Privacy policy

Description of the SOULSS project

The international SOULSS project – “Scaffolding Online University Learning: Support Systems” – is funded with the ERASMUS+ Programme agreement number 2022-1-IT02-KA220-HED-000090206. The project will be executed between December 2022 and November 2025.

The project delivers web applications (such as a learning scenarios portal, a website, and others) mainly for higher education teachers and their students. The project also communicates with such target groups in various ways to achieve its research goals.

Scope of this Privacy Policy

This Privacy Policy sets out the criteria and the conditions under which the SOULSS project collects, processes, stores, and transfers your personal data, how the confidentiality of such information is ensured as well as any law and/or regulation implemented or enacted in accordance with the GDPR (General Data Protection Regulation).

What Personal Data Do We Process and for what Purpose?

The SOULSS project will be processing personal data for several specific purposes, such as, but not limited to:

  1. for communicating with you via emails, newsletters, questionnaires, etc.
    • name;
    • email address;
    • preferred language;
    • role (such as a teacher, student etc.);
    • affiliation (school, institution, etc.).
  2. for creating and maintaining your user profile in our web applications (e.g. learning platform) and for application maintenance and for security reasons
    • the data as above, but also:
      1. nickname, username;
      2. profile picture;
      3. cookies;
      4. IP addresses;
      5. record (log) of actions taken within an application;
      6. learning outcomes and other data you decide to share via our web applications.
  3. for website maintenance and security reasons
    • cookies;
    • navigation within the website;
    • IP addresses;
    • logs of actions.

Providing the information above is necessary and if you choose not to provide certain information, you may not be able to use certain services or participate in certain activities.

Data Controller

The purpose and means of processing your data are determined by seven joint data controllers from different European countries. Each data controller defined their contact point. The joint data controllers and their contact points are the following:

  1. UROMA – UNIVERSITA DEGLI STUDI DI ROMA LA SAPIENZA, Piazzale Aldo Moro 5, 00185 Roma, Italy. Contact to the data protection officer: fernando.martinez@uniroma1.it
  2. KTU – KAUNO TECHNOLOGIJOS UNIVERSITETAS, K Donelaicio 73 44249 Kaunas, Lithuania. Contact to the data protection officer: gytis.cibulskis@ktu.lt
  3. NTUA – NATIONAL TECHNICAL UNIVERSITY OF ATHENS, Heroon Polytechniou 9 Zographou Campus, 15780 Athina, Greece (NTUA). Contact to the data protection officer: tel.+30 210 772 1616, email: giannini@mail.ntua.gr
  4. URJC – UNIVERSIDAD REY JUAN CARLOS, Calle Tulipán s/n. 28933 Móstoles, Madrid, Spain. Contact to the data protection officer: alberto.hernando@urjc.es
  5. IPP – INSTITUTO POLITECNICO DO PORTO, Rua dr Roberto Frias 712, 4200-465 Porto, Portugal. Contact to the data protection officer: tel. +351225571000, email: dpo@ipp.pt
  6. PSNC – INSTYTUT CHEMII BIOORGANICZNEJ POLSKIEJ AKADEMII NAUK, Poznan Supercomputing and Networking Center, ul. Z. Noskowskiego 12-14, 61-704 Poznan, Poland. Contact to the data protection officer: tel. +48 61 8582044, email: dpo@ibch.poznan.pl
  7. BS – BRAINSIGNS SRL, Piazzale Aldo Moro 5, 00185 Roma, Italy. Contact to the data protection contact point: vincenzo.ronca@brainsigns.com

Each Joint Data Controller will collect the Data as specified hereunder:

Personal dataJoint Data Controllers
Name, email addressUROMA, KTU, NTUA, URJC, IPP, PSNC
Preferred language, role, affiliationUROMA, KTU, NTUA, URJC, IPP, PSNC, BS
Username, profile picture, IP addresses (related to the learning platform)UROMA, KTU, NTUA, URJC, IPP, PSNC
Record of user actions, learning outcomesUROMA, KTU, NTUA, URJC, IPP, PSNC, BS
Cookies, IP addresses, record of user actions (related to the website)UROMA, KTU, NTUA, URJC, IPP, PSNC

Legal basis

Your personal data will be processed on the basis of your consent. Additionally, we process your personal data on the basis of legitimate interest consisting of providing to the users technical solution enabling them to use our web applications (based on voluntary decision of each user) as well as administrative and security maintenance of the applications what is not overridden by the interests or fundamental rights and freedoms of the user (data subject).

When and how do we share Personal Data?

Your personal data, when necessary, will be shared with third parties that are following the same practices and have implemented the security and data protection requirements to ensure the adequate protection of your personal data. Your personal data, when necessary, may be also transferred to a third country but only to third parties that implement suitable safeguards such as approved certification mechanisms or standard data protection clauses.

Due to the nature of the applications being used some data (name and email) may be visible to other users of the applications (e.g. your name and your posts in a forum).

Personal Data Retention

Your personal data will be processed at least until the end of the project (currently planned for November 2025), or as long as the web application services are provided (currently planned at least three years since the project ends). After this period your personal data will be anonymized and used only for statistical purposes.


To ensure the security of your personal data, we have in place the following measures:

  1. minimisation and pseudonymization of personal data we collect;
  2. multi-layers of firewalls to avoid the unauthorised external access;
  3. managing, limiting and controlling access to personal data;
  4. backup and redundancy;
  5. regular testing of the effectiveness of the measures implemented;
  6. safety and encrypted communication channels.

Your Rights

You have the right to: 

  1. request access to your data; 
  2. ask us to rectify information; 
  3. withdraw your consent which is not affecting the lawfulness of the processing based on the consent before its withdrawal;
  4. request the deletion of your account and data here.

Those rights can be exercised by contacting any of the contact points listed in section “Data Controller”. Additionally, you have the right to lodge a complaint with a supervisory authority from any of the countries listed in section “Data Controller”.

Privacy Policy updates

This Privacy Policy may be reviewed and updated from time to time – in such case the Privacy Policy will be labeled as “Revised (date)”. The initial version of this notice was created in June 2023.