List of active policies

Name Type User consent
EUAA Learning Management System (LMS): General Conditions of Use Site policy All users
Data Protection Notice Privacy policy All users
Code of Conduct for Participants in the EUAA’s Training Activities Other policy All users

Summary

Version: 23/06/2022

Welcome to the EUAA LMS,

Please read, acknowledge, and accept the following general terms and conditions to access the EUAA LMS and the e-Learning modules.


Full policy

  1. Temporary conditions
    This screen displays provisional general conditions of use you are required to acknowledge and accept to be able to access the EUAA LMS with the assigned login credentials. If changes are made to the general conditions of use, a new version will be presented on-screen and further acknowledgement by users will be required to access the platform.
  2. Your login credentials are unique
    Per each user, a unique username and password are assigned and linked to the email address indicated during the registration. Any notification from the LMS and communications related to password reset will be directed to such registered email. Users cannot change the primary email address.
  3. Access to online training modules
    Registered Users can access the relevant E-Learning modules of the EUAA Training Curriculum by using the individual login credentials provided by EUAA, as described in point 2 of this document. The EUAA registers and enrols new users based on a request from the Training National Contact Point (NCP) in a Member State (MS) or the session organiser of an MS Institution. Individual registrations may be approved only under duly justified circumstances.
  4. Password Reset
    The password can be changed by the registered user at any time, by using the automated password reset option (https://atraining.euaa.europa.eu/lms/login/forgot_password.php).
  5. User suspension/deactivation
    The EUAA reserves the right to act in case of misconduct or inappropriate use of the platform. Possible actions could include temporary or permanent revocation of access rights to the EUAA LMS or deactivation of any user account at any time and without prior notice.




Summary

 

Full policy

DATA PROTECTION NOTICE

EUAA Learning Management System

1.                   Introduction

The European Union Agency for Asylum (hereinafter ‘the EUAA’ or ‘the Agency’) is committed to protecting your privacy. The EUAA collects and further processes personal data pursuant to Regulation (EU) 2018/1725[1] (hereinafter ‘the EUDPR’).

 This Data Protection Notice explains inter alia the reasons for the processing of your personal data, the way we collect, handle, and ensure protection of your personal data and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, as well as of the Data Protection Officer (DPO) and the European Data Protection Supervisor (EDPS) to which you may have recourse as well to exercise the said rights.

 2.                   Why and how do we process your personal data?

The EUAA Learning Management System (hereinafter ‘the LMS’) is an online training platform accessible from the Agency’s Intranet, which is used to deliver interactive modules covering the entire field of international protection to EUAA personnel (i.e., staff members, temporary agency workers / interim workers and remunerated external experts) and to personnel working in the asylum and reception administrations of EU+ Countries (i.e., case officers, managers of asylum units, reception officers, Country of Origin (COI) researchers and policy officers), amongst others. The training provided via the LMS includes sessions organised at the EUAA or at the national level, consisting of interactive e-Learning modules covering the core aspects of international protection procedures.

 For trainers, personal data are either collected directly by the Agency (where the EUAA assigns in-house trainers based on their availability and expertise) or provided to the Agency by Training National Contact Points (TNCPs)[2] both in the context of a deployment procedure, for sessions organised by the EUAA, and  in the context of national training sessions. This information is required to register trainers on the LMS, set up their personal profiles on the platform and decide on the appropriate trainer(s) for specific session(s).  

 For learners, personal data are provided to the Agency by TNCPs using a dedicated registration form. This information is required to register learners on the LMS, set up their personal profiles on the platform and enrol them in their chosen courses. It is also required to deliver and evaluate EUAA training activities via the platform. In addition, learners’ personal data contained in module evaluations are processed by the Agency for reporting purposes, with a view to increasing the quality of the modules delivered. To execute such tasks, selected EUAA personnel have access to learners’ personal data stored in the registration forms and on the LMS platform.

 When using the LMS platform, personal data are processed in the following manner:

·         User data are collected via the LMS internal tools for the purpose of providing learners/trainers access to EUAA modules, managing the LMS and the generation of reports (e.g., LMS user enrolment report, LMS activity completion report, trainers report, etc.).

·         Learner experience data which are related to real-time spent on different sections of the LMS, and data related to online interactions on the system are collected automatically via the LMS. Learner experience data are also collected directly in the LMS live session and are accessible by the assigned trainer(s) to monitor learners’ progress during the online phase of the module. With the help of EUAA administrators, this helps to identify and measure the impact of the engagement of learner(s) at risk of dropping out to enable tutoring intervention in order to facilitate the completion of their training, and to improve the overall quality of the service. These data are also collected to mark learners’ responses automatically during quiz-based assessment sessions. In this case, scores are automatically attributed to learners based on the number of correct answers they provide, and the results are available online to the concerned users;

·         (Anonymised) feedback information about the LMS is collected from learners and trainers via the feedback form plugin (SurveyPro) for purposes related to the (re)design of the curriculum (e.g., for the EUAA Annual Training Report)[3].

