EUNICoast e-Learning system

1. Purpose of this Notice

This Data Protection Notice explains how personal data are processed when users access and use the EUNICoast Virtual Campus and eLearning Platform.

The Virtual Campus and eLearning Platform are digital platforms developed within the EUNICoast European University Alliance to support collaboration, mobility activities, training, academic interaction among partner institutions, and collaborative learning activities.

This notice complements the EUNICoast Website Privacy Policy and applies specifically to the processing of personal data within the Virtual Campus and eLearning Platform environments.

2. Data Controllers

Personal data processed through the Virtual Campus and eLearning Platform are jointly controlled by the member institutions of the EUNICoast Alliance.

Operational coordination of data processing activities is carried out by:

Contact:

• EUNICoast Data Protection Contact: dpo@eunicoast.eu
• Data Protection Officer – West Pomeranian University of Technology: IOD.kurek@zut.edu.pl

3. Categories of Personal Data Processed

3.1. Identification data

• User identifier
• First and last name
• Gender
• Email address
• Home institution
• Institutional status (student/staff)
• ORCID identifier (for academic staff if provided by home institution)

3.2. Academic and professional information

• Role within the alliance
• Participation in courses, workshops, or activities

3.3. Educational activity data

• Course enrolment
• Grades
• Submissions

3.4. Activity data

• Logs
• Participation
• Forum posts

3.5. Technical and system data

• Access logs
• Device and session information
• IP address

Authentication is performed via the eduGAIN federation, enabling secure institutional login through users’ home universities.

4. Purpose of Data Processing

Personal data collected within the Virtual Campus and eLearning Platform are processed exclusively for:

• Authentication and secure access to the platform
• User account management
• Participation in learning activities and collaborative environments
• Communication related to Virtual Campus activities
• Monitoring participation in alliance programmes
• Reporting and evaluation activities required under the Erasmus+ Grant Agreement, Horizon Europe Grant Agreement and other grant agreements

Personal data will not be used for commercial purposes.

5. Legal Basis for Processing

Processing is based on:

• Article 6(1)(b) GDPR — Performance of a contract
• Article 6(1)(e) GDPR — Task carried out in the public interest

Where applicable:

• Article 6(1)(a) GDPR — Consent

Processing by EU institutions or bodies follows Regulation (EU) 2018/1725.

6. Data Sharing

Access to personal data is limited to authorised personnel of EUNICoast partner institutions on a strict need-to-know basis.

Data may be shared with:

• EUNICoast partner universities
• Erasmus+ National Agencies
• The European Commission

No personal data are sold or shared for commercial purposes.

7. Data Retention

EUNICoast retains user personal data only for as long as is necessary to achieve the educational, administrative, and reporting purposes for which it was collected, and in accordance with the principles of data minimisation and storage limitation under Article 5(1)(c) and (e) GDPR.

Standard Retention Period: In accordance with Article 20 of the EUNICoast Grant Agreement and European Union audit and financial regulations and , all records and supporting documentation used only those personal data strictly necessary to verify project implementation and the achievement of results (including enrollment, assessment logs, and participation records) shall be preserved for a period of five (5) years following the final payment of the specific funding cycle under which the activity took place (e.g., Erasmus+ EUI grant, R.I.S.E. project, or subsequent funding instruments).

Multiple Funding Sources: Where an individual participates in activities funded by different projects, retention periods shall be applied per activity or per funding framework, unless records must be maintained jointly for audit and verification purposes under applicable EU rules.

Post-Retention Action: Upon the expiration of this five-year audit window, personal data will be either permanently anonymized for the purposes of institutional research and statistical analysis (in line with the Alliance’s data-driven monitoring model) or securely destroyed, unless a longer retention period is required by specific national or European legislative obligations or for the establishment, exercise, or defense of legal claims.

8. Data Security

Appropriate technical and organisational measures are implemented to ensure the security of personal data processed through the Virtual Campus, including:

• Federated authentication via eduGAIN
• Secure data transmission
• Restricted administrative access
• Audit logging
• Internal data protection procedures adopted by partner institutions

9. International Data Transfers

Personal data processed within the Virtual Campus are primarily stored within the European Economic Area (EEA).

Where transfers to third countries occur, appropriate safeguards are applied in accordance with GDPR and the Schrems II judgment (C-311/18).

10. Data Subject Rights

Users have the right to:

• Access their personal data
• Rectification
• Erasure
• Restriction of processing
• Object to processing
• Data portability
• Lodge a complaint with a supervisory authority

Requests may be sent to: dpo@eunicoast.eu

11. Amendments

This notice may be updated to reflect legal, technical, or organisational changes within the EUNICoast alliance.