Privacy Policy for ChallengeEU Website

Last updated: November 2025

1. Introduction

This Privacy Policy explains how we collect and process your personal data when you visit our website (in particular https://challenge-eu.eu) and interact with our online services (together, the “Site”).

We respect your privacy and process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws.

This Privacy Policy applies only to the ChallengeEU public website.

2. Controller and Contact Details

Controller for this website

The controller responsible for the processing of personal data via this Site within the meaning of Art. 4(7) GDPR is:

University of Warmia and Mazury in Olsztyn
ul. Michała Oczapowskiego 2
10-719 Olsztyn, Poland

Phone: +48 89 523 49 13
Email: rektor@uwm.edu.pl

The University of Warmia and Mazury in Olsztyn operates this Site in the framework of the ChallengeEU alliance.

If you have any questions about this Privacy Policy or the processing of your personal data, you can contact us using the details above.

3. Data Protection Officer

Our Data Protection Officer (DPO) is:

Data Protection Officer
University of Warmia and Mazury in Olsztyn
ul. Romana Prawocheńskiego 9, pok. 109
10-719 Olsztyn, Poland

Phone: +48 89 523 36 78
Email: andrzej.gozdz@uwm.edu.pl

You may contact the DPO with any questions or concerns relating to data protection.

4. What Data We Collect When You Use the Site

4.1. Server log files

When you access the Site, our servers automatically record certain information in so-called server log files, including:

  • Date and time of access
  • Pages and files requested
  • Amount of data transferred
  • HTTP status code (e.g. success / error)
  • Browser type and version
  • Operating system
  • Referrer URL (the page you visited before)
  • IP address and requesting provider

We use this information to ensure the technical operation, security and optimisation of the Site (e.g. to prevent misuse, to detect errors, and to generate aggregated usage statistics).

Legal basis: Art. 6(1)(e) GDPR (task carried out in the public interest in the context of higher education and research communication) and Art. 6(1)(f) GDPR (legitimate interests in secure and stable operation of the Site).

Log data are stored only for as long as necessary for these purposes and are then deleted or anonymised in line with our server and security policies.

4.2. Cookies and similar technologies

We use cookies and similar technologies to:

  • enable the basic functioning of the Site (e.g. language settings, forms, navigation, session management)
  • remember your cookie preferences
  • optionally, analyse aggregated use of the Site and improve our content

Details about the specific cookies used, their purposes and storage periods are provided in our Cookie Policy, which is available on the Site and accessible via the cookie banner and footer.

Where cookies are not strictly necessary for the operation of the Site, we only set them on the basis of your consent (Art. 6(1)(a) GDPR), which you can give and withdraw using the cookie banner and settings.

4.3. Contact forms and email enquiries

If you contact us via the contact forms on the Site or by email, we process the personal data you provide, typically:

  • First name and last name
  • Email address
  • Your message and any other information you choose to share

We use this data to:

  • respond to your enquiries
  • connect you with relevant teams in the ChallengeEU alliance (e.g. at a specific partner university)
  • follow up on requests related to studies, staff mobility, events, or partnerships

Legal basis:

  • Art. 6(1)(b) GDPR where communication relates to (pre-)contractual steps (e.g. participation in an event or cooperation);
  • Art. 6(1)(e) GDPR for tasks in the public interest in the field of higher education and research;
  • Art. 6(1)(f) GDPR (legitimate interests) where we respond to general enquiries and manage the alliance’s communication.

We retain contact enquiries only for as long as required to handle your request and comply with applicable record-keeping obligations.

4.4. Newsletter sign-up

You can subscribe to the ChallengeEU newsletter via the form on the Site. For this purpose we process:

  • your email address
  • the date and time of subscription
  • technical information used to confirm your subscription (e.g. IP address/time stamp, depending on the mailing system used)

We use this data to send you news and updates about ChallengeEU activities, events and opportunities.

