PRIVACY POLICY
This privacy notice for the augMENTOR project (“we,” “us,” or “our“), describes how and why we might collect, store, use, and/or share (“process“) your information when you use our pilot services for research purposes (“Services“), such as when:
You have provided written consent to participate as a pilot end-user in the augMENTOR project and attend a pilot course organized by one of the four pilot organisations (partners) of the augMENTOR consortium. By consenting to participate, you are also expressly consenting to the processing of your personal data as part of the project.
More analytically:
Pilot #1 (IASIS): Emerging technologies in Adult Education and Life-long Learning settings involving adult educators who work with vulnerable populations.
Pilot #2 (UPATRAS): Innovative Training Programs for Pre-service Teachers involving pre-service teachers.
Pilot #3 (EASD): STEAM-based Programs for Environmental Education in a Network of Eco-schools involving teachers and students from primary and secondary education.
Pilot #4 (KTU/ACP): Leapfrogging Industry 4.0 technologies for Civic Society watchdogs and EU Civilian Missions involving non-technical experts in civilian Common Security and Defense Policy missions.
Questions or concerns?
Reading this privacy policy will help you understand your privacy rights and choices. If you do not agree with our policies and practices, please do not use our Services. If you still have any questions or concerns, please contact us at garofalakisG@unisystems.eu.
What information do we collect?
We will collect, store and use the following categories of data as listed below:
The following data will be collected from the augMENTOR users by the four partners who will be performing pilot activities (IASIS, UPATRAS, EASD and ACP/KTU) after having acquired the users’ informed consent through informed consent forms:
Personal data:
- name
- surname
- email address
Other categories of data:
- gender
- audio/video recording (only for IASIS, UPATRAS, and EASD)
- age (only for EASD)
- academicID (only for UPATRAS)
- userID
- log files
All data requested are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed, in accordance with the data minimization principle, Article 5 (1)(c) of the GDPR[1].
augMENTOR will collect, process and store data about each user (tutors, learners, policymakers) from the Learning Management Systems (LMSs) in use, through Application Programming Interfaces services (APIs), as well as manual methodologies (consent forms and questionnaires).
During the pilot phase, data collected will be relative to the learner’s performance and characteristics including heterogeneous data types: ordinal, nominal, and text. IASIS, UPATRAS, and EASD will use Moodle, while KTU will use the TryHackMe platform. Data will include different information per pilot and details are provided in the project’s Record of Processing Activities (RoPA) in compliance with Article 30 of the GDPR[2].
How do we process your information and what is the purpose of processing?
create an account in the Moodle/TryHackMe platform
The pilot partners in charge will pseudonymize your personal data collected through consent forms. In particular, each participant will be assigned a userID which will be used to create an account in Moodle (for the case of IASIS, UPATRAS and EASD) and TryHackMe (for the case of ACP/KTU).
log in to the augMENTOR solution
The users of the augMENTOR solution, meaning the tutors, the learners and the policymakers, log in to the augMENTOR solution and their registration will be done with a single sign-on from a service provider (Moodle or TryHackme). This way the project does not have access to any personal data. Personal data about them will not be pulled from the LMSs.
provide user-specific functionalities and personalised learning recommendations.
UPATRAS and KTU will share pseudonymized data coming directly from the LMSs with augMENTOR. Data processing will utilize advanced technologies such as machine learning and natural language processing to improve the quality of education. Data is analyzed to provide user-specific functionalities and personalised learning recommendations. Tutors can create personalized learning paths and redesign courses, while learners receive tailored insights into their progress. Policymakers get data-driven recommendations to support educational decision-making. augMENTOR ensures a comprehensive monitoring system using analytics and visual interfaces, while a semantically rich Knowledge Graph overcomes knowledge representation limits. This approach facilitates the meaningful integration of AI in education, benefiting tutors, learners, and policymakers.
academic and research publications
We will regularly back up all the different types of data we collect, including research datasets and qualitative information. Pseudonymized data generated in Moodle/TryHackMe during the course will be used for research purposes and publishing results for academic and research purposes (academic and research publications).
We will use your personal data for the purposes for which we collected it unless we reasonably believe that we need to use it for another purpose that is compatible with the original purpose. It is important to note that such processing should not and will not occur without adhering to the provisions of Article 6(4) of the GDPR. Specifically, the data controller must assess all relevant parameters to determine whether the new purpose is indeed compatible with the original one. If we need to use your personal information for purposes not compatible with the above, we will notify you and explain the legal basis that allows us to do so. Please note that we may process your personal information without your prior notice or consent, in accordance with the above rules, where required or permitted by applicable law.
Do we process any sensitive personal information?
It should be clearly stated that no sensitive personal information is being collected or processed for the augMENTOR project.
What legal bases do we rely on to process your personal information?
Following article 6, paragraph 1 (a) of the GDPR[3], augMENTOR has a lawful basis for processing as:
- data subjects will only be involved if they have given consent to the processing of their data for the specific purposes set by augMENTOR.
- processing is necessary for the purposes of the legitimate interests pursued.
- by the augMENTOR consortium, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
The purposes of augMENTOR can only be achieved by processing the data received. Without this data, the augMENTOR consortium is not able to achieve proper training on the machine learning model or offer meaningful recommendations tailored to the needs of each learner on an individual basis.
The AI system is GDPR compliant (an Assessment List for Trustworthy AI/ALTAI[4] and a Fundamental Rights Impact Assessment/FRIA[5] have been conducted by our consortium members according to the new EU AI Act. Participants will be given written notice about their rights and how to exercise them (particularly the right to edit personal information, the right to be forgotten, the right to be deleted and opt-out) upon signing in the system.
The augMENTOR project has a very detailed and specific description of the action that presents the specific goals and objectives of the action as well as the steps that need to be taken to achieve them. The description of action has been agreed upon by all partners bound by the Grant Agreement of the project (No 101061509) and the Consortium Agreement that accompanies it. These documents ensure the prevention of function creep.
Finally, the augMENTOR consortium has set in place a team of internal and external experts on ethics and legal issues to ensure that all project activities are done in compliance with ethical principles and with GDPR. An Ethics manager has also been appointed to the project, who is also in charge of ensuring that all partners (including data processors and data controllers) comply with regulations and the set processes.
When and with whom do we share your personal information?
There will be no sharing of personal information. All personal data will be pseudonymised by the pilot partners. Pseudonymised data will only be shared within the consortium. Unisystems GR, Novelcore, and MissionX will have access to the pseudonymised data for fitting the machine-learning models. University of Patras, University of Duisburg-Essen, University of Cote d’Azur, IASIS, Konnektable, and Center for Social Innovation shall have access to pseudonymized data only for research purposes.
Do we receive any information from third parties?
Third parties are considered the Learning Management Systems (LMSs) the pilot end-users will use. IASIS, UPATRAS, and EASD will use Moodle, while KTU will use the TryHackMe platform.
It should be noted that in the augMENTOR solution, the users log in to the augMENTOR solution, and their registration will be done with a single sign-on from a service provider (Moodle or TryHackme). This way, the project does not have access to any personal data. Personal data about them will not be pulled from the LMS. Based on the profile of each user (tutor, learner, policy maker), different modes/levels of functionalities will be offered. Each learner will be restricted to having access only to his/her learning path data. Pseudonymised data will only be shared within the consortium.
Is your information transferred internationally?
It should be clearly stated that international transfers do not take place in the framework of the augMENTOR project.
How long do we keep your information?
Data collection will start in September 2024 (M21 of the project) and will continue until June 2025 (M30 of the project). Data collection will vary based on each pilot’s educational course and the classes’ frequency. All personal information will be kept until the end of the project (December 2025), while all pseudonymised data will be kept for five years after the end of the project (December 2030) and will be used for research purposes only.
How do we keep your information safe?
augMENTOR will adhere to data privacy, as regulated by the General Data Protection Regulation (GDPR), implemented in Greece through the Hellenic Data Protection Authority (HDPA[6]) and through the Austrian Data Protection Authority, which is the national supervisory authority for data protection in the Republic of Austria. Also, augMENTOR will follow privacy rules, as guided by the Law on Personal Data Protection (GDPR)- Law on Protection of Personal Data[7] (Official Gazette of the Republic of Serbia, No. 87/2018) and is elaborated under the Strategy on Protection of Personal Data for the period 2023-2030 (Official Gazette of the Republic of Serbia, No. 72/2023).
