Like other academic institutions, the EUC processes personal data. The EUC is committed to protecting personal data and handling it with the utmost care in order to safeguard the privacy of those concerned. In this privacy statement you can read more about our guidelines for handling personal data, about questions and services you may request from us, and about our point of contact for further information regarding privacy and data protection.
Which personal data is processed and why
Personal data the EUC processes
The EUC is responsible for processing large amounts of personal data: not just from students, guidance counsellors, parents but also from third party experts and any other visitors. We process this data either to fulfil the legal requirements necessary to provide education or in order to improve our services as a consortium.
The purposes for which it is processed
- Providing education
Keeping records on students, counsellors and others who have shown interest in education in Europe, managing internal and external information flows; concluding contracts with students; formulating policy on education matters; being able to provide advice, guidance, and counselling; settling disputes, etc.
- Outreach, marketing and communication
Recruitment of prospective students; performing market research; concluding and fulfilling contracts with other educational institutions (e.g. high schools); improving public and customer relations; improving marketing and branding of the EUC; managing and improving our website, archival services etc.
All these various types of data will be treated with the utmost care; none will be freely accessible. Member universities of the EUC and persons acting on behalf of the EUC who work with such data will only be authorised to do so to the extent necessary for the performance of their duties. Additionally, the EUC is continuously committed to maintaining the proper technical and organizational safeguards with regard to information security and data protection.
Categories of personal data processed by the EUC
Because the EUC performs activities in all the areas listed, a lot of personal data is gathered and stored. In light of these activities, it is possible that the EUC processes the following categories of personal data:
- Place of Birth
- Bank Account Number
- Telephone number
- Date of Birth
- Information regarding user interaction (e.g. IP address, cookies, clicking behaviour, information from contact forms etc.)
- Images (photos and videos)
- Information regarding choice of study programme, study progress and study results
In principle, the personal data processed by the EUC has been disclosed to the EUC directly. However, it may also be the case that the EUC receives personal data from third parties. We often collaborate with middle and high schools located abroad, and (international) organisations located abroad, both inside and outside the EU. Within the scope of such collaborative projects, it is possible for personal data to be disclosed to these third parties: naturally, this will always happen in compliance with all relevant privacy and data protection laws and regulations and the EUC will always strive for the shortest possible retention period of relevant data.
Provision of data to third parties
The EUC will not exchange personal data with third parties for financial gain. Personal data that allows for a third party to trace an individual person will only be supplied to a third party when this is required by law; when this is necessary for the fulfilment of a contract with the data subject; or when the data subject has given his or her explicit, informed consent to the transfer of the data.
The EUC can instruct third parties to perform services for it, in which case the EUC will draw up an agreement in which it lays down the duties of the service provider with regard to the processing of personal data (a so-called “data processor agreement”). In this contract it is stipulated that the third party will handle any disclosed personal data confidentially, carefully, and in compliance with privacy legislation. Aside from the situations that have been specifically mentioned above, the EUC will not disclose personal data to third parties, unless required to do so by law.
Subjects’ rights with regard to their personal data
On May 25th 2018, the “General Data Protection Regulation” took effect. The GDPR is a European regulation which grants individuals rights with respect to the way their personal data is handled and protected. Individuals may, for example – depending on the legal basis for the processing of their personal data and dependent on the fulfilment of certain conditions – exercise a right to:
inquire as to what personal data is processed and, when the data is provided to the EUC by a third party, inquire into the source of this information;
request the correction of data insofar as it is incorrect;
- Object to the processing of his or her data;
- Know of the existence of possible automated decision making processes, and, when these are used to create profiles, inquire into the logic underlying these processes, the purposes they serve, and their consequences;
- ‘Be forgotten’ by an institution that has processed their personal data.
The competent national authority concerning privacy and data protection is the Commission for the Protection of Privacy. This is the authority that monitors privacy law compliance and where any individual can file a complaint regarding privacy and the processing of personal data.
Further questions regarding the different rights and obligations in the field of privacy can be directed to the EUC president via firstname.lastname@example.org.