Skip to main content
European Commission logo
pages
twinspace
etwinning
forum
Erasmus
European School Education Platform

Data protection notice

The European Education and Culture Executive Agency ("EACEA") is committed to preserving your privacy. All personal data are dealt with in accordance with Regulation (EU) No 2018/1725 on the protection of personal data by the Union institutions, bodies, offices, and agencies* ("the data protection regulation").

The following Data Protection Notice outlines the policies by which the EACEA collects, manages and uses the personal data of the concerned individuals within the European School Education Platform.

1. Who is responsible for processing your personal data (data controller)?

The controller is the European Education and Culture Executive Agency, BE-1049 Brussels

The person designated as being in charge of the processing operation is the Head of Unit A6: Platforms, Studies and Analysis

Email: eacea-eplus-esep@ec.europa.eu

2. Which personal data are processed?

The following personal data is/may be collected by the Controller

Mandatory input from users:

  • Names and address, including the email address.
  • For eTwinning users, the school, and the professional role at the school.
  • The National Support Organisations representatives should upload the personal data: contact details and name of the organisation.
  • Personal data concerning recruitment and contracts.
  • If participants are eligible for reimbursement from taking part in an onsite event, and wish to claim costs, travel receipts and information on itineraries must be collected.

Optional input from users:

  • Personal identification concerning physical characteristics or the image, voice, or fingerprints.
  • Information related to users’ private sphere in collaborative spaces on the Platform – in the form comments, thoughts, photos, videos and/or other personal information.
  • In the context of articles to be published on the Platform, participants may voluntarily share experiences, opinions, pictures, and quotes.
  • Data concerning specific dietary preferences or constrains in an onsite event.

3. For which purpose do we process your data?

The purpose of processing personal data of registered users is to operate ESEP and provide related services such as:

  • Allow the operation of the Platform’s services such as:
    • posting comments and listings.
    • accessing features such as favourites or save searches.
    • enriching users’ profiles.
  • Handle helpdesk inquiries, follow-up on posts and messages reported.
  • Allow communication and collaboration in the spirit of mutual trust and respect.
  • Facilitate the follow-up and monitoring activities of the community as well as the performance of ongoing research activities disseminated on the Platform.
  • Develop outreach and communication purposes within the framework of the Platform and its services.
  • Send newsletters related to the Platform and to the eTwinning to inform on updates and relevant information within European Commission’s initiatives.
  • Enable online trainings – both organisation and implementation.
  • Enable and improve the user experience within this (and similar future) project(s) developed by the European Commission via access control, tracking of usage frequency, search behaviours, preferences, and settings.
  • Allow the collection, categorisation, and summary of user contributions in the fora and other discussion tools.
  • Provide aggregated statistics, including, but not limited to, the number of users during a specific period, the preferred subjects and/or countries chosen by users and account usage, to evaluate the access patterns and user preferences / requirements.
  • Provide users with certificates of completion of online trainings.
  • Produce and disseminate videos and podcasts featuring interviews with experts and best practices of schools and teachers.
  • Conduct various surveys regarding the Platform services and open calls for participation in focus groups of researching in various pedagogical fields.
  • Allow the publication of articles on the Platform.
  • Evaluate and support the security and correct operation of the Platform, and the lawfulness of its use.

Furthermore, and limited to eTwinning, the processing of personal data is necessary to:

  • Provide information about registrants’ activities within and outside the eTwinning area to establish and maintain online community’s activities.
  • Allow registrants to find partners and set up projects.
  • Provide information about the eTwinning projects.ç
  • Allow eTwinning registrants to communicate and collaborate in the spirit of mutual trust and respect.
  • Allow and facilitate monitoring and research activities.
  • Produce and disseminate videos featuring best practices of schools, teachers, users of eTwinning, winners of the eTwinning European Prizes.
  • Provide users with certificates of completion of online courses, in digital and print, and / or trophies in relation to the eTwinning European Prizes, eTwinning School Labels, National and European Quality Labels.
  • Conduct surveys regarding the services of the Platform and for participants in the focus groups withing the various pedagogical issues.
  • Participate in webinars, online events, and onsite events.

limited to participation in the courses taking place on the EU Academy, the processing of data – which will take place at the EU Academy – is necessary to:

  • Enrol the user to the training selected, and
  • allow the access the course in the EU Academy environment while keeping the credentials.

The names, emails, and course selection of ESEP users following training courses will be shared with and processed by the European Commission’s EU Academy for the purposes of providing such trainings, following the EU Academy privacy policies (see record No. DPR-EC-05546.1). Data on the progress of learners and the outcome of the training course will be shared with the European School Education Platform for the purposes as set out above (including gathering and sharing training credentials).

4. Who has access to your personal data and to whom is it disclosed?

For the purposes detailed above, access to the full set of data is strictly limited to:

  • EACEA designated staff.
  • European Commission designated staff, in particular DG EAC and DG DIGIT and, for personal data of users following training courses on the EU Academy platform, and JRC designated staff.
  • Authorised staff of the organisation contracted and working on behalf of EACEA to implement ESEP, i.e. Central Support Service (European Schoolnet) and digital service provider (Tremend Software Consulting SRL).
  • Sub-processors of European Schoolnet such as Hofi studio SRO; UBIQUS BADGES Connections-Eurotrain NV and Eagle Travel.
  • Recipients identified in data protection record No. DPR-EC-01488 concerning the processing made via EUSurvey.
  • General Public: Some data submitted by users will be displayed on the public area of the Platform and on social media, meaning that such information is freely accessible on the Internet. In this case, users have the possibility to delete their data.

In case of control or dispute the bodies charged with a monitoring or inspection task in application of Union law (e.g., Internal Audit Service, European Commission, OLAF, EU Courts etc.).

Concerning eTwinning, there are transfers of personal data into third countries, as some National Support Organisations are based outside the European Union (EU) or the European Economic Area (EEA) in the following countries: Albania, Algeria, Armenia, Azerbaijan, Bosnia and Herzegovina, Georgia, Jordan, Lebanon, Moldova, Montenegro, North Macedonia, Serbia, Tunisia, and Türkiye.
The transfers to these countries are necessary for important reasons of public interest and are based on Article 50(1)(d) of Regulation (EU) 2018/1725 as recognised in the following Union law:

  • Article 14 of the Charter of Fundamental Rights of the European Union
  • Article 26 of the Universal Declaration of Human Rights
  • Article 11 of the Treaty of the European Union
  • Article 15 of the Treaty on the Functioning of the European Union

The Erasmus+ Programme funding this process encourages the participation of young people in Europe’s democratic life, including by supporting activities that contribute to citizenship education and participation projects for young people to engage and learn to participate in civic society, thereby raising awareness of European common values (see Recital n° 28 of the Erasmus Regulation (Regulation (EU) 2021/817)).

The National Support Organisations are equally bound by data protection clauses, particularly in relation to lawfulness of processing and technical and organisational security obligations, under a grant agreement signed with EACEA.

The transfer occurring concerns the validation of the users by their respective National Support Organisations and in the case the user applies for prizes and quality labels. Therefore, the transfer is limited to this verification process. National Support Organisations only receive personal data of users of their own base-country. The users may request a copy of these clauses by contacting the controller. The data processor is bound by data protection clauses under a service contract signed with EACEA.

Other data submitted by users on the eTwinning component of the Platform (e.g., messages in fora, online discussions and threads, files and pictures) are only visible amongst registered users within the area of the Portal where they have been uploaded (e.g., eTwinning Groups, TwinSpace). Some of these users may be based in third countries.

In very few cases, limited personal data from MS Teams may be transferred to the United States, as foreseen in section 6 of data protection record No. DPR-EC-04966. Such transfers are subject to appropriate safeguards, namely the adequacy decision with the United States since its entry into force in 2023.

5. How long do we keep your personal data?

A. For the general users registered on ESEP the data related to the profile is kept for three years after the user’s last login. After these three years, the user profile will automatically be set to anonymous, i.e. the personal data will be erased.

Two weeks prior to the deadline of these three years of no login, a notification is sent to the user to inform her/him that her/his profile is about to be set as anonymous and that he/she can avoid this by logging in again within two weeks. If the user does not login within two weeks, his/her profile will be deleted permanently. In case of no login, all personal information is then made anonymous.

Any personal data the user may have inserted through third parties’ tools (e.g. during an online course when using an external online tool, such as Facebook or X) may be stored and processed by that third party. Such processing does not fall within the scope of this Record and is therefore not affected by the anonymisation.

If users ask for the anonymisation of their account, or the account is automatically anonymised, no data will be visible to other ESEP users. If users with an anonymised account want to continue using the Platform, they will need to register again. The anonymised data (non-personal data) remains solely for research and monitoring purposes at the disposal of EACEA, the European Commission, national or regional school authorities, authorities in charge of implementing the ESEP and other third parties (see Point 6) under the authorisation of the data controller and in an aggregated format.

B. Regarding the data related to the profiles of eTwinning users, the personal data is kept for a maximum of three years after the user's last login. After one year from the last login, the user profile will automatically be set to inactive, i.e., no longer visible to other users nor the outside
world. The user can re-activate her/his account by logging in again. A reminder is sent after two additional years informing the user that, three years after her/his last login, his/her profile will be anonymised.

If users request for the anonymisation of their account, or the account is automatically anonymised, the personal data will be erased.

Data will be kept only in an anonymous format that does not allow any personal identification. If users with a deleted profile want to continue using the Platform, they will need to register again. The data remain solely for research and monitoring purposes at the disposal of EACEA, the European Commission, national or regional school authorities, authorities in charge of implementing eTwinning (Central Support Service and National Support Organisations) and other third parties (see Point 6) under the authorisation of the Data Controller in an aggregated format.

C. Regarding certain data processing activities carried out in relation to the Platform and/or eTwinning area, specific data retention periods apply. Concretely:

  • Personal data collected through the EUSurvey tool for registration to focus groups are kept for 2 years after the end the current service contract, including the periods of extension.
  • Personal data collected in the context of newsletters’ subscription, is kept during the period that users keep this option active, i.e., up to the withdrawal of consent to receive newsletters. In any case, data will not be kept longer than 2 years after the end the current service contract, including the periods of extension.
  • Personal data collected for the purposes of producing videos, podcasts and photos of interviewees are only used in information / publicity materials produced for a maximum of 2 years after the end the current service contract, including the periods of extension.
  • Personal data related to the organisation and management of the events or webinars (this includes the information given during the registration, prior, during or after the event or webinar) as well as live-streaming and audio-visual recordings of events or webinars, is kept for 3 years after the event or webinar concerned for the purpose of sharing further information with the participants on future related events or webinars. Personal data regarding dietary requirements of the participants in onsite events are deleted promptly at the conclusion of the event concerned.
  • Personal data collected on the Commission’s MS Teams, the Identification data is stored for as long as the member’s account is active. Service generated data (log files) are kept for up to 6 months. The retention period for content data in Office 365 and any personal data included therein is up to 180 days upon expiration / termination of the subscription. Diagnostic data is kept for up to 5 years upon expiration / termination of the subscription.
  • Personal data of the PDAB members is retained for 10 years upon expiration / termination of the subscription to fulfil the contractual obligations.
  • Personal data entrusted to Ubiqus Badges as part of the management of their service will be stored for a maximum period of 10 years upon expiration / termination of the badges.
  • Personal data concerning missions and journeys will be kept for 10 years after such mission / journey in order to comply with the audit / accounting obligations of the responsible data processors.

6. What are your rights concerning your personal data and how can you exercise them?

Under the provisions of the data protection regulation, you have the right to:

  • Request to access the personal data EACEA holds about you;
  • Request a rectification of your personal data where necessary;
  • Request the erasure of your personal data;
  • Request the restriction of the processing of your personal data;
  • Request to receive or to have your data transferred to another organization in commonly used machine readable standard format (data portability).

As this processing of your personal data is based on point of Article 5(1)(a) of the data protection regulation, please note that you have the right to object to processing of your personal data on grounds relating to your particular situation under the provisions of Article 23 of the data protection regulation.

In addition, as this processing of your personal data is based on your consent [Article 5(1)(d) or Article 10(2)(a) of the data protection regulation], please note that you can withdraw it at any time, and this will have effect from the moment of your retraction. The processing based on your consent before its withdrawal will remain lawful.

Article 25 of Regulation (EU) 2018/1725 provides that, in matters relating to the operation of EU institutions and bodies, the latter can restrict certain rights of individuals in exceptional circumstances and with the safeguards laid down in that Regulation. Such restrictions are provided for in internal rules adopted by EACEA and published in the Official Journal of the European Union (https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32021Q0317%2801%29).

Any such restriction will be limited in time, proportionate and respect the essence of the above-mentioned rights. It will be lifted as soon as the circumstances justifying the restriction are no longer applicable. You will receive a more specific data protection notice when this period has passed.

As a general rule you will be informed on the principal reasons for a restriction unless this information would cancel the effect of the restriction as such.

You have the right to make a complaint to the EDPS concerning the scope of the restriction.

7. Your right to have recourse in case of conflict on any personal data issue

In case of conflict on any personal data protection issue you can address yourself to the Controller at the above mentioned address and functional mailbox.

You can also contact the Data Protection Officer of EACEA at the following email address: eacea-data-protection@ec.europa.eu.

You may lodge a complaint with the European Data Protection Supervisor at any time: http://www.edps.europa.eu.

8. On which legal basis are we processing your personal data?

Under the Article 5(1)(a) of the Data protection Regulation, the processing of data is necessary to:

(a) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Union institution or body (to be laid down in Union Law);

*Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC Text with EEA relevance, OJ L 295, 21.11.2018, p. 39.