European Solidarity Corps General Online Training Data Protection Notice
The European Education and Culture Executive Agency ("EACEA") is committed to preserving your privacy. All personal data are dealt with in accordance with Regulation (EU) No 2018/1725 on the protection of personal data by the Union institutions, bodies, offices and agencies* ("the data protection regulation").
The following Data Protection Notice outlines the policies by which EACEA collects, manages and uses the personal data of the concerned individuals within the General Online Training ("GOT") data processing operation.
The processing of personal data occurring on the European Youth Portal is managed by the Directorate-General for Education, Youth, Sport and Culture of the European Commission ("DG EAC"). See Privacy Statement of the European Youth Portal.
The users of GOT are informed about the option to be redirected to EU Academy if they want to access the GOT courses, via the GOT Data Protection Notice available on their European Youth Portal dashboard. Once on EU Academy, the users need to give their consent to JRC, which is managing the EU Academy platform. Once the consent to EU Academy is given, the users of GOT will have the GOT courses available on their EU Academy dashboard, including the Youth Talks series. All personal data processing via EU Academy is made in accordance with the EU Academy Privacy Statement.
1. Who is responsible for processing your personal data (data controller)?
The European Commission represented by the Directorate-General for Education, Youth, Sport and Culture (DG EAC.B3 - Youth, Volunteer Solidarity and Traineeships Office) on the one hand, and the European Education and Culture Executive Agency (EACEA.A5 - Youth, EU Solidarity Corps and Aid Volunteers) on the other hand, are joint controllers.
The person designated as being in charge of the processing operation in EACEA is the Head of Unit A5, Youth, EU Solidarity Corps and Aid Volunteers
2. Which personal data is processed?
1. European Solidarity Corps registered users’ data indicated below are transferred from the European Youth Portal to EU Academy:
- Email (mandatory)
- EU Login username (mandatory)
- First name (mandatory)
- Last name (mandatory)
- Contact language (mandatory)
- Country of residence (mandatory)
- City (optional)
2. If the user agrees to respond to the online feedback survey on EU Academy after the course completion, the GOT data controller and data processor (external service provider contracted by EACEA) may have access to these data to realise anonymised customised reports.
3. The following data available on EU Academy may be processed by the GOT data controller and data processor (external service provider contracted by EACEA): courses access and course completion data, course enrolment, course progress data. These data will be used in an aggregated and anonymised manner, for monitoring progresses and statistical purposes.
3. For which purpose do we process your data?
Date processing is necessary for the following purposes:
All personal data processing via EU Academy is made in accordance with the EU Academy Privacy Statement.
A. To ensure access for European Solidarity Corps registered users to the set of courses of the European Solidarity Corps General Online Training hosted on EU Academy and to enable reporting for the European Solidarity Corps services of DG EAC and EACEA, as well as to be able to present an aggregated analysis of course usage, by key characteristics of users, in a monthly statistical report.
B. To be able to present an aggregate analysis of the survey responses, including by key characteristics of respondents, in a monthly statistical report. The data is anonymised for this purpose.
C. To monitor users’ progresses and for statistical purposes in dedicated reports. The data is anonymised for this purpose.
4. Where is the data collected from?
From the European Youth Portal, EU Academy and from you directly for the purposes A, B and C described under 3 above.
5. Who has access to your personal data and to whom is it disclosed?
Access to personal data may be given on a need-to know basis to the following recipients:
- Designated staff of the European Commission, DG EAC
- Designated staff of the European Commission, JRC, EU Academy team
- Designated staff of EACEA
- Authorised staff of the contractor of the Framework services contract n° SI2.1334: consortium between ICF S.A., ICF Next S.A. UP learning B. V., MDF Training & Consultancy B.V, in particular System Administrators and technical engineers of UP learning, ICF project staff, MDF project staff, and the contractors who will replace them at the end of the contract.
The transfer of data to other third parties is prohibited. Personal data collected will never be used for marketing purposes.
