Privacy Policy

-General

Introduction to the PhD Hub

The PhD Hub Platform is an online hub that aims to increase and create new cooperation opportunities between University/Academia and Business at European level, in response to their shared challenges and specificities, and to participate in the sharing and co-creation of information on cooperation and industrial PhD development, leveraging on the local hubs as their strong base. The PhD Hub works as a central platform that hosts multi-websites linked to each local PhD Hub and therefore information added through one of the multi-websites will be displayed at European and local level. It also allows users outside the cooperation to register on the platform and search and apply for PhD positions.

-Information Collection and Use

We will only collect personal information about you and given by you when you register on our platform as a PhD seeking student, PhD student, HEI academic staff member, or member of an Enterprise/Institution. The third-party service providers may also collect personal information about you, only for the purpose of providing you with Services, and adequate technical and organisational measures are in place to ensure the confidentiality and security of your information.

We may disclose aggregated but not individual statistics, such as the number of users we have, their regional location, etc. If you give your consent, we may contact you to you to provide information about services that you have indicated may be of interest to you. We may store certain personal information and use it to offer you personalised services and information through our systems.

If you have given your consent, but you no longer want us to provide such services to you, you can send an email to contact@phdhub.eu.

We may also disclose or access your account if required to do so by Law.

-PhD Hub Platform Websites

While you are browsing the PhD Hub Platform, your mobile or computer operating system, Internet Protocol (IP) address, access times, browser type and language as well as referring website addresses may be logged automatically. This constitutes anonymous usage data that does not identify or precisely locate the user (non-personally identifiable information). We may use this information only in anonymised and aggregated form to monitor, develop and analyse your use of the Services in order to be able to foresee technical updates needed, optimise the system as well as plan future updates in line with the users’ needs. In addition, we may ask you to submit and we may process data that is personal to you, including, but not limited to, your name,

email addresses as well as links and usernames to your profiles on social networking websites and other third-party websites. The usage of such information will only serve the purpose of fulfilling the agreement outlined in this Privacy Policy and Terms and Conditions and of ensuring the Services are provided to the users.

Personally identifiable information is only collected with your informed knowledge, i.e. when the PhD seeking student knowingly submits it to us or when a HEI submits it for a PhD student with his/her consent. When the third party submits such personal information about you, they must receive your consent beforehand. We may use this information to create your user profile and provide you with Services. We may use your email address to contact you about your experience with Platform and notify you about news and promotions only after receiving your explicit consent. If you no longer wish to receive our Services or any or all types of communication, you may opt-out from receiving them at any time by emailing us at contact@phdhub.eu.

-Accounts

Users (PhD Student, Enterprise/Institution Member, PhD seeking student)

By accepting this Privacy Policy and having access to the Services of the Platform you are entering into the Terms and Conditions and Privacy Policy and you guarantee that you either are of legal age to do so or have acquired the necessary consent.

Each Account is meant for one individual and may not be shared between multiple users. An Account is valid until the request for termination of the Account to contact@phdhub.eu.

You must immediately notify the Provider of (a) any abuse of your Account; (b) the loss of the credentials to your Account (email address, password); and (c) the unauthorised disclosure, use and distribution of said credentials by or to third parties.

Academic Staff Member Users

By accepting this Privacy Policy and having access to the Services of the Platform you are entering into the Terms and Conditions and Privacy Policy on behalf of an Institution that you represent and have the legal authority to bind that entity.

Each Account is meant for one individual and may not be shared between multiple users. An Account is valid until the Local PhD Hub Coordinator account holder removes the access rights or upon the request for termination of the Account to contact@phdhub.eu.

You take full responsibility for safeguarding the access credentials — email and password — combination and cover any damages that may be incurred due to the unauthorised disclosure, use and distribution of said credentials. If you are the holder of the Local PhD Hub Coordinator Account, then you have the same responsibility for all of your Staff Accounts.

If you are the holder of the Local PhD Hub Coordinator, then additionally you must immediately notify the Provider of a change in position, resignation or any other reason why you no longer have the right to use the Services of the PhD Hub Platform on behalf of the HEI. Upon such notification, the Provider shall renew the credentials to the respective Account, take other reasonable measures to protect the Member Account or delete it, if requested to do so by the HEI.

