Privacy Statement concerning Personal Data Processing within the Project “Supporting internationalisation of HE through professionalising services for mobile academic staff”
Erasmus+ Project No. 2020-1-SK01-KA203-078369
Contents
The organisations detailed below in the section concerning Controllers created a consortium to jointly prepare and implement the project entitled “Supporting internationalisation of HE through professionalising services for mobile academic staff” (further referred to as ‘the Project’) within the framework of the Erasmus+ programme, Key action 2: Strategic partnerships. For implementing this Project, the Project coordinator SAIA, n. o. has been awarded a grant from the Slovak Academic Association for International Cooperation – SAAIC, which is the Erasmus+ National Agency for Education and Training (further referred to as ‘NA’) and therefore the coordinator has concluded the Grant agreement No. 2020-1-SK01-KA203-078369 with the NA (further referred to as “Grant agreement”) on behalf of the consortium. The consortium and its members are also responsible for effective, economical and purposeful management of the funds, having responsibility towards the granting institution. The activities within the Project are also related to the processing of personal data that the organisations shall process in compliance with the Regulation of the European Parliament and of the Council (EU) 2016/679 of 27 April 2016, on Protection of Natural Persons with regard to the Processing of Personal Data and on the Free Movement of Such Data, repealing Directive 95/46/EC (General Data Protection Regulation) (hereinafter referred to as the “GDPR”) and with other applicable national legislation of countries where the organisations of the consortium are based in (hereinafter referred to as the “national data processing legislation”).
Following organisations build the consortium for the implementation of the Project described in the Introduction and therefore act as Controllers when data processing is concerned in relation to the Project:
Sasinkova 10
812 20 Bratislava
Slovakia
website: www.saia.sk
(hereafter referred to as SAIA)
15 Rue d’Egmontstraat
B-1000 Brussels
Belgium
website: https://aca-secretariat.be
(hereafter referred to as ACA)
Polna 40
00-635 Warszawa
Poland
website: https://nawa.gov.pl/
(hereafter referred to as NAWA)
Univerzitetski trg 2
18000 Niš
Serbia
website: www.ni.ac.rs
(hereafter referred to as University of Nis)
15, Tzar Osvoboditel
BG-1000 Sofia
Bulgaria
website: www.uni-sofia.bg
(hereafter referred to as Sofia University)
Šafárikovo nám. 6
P.O.Box 440
814 99 Bratislava
website: www.uniba.sk
(hereafter referred to as Comenius University in Bratislava)
To be able to securely process the data in relation to the Project also jointly where necessary, the organisations of the Project consortium have concluded “Agreement on joint processing of personal data according to Art. 26 of the European General Data Protection Regulation 2016/679”. Moreover, taking into account that one of the Project consortium organisations is located outside the European Union and thus this organisation is not governed directly by the GDPR, all Project consortium organisations have committed themselves to sign bilaterally the “Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)” as set by the European Commission between each Party based on the territory of the European Union on one side and a Party based outside the territory of the European Union on the other side in order to ensure the lawful transfer of data for the purposes of the Project.
All persons coming into contact with personal data within organisations of the Project consortium (in particular, employees involved in the implementation of the Project) have been properly informed about the applicable privacy policy in the personal data obtaining and processing, and are bound by confidentiality obligation regarding the data obtained in any case, unless it is in compliance with the purpose for which they have been obtained.
The organisations of the Project consortium agreed as controllers to jointly determine the range of data collected and processed for the needs of Project implementation.
An organisation of the Project consortium that primarily collects and processes the data in its role as controller may decide to involve a processor to process data on its behalf, however the organisations of the Project consortium agreed jointly that such processor shall oblige with the rules and regulations set in the GDPR and inform other organisations of the Project consortium about such situation. The information about processors contracted and used by individual organisations of Project consortium in general can be found on the websites of the respective organisations within their privacy statements.
Data protection officers are established at each of the organisations of the Project consortium:
Organisations of the Project consortium, to be able to fulfil the obligations arising from the Grant agreement may collect and process data in order to:
Organisations of the Project consortium may process the data to fulfil the obligations arising from the Grant agreement of the Project. As a minimum requirement, the lawfulness of data processing done by the Parties shall follow the rules set by GDPR (especially in the Article 6 of the GDPR).
The Parties as controllers jointly determine the range of data collected and processed for the needs of Project implementation.
To successfully implement the Project, the following data may be processed jointly by the organisations of Project consortium as controllers:
Subject to the processing described above may be (data subjects):
The respective organisations of the Project consortium in their role as controllers are in charge of:
The organisations of the Project consortium shall not disclose any personal data to third parties (recipients) without the provision of personal data being in compliance with the purpose for which the data have been collected, or in the demonstrable interest of the data subject. The organisations of the Project consortium shall not trade with personal data (i.e., in particular, they do not buy or sell contacts or other data to other recipients, e.g. for marketing purposes) since it is not in line with the Project.
Pursuant to the GDPR, third countries are all the countries that are not member states of the European Union or the European Economic Area, and, thus, the GDPR does not apply to them.
The organisations of the Project consortium abstain from any data transfer to any subject outside the European Union unless it is in line with the GDPR.
Since one of the Project consortium organisations is located outside the European Union and thus this organisation is not governed directly by the GDPR, all Project consortium organisations have committed themselves to sign bilaterally the “Standard contractual clauses for the transfer of personal data from the Community to third countries (controller to controller transfers)” as set by the European Commission between each Party based on the territory of the European Union on one side and a Party based outside the territory of the European Union on the other side in order to ensure the lawful transfer of data for the purposes of the Project.
The period for which the personal data will be stored depends on the respective applicable national legislation of the country where the respective organisation of the Project consortium is based. However, based on the Grant agreement and obligations arising from it for the organisations of the Project consortium the data shall be stored as minimum for the duration of the Project extended for five years starting from the date of payment of the balance in order to carry out eventual checks, audits or evaluations of Project outcomes and documentation by the Project financing agency and/or other authorised subjects. Based on this requirement the data are usually stored for 10 years if the applicable national legislation does not require otherwise.
In compliance with the GDPR, the data subject has the following rights:
You can exercise your rights under the GDPR by sending an email to contact points stated under “2. Data Protection Officers”. It is recommended to send such an email to the organisation of the Project consortium that primarily collected the data from you as data subject for the purpose of Project implementation. The Project consortium will carefully deal with such a complaint and inform you about the result of our actions in the respective case. Please note that the transfer of data via the Internet (e.g. via e-mail) may have security deficiencies and that full protection against the access of third parties to the data sent this way cannot be guaranteed. Thus, we assume no liability for damages caused by such security risks. Our websites are protected by the SSL secure connections.
You, as a data subject, are also entitled to file a complaint for the violation of your rights at the supervisory authority in the Slovak Republic, as the organisations of the Project consortium have agreed that their joint agreement on joint processing of personal data is governed by the laws of the Slovak Republic:
In the following case, the provision of personal data by the data subject is a prerequisite for the provision of service:
The aforementioned services cannot be provided, or the contractual relationship cannot be concluded without providing the data.
The organisations of the Project consortium do not use any means for automated decision-making or processing in its operations in relation to the Project.
Version: 2 Feb 2021