Privacy Statement – Mobility Tool+
This privacy statement provides information about the processing and the protection of your personal data.
- Why and how do we process your personal data?
- On what legal ground(s) do we process your personal data?
- Which personal data do we collect and further process?
- How long do we keep your personal data?
- How do we protect and safeguard your personal data?
- Who has access to your personal data and to whom is it disclosed?
- What are your rights and how can you exercise them?
- Contact information
- Where to find more detailed information?
Please also see the related privacy statement "Erasmus+ and European Solidarity Corps participants affected by COVID-19 situation".
The European Commission (hereafter ‘the Commission’) is committed to protect your personal data and to respect your privacy. The Commission collects and further processes personal data pursuant to Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (repealing Regulation (EC) No 45/2001).
This privacy statement explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer and the European Data Protection Supervisor.
The information in relation to processing operation “Erasmus+, European Solidarity Corps and Lifelong Learning Programme project management (Mobility Tool+)” under Erasmus+, European Solidarity Corps and Lifelong Learning Programme, undertaken by DG EAC.B.4 is presented below.
Purpose of the processing operation:
DG EAC collects and uses your personal information to:
- manage details of project activities, participants and budget
- manage participating organisations in the project, other than the ones registered in the grant agreement
- manage contact details of all the organisations taking part in the project
- manage the individual participant surveys and provide statistics on the answers provided
- manage final reports and interim/progress reports based on the statistics collected from the project and the answers provided by the beneficiary
- provide support to future participants in the programmes (based on consent)
- provide testimonials on participation in the programmes (based on consent)
- participate in further studies regarding the programmes and EU issues (based on consent)
- allow Erasmus+ Student and Alumni Alliance contact participants to take part in their activities (based on consent)
- provide participant feedback on courses followed (based on consent)
- allow RAY Network contact participants to take part in a research survey (based on consent)
Your personal data will not be used for an automated decision-making including profiling.
We process your personal data, because:
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body;
- processing is necessary for compliance with a legal obligation to which the controller is subject.
The processing operations are necessary for the fulfilment of the Commission obligations and responsibilities of monitoring and reporting established in:
- DECISION 1720/2006/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of November 15 2006 (OJ L 327 of 24.11.06, p.45). Amendment: DECISION No 1357/2008/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 16 December 2008 amending Decision No 1720/2006/EC establishing an action programme in the field of lifelong learning (OJ L 350 of 30.12.08, p.56).
- REGULATION (EU) No 1288/2013 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 11 December 2013 establishing 'Erasmus+': the Union programme for education, training, youth and sport and repealing Decisions No 1719/2006/EC, No 1720/2006/EC and No 1298/2008/EC;
- REGULATION (EU) 2018/1475 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 2 October 2018 laying down the legal framework of the European Solidarity Corps and amending Regulation (EU) No 1288/2013, Regulation (EU) No 1293/2013 and Decision No 1313/2013/EU.
The processed data do not fall within the scope of the stipulations on Restrictions (art. 25) and Prior Consultation (art. 40) embedded in Regulation 2018/1725.
In order to carry out this processing operation, DG EAC collects the following categories of personal data.
Data of contact persons in participating organisations:
- First name
- Last name
- Legal address
- Postal code
Data of National Agency staff:
- First name
- Last name
Data of person participating in a mobility or European Solidarity Corps project:
- Participant ID
- Participant registration Number (ESC portal)
- First name
- Last name
- Date of birth
- Support for special needs (yes/no) – this is collected when it could have repercussions on the arrangements that are necessary to enable the applicant to take part in the project or in the amount of the grant
- Disadvantaged background/fewer opportunities (yes/no) - this is collected when it could have repercussions on the amount of the grant and for statistics
The provision of personal data is mandatory for the management of projects and associated activities/mobilities.
DG EAC only keeps your personal data for the time necessary to fulfil the purpose of collection or further processing.Data will be deleted 10 years after the end of the year of the closure of the last project in the relevant programme (defined by the last financial transaction between NA and the beneficiary organisation).
