Specific Privacy Statement - Lifelong Learning and Erasmus + Programmes – data stored and processed in Mobility Tool
This statement refers to the online management tool (Mobility Tool) for mobilities under the Lifelong Learning and Erasmus + programmes. As this system contains individuals' personal data, its publishing and processing falls within the provisions of the Regulation (EC) N° 45/2001 of the European Parliament and of the Council of 18 December 2000. This privacy statement explains to you the way in which this system uses personal data, and the way in which the privacy of this data is being protected.
- What is the purpose of the data collection?
- What personal data do we collect?
- Which technical means do we use for processing your data?
- Who has access to your information and to whom is it disclosed?
- How long do we keep your data?
- How can you access your personal data, verify its accuracy and, if necessary, correct it?
- What are the security measures taken to safeguard your information against possible misuse or unauthorised access?
- Whom to contact if you have queries or complaints?
The Commission needs to follow-up the results of the projects in order to be able to assess the total outcome of the mobility actions. The projects need to report relevant data on the flows to the National Agencies. The National Agencies collect these data and make a succinct report to the European Commission. The data cover financial elements (grants, payments, etc.) as well as statistical elements (numbers, countries, sectors etc.) In order to simplify the reporting chain, the European Commission launched the on-line Mobility Tool which allows a single entry system for the different data and the necessary extraction of reports when needed.
Besides the quantitative data collection, the tool has a second part used for collecting the final reports (questionnaires) of the individual participants. Most of the questions are closed questions which offer the possibility to get a general overview of the answers (in a scale from 1 to 5) and to assess the general perception of the programme by the users. The participants are reminded not to provide any reference/comment to/about any specific/identifiable person when completing in the free text fields of their questionnaire.
On voluntary basis (with the possibility to opt-in in the participant report), participants can allow DG EAC to transfer some of their data (first/last name, date of birth, email address, home university and host university) to the Erasmus Students+ Alumni Association (ESAA)
- Information about participating organisation contact persons (Title, First Name, Last Name, Gender, Department, Position, Phone numbers, Email, Legal Address, Postal Code, City, Country, Region and Fax)
- Information about National Agency and Commission administrators (Title, First name, Family, name, E-mail address, Department, Position).
- Information about the person who applies for a mobility individual grant (Title, First name, Family name, Date of Birth, Gender (m/f), Telephone, E-mail address, Street, number, Postcode, City, Region and Country, Nationality).
- Information regarding special needs (yes/no) of the individual applicant is collected when it could have repercussion on the arrangements that are necessary to enable the applicant to take part in the project or in the amount of the grant.
The data collection and processing is done using the Commission's IT standards and telecommunication infrastructure. The data is stored in a central database (managed by DG Education and Culture and located at the Commission Data Centre in Luxembourg).
- Staff of beneficiary organizations: data of the participants in their projects.
- Staff of Partner Country organisations: data of participants from their organisation and incoming participants to their organisation;
- Staff of National Agencies: data of participants from their country and incoming participants.
- Designated staff of the European Commission, DG EAC: all data of participants
- The data details of the participants, who agreed to via the Participants reports, might be transferred to ESAA, i.e.: the first/last name, date of birth, email address, home university, host university. This is done on voluntary basis with the possibility to opt-in.
- EU Delegation in the participant's sending countries: first/last name and email address.
On top of that, your data may be disclosed to the following services, where applicable:
- Internal Audit Services
- European Anti-Fraud Office (OLAF)
- Court of Auditors
Personal data should stay in the system during the lifetime of the programme and the reporting for projects linked to this. Data will have to be kept for five years after the final reporting in order to be able to trace the participants in case of ex-post problems or audits or evaluations.
You may, on written request sent to the "Controller", gain access to your personal data and request modification, cancellation or blocking of your data. Please note that in this case your request will be accepted only if it is justified under the terms of articles 13-18 of the (EC) N° 45/2001.
Any request must be sent by mail or by electronic mail to the address of the National Agency responsible for the management of your mobility.
What are the security measures taken to safeguard your information against possible misuse or unauthorised access?
The datasets are safeguarded in the Commission (and covered by the numerous defensive measures implemented by the Commission to protect the integrity and confidentiality of the electronic assets of the Institution).
The first level is to contact the national agency that manages your mobility (the list of National Agencies is available at https://ec.europa.eu/programmes/erasmus-plus/contact_en for the Lifelong and Erasmus+ Programmes).
Further to the above you can contact:
- The "ERASMUS+ Programme Coordination" Unit of the Directorate-General for Education, Youth, Sport and Culture (DG EAC) of the European Commission: EAC-NA-COORDINATION@ec.europa.eu
- DG EAC's Data Protection Coordinator: firstname.lastname@example.org
- The European Commission Data Protection Officer: email@example.com
- the authority in charge of data protection in your country (the list of data protection national authorities is available at http://ec.europa.eu/justice_home/fsj/privacy/nationalcomm/index_en.htm ).
In case of conflict, complaints can be addressed to the European Data Protection Supervisor (EDPS) http://www.edps.europa.eu