All personal data of the user is collected, stored, and retained with the intention to provide the best possible service. ECIU treats this data with the utmost care. This statement provides an explanation as to the data ECIU collects, the way these are collected and stored, the reason why it is collected and how users of our digital services may exercise their rights.
Personal data collected in accordance with this privacy policy will be processed in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27th April 2016 (GDPR).
Transfer of personal data to ECIU University when using federated login (Privacy Policy)
ECIU is developing this service (hereinafter called ECIU University) directed towards (Continuous) Learners, Teachers, Researchers and Stakeholders from all around Europe. ECIU uses this service to control the assurance level of a user before activating the ECIU account or resetting the password of the ECIU account. The user needs to successfully sign into an external Identity Provider to complete the account creation/password reset.
Processing of personal data
Personal data is transferred from the Identity Provider (your login service) to the service to ensure correct and verified personal information and to provide you with a user-friendly interface.
When logging in to this service, the following personal data are requested from the identity provider you use:
Personal data | Purpose | Technical representation |
Unique identifier | To identify the user from the Home University | eduPersonPrincipleName |
Display Name | The name is used in lists within the service | displayName |
E-mail address | Used to be able to contact you by e- mail and to be able to forward your ECIU e-mail to your Home University e- mail address. | |
The assurance level of the login | To verify that the user has the correct assurance level to complete the process. | eduPersonAssurance |
The date of birth | To be able to collect statistics about age-groups taking Learning Opportunities. | schacDateOfBirth |
First name | To build the username and e-mail address | givenName |
Last name | To build the username and e-mail address | sn |
European Student Identifier | The European Student Identifier is used in digital credentials. | schacPersonalUniqueCode |
In addition to direct personal data, indirect personal data is also transferred, such as which organization the user belongs to, and which identity provider has been used when logging in. In combination with the above personal data, these can be used to uniquely identify a person.
You can add more personal data to your user profile. You can also be asked to add more personal data when applying to an ECIU Learning Opportunity or by using services in the ECIU University services. By entering personal data in ECIU University services you agree that ECIU is allowed to process the data for you to perform essential services or for reporting purposes.
Your personal data can be shared with other Member Universities within ECIU and other associated organizations with the main purpose of delivering essential services. Such occasions include:
the service of issuing micro-credentials via the European Digital Credentials for Learning platform (EDCI) and Europass. More information can be found in the Terms and Conditions.
When using ECIU University services the lawful basis is: Processing is necessary for the purpose of the legitimate interests.
When applying and attending to a Learning Opportunity the lawful basis becomes: Processing is necessary for compliance with a legal binding and contract implementation.
When you add personal data to gain a better experience the lawful basis is:
Data subject has given consent.
For access, rectification and erasure of your personal data, contact the Personal data controller.
Rectification of personal data that was transferred at the moment of login has to be done in the identity provider that you use to log in. This information is corrected in the service at the moment of the first login after the personal information has been corrected in the identity provider.
ECIU University provides services for Continuous Learners. All users will be treated as Continuous Learners and personal data will not be automatically purged after an amount of time. If you want to have your personal data removed, please contact our data protection officer.
Information about the Collection and Processing of Personal Data for ECIU University Newsletters and Event Registration
ECIU decided to prepare and circulate the ECIU University Newsletter(s) and offer ECIU Events Registration, to inform various target audiences about ECIU University activities, learning opportunities and events.
In order to achieve the above scope and by participating, you as a user give your free consent*, to ECIU, as the Authorized Processor (contact details: first name, last name, email) to collect and process your Personal Data in accordance with the basic Principles governing the Legislative framework for the protection of Personal Data (General Regulation (EU) 2016/679 and Law Ν.125(I)/2018), i.e. the principles of lawfulness, fairness and transparency, purpose limitation, accuracy, storage limitation and integrity and confidentiality.
ECIU processes the Personal Data collected during the subscription, in accordance with the legal obligation under the Regulation. According to Article 6. (a), “the data subject has given consent to the processing of his or her Personal Data for one or more specific purposes”.
To achieve the above purpose and by being a recipient of the ECIU University Newsletter, you give your free consent to collect and process the following Personal Data concerning your person: your name, surname, and email. The collection and processing of Personal Data will be facilitated via a registration form, which will explicitly request the consent of the user. Should the user deny consent, the Personal Data will not be collected or used.
Your Personal Data will remain secure. For the security of Personal Data, technical and organizational measures are taken to protect them from accidental or illegal destruction, loss, alteration, unauthorized disclosure, or access.
The newsletter subscription and event registration are administrated using the Marketing Module tool at Microsoft Dynamics 365. Microsoft is acting as a third party to facilitate this activity and data is handled also in line with Microsoft’s Privacy Policies, that can be found here (Microsoft Privacy Statement – Microsoft privacy).
According to the Legislative framework for the protection of Personal Data you have the following rights which you can exercise at any time within the time period referred to in the above paragraph, "Data Retention", for which the data concerning you will be retained:
Right of Access (Rule 15): You can request confirmation of the processing of your Personal Data, access, and other information.
Right of correction (Rule 16): You can request the correction of inaccuracies or the completion of incomplete data by contacting the Commission secretariat.
Right of Deletion (Rule 17): You have the right to request the deletion of your data under the terms of Rule 17 of the Rules.
Right to restrict processing (Rule 18): You have the right to request that your data be restricted in the cases provided for in Rule 18 of the Rules.
Right of objection (Rule 21 (1)): You have the right to object, at any time and for reasons related to your particular situation to the processing of Personal Data in accordance with the provisions of Rule 21 (1) of the Rules.
You can exercise the above rights as well as any of your requests by contacting the Data Protection Officer (support@eciu.eu).
You also reserve the right if you find that your Personal Data is being processed illegally or that your rights to your Personal Data have been violated. In addition, you have the right to revoke your consent at any time, without prejudice to the legality of the processing based on consent prior to its revocation.
Personal data controller
Personal data controller for the processing of personal data is ECIU University. If you have questions about how personal data is processed within the service, please contact support@eciu.eu.
Cookies
When you visit websites, they may store or retrieve data in your browser. This storage is often necessary for the basic functionality of the website. The storage may be used for marketing, analytics, and personalization of the site, such as storing your pr eferences.
Privacy is important to us, so you have the option of disabling certain types of storage that may not be necessary for the basic functioning of the website. Blocking categories may impact your experience on the website. For the full ECIU privacy policy click here.
GÉANT Data Protection Code of Conduct
This service complies with the international framework GÉANT Data Protection Code of Conduct (http://www.geant.net/uri/dataprotection-code-of-conduct/v1) for the transfer of personal data from identity providers to the service. This framework is intended for services in Sweden, the EU and the EEA that are used in research and higher education.