Skip to main content

Privacy policy

Page title image

Privacy policy

Information on the processing of personal data of applicants, students and graduates of the FINDATA study programme

in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

This information applies to the processing of personal data of applicants, students and graduates of the FINDATA study programme, implemented as a joint study programme in cooperation with the University of Pardubice (Czech Republic), European University - Cyprus Ltd. (Cyprus), LIBERA UNIVERSITA ´MARIA SS ASSUNTA - LUMSA (Italy) and Vilnius University (Lithuania).

1. Identity and contact details of data controllers and data protection officers (DPO)

The data controllers of the personal data of applicants and students of the FINDATA study programme are the following partner universities, which jointly implement the FINDATA study programme:

1.1 University of Pardubice 

- Studentská 95, 532 10 Pardubice, the Czech Republic, https://www.upce.cz/, e-mail: podatelna@upce.cz.

- DPO contact: dpo@upce.cz

1.2 European University – Cyprus Ltd. 

- 6, Diogenous Str, 2404 Engomi, P.O. Box: 22006, Nicosia - Cyprus, European University Cyprus: #1 university for international and EU students (euc.ac.cy), e-mail: info@euc.ac.cy 

- DPO contact: dpo@euc.ac.cy

1.3 LIBERA UNIVERSITA MARIA Ss. ASSUNTA – LUMSA 

- Via della Traspontina 21, 00193 Rome, Italy, Homepage | Università di Roma LUMSA, e-mail: info@lumsa.it 

- DPO contact: privacy@lumsa.it

1.4 Vilnius University 

- Universiteto g. 3, LT-01513, Vilnius, Lithuania, Vilnius University (vu.lt), e-mail: infor@cr.vu.lt

- DPO contact: dap@vu.lt

These data controllers either act as individual data controllers or cooperate as joint data controllers, within the meaning of Article 26 GDPR, for the processing of personal data of applicants, students and graduates of the FINDATA study programme.

This privacy policy applies to the processing of personal data by joint data controllers. For more information on the processing of personal data of applicants, students and graduates of the FINDATA study programme by the individual data controllers, please visit their websites: 

- Privacy Notice - GDPR - European University Cyprus (euc.ac.cy) 

- Privacy Policy (vu.lt) 

- Privacy policy | Università di Roma LUMSA 

- Opening Statement of the University of Pardubice about the Protection of Personal Data | Univerzita Pardubice (upce.cz).

2. Categories of data subject

The personal data processed by the joint data controllers concern the following categories of data subjects:

- applicants for the FINDATA study programme.

- students of the FINDATA study programme.

- graduates of the FINDATA study programme.

3. Types of personal data and processing purposes

3.1 Applicants

The joint data controllers shall jointly process the following types of personal data of applicants to the FINDATA study programme:

- your personal identification data provided on the application form (name, surname, academic title, address, date of birth, birth number (if assigned), sex, nationality, number of ID document, etc.), motivation letter and letters of recommendation.

- information on completed studies, information on language skills.

- your contact information (an e-mail address, phone number).

The purposes of processing applicants' personal data by the joint data controllers are as follows:

- admission procedures (administration of the admission process, verification of the conditions for admission, issuing of the decision on admission to study, etc.).

- enrolment of admitted applicants.

- communication with the applicants.

3.2 Students

In case that an applicant is admitted to study, the joint data controllers will further process the following personal data of students of the FINDATA study programme:

- personal data provided in the application form.

- data concerning the course and results of studies (i.e. information on enrolled and completed courses, passed exams, information on completed internships, the topic of the final thesis, results of the final exam, information on the joint diploma etc.).

- data concerning tuition fees, scholarships and history of payments.

The purposes for which the joint data controllers process the personal data of the students are as follows:

- the implementation and managements of the FINDATA study programme (realization of the study programme, keeping study records, the final examinations, and the graduation of the students, awarding of a joint diploma).

- communication with the students.