In order to ensure that there is no unauthorised access to the platforms the Provider reserves the rights to request the confirmation of the position held at the HEI on a regular basis to guarantee that other users’ data is not exposed to unauthorised persons.

You (and your HEI, as the case may be) are solely responsible for making sure that:

– You have acquired the permission from Users (PhD students, enterprise representatives, academic staff members) to upload their personal data to the PhD Hub platform.

– In line with the requirements for data processors according to the GDPR, when acting as a data processor at your HEI you are responsible for establishing and maintaining a record of all personal data processing activities.

– You own all intellectual property rights (IPR) and any other rights, title and interest in your User Content or have obtained the respective permissions and authorisations from the respective third-party owners before submitting it to the Provider through the PhD Hub Platform or the Services for the purposes described in the Agreement;

– Your User Content is in compliance with all applicable laws and regulations, e.g. it is not offensive, harassing, invasive of another’s privacy, hateful or otherwise unlawful;

– Your User Content does not require obtaining a license from or paying any fees and/or royalties by the Provider to any third party for the performance of any Services you have chosen to be performed by the Provider or for the exercise of any rights granted in the Agreement, except as expressly agreed otherwise in the Agreement;

– Your User Content is not harmful (for example viruses, worms and other destructive codes) and does not contain any programs that overload or interfere with the work of

the PhD Hub Platform or distort the User Content of other users, except as expressly agreed otherwise in the Agreement.

– In all cases mentioned above, actions will be taken against such content to ensure the integrity of the Privacy Policy and Terms and Conditions.

When using the PhD Hub Platform and Services, you may be exposed to User Content of other users from a variety of sources. The Provider takes reasonable technical and organisational measures to ensure the accuracy, usefulness, lawfulness, or IPR and any other rights, title and interest in or relating to such User Content. Please notify the Provider without delay should you notice that there are any instances when the Agreement in this Privacy Policy is compromised.

We may collect your email address when you contact our support service group and we may use that email address to contact you about your experience with the PhD Hub Platform Services and notify you about our news and promotions only after acquiring your explicit consent.

-Notifications

We may occasionally send you notifications through the email indicated upon registration in order to send you service-related notifications that may be of importance to you to continue using the Services, and safety/security notifications related to your participation in programmes featured in our Services. You may at any time opt-out from receiving these types of communications by emailing us at contact@phdhub.eu.

-Cookies

A cookie is a small text file that we transfer to your computer and/or device, to identify a user’s computer/device and to “remember” things (details) about your visit, such as your preferences or a username and password. Information contained in a cookie may be linked to your personal information, such as your user ID, for purposes such as improving the quality of our Services, tailoring recommendations to your interests, and making the Services easier to use. You can disable cookies at any time, although you may not be able to access or use features of the Services.

-Third Party Services

Our services may contain third-party tracking tools from our service providers, examples of which include email service provider as well as push-notification service provider. Such third parties may use cookies, APIs, and SDKs in our services to enable them to collect and analyse user information on our behalf. Third parties may have access to information such as your device identifier, MAC address, IMEI, locale (specific location where a given language is spoken), geo-location information, and IP address for the purpose of providing their services under their respective privacy policies. We take all the necessary technical and organisational measures to protect the

confidentiality and security of your information from unauthorised access or against loss, misuse or alteration by third parties when entering contracts with such third parties. In line with the GDPR, you can always request information we collect, how we collect it, what we use it for, who we can share it with – and how we keep it safe.

-How We Use Information

We use the information collected through our Services for the purposes described in this Policy or disclosed to you in connection with our Services. For example, we may use your information to operate and improve our Services; understand you and your preferences to enhance your experience and enjoyment using our Services; provide and deliver products and services you request; link or combine it with other information we get from third parties, to help understand your preferences and provide you with better services.

In case you are a PhD/PhD seeking student user, some of your personal information, such as name and surname, email address and other contact information, gender, nationality, studies, degree, university, photo, curriculum vitae, as well as other information concerning your curriculum can be made accessible to HEIs or Enterprises/Institutions.

In case you are an Academic staff member, your personal information will be accessible to authorised academic staff members at your HEI or authorised persons at an Enterprises/Institution.

In case you are member of an Enterprise/Institution your personal information will be accessible to authorised persons at your Enterprise and to authorised academic staff members at HEIs.