In addition, in case of control or dispute, personal data can be shared with and processed by the bodies charged with a monitoring or inspection task in application of Union law in compliance with the applicable data protection rules and within the scope of their tasks entrusted by the relevant legislation. This includes, in particular, the following recipients:
- The European Court of Justice or a national judge as well as the lawyers and the agents of the parties in case of a legal procedure;
- The European Anti-Fraud Office ("OLAF");
- The Internal Audit Service of the Commission
- The Investigation and Disciplinary Office of the Commission ("IDOC")
- The European Court of Auditors
- The European Ombudsman
- The European Public Prosecutor’s Office
- EU courts and national authorities
- In case of control or dispute the bodies charged with a monitoring or inspection task in application of Union law (e.g. Internal Audit Service, European Commission, OLAF, EU Courts, etc.).
Personal data processed by the contractor ICF S.A. will be processed in the European Economic Area (EEA) and in the United Kingdom. Based on the decision on the adequate protection of personal data by the United Kingdom, adopted on 28 June 2021, personal data can flow from the EU to the UK without any further safeguard being necessary.
6. How long do we keep your personal data?
For the purposes set out in A, B and C, the period of storage, including access logs, is in line with the retention period of the European Youth Portal: personal data contained within user accounts of the European Solidarity Corps will be deleted three years after they reach the upper age limit of eligibility for participation in the Corps, unless the user has agreed to join any alumni scheme that may be in place at that time, has expressed via email an interest in keeping the user account or has benefited from EU funding through participating in the programme in which case the data is kept for 5 years from the last financial transaction according to the common retention list.
Online consultation processes contributions will be anonymised (i.e. the link between the user and the contributions / votes they made will be removed) within two years after the end of each complete consultation and reporting / feedback process.
The retention policy of EU Academy may also have an impact on the GOT retention policy.
7. What are your rights concerning your personal data and how can you exercise them?
Under the provisions of the data protection regulation, you have the right to:
- Request to access the personal data EACEA holds about you;
- Request a rectification of your personal data where necessary;
- Request the erasure of your personal data;
- Request the restriction of the processing of your personal data;
- Request to receive or to have your data transferred to another organisation in commonly used machine readable standard format (data portability).
As this processing of your personal data is based on public interest of Article 5(1)(a) of the data protection regulation, please note that you have the right to object to processing of your personal data on grounds relating to your particular situation under the provisions of Article 23 of the data protection regulation.
For the processing of your personal data which is based on your consent under Article 5(1)(d) of the data protection regulation, please note that you can withdraw it at any time, and this will have effect from the moment of your retraction. The processing based on your consent before its withdrawal will remain lawful.
Article 25 of Regulation (EU) 2018/1725 provides that, in matters relating to the operation of EU institutions and bodies, the latter can restrict certain rights of individuals in exceptional circumstances and with the safeguards laid down in that Regulation. Such restrictions are provided for in internal rules adopted by EACEA and published in the Official Journal of the European Union.
Any such restriction will be limited in time, proportionate and respect the essence of the above-mentioned rights. It will be lifted as soon as the circumstances justifying the restriction are no longer applicable. You will receive a more specific data protection notice when this period has passed.
As a general rule you will be informed on the principal reasons for a restriction unless this information would cancel the effect of the restriction as such.
You have the right to make a complaint to the EDPS concerning the scope of the restriction.
8. Your right to have recourse in case of conflict on any personal data issue
In case of conflict on any personal data protection issue you can address yourself to the Controller at the above-mentioned address and functional mailbox.
You can also contact the Data Protection Officer of EACEA at the following email address: email@example.com.
You may lodge a complaint with the European Data Protection Supervisor at any time: http://www.edps.europa.eu.
9. On which legal basis are we processing your personal data?
Under Article 5(1) of the Data Protection Regulation, points:
(a) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body (to be laid down in Union Law).
The main legal basis of the processing of personal data is:
REGULATION (EU) 2021/888 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 20 May 2021 establishing the European Solidarity Corps Programme and repealing Regulations (EU) 2018/1475 and (EU) No 375/2014.
(d) the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
- The users of GOT gave additional consent for being invited to the phone interviews. Phone interviews are not collected anymore since 2021.
* Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC Text with EEA relevance, OJ L 295, 21.11.2018, p. 39.