- selection of scholarship holders, administration and payment of scholarships.

- administration of tuition fees.

- FINDATA project management and administration.

- transfer of personal data of scholarship holders to the grant provider (European Commission, EACEA) for control purposes.

3.3 Graduates

In case of FINDATA graduates, the following personal data will be processed by the joint data controllers:

- information on completed studies.

- history of payments.

The purpose of the processing is:

- archiving of alumni study records.

- FINDATA project management and administration.

Each partner university may individually process also other personal data of applicants, students, and graduates of the FINDATA study programme, for other purposes, such as:

- fulfilment of legal obligations towards public authorities related to the obligation to declare that a foreigner has been admitted to study, the obligation to register admitted students in national registers, etc.

- the provision of library services, canteen, and accommodation services, etc.

- ensuring security on the university campus, security of information systems.

- communication with students, communication with alumni.

For more information about the types of personal data and the purposes of the processing of personal data of FINDATA applicants, students, and graduates by individual data controllers, please visit their websites above.

4. Legal basis

The joint data controllers process your personal data in compliance with the provisions of the GDPR and national legislation of each joint data controller, on the basis of the following legal ground:

4.1 Legal compliance

- the joint data controllers, as universities, provide higher education on the basis of national legislation.

- the joint data controllers fulfil their legal obligation toward public authorities under the national legislations.

4.2 Legitimate interests:

- based on legitimate interests, the joint data controllers process the personal when exchanging information on meeting the conditions for admission, the progress, and results of studies, as well as when exchanging information on the award of scholarships and the collection of tuition fees.

- on the basis of this legal ground the joint data controllers also transmit the personal data to the grant provider (European Commission, EACEA) for the control purposes.

Individual data controllers also process students' personal data based on other legal grounds. For more information, please visit websites of each of the data controllers above.

5. Categories of recipients of personal data

Personal data may be disclosed to the following subjects:

- public authorities under the national legislation.

- banks carrying out payments of scholarships and tuition fees.

- grant provider when carrying out controls on the use of the grant.

6. Your rights

Applicants, students, and graduates of the FINDATA study programme as a data subjects have the following rights:

6.1 Right to access personal data – you are entitled to ask any of the joint data controllers (the university) to provide you with information about your personal data processed and the purposes of the processing.

6.2 Right to rectification– you have the right to have any inaccurate or incomplete personal data corrected.

6.3 Right to erasure (the right to be forgotten) – concerns the data controllers's obligation to delete the personal data processed; however, this right does not always apply, as there are cases where the data controllers have to process the personal data for the proper performance of its tasks (fulfilment of a legal obligation).

6.4 Right to restriction of processing – applicable in case you do not want the data controller to process personal data other than for inevitable legal reasons.

6.5 Right to data portability – you may require that the data controller transfer your data to the other designated data controller, unless there is a legal impediment.

6.6 Right to object to an automated individual decision making – you may object if you think that the data controller processes your data unlawfully; the objection may also be made directly to an automated decision making and profiling.

6.7 Right to file a complaint with the Office for Personal Data Protection – whatever your request, initiative or complaint, you may contact the national Personal Data Protection Office of each data controller.

7. How to execute your rights

If you wish to exercise any of your rights as a data subject, you may contact any of the joint data controllers. We will inform you of the outcome of your request within 30 days from the date of receiving it. Due to the complexity and the number of requests processed, we reserve the right to extend this deadline by a further 60 days.

You may exercise your rights through the Data Protection Officer (DPO) of each of the joint data controllers. The contact details are set out in Art. 1 above.

If the data controller concerned is not competent to deal with your request, it will inform you without undue delay and advise you which of the joint data controllers you should contact.

The exercise of your rights is free of charge. We may require a fee for processing a request only if the request is manifestly unfounded or unreasonable due to repetition of the same request.

For more detailed rules on how to exercise your rights, please visit the websites of the individual data controllers.