and Organisations are directly responsible for keeping any uploaded data relating to them up to date. This also applies with regards to their contact data, or any other data uploaded in relation with the Online Learning Agreement platform or in general the Services. In case of failure to update the contact data of any entity, We will have the right, at our sole discretion, to continue to consider the person indicated as the contact person for the relevant HEI or Organisation, and therefore also able to commit said HEI or Organisation towards us.

Students’ data correctness in on the other hand direct responsibility of the uploading entity, whether the same Student or another User, but keeping such data up to date is responsibility of the relevant Student.

Obligations and responsibilities

Users are fully responsible to safeguard their access credentials - including in the sense of the combination of email and password - and to hold us, or in any case the entities managing the Online Learning Agreement platform, harmless from any damages that may be suffered by us or by third parties due to the unauthorized disclosure, use and distribution of such credentials, unless such damages are due to wilful misconduct or gross negligence by us.

Users must immediately notify AUTh at [email protected] of: (a) any Account-related abuse; (b) the unauthorized disclosure, use and distribution of their Account credentials by or to any third party.

Following such notification, We will renew the credentials of the respective Account and/or take any other measures reasonably necessary to protect the same including, if necessary, its deletion.

Notwithstanding the above disclosures, We reserve the right at any time to request confirmation and/or proof of identity of the individuals associated with any Accounts, also in order to ensure that there is no unauthorised access to the Online Learning Agreement platform.

Each User is solely responsible for (and ensures) the following:

  1. If they are uploading Personal Data regarding a different individual, they obtained consent and permission to upload their Personal Data onto the Erasmus Dashboard platform. If the data relates to individuals under the age of 18, such consent must have been obtained in accordance with the relevant national legislation, and in any case, the retention of this data must be approved in derogation of what is indicated in the relevant Privacy Policy, which can be found at the following link, in relation to the Personal Data of minors. We will be considered the Data Controller in relation to the above-mentioned Personal Data only with regard to the Processing carried out within the Online Learning Agreement platform, after the upload of the above-mentioned Personal Data, in full compliance with the mentioned Privacy Policy. Conversely, any User who uploads Personal Data independently manages any previous processing, ensuring us at least: (i) performing such processing in full compliance with the GDPR; (ii) having obtained any necessary consent, as mentioned above, to upload personal data to the platform, regardless of the specific purpose for which such data is being communicated and will be used; and (iii) having shown/communicated/forwarded to each relevant individual the Privacy Policy relating to the OLA.
     
  2. The content they upload complies with all applicable laws and regulations, such as not being offensive, harassing, invasive of another's privacy, hateful, or otherwise unlawful.
     
  3. The content they upload does not require obtaining a license from or paying any fees and/or royalties by us to any third party for the performance of any Services that the Users have chosen to be performed by us or for the exercise of any rights granted in the present T&Cs. If not, Users will be solely responsible for obtaining said licenses and paying said fees and/or royalties.
     
  4. The content they upload is not harmful (for example does not entail/contain viruses, worms and other destructive codes) and does not contain any programs that overload or interfere with the work of the platform or distort the content uploaded by other Users.
     

Use of the Online Learning Agreement platform, related Accounts, and related Services, in violation of any of the above commitments may result in termination of Accounts and prohibition of use of the platform at our sole discretion.

In addition, Users agree to hold us and any person or entity attributable to it, as well as the entities operating the Online Learning Agreement platform and the services, harmless from any and all adverse consequences, damages, claims, demands for payment, and costs that may arise by reason of a breach attributable to them of the above commitments or other commitments made under these T&Cs.

We also cannot be held responsible for the improper or illegal use of accessible information of users by other users.

In general, and notwithstanding the above, any data or piece of information shared on the platform shall not contain any material and/or statement which violates or infringes in any way upon the rights of others; which is unlawful, offensive or invasive of privacy or publicity rights; which gives rise to civil liability or otherwise violates any applicable law. We, at our sole discretion, reserve the right to remove any data or piece of information that We deem inappropriate or to be failing to comply with these T&Cs. In such cases, AUTh will also notify the affected Users.

We shall not be liable for any loss, damage or personal injury to any User or their property or other caused or suffered in connection with the use of the Online Learning Agreement platform or related Services, or related to any information collected therein. By accepting these T&Cs, Users expressly agree to the above disclaimer and accept the risks associated with it.

Should they become aware of any violation of these T&Cs, including by another User, Users are required to promptly notify AUTh at the email address [email protected].

Termination of accounts

Regardless of what is stated elsewhere in these T&Cs, an Account remains open and operational until: (i) the reference person of such Account terminates such Account; (ii) We determine that such Account has become inactive or in any case that there are no longer reasons to keep the relevant data stored; or (iii) We determine to sanction a violation of these T&Cs by terminating such Account.

