Education, Audiovisual and Culture Executive Agency

EPALE – Electronic Platform for Adult Learning in Europe

 

Privacy Statement

The European Education and Culture Executive Agency ("EACEA") is committed to preserving your privacy. All personal data are dealt with in accordance with Regulation (EU) No 2018/1725 on the protection of personal data by the Union institutions, bodies, offices and agencies [1] ("the data protection regulation").

The following Data Protection Notice outlines the policies by which the EACEA collects, manages and uses the personal data of the concerned individuals within the Electronic Platform for Adult Learning in Europe ('EPALE'). EPALE is a European, multilingual, open membership community of adult learning professionals, including adult educators and trainers, guidance and support staff, researchers and academics, and policy makers. It provides a platform where EPALE registrants can communicate and collaborate. 

 

1. Who is responsible for processing your personal data (data controller)?

The controller is the European Education and Culture Executive Agency, BE-1049 Brussels. 

The person designated as being in charge of the processing operation is the Head of Unit A.6 Platforms, Studies and Analysis. 

Email: EACEA-EPLUS-EPALE@ec.europa.eu 

2. Which personal data are processed?

Mandatory data:

• Name and Surname 

• Country based in  

• Email address 

Optional data:

• Related thematic areas of interest  

• Features of interest on the site (e.g. partner search) 

• Online activity  

• Photo 

• Gender 

• Phone number 

• City 

• Short bio 

• Job title 

• Organisation 

• Occupation / role  

• Social media profiles 

• Language(s) used 

Optional personal data voluntarily submitted by the users themselves in the collaborative sections and posts (e.g., Blogs, News, etc.): 

• Comments in discussions  

• Comments or educational materials posted in the Resources centre  

• Comments or educational materials posted in the National Support Services (NSS) closed group (accessible only to NSSs and the Central Support Service) and other private and public groups 

• Files, images, videos and blog posts 

• Messages in the Partner search tool 

Optional personal data submitted on voluntary basis during online events 

• Voice and images of participants who voluntarily choose to turn on their microphone and camera in order to participate in the discussions 

3. For which purpose do we process your data?

The purpose of the processing of your personal data is to operate the EPALE platform and mobile application, and provide related services. 

The personal data is processed in order to implement the activities of the Central Support Service (CSS), including: 

• Set up and manage the users’ accounts on both EPALE platform and mobile application. 

• Protect the website against malicious activities. 

• Assure quality of the online content (e.g. monitoring and validation of publications on the EPALE platform). 

• Organise and manage online events (including live streaming and/or recording, if needed) and/or physical events. 

• Inform users about EPALE activities through a newsletter (when users register to EPALE they can also sign up for the EPALE newsletter). 

• Share user data with the National Support Services (NSS) to allow users to be contacted for national EPALE activities (e.g. national newsletters, participation in courses, seminars, workshops, conferences). The users have to give their consent upon registration by selecting to allow their National Support Service to contact them via email for dissemination of informative and promotional materials on EPALE. 

• Allow interaction and networking among the EPALE community members through the internal messaging system that does not allow sharing of sensitive data. 

• Identify new user needs and improve the quality/functioning of the EPALE platform. 

• Perform statistical analyses.  

4. Who has access to your personal data and to whom is it disclosed?

Access to your personal data may be given on a need-to-know basis to the following recipients: 

• Authorised staff of EACEA and European Commission, Directorate-General for Education, Youth, Sport and Culture (DG EAC) and Directorate-General for Employment, Social Affairs and Inclusion (DG EMPL).  

• Authorised staff of Tremend Software Consulting Srl and Lai-Momo Società Cooperative Sociale (both entities act as data processors of EACEA).  

• EPALE National Support Services (NSS), who are in charge of promoting EPALE to the local and national stakeholders and keeping contact with them. Each NSS receives the personal data of the users of its respective country, if the users agree with this upon registration.  

• Registered users: information made public by the registered users participating in the closed groups, blogs, etc. are visible to the other participants in these groups. 

• The general public for recordings and/or live streaming of events on the EPALE platform. 

In addition, data may be disclosed to public authorities, and processed by these authorities in compliance with the applicable data protection rules according to the purpose of the processing, including inter alia: 

• The European Court of Justice or a national judge as well as the lawyers and the agents of the parties in case of a legal procedure; 

• The competent Appointing Authority in case of a request or a complaint lodged under Articles 90 of the Staff Regulations; 

• OLAF in case of an investigation conducted in application of Regulation (EC) No 1073/1999; 

• The Internal Audit Service of the Commission within the scope of the tasks entrusted by Article 118 of the Financial Regulation and by Article 49 of the Regulation (EC) No 1653/2004; 

• IDOC in line with Commission Decision C(2019)4231 of 12 June 2019 laying down general implementing provisions on the conduct of administrative inquiries and disciplinary proceedings and Commission Decision (EU) 2019/165 of 1 February 2019 laying down internal rules concerning the provision of information to data subjects and the restriction of certain of their data protection rights in the context of administrative inquiries, pre-disciplinary, disciplinary and suspension proceedings; 

• The Court of Auditors within the tasks entrusted to it by Article 287 of the Treaty on the Functioning of the European Union and Article 20, paragraph 5 of Regulation (EC) No 58/2003; 

• The European Ombudsman within the scope of the tasks entrusted to it by Article 228 of the Treaty on the Functioning of the European Union;  

• The European Public Prosecutor’s Office within the scope of Article 4 of Council Regulation (EU) 2017/1939 of 12 October 2017 implementing enhanced cooperation on the establishment of the European Public Prosecutor’s Office. 

The personal data of registered users is shared with certain NSSs, which are based outside the EU/EEA in the following third countries: Albania, Bosnia and Herzegovina, Montenegro, North Macedonia, Serbia and Turkey, if the user gave his/her explicit consent upon registration to share his/her data with the local NSS under article 50(1)(a) of the Regulation.. 

Please note that for these countries, the EU has not adopted an adequacy decision pursuant to Article 47 of Regulation (EU) 2018/1725, certifying that your personal data, once transferred, will benefit from an adequate level of protection in the third country of destination. Therefore, the level of protection of your personal data transferred will depend on the law or practice of that third country and, as a result, your rights as regards data protection might not be equivalent to those in and EU/EEA country or a country with an adequacy decision.  

The NSS is bound by data protection clauses, in particular in relation to lawfulness of processing, and technical and organisational security obligations, under a grant agreement signed with the Agency. The users may request to obtain a copy of these clauses by contacting the controller indicated in section 1. above. 

The complete and updated list of those countries, as well as of all NSSs, is available in the dedicated page (https://ec.europa.eu/epale/en/nss). 

As mentioned above, information made public by the registered users can be seen by other users, some of them could be based outside the EU/EEA. 

5. How long do we keep your personal data?

• Traffic data, data logs and server data will be kept for 3 years from 31 October 2019. 

• Contact details: 1 year after the user's last login, users’ data will be set to inactive. A notification is sent to the user to inform him/her that his/her profile has been set to inactive and that he/she can re-activate his/her account by logging in again. A second and final reminder is sent after one more year informing the user that, 2 years after his/her last log in, his/her profile will be deactivated permanently. All information is then made anonymous.  

• In case users ask for the deactivation of their profile or the profile is automatically deactivated, no data will be visible to other EPALE users. Data will be kept only in an anonymous form that does not allow for personal identification. If users with a deactivated profile want to continue using the platform, they will need to register again. The data remains solely for research and monitoring purposes at the disposal of EACEA, the European Commission, the NSSs and researchers specifically allowed by the data controller. 

• Data relating to the registration process of online events will be kept for 6 months after its closure. Information identifying the data subjects can be kept for a longer period for historical, statistical or scientific purposes with the appropriate safeguards in place. Recordings from online workshops will be kept online for 2 years before being deleted. 

• Personal data of speakers, including recordings from web-streamed plenary sessions, will be kept online for 4 years before being deleted. This will allow the general public and any interested individuals to freely access and/or watch again the relevant content. 

• Blog posts, educational materials posted in the Resource centre and files, images, videos submitted in the communities of practice will be kept for a maximum of 10 years on the EPALE platform.   

• Messages and comments by users, alongside files, images, videos and blog posts submitted in the collaborative spaces and closed groups, will be kept for a maximum of 5 years on the EPALE platform. These also include messages and personal data in the Partnership search tool 

• News and events published on the website will be kept for a maximum of 2 years on the EPALE platform. 

6. What are your rights concerning your personal data and how can you exercise them?  

Under the provisions of the data protection regulation, you have the right to: 

• Request to access the personal data EACEA holds about you; 

• Request a rectification of your personal data where necessary; 

• Request the erasure of your personal data; 

• Request the restriction of the processing of your personal data; 

• Request to receive or to have your data transferred to another organisation in commonly used machine-readable standard format (data portability). 

As the processing of part of your personal data is based on Article 5(1)(a) of the data protection regulation, please note that you have the right to object to processing of your personal data on grounds relating to your particular situation under the provisions of Article 23 of the data protection regulation. 

In addition, as the processing of part of your personal data is based on your consent as per Article 5(1)(d) and Article 50 of the data protection regulation, please note that you can withdraw it at any time, and this will have effect from the moment of your retraction. The processing based on your consent before its withdrawal will remain lawful. 

Please also note that Article 25 of Regulation (EU) 2018/1725 provides that, in matters relating to the operation of EU institutions and bodies, the latter can restrict certain rights of individuals in exceptional circumstances and with the safeguards laid down in that Regulation. Such restrictions are provided for in internal rules adopted by EACEA and published in the Official Journal of the European Union (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021Q0317%2801%29). 

Any such restriction will be limited in time, proportionate and respect the essence of the above-mentioned rights. It will be lifted as soon as the circumstances justifying the restriction are no longer applicable. You will receive a more specific data protection notice when this period has passed. 

As a general rule, you will be informed on the principal reasons for a restriction unless this information would cancel the effect of the restriction as such. 

You have the right to make a complaint to the EDPS concerning the scope of the restriction. 

7. Your right to have recourse in case of conflict on any personal data issue

In case of conflict on any personal data protection issue you can address yourself to the Controller at the above mentioned address and functional mailbox. 

You can also contact the Data Protection Officer of EACEA at the following email address: eacea-data-protection@ec.europa.eu.  

You may lodge a complaint with the European Data Protection Supervisor at any time: http://www.edps.europa.eu. 

8. On which legal basis are we processing your personal data?

The processing is based on the following paragraphs of Article 5(1) of the data protection regulation: 

(a) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body (to be laid down in Union Law): 

• Regulation (EU) 2021/817 of the European Parliament and of the Council of 20 May 2021 establishing Erasmus+: the Union Programme for education and training, youth and sport and repealing Regulation (EU) No 1288/2013 (OJ L 189, 28.5.2021, p. 1–33); 

• Commission Implementing Decision (EU) 2021/173 of 12 February 2021 establishing the European Education and Culture Executive Agency;  

• Commission Decision C(2021)951 and its annexes delegating powers to EACEA for the management of programmes in the MFF 2021-2027; Service contract No. 2019-1985 signed with Tremend Software Consulting Srl and Lai-Momo Cooperativa Sociale;  

• Service Level Agreement for Content Management Services (CMS) signed between EACEA and DIGIT (ref: DIGIT – SLA NO. DIGIT-039-00);  

• Grant Agreements signed under the restricted calls for proposals EPALE National Support Services EACEA N° 02/2016, EACEA 02/2018 and ERASMUS-EDU-2022-EPALE-IBA.

(b) the data subject has given consent to the processing of his or her personal data for the following specific purposes: 

• At the registration stage, data subjects can consent to be contacted by their NSS via email for dissemination of informative and promotional materials on EPALE (for non EU / EEA NSS, this is based on explicit consent article 50(1)(a) of the Regulation). By doing so, they will be contacted for national EPALE activities (e.g. national newsletters, participation in courses, seminars, workshops and conferences).  

• Live streaming and/or recording of online events. 

• Users can provide or update optional personal data to their profile details.