Where applicable, we use a double opt-in process: after you sign up, you may receive an email asking you to confirm your subscription. This helps us to verify that the email address belongs to you and that you wish to receive our newsletter.

You can unsubscribe from the newsletter at any time by using the link in our emails or by contacting us directly. After you unsubscribe, we will stop sending you the newsletter and keep only minimal information (for example, your email address and the fact that you opted out) for a limited period to demonstrate compliance and avoid re-sending messages unintentionally.

Legal basis: Your consent (Art. 6(1)(a) GDPR).

4.5. Event registration and participation

From time to time, the Site may offer event registration forms (e.g. for workshops, masterclasses, panel discussions or blended intensive programmes).

Depending on the event, we may process:

  • Identification and contact details (name, email, institution, role)
  • Information on your study programme or professional background
  • Preferences and logistics (e.g. dietary needs, accessibility requirements, travel and accommodation preferences)
  • Information necessary to organise participation (e.g. session selection, online participation links)

For some events, registration takes place via external platforms operated by individual partner universities or third-party providers. In such cases, the privacy policy of the external platform or organising institution applies; we clearly indicate this and link to the respective information on the event page.

Legal basis:

  • Art. 6(1)(b) GDPR (performance of a contract or pre-contractual steps with respect to participation in an event);
  • Art. 6(1)(e) GDPR (public-interest tasks in higher education and research) for outreach and mobility activities;
  • Art. 6(1)(a) GDPR (consent) where we process optional information (e.g. dietary preferences) or send you follow-up marketing communications beyond the event.

We retain event-related data only for as long as necessary to manage the specific event, resolve any queries, and comply with applicable reporting or funding obligations.

4.6. Content featuring individuals (photos, videos, quotes)

The Site may include photos, videos or quotes featuring students, staff, partners, or other participants in ChallengeEU activities. These materials are used to communicate about the alliance and its impact.

Where required by law, we obtain consent from the featured individuals before publishing identifiable content. In other cases, we rely on our legitimate interests in documenting and communicating our publicly funded activities (Art. 6(1)(e) and (f) GDPR), while respecting your rights and interests.

If you appear in content on the Site and wish to object, please contact us (see Sections 2 and 3). We will review your request and, where appropriate, remove or restrict the content.

4.7. Embedded content and external links

Our Site may include:

  • embedded content from other websites (e.g. social media posts, videos, maps);
  • links to websites of the nine ChallengeEU partner universities and our associate partners;
  • links to external tools such as video-conferencing platforms, virtual career fairs, or event registration systems.

When you interact with such embedded content or follow links, those external providers may collect data about you and process it for their own purposes. Their respective privacy policies apply in those cases.

We encourage you to read the privacy policies of those third-party providers before using their services.

4.8. Social media

The Site contains links to our official social media profiles (e.g. on LinkedIn, Facebook, Instagram). When you click these links and visit our profiles, the respective platform provider processes your data under its own responsibility, in accordance with its own privacy policy.

Depending on the platform, we may receive aggregated statistics about visits and engagement (e.g. follower counts, reach). We use these insights to understand our audience and improve our communication.

5. Purposes and Legal Bases (Overview)

We process personal data via this Site for the following main purposes and on the following legal bases:

Purpose Examples of data Legal basis
Operating and securing the Site Log files, security logs, technical cookies Art. 6(1)(e) GDPR (public tasks in higher education and research); Art. 6(1)(f) GDPR (legitimate interests in secure operation)
Managing contact enquiries Name, email, message content Art. 6(1)(b), Art. 6(1)(e), or Art. 6(1)(f) GDPR, depending on context
Sending newsletters and updates Email, subscription details Art. 6(1)(a) GDPR (consent)
Organising events and programmes Registration data, participation records Art. 6(1)(b) and 6(1)(e) GDPR; Art. 6(1)(a) GDPR for optional data
Analytics and improvement (where used) Pseudonymous usage data, aggregate statistics Art. 6(1)(a) GDPR (consent via cookie banner) or Art. 6(1)(f) GDPR (legitimate interests), depending on tool and configuration
Public communication about the alliance Photos, quotes, stories Art. 6(1)(e) and/or 6(1)(f) GDPR; Art. 6(1)(a) GDPR where consent is obtained

6. Recipients and Data Sharing

Within ChallengeEU, only those units that need access to your data for the purposes described in this Policy will receive it (e.g. web administration, international office, communications team, relevant academic or project staff).