With servers strategically located across European countries, including the Netherlands, Greece, Serbia, Ireland, and Lithuania, the project prioritizes data resilience and security, while enabling secure data sharing and storage solutions such as Zenodo and OpenAire Argos for open access compliance. All personal information will undergo systematic destruction at the project’s conclusion (December 2025), preserving only anonymized data for future research aligned with EU regulations (December 2030). Your data’s safety and privacy are important to us, so we will regularly back up all the different types of data we collect, including research datasets and qualitative information. We will also make sure that personal information is kept private and secure. For augMENTOR, given the nature of the system, it is not likely to result in a high risk to the rights and freedoms of natural persons. However, augMENTOR does meet some of the criteria mentioned in the guidelines on the necessity of a Data Protection Impact Assessment (DPIA), according to Article 35 of the GDPR 2016/679[8].
The Ethics Manager of the project, Ms Georgia Livieri (UNISYSTEMS, LivieriG@unisystems.gr) will oversee that the procedures run smoothly; in case of any non-compliance, Chara Spyropoulou, hara.spyropoulou@iasismed.eu – IASIS NGO, Professor Vassilis Komis, University of Patras, email: komis@upatras.gr, the Ambasadori Odrzivog Razvoja I Zivotne Sredine Udruzenje, Environmental Ambassadors for Sustainable Development, office@ambassadors-env.com and Nathan Coyle, Austrian Centre for Peace, coyle@ac4p.at in collaboration with the WP6 Leader Theodoridou Katerina, CSI. katerina@csicy.com will decide the timeline and mitigation measures, so as to take all the necessary actions in a timely manner and ensure full compliance with the legal and ethical requirements of the project. In all cases, all non-compliant actions will be immediately suppressed or suspended, and the partners will implement a mitigation action within 5 working days.
On the other hand, the augMENTOR toolkit may be susceptible to security vulnerabilities, such as hacking or malware attacks. Breaches in security could lead to unauthorised access to learner data, compromising the confidentiality and integrity of personal information. For this reason, the augMENTOR consortium has set in place a team of internal and external experts on ethics and legal issues to ensure that all project activities are done in compliance with the ethical principles and with GDPR.
Do we collect information from minors?
Minor students (and those with special needs) from Serbia (EASD Pilot 3#) will be included in the pilots, and their data will be collected by the augMENTOR solution through the LMS used during the course they will engage in (Moodle). All individuals (parents/legal guardians) will have full control over their data and their children’s data. Before participating in the pilot, they will be given an information sheet about the purposes of the pilot along with all the necessary information regarding the use of their data. After reading the information sheet very carefully (which they will keep for future reference) and asking as many questions as needed, both parents/legal guardians and children will be asked to give written consent for their participation (Articles 13 and 14 of the GDPR[9],[10] /right of the individuals to be informed).
What are your privacy rights?
In accordance with applicable legislation and under certain conditions, you have the following rights in relation to the processing of your data by the augMENTOR project:
- Right of access, i.e. to make a request to find out whether we process data and, if so, to receive a copy of the personal data we hold about you.
- Right of rectification, i.e. to request the correction or completion of any incomplete and/or inaccurate information,
- Right to erasure, i.e. to request, under certain conditions, the deletion of your data,
- Right to restriction of processing, i.e. to ensure, under certain conditions, that the organisation in charge restricts the processing of your data,
- Right to object, i.e. to object, under certain conditions, at any time to the processing of your data based on our legitimate interest,
- Right to data portability, i.e. to request the data you have provided to us in a structured, commonly used and machine-readable format if this is deemed technically feasible.
- Right to lodge a complaint with the supervisory authority. If you believe that we are not complying with the legislation on personal data protection, you have the right to lodge a complaint with the competent supervisory authority.
- Right to withdraw consent at any time in cases where the processing of your personal data is based on consent. You can withdraw from the study at any time during the module’s implementation and without giving a reason. A decision to withdraw or opt-out will not affect the standard of quality in teaching and learning you offer.
How do you exercise your rights?
To exercise your privacy rights under the GDPR in the European Union, you can begin by contacting the organisation that holds your data, often referred to as the data controller. In particular, for:
IASIS: The person in charge is: Evita Agapitou, Lawyer, IASIS, email address: evita.agapitou@iasismed.eu.
If you have any questions or complaints, feel free to contact the researcher in charge of the organization and review of this research: Chara Spyropoulou, hara.spyropoulou@iasismed.eu – IASIS NGO and Marianna Anagnostopoulou, marianna.anagnostopoulou@iasismed.eu – IASIS NGO.
UPATRAS: The person in charge is our Data Protection Officer Georgiadou N. (Department of Management Science and Technology), University of Patras, email: dpo@upatras.gr, tel: +30 2610 962855.
If you have any questions or complaints, feel free to contact the researcher in charge, who is Dr Andromachi Filippidi, University of Patras, email: afillippidi@upatras.gr, tel: +30 2610 962437 and the Local coordinator: Professor, Vassilis Komis, University of Patras, email: komis@upatras.gr, tel: +30 2610 969339.
EASD: The person in charge is Prof. Dr. Andelka Mihajlov, Researcher and Advisor (office@ambassadors-env.com).
If you have any questions or complaints, feel free to send an email to Ms. Aleksandra Mladenovic – Environmental Ambassadors for Sustainable Development. Contact Information: office@ambassadors-env.com, ecoschools@feeserbia.com.
ACP/KTU: The person in charge is Nathan Coyle, coyle@ac4p.at; Data Protection Officer (DPO) at the Austrian Centre for Peace.
If you have any questions or complaints, feel free to contact the researcher in charge of the organization and review of this research: Nathan Coyle, Austrian Centre for Peace, coyle@ac4p.at and also Rasa Kasperienė, Kaunas University of Technology rasa.kasperiene@ktu who is administrating the course.
Do we make updates to this notice?
We may update this privacy notice from time to time. The updated version will be indicated by an updated “Revised” date and the updated version will be effective as soon as it is accessible. If we make material changes to this privacy notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this privacy notice frequently to be informed of how we are protecting your information.
How can you contact us about this policy?
The augMENTOR project is coordinated by Mr George Garofalakis, Unisystems Luxembourg, GarofalakisG@unisystems.eu. If you have questions or comments about this notice, you may contact us by sending an email and our team will provide you with more guidance.
How can you review, update or delete the data we collect from you?
To review, update, or delete the data we collect from you, you can exercise your rights under the GDPR and related EU data protection laws by contacting us directly through the designated privacy or data protection channels we have provided (see the relevant question on how you exercise your privacy rights). To review your data, submit an access request, and we will provide detailed information about the personal data we process and store. If you find any inaccuracies or changes in your personal data, you can request an update or rectification to ensure that your information is up-to-date and accurate. To delete your personal data, you can request erasure, also known as the ‘right to be forgotten,’ subject to certain legal conditions. We are committed to responding to such requests promptly, typically within one month, ensuring that you maintain control over your personal information. Our processes are designed to uphold your privacy rights and ensure transparency and accountability in our data handling practices.
[1] European Union. Art. 5 GDPR – Principles relating to processing of personal data | General Data Protection Regulation (GDPR). Intersoft Consulting. 2018. Accessed September 21, 2021. https://gdpr-info.eu/art-5-gdpr/
[2] 1. Records of Processing Activities – General Data Protection Regulation (GDPR). Accessed October 2, 2024. https://gdpr-info.eu/issues/records-of-processing-activities/
[3] 1. Art. 6 GDPR – Lawfulness of processing – General Data Protection Regulation (GDPR). Accessed October 2, 2024. https://gdpr-info.eu/art-6-gdpr/
[4] The Assessment List for Trustworthy Artificial Intelligence, available at https://altai.insight-centre.org/
[5] CHARTER OF FUNDAMENTAL RIGHTS OF THE EUROPEAN UNION, available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:12012P/TXT
[6] https://www.dpa.gr/el/enimerwtiko/nomothesia/proswpikon_dedomenon, this link provides access to the Greek Data Protection Law (Law No. 4624/2019), which is the national law that supplements GDPR and provides additional rules and guidance for the protection of personal data in Greece.
[7] Law on Personal Data Protection in Serbia, available at https://www.dlapiperdataprotection.com/index.html?t=law&c=RS (accessed on 01/10/2024)
[8] Regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), available at https://eur-lex.europa.eu/legal-content/en/txt/pdf/?uri=celex:32016r0679 (accessed on 01/10/2024)
[9] Art. 13 GDPR – Information to be provided where personal data are collected from the data subject – General Data Protection Regulation (GDPR). Accessed October 2, 2024. https://gdpr-info.eu/art-13-gdpr/
[10] Art. 14 GDPR – Information to be provided where personal data have not been obtained from the data subject – General Data Protection Regulation (GDPR). Accessed October 2, 2024. https://gdpr-info.eu/art-14-gdpr/
[Last updated: October 2024]