The EUF has a limited right to access the data in order to proactively analyse the system architecture, data models and infrastructure resources so as to offer the Services in the best possible way. This includes, for example, analysis of slow-running database queries, predicting the growth rate of data (in order to allocate resources ahead of time), and analysis of the data contents and format in order to choose the most performant and fitting data models. It is unavoidable that in order to be able to provide the best possible Services, the Provider must be able to understand the data, as well as emergent trends in the data. Such analysis is done, whenever practical, in an anonymised manner and with only the above, purely technical or service-oriented purposes in mind.

-Disclosure of Your information

We do not share your personal data except as approved by you or as described below:

With PhD students/PhD seeking students’ user consent, allowing us to share the data with other third parties, with which we already have valid agreements for the Services we provide, such as other HEIs, Enterprises/Institutions or Third-Party Service Providers.

This information is also subject to the specific third-party separate privacy policies. If you no longer wish to allow us to share your information with third parties, please contact us at contact@phdhub.eu. If you no longer wish to receive any communications from third parties, please contact that third party directly.

The EUF may engage other companies and individuals to perform services on our behalf. An example of these services includes analysing data and providing user support. These agents and service providers may have access to your personal information in connection with the performance of services for the EUF. In such cases, we take all the necessary technical and organisational measures to protect the confidentiality and security of your information from unauthorised access or against loss, misuse or alteration by third parties.

We may release your information as permitted by law, such as to comply with a subpoena, or when we believe that release is appropriate to comply with the law; investigate fraud, respond to a government request, enforce or apply our rights; or protect the rights, property, or safety of us or our users, or others. This includes exchanging information with other companies and organisations for fraud protection.

The EUF may share your information in connection with any merger, sale of our assets, or a financing or acquisition of all or a portion of our affairs to another entity. You will be notified via email and/or notice on our website of any change in ownership or users of your personal information.

-Changes to the Policy

We may update this Privacy Policy to reflect changes to our information practices. If we make any material changes, we will notify you by means of a notice on our websites prior to the change becoming effective.

-Security

We take all the necessary technical and organisational measures to protect the confidentiality and security of your information from unauthorised access or against loss, misuse or alteration by third parties. We make good faith efforts to store the information collected on the Services in a secure operating environment that is not available to the public and is only accessible by authorised employees, agents or contractors, and we verify the identities of registered users before they can access personal information stored about them.

The data collected is stored on servers of the Aristotle University of Thessaloniki, Greece and may be stored on servers in other countries within the European Union and we take reasonable technical and organisational measures to ensure that all Services are in line with the EU General Data Protection Regulation (2016/679).

-Access to Personal Information

If your personal information changes, or if you no longer desire our Services, you may correct, update, or delete inaccuracies by making the change within your account settings or by contacting us at contact@phdhub.eu and request the export or deletion of all personal data. In case of export, after approval from administrator, data will be sent to the user’s registered email. We will respond to your access request within 30 days.

-Data Retention

We will retain your information for as long as needed to provide you Services. If you wish to cancel your account or request that we no longer use your information to provide you services, contact us at contact@phdhub.eu. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes and enforce our agreements.

-International Transfer

We may transfer information that we collect about you to affiliated entities, or to other third parties across borders and from your country or jurisdiction to other countries or jurisdictions around the world. In such cases, the appropriate measures have been taken to ensure that the Service Providers comply with the EU General Data Protection Regulation (2016/679).

-Location of data

We take reasonable measures to protect user information from unauthorised access or against loss, misuse or alteration by third parties. All connections are encrypted and authenticated using secure protocols; encryption is also used in the links circulated through the email notifications. The data collected is stored on servers located in the Aristotle University of Thessaloniki, Greece, and may be stored on servers in other countries within the European Union.

-Purpose for which we use your information

We collect information about you for a variety of purposes. These include:

Research and statistical analysis of the usage of Platform;
To enable and manage matchmaking between academia, students and businesses;
Inform you about the PhD Hub activities if you have given consent for such activities;
For a regular user, the research interests and skills/qualifications are used for the matchmaking process only.

-Google Login/Social Media logins (Twitter/Facebook)

When you access our Services using your Google or Social login dataset, we only use the relevant API to verify your account and ensure security of your data. We only fetch the authentication data and we will never use any of your personal information for purposes beyond the limited and express purpose of our Services or for purposes other than improving your experience without getting specific opt-in consent from you. This Policy and all its restrictions and limitations also apply to the data collected through your Google login.

We will not use stale data. We can cache or store data we have obtained through the Google+ API but to the extent reasonably possible within the context of our Services we will use fresh data recently fetched in order to ensure that if for example you have deleted/removed your consent we will no longer be able to log you in with your Google+ login dataset.

We will not attempt to discover the identity of a Google+ user unless the user consents to share their identity with us via the Google-approved authorisation procedure. This prohibition includes identifying users by correlating Google+ button reporting data from Google with our own data.

We will never sell or transmit to others any data about a user related to the user’s use of any Google+ button. For the avoidance of doubt, this prohibition includes, but is not limited to, any use of pixels, cookies, or other methods to recognise users’ clicks on a Google+ button, the data of which would then be disclosed, sold, or otherwise shared with other parties.

Google may analyse our use of a Google+ button including to ensure our compliance with Google policies and to facilitate Google’s development of Google+ Buttons. By using a Google+ button, we have given Google permission to utilise an automated software program, often called a “web crawler,” to retrieve and analyse Services associated with a Google+ button.

No passwords are stored in the platform when using the social media login service. We use the Authentication services APIs from the respected provider according to their own guidelines as being used in all common applications. In the case of registration/login through such a service, the full name/email/avatar may be collected from the respected provider with respect to the user permissions given to the provider. For example, we cannot get the profile picture from Facebook if the user has not allowed Facebook to share his/her profile picture. If the user’s profile picture is public though, we have access to it but we do not store it, except temporarily cache it for a limited time period.

-Social Media Features

Our Services may include social media features, such as the social media widgets. These features may collect your IP address, the page you are visiting on our Services and may set a cookie to enable the feature to function properly. Social Media Features and Widgets are either hosted by a third party or hosted directly on our Websites. Your interaction with these features is governed by the privacy policy of the company providing them.

When you use the PhD Hub on a mobile platform, we may collect and record certain information such as your unique device ID (persistent/non-persistent), hardware type, media access control (“MAC”) address, international mobile equipment identity (“IMEI”), the version of your operating system (“OS”), your device name, your email address (if you have connected to Facebook or Google+), and your location (based on your Internet Protocol (“IP”) address). We use this information for troubleshooting and to help us understand usage trends.

We may collect your location-based information for the purpose of providing you with the correct version of the application. We will not share this information with any third party. If you no longer wish to allow us to track or use this information, you may turn it off at the device level.

In addition, we create a unique user ID to track your use of our Services and better connect you with other platforms that exist and collaborate with the PhD Hub. This unique user ID is stored in connection with your profile information for the sole purpose of enabling identification in all linked platforms and making your user experience easier.

-Contact Information

For data protection purposes, the European University Foundation is the Data Controller of any personal information submitted and related to the above-mentioned Services. You can contact us at:

European University Foundation
RCS Luxembourg G190
16C rue de Canach
L-5353 Oetrange
Luxembourg

Legal Address:
31 rue du Parc
5374 Munsbach
Luxembourg
Website: www.uni-foundation.eu
Email: contact@phdhub.eu

GLOSSARY

Account – The central means of access to the non-public parts of PhD Hub Platform and for using the services, which include User’s profile. It is used to identify the User and provide a set of administrative tools.

Academic Staff Member – One or more natural persons at a HEI, authorised by the local PhD Hub Coordinator, able to perform number of administrative tasks on the Platform.

Enterprise/Institution – Business entities registered and approved by the local PhD Hub coordinator on the PhD Hub Platform to cooperate with HEIs and PhD Students for research and development in their respective economic areas.

HEI – Higher Education Institution

PhD Hub Coordinator – Responsible person at a HEI with administrative power to create accounts for other staff members and PhD students, and invite Enterprises/Institutions.

PhD Student – Student enrolled in a PhD programme at a HEI.

Platform – PhD Hub Website and its interrelated services.

Services – Any services provided or made available by the Provider via the PhD Hub platform as well as relevant interconnected tools or relating thereto.

User – PhD Hub coordinator, academic staff member, contact at the Enterprise/Institution, PhD Student, PhD seeking student. A user is also known as Contributor.