In addition, we may share personal data with:

  • ChallengeEU partner universities when this is necessary to handle your enquiry or event participation (e.g. forwarding your question to a local ChallengeEU team at a partner institution);
  • Service providers (processors) who support us with hosting, website maintenance, mailing, or event management tools. These providers process data on our behalf and under written data processing agreements in accordance with Art. 28 GDPR;
  • Public bodies or funding authorities (e.g. in the context of EU project reporting) where we are legally required to do so.

We do not sell your personal data.

7. International Data Transfers

Our servers for this Site are located in the EU. However, some of our service providers or external tools (for example, video-conferencing platforms or mailing services) may be located outside the European Economic Area (EEA) or may process data there.

In such cases, we ensure that an appropriate level of data protection is in place, for example by:

  • relying on an adequacy decision of the European Commission, or
  • concluding standard contractual clauses (SCCs) approved by the European Commission, combined with additional safeguards where necessary.

You can obtain more information about these safeguards by contacting us (see Sections 2 and 3).

8. Storage Periods

Unless specific storage periods are mentioned elsewhere in this Policy, we store personal data only for as long as necessary to fulfil the purposes described above, including:

  • meeting legal retention obligations (e.g. public funding regulations, tax or audit rules);
  • resolving disputes and enforcing our rights;
  • documenting compliance (for example, evidence of consent or opt-out from newsletters).

After the relevant period expires, personal data are deleted or anonymised in accordance with our retention and deletion policies.

9. Your Rights under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

  1. Right of access – to obtain confirmation whether we process personal data about you and, if so, access to those data and additional information (Art. 15 GDPR).
  2. Right to rectification – to request correction of inaccurate data and completion of incomplete data (Art. 16 GDPR).
  3. Right to erasure – to request deletion of your data in certain circumstances (Art. 17 GDPR).
  4. Right to restriction of processing – to request restriction of processing under certain conditions (Art. 18 GDPR).
  5. Right to data portability – to receive personal data you have provided to us in a structured, commonly used and machine-readable format and to transmit them to another controller, where the processing is based on consent or contract and is carried out by automated means (Art. 20 GDPR).
  6. Right to object – to object, on grounds relating to your particular situation, to processing based on Art. 6(1)(e) or (f) GDPR, including profiling based on those provisions (Art. 21 GDPR). You also have the right to object at any time to processing for direct marketing purposes.
  7. Right to withdraw consent – where processing is based on your consent (Art. 6(1)(a) GDPR), you may withdraw that consent at any time with future effect. The withdrawal does not affect the lawfulness of processing before the withdrawal.

To exercise your rights, please contact us or our Data Protection Officer using the details in Sections 2 and 3. We may need to verify your identity before responding.

10. Right to Lodge a Complaint with a Supervisory Authority

You also have the right to lodge a complaint with a data protection supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or the place of the alleged infringement (Art. 77 GDPR).

You are free to contact any competent supervisory authority within the EU/EEA.

11. Links to Other Websites

The Site contains links to websites of ChallengeEU partner universities and other third parties. We do not control these websites and are not responsible for their privacy practices or content.

When you leave our Site, we recommend that you read the privacy policy of each website you visit.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time, for example to reflect:

  • changes in our processing activities;
  • new legal requirements; or
  • updates to the Site or the ChallengeEU project.

The current version of the Privacy Policy is always available on the Site and is indicated by the “Last updated” date at the top.

 

This site uses cookies. Visit our cookies policy page or click the link in footer for more information and to change your preferences.

Accept & close