 3.                   On what legal ground(s) do we process your personal data?

We process personal data on the basis of Article 2(1) point (d) of Regulation (EU) 2021/2303[4] (hereinafter ‘the EUAA Regulation’), which provides that the Agency’s tasks include “assist[ing] Member States as regards training and, where appropriate, provid[ing] training to Member States’ experts from all national administrations, courts and tribunals, and national authorities responsible for asylum matters, including through the development of a European asylum curriculum”.

 More specifically, paragraphs 1 to 4 of Article 8 of the EUAA Regulation provide, inter alia, that the Agency “shall establish, develop and review training for members of its own staff and members of the staff of relevant administrations, courts and tribunals, and of national authorities responsible for asylum and reception” and “shall develop a European asylum curriculum […] to promote best practices and high standards in the implementation of Union law on asylum”, offering such high quality training with a view to ensuring greater convergence of administrative methods, decisions and legal practices, while fully respecting the independence of national courts and tribunals”.

 Consequently, the relevant processing operation is lawful under Article 5(1) point (a) of the EUDPR given that it is necessary for the performance of the tasks that the Agency has been vested with by virtue of its mandate.

 To the extent that participation in the EUAA training activities taking place in the context of the LMS may be voluntary, the processing of any personal data shared on this basis is also lawful under Article 5(1) point (d) of the EUDPR, as it is based on consent of the data subjects concerned.

 4.                   Which personal data do we collect and further process?

The following (categories of) personal data may be processed (for learners and/or trainers):

1.       Learners

·         Credentials;

·         First name and surname;

·         E-mail address;

·         Organisation or institution of origin;

·         Assessment of learners’ results and grades;

·         Module completion status (i.e., enrolled, completed, withdrawn);

·         Learner experience data collected via the LMS internal tools:

o   Time spent on the LMS and in different sections of the training modules;

o   Interactions with online content and activities (e.g., LMS webpages, learning objects, quizzes, tests, forums and assignments);

o   Tracking of learning progress.

 

2.       Trainers

·         Credentials;

·         First name and surname;

·         E-mail address;

·         Organisation or institution of origin;

·         Trainers’ feedback on learners’ assessment of results and grades;

·         Learners’ (anonymised) feedback on trainers’ performance.

 5.                   How long do we keep your personal data?

Learners’ personal data will be kept for a maximum of 40 years in accordance with Standard 8 of the Guidelines for External Quality Assurance Audits of Further Education Institutions and Further Education Centres issued by the Malta Further and Higher Education Authority (MFHEA), to meet the requirements of Maltese legislation for the accreditation of educational institutions.

 Non-in-house trainers’ personal data will be stored for as long as trainers comply with the Trainers Pool selection criteria and are available for deployment as a trainer.

In-house trainers’ personal data are administrative data stored by the Agency for as long as they work in the EUAA.

 6.                   How do we protect and safeguard your personal data?

Personal data processed in the context of the LMS or data obtained for the purposes of registration in electronic format (e-mails, documents, etc.) are stored in Microsoft Azure and Microsoft 365 Services.

 To protect personal data, the EUAA has put in place a number of technical and organisational measures as required under Article 33 of the EUDPR. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

 For website security purposes and to ensure that the LMS remains available to all users, network traffic is monitored to identify unauthorised attempts to exploit or change information on this website or otherwise cause damage or conduct criminal activity. Anyone using this website is advised that if such monitoring reveals evidence of possible abuse or criminal activity, results of such activity might be provided to the appropriate authorities in line with the applicable rules.

 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons posed by the processing, the following security measures are applied:

 1.       The pseudonymisation and encryption of the data;

2.       Measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

3.       Measures to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;

4.       A process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing;

5.       Measures to ensure personal data will solely be processed by authorised personnel who are:

a.       granted access to the personal data on a need-to-know basis;

b.       familiar with the obligations stemming from the applicable data protection rules;

c.       regularly trained in the care, protection and handling of personal data;

d.       authorised to process the personal data; and

e.       subject to a duty of confidentiality (either as a statutory or as a contractual obligation);

6.       Additional particular security controls: The Information and Communications Technology Unit (ICTU) of the EUAA has implemented and maintains the following security controls for user data, consistent with industry best practices, including:

a.       Controls, Policies & Procedures: Appropriate technical and administrative controls, and organisational policies and procedures;

b.       Named person in the role as a dedicated Information Security Officer (ISO) with focus on security in all areas of the EUAA business;

c.       Logging: System and application logging where technically possible, whereas the EUAA ICTU retains logs and verifies such logs periodically for completeness;

d.       Malicious code and/or software: Malware prevention software (e.g., antivirus) is implemented on the technical infrastructure where applicable; XDR solution (Cortex) is used on all LMS Virtual machines.

e.       Traffic inspection: Vulnerability exploit inspection is implemented on the technical infrastructure where applicable.

7.       System Security: System and IT security controls are applied by the ICTU, consistent with industry best practices, including:

a.       A high-level infrastructure diagram, which can be provided upon request;

b.       A mix of industry standard software firewalls to dynamically limit external and internal traffic between the Agency’s services;

c.       A program for evaluating security patches and implementing patches using a formal change process within defined time-limits;

d.       Ad-hoc penetration testing by an independent third party, with a detailed written report issued by such third party and provided upon request;

e.       Documentation of identified vulnerabilities ranked based on risk severity and corrective action according to such rank;

f.        Password policy controls implemented to protect data, including complexity requirements and multi factor authentication where available.

 

7.                   Who has access to your personal data and to whom are they disclosed?

The following (categories of) recipients may have access to personal data related to learners/trainers identified above:

·         Trainers;

·         Learners in the same training module(s);

·         Other users (i.e., trainers or learners) participating in discussion forums, personal/group messaging tools, chat rooms or with access to list(s) of participant(s) for different module(s);

·         Authorised EUAA personnel acting as LMS administrators with access rights;

·         External contractors (ALTIA CONSULTORES S.A) based in the EU/EEA providing LMS-related services with access rights (i.e., Helpdesk and Maintenance Services);

·         TNCPs.

 

8.                   Do we transfer any of your personal data to third countries or international organisations (outside the EU/EEA)?

To the extent that users of the LMS (i.e., trainers or learners) may come from (international) organisations[5] and/or third country partners under EUAA Roadmaps[6], this processing activity may entail transfers of personal data to (international) organisations or third countries.

 For this purpose, in the absence of appropriate safeguards in place, the explicit and informed consent of the data subject(s) concerned is exceptionally sought for the international transfers of their personal data, pursuant to the derogation foreseen in Article 50(1) point (a) of the EUDPR.

 

9.                   Does this processing involve automated decision-making, including profiling?

This processing activity does not involve automated decision-making, or profiling.

 

10.               What are your rights and how can you exercise them?

According to the EUDPR, you are entitled to access your personal data and to rectify them in case the data are inaccurate or incomplete. If your personal data are no longer needed by the EUAA or if the processing operation is unlawful, you have the right to erase your data. Under certain circumstances, such as if you contest the accuracy of the processed data or if you are not sure if your data are lawfully processed, you may ask the Data Controller to restrict the data processing. You may also object, on compelling legitimate grounds, to the processing of data relating to you. Additionally, you have the right to data portability which allows you to obtain the data that the Data Controller holds on you and to transfer them from one Data Controller to another. Where relevant and technically feasible, the EUAA will do this work for you.

 If you wish to exercise your rights, please contact the Data Controller, i.e., Head of Training and Learning Technologies Sector by sending an e-mail to registrar@euaa.europa.eu.

 You may always submit queries, remarks or complaints relating to the processing of your personal data to the Data Protection Officer (DPO) of the EUAA using the following e-mail address: dpo@euaa.europa.eu.

 In case of conflict, complaints can be addressed to the European Data Protection Supervisor (EDPS) using the following e-mail address: edps@europa.eu. 


[1].  Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC, OJ L 295, 21.11.2018, p. 39-98.

[2]. Where references to Training National Contact Points (TNCPs) are included, that definition needs to be extended to other national administration officials, communicating with the Agency on behalf of or in coordination with the TNCP(s).

[3]. For further information, please consult Section 12.1 of the EUAA Training Quality Assurance Framework (2022). 

[4]. Regulation (EU) 2021/2303 of the European Parliament and of the Council of 15 December 2021 on the European Union Agency for Asylum and repealing Regulation (EU) No 439/2010, OJ L 468, 30.12.2021, p. 1-54.

[5]. Namely, the United Nations High Commissioner for Refugees (UNHCR) (see applicable privacy policy here), the International Organisation for Migration (IOM) (see applicable privacy policy here), the Council of Europe (CoE) (see applicable privacy notice here), the International Centre for Migration Policy Development (ICMPD) (see applicable privacy notice here), the Intergovernmental Consultations on Migration, Asylum and Refugees (IGC) and the General Directors of Immigration Services Conference (GDISC).

[6]. Namely, Albania, Bosnia and Herzegovina, Egypt, Kosovo, Montenegro, North Macedonia, Niger, Turkey, and Serbia.



Summary

Language versions of the Code of Conduct are available on the EUAA website.
Objectives and scope 
  1. The conduct of all persons participating in EUAA training activities, whether in their capacity as EUAA staff, interim staff, national experts, external remunerated experts, external contractors and service providers and their staff, members of advisory groups, as well as learners, is central to the success and reputation of EUAA training.  

  1. This Code sets out the standards of conduct expected of participants in EUAA training activities. It is the responsibility of all such persons to familiarise themselves with the content of this Code and to apply it at all times when participating in EUAA training activities, to the extent required by their role or function.   

  1. The Code applies to all persons during the course of their participation in EUAA training activities.   


Full policy

Definitions 

  1. “EUAA training activities” includes all activities connected with the planning, design, development, delivery, monitoring and evaluation of EUