Privacy policy pursuant to EU Regulation 679/2016 – General Data Protection Regulation (“GDPR”)

Dear Mr./Mrs,  

as required by the applicable laws, we wish to inform you about the processing of your personal data and your rights, you as follows: 

1. Data Controller 

The Data controller is European University Foundation, located at Château de Munsbach 31, rue du Parc 5374 Munsbach Luxembourg, registered in the Trade and Companies Register of Luxembourg under no G190 (hereinafter, EUF). 

In order to contact the Data Controller on privacy matters, it is possible to write to:

The updated list of Data Processors and Authorized Processors is available by contacting EUF at the same address.

2. Personal data subject to processing 

In order to carry out the activities related to the conference and to satisfy your request for updates on the events and activities organized or promoted by EUF, we use your identification data including contact details (home address, telephone and e-mail), data related to your job position and employer, photos and videos of the above events you decide to participate in. Health and special requirement data are non mandatory and may be provided by you in case you have any special needs that need to be taken into consideration to allow you to attend the conference. 

3. Purpose, legal basis and nature of processing 

The collection and processing of your personal data is done in order to:  

  • allow you to participate in the conference;  
  • be able to carry out the obligations inherent to the initiatives and activities organized;  
  • involve you in initiatives and activities organized or promoted by EUF;  
  • fulfill any obligations of managerial, administrative and accounting nature related to the Data Controller;  
  • fulfill any legal obligations 
  • fulfill the reporting obligations related to the EDSSI project; 
  • pursue the legitimate interest of the Controller. 

In relation to the fulfillment of obligations provided for by state laws, regulations and EU legislation, or by provisions issued by authorities empowered to do so by law and by supervisory or control bodies, the relevant treatment does not require the consent of the person concerned. 

The provision of the above-mentioned data is functional to the participation in the conference and is a necessary requirement for access to related activities. Failure to provide such data will make it impossible to execute the registration, your request to participate, and to comply with the obligations related to them. 

The Data Controller may process your common personal data in order to  

  • inform you in paper and/or telematic form (newsletter) about the activities organized and/or promoted by the Controller;  
  • communicate them in part to collaborators or entities in partnership. 

The communication of such data is optional, but necessary in order to receive updates on the activities mentioned. You may object to this purpose of processing at any time. The opposition will not have any effect on the pursuit of the main purpose of registration or participation in the conference. 

The data you provide will be treated according to the principles of fairness, lawfulness, relevance, proportionality and transparency for the management of the relationship and to respond to your requests.  

The Controller does not use automated decision-making processes concerning your personal data and does not make profiling. 

4. Recipients  

Your personal data will be processed in paper, computer or telematic form by the Controller’s internal staff and external collaborators authorized to process them. The list is available from the Data Controller, by contacting them at the above address. The data may also be collected and processed by subjects with which the Controller’s collaborates. The data may also be communicated to service providers of the Controller such as, computer service companies, outsourcing companies, cloud services, consultants and professionals, insurance companies, credit recovery companies, fraud control companies, institutions and/or patronages, companies or organizations the Controller has appointed as responsible for the specific treatment and whose list is available at the Data Controller, contacting them at the above address. Your identification data will also be made available to other participants in the same event. 

5. Data transfer 

The Data Controller does not transfer your personal data to third countries outside the European Union, however it reserves the right to use cloud services in accordance with the provisions of Articles 44 et seq. of the GDPR. 

6. Data retention 

Personal data will be stored until the cessation of the Controller’s activities related to the purposes indicated above, and in compliance with their legal obligations. Personal data that does not need to be stored in relation to the purposes indicated, will be deleted or transformed into anonymous form. The information systems used to manage the information collected are configured, already in origin, in order to minimize the use of the same. 

7. Rights of the Data Subject  

As a data subject, you may exercise the rights under Art. 15 et seq. GDPR according to which: 

  • you can obtain confirmation of the existence or not of personal data concerning you, even if not yet recorded, and their communication in intelligible form;  
  • you can obtain information on: a) the origin of the personal data; b) the purposes and methods of processing; c) the logic applied in the event of processing carried out with the aid of electronic instruments; d) the identity of the Data Controller and Data Processors; e) the subjects or categories of persons to whom the data may be communicated or who can learn about them as appointed representative in the State, managers or agents;  
  • you may obtain: a) the updating, rectification or, when interested, integration of data; b) the cancellation, transformation into anonymous form or blocking of data processed unlawfully, including data whose retention is unnecessary for the purposes for which the data were collected or subsequently processed; c) certification to the effect that the operations as per letters a) and b) have been notified, as also related to their contents, to the entities to whom or which the data were communicated or disseminated, unless this requirement proves impossible or involves a manifestly disproportionate effort compared with the right that is to be protected;  
  • you may oppose, in whole or in part, for legitimate reasons, the processing of personal data concerning him, even if pertinent to the purpose of collection.  

Where applicable, you also have the rights under Art. 16-21 GDPR (Right of rectification, right to be forgotten, right to restriction of processing, right to data portability, right to object), as well as the right to complain to the Supervisory Authority.  

Requests should be addressed to the Data Controller at the above-mentioned address. Further information on our privacy practices is available in our general privacy policy at .