Alldata is stored at the Commission (in a central server situated inside the EU).
All processing operations are carried out pursuant to the Commission Decision (EU, Euratom) 2017/46 of 10 January 2017 on the security of communication and information systems in the European Commission.
In order to protect your personal data,the Commission has put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.
Access to your personal data is provided to the Commission staff responsible for carrying out this processing operation and to authorised staff according to the “need to know” principle. Such staff abide by statutory, and when required, additional confidentiality agreements.
Outside the EU organisation, access to your personal data is provided to:
- Staff of beneficiary organisations
- Staff of partner country organisations
- Staff of National Agencies
- Staff of Erasmus+ Students Alumni Association (ESAA)
- Authorised users in external companies contracted by the Commission for the delivery of services
- In case of audit: external auditors
- Designated insurance company (for European Solidarity Corps)
- EU Delegation in the participant's sending countries
- Staff of IZ - Verein zur Förderung von Vielfalt, Dialog und Bildung (Austrian Youth National Agency coordinating RAY Network)
The controller will transfer your personal data to the following recipients in a third country or to an international organisation in accordance with Regulation (EU) 2018/1725.
Data is transferred to the National Agencies established in each of the EU Member States and to the National Agencies established in the other participating countries in Erasmus+ and the European Solidarity Corps (EFTA countries that are party to the EEA Agreement; acceding countries, candidate countries and potential candidates benefiting from a pre-accession strategy; the Swiss Confederation; countries covered by the European neighbourhood policy which have concluded agreements with the Union providing for the possibility of their participation in the Union's programmes) as stated in Article24 "Country participation" of Regulation (EU) 1288/2013 and in Article 11 "Participating countries" of Regulation (EU) 2018/1475.
The controller will transfer your personal data based on:
- adequacy decision of the Commission for a specific country (Article 47 of Regulation (EU) 2018/1725)
- appropriate safeguards (Article 48 of Regulation (EU) 2018/1725)
The information we collect will not be given to any third party, except to the extent and for the purpose we may be required to do so by law.
You have specific rights as a ‘data subject’ under Chapter III (Articles 14-25) of Regulation (EU) 2018/1725, in particular the right to access or rectify your personal data and the right to restrict the processing of your personal data.
You have the right to object to the processing of your personal data and in case the objection is successful you can have your personal data erased.
You can exercise your rights by contacting the Data Controller or, in case of conflict, the Data Protection Officer of the European Commission. If necessary, you can also address the European Data Protection Supervisor. Their contact information is given under Heading 9 below.
Where you wish to exercise your rights in the context of one or several specific processing operations, please provide their description (i.e. their Record reference(s) as specified under Heading 10 below) in your request.
The Data Controller
If you would like to exercise your rights under Regulation (EU) 2018/1725 or if you have comments, questions or concerns, or if you would like to submit a complaint regarding the collection and use of your personal data, the first level is to contact the National Agency that manages your application. The list of National Agencies is available at https://ec.europa.eu/programmes/erasmus-plus/contact_en.
Further to the above you can contact:
- The Data Controller: EAC-NA-COORDINATION@ec.europa.eu
- DG EAC's Data Protection Controller: email@example.com
The Data Protection Officer (DPO) of the Commission
You may contact the Data Protection Officer (DATA-PROTECTION-OFFICER@ec.europa.eu) with regard to issues related to the processing of your personal data under Regulation (EU) 2018/1725.
The European Data Protection Supervisor (EDPS)
You have the right to have recourse (i.e. you can lodge a complaint) to the European Data Protection Supervisor if you consider that your rights under Regulation (EU) 2018/1725 have been infringed as a result of the processing of your personal data by the Data Controller.
The Commission Data Protection Officer (DPO) publishes the register of all processing operations on personal data by the Commission, which have been documented and notified to him. You may access the register via the following link: http://ec.europa.eu/dpo-register.
This specific processing operation has been included in the DPO’s public register with the following Record reference: DPR-EC-01069.