Data protection specifications

Taking into account what is indicated in point 1 of the list in the section entitled “obligations and responsibilities”, and although there is cooperation in showing/communicating/sending to each Data Subject the Online Learning Agreement platform Privacy Policy, We and the Users by accepting these T&Cs and the Agreement on Data Protection Section agree that no circumstances of joint controllership or Data Controller - Data Processor type relationships in between the same exist in relation to the use of the platform and any other related Services (except as described in the Privacy Policy).

In particular, We decide autonomously the purposes and methods of Processing the Personal Data We collect in relation to such platform, acting to provide the Services to Users, while HEIs and Organisations act autonomously with regards to any Data which is communicated to them. We have no responsibility nor power over the Processing carried out by HEIs and Organisations with Data they have or receive.

Therefore, considering the above, there is no need for any data processing agreement between us on the one hand and HEIs or Organisations on the other hand. Nor can these T&Cs be considered as such, although, for the purposes of complementarity and clarity, they contain specifications and commitments related to the protection of Personal Data in relation to the platform, and the Accounts and Services related thereto.

For further information on the relationship described above, refer to our Agreement on Data Protection Section at the following link, which, by accepting these T&Cs, users accept likewise.

Consent to communication

The information Users publish on Online Learning Agreement platform is not necessarily anonymous. In particular, contact information related to any Account may be freely accessed and used for communications strictly related to the Online Learning Agreement platform by Users or us.

We may at any time contact the Users in order to request more information about the data they submitted upon the registration of the Accounts or in any other instances, to ensure that the validation procedure in line with the highest security standards, or to handle any potential issues, obstacles, or concerns that may arise.

Security

AUTh makes good faith efforts to maintain information collected in relation to the Services in a secure operating environment that is not available to the public and is accessible only by authorized employees, agents or contractors, and verifies the identity of Users before they can access any information stored in relation to the Online Learning Agreement platform.

Users are nonetheless ultimately responsible for the security of their login ID and password, and they must take care when using and storing them. We recommend that they do not divulge their password to anyone, that they log out of their accounts at the end of each computer session to ensure that others cannot access their personal information, especially if they share a computer with someone else or are using a computer in a public place. Users shall not forget that they are fully responsible for the use of their accounts.

Google Login and eduGAIN

When users access the Services using their Google login or eduGAIN dataset, We only use the relevant API to verify their account and ensure security of their data. We only fetch the authentication data and never uses any of the users’ personal information for purposes beyond the limited and express purpose of the Services experience without getting specific opt-in consent from them.

We will tendentially not use stale data. We can cache or store data we have obtained through the Google or eduGAIN API but to the extent reasonably possible within the context of the Services we will use updated data recently fetched in order to ensure the proper coordination of Services based on the specifications communicated by individual users.

We will not attempt to discover the identity of any Google or eduGAIN user unless the user consents to share their identity via the Google-approved authorisation procedure or any similar feature. This prohibition includes identifying users by correlating Google button reporting data from Google with any other data owned.

Further information regarding Google Login is present on the Privacy Policy related to the Online Learning Agreement platform and on Google’s websites.

Choice of Law and choice of Forum

Any dispute related to the present T&Cs concerning their application, binding nature, interpretation, whether directly or indirectly, shall be governed by the law of Luxembourg.

In case any such dispute cannot be settled amicably between the Users and us, it shall be submitted to the exclusive jurisdiction of the courts of Luxembourg.

Contact Information

Aristotelio Panepistimio Thessalonikis

Kedea Building, Tritis Septemvriou, Aristotle University Campus, 54636 Thessaloniki, Greece

Phone: +302310999000

Web: www.auth.gr/en/

If users have any questions about the present T&Cs or wish to withdraw their approval thereof, the may contact AUTh at the following e-mail address [email protected].

Any withdrawal or termination in relation to a specific User of these T&Cs, or the Online Learning Agreement platform in general, will not affect in any way the responsibilities that have arisen upon Users up to that point, or in any case the responsibilities that may arise in the future in relation to activities carried out or events occurring during the pendency of the application of these T&Cs to such Users.

Please note that any link to sites or applications of third parties on our websites, on the Online Learning Agreement platform, or in the related legal documentation does not constitute sponsorship or affiliation between such third party and us unless explicitly indicated otherwise.

Update of T&Cs

The present T&Cs are subject to change and update. Any information on such updates will be announced on the Online Learning Agreement website and will also be communicated to all Users by notice available on the platform before the change becomes effective.

Last updated: 28 February 2022

Agreement on Data Protection 

This sub-agreement to the Terms and Conditions on the lack of necessity of a Data Protection Agreement between us and users of the Erasmus Dashboard or OLA platforms (the “Section”) reflect the legal framework Data Protection-wise between all the parties involved in connection with the Services provided under the two platforms and their respective T&Cs and Privacy Policies. 

When creating Main Institutional or Staff Accounts on Erasmus Dashboard or an Account on the OLA platform, users are explicitly asked to accept the relevant T&Cs. If for any reason this is not the case, accessing any such accounts, uploading data to any such accounts, and/or using any of the Services connected to the relevant platforms will still be considered as implicit acceptance of the relevant T&Cs

By accepting the relevant T&Cs, the users also agree to the allocation of responsibilities and the separation of roles in relation to the processing of Personal Data as set out in the continuation of this Section; as specified in the mentioned T&Cs as well. 

General Remarks 

The terms of this Section will follow the terms of the T&Cs. Terms not otherwise defined in this webpage will have the meaning as set forth in the T&Cs.

As the European Data Protection Board (the “EDPB”) specified in its Guidelines 7/2020 on the concepts of Controller and Processor in the GDPR, the fact that several actors are involved in the same Processing does not mean that they are necessarily acting as Joint Controllers of such Processing, nor that there is a Controller to Processor relationship. Not all kind of partnerships, cooperation or collaboration imply those relationships as qualification requires a case-by-case analysis of each Processing at stake and the precise role of each entity with respect to each Processing.

In particular, the exchange of the same data or set of data between two entities without jointly determined purposes or jointly determined means of Processing should be considered as a transmission of data between separate Controllers. On the same note, there can be situations where various actors successively Process the same personal data in a chain of operations, each of these actors having an independent purpose and independent means in their part of the chain. In the absence of joint participation in the determination of the purposes and means of the same Processing operation or set of operations, Joint Controllership has to be excluded and the various actors must be regarded as successive independent Controllers.

Dashboard and OLA platforms

In the relevant environment, there are three different “poles of interest” which constitute, precisely according to the indications of the EDPB, a chain of Processing by Data Controllers who are independent from each other, even though they Process the same Personal Data (at least partially) and relating to the same Data Subjects.

From a diachronic point of view, there are first of all HEIs and Organisations that directly Process Personal Data related to their Data Subjects, collect them directly, and store them for the performance of their primary activities, independently of any use of the platforms considered herein.

Secondly, there are the Joint Controllers of the European Dashboard and OLA platforms, which receive Personal Data directly from the Data Subjects (in the case of OLA) or from the entities referred to in the preceding paragraph. What is important to clarify here is that the Joint Controllers independently determine the means of Processing of the platforms, but also the purposes of the platforms, their functionalities and the Services. The communication (or uploading, more correctly) of data on the platforms by users does not imply any interference in the determination of the purposes of Processing. 

While the Joint Controllers perform services both towards the mentioned entities and towards the affected individuals; the fundamental element of this Section is that for what regards the processing of Personal Data of such individuals, the Joint Controllers provide services directly in favour of the Data Subjects, and this is the case both when the relevant data to be Processed and transmitted are provided by the Data Subjects themselves, and when they are provided by entities that already Processed them previously (and/or simultaneously) for different institutional purposes, even though some of these purposes together are components that combined enable mobility of individuals. Even in this latter case, the relevant processing is not provided in favour of such entities, which provide the data to be processed and transmit the indications of their own Data Subjects who, as indicated in our Privacy Policy, must have given HEIs and Organisations their consent to do so. In this regard, we would like to point out that no data transfer to a recipient HEI or Organisation can ever take place without a direct indication of the Data Subject, even when the relevant data have been uploaded by another user.

Thirdly, there are the HEIs and Organisations that will receive user data as a result of the provision by the Joint Controllers of the requested services. Once these transfers have taken place, any Processing carried out by these entities is entirely unrelated to the activities of the Joint Controllers, which do not determine their purposes or means.

Conclusions

Consequently, We will be considered the Data Controllers only in relation to the Processing carried out within the platforms, after the upload of the relevant Personal Data, in full compliance with the mentioned Privacy Policy.

At the same time, as agreed in the T&Cs, the user who uploads Personal Data independently manages any previous Processing, ensuring us at least: (i) performing such Processing in full compliance with the GDPR; (ii) having obtained any necessary consent, as mentioned above, to upload personal data to the platform; and (iii) having shown/communicated/forwarded to each relevant individual the Privacy Policy relating to the Erasmus Dashboard.

Lastly, the entities which shall receive data from the platforms shall act as independent Controller for any further Processing. 

In particular, We decide autonomously the purposes and methods of Processing the Personal Data We collect in relation to such platform, acting to provide the Services to HEIs and users.

In the light of the above, it is clear that there are three different groups of independent Controllers, each sovereign of any decision relating to the means and purposes of processing in its field of activity, with the consequence that no Data Protection Agreement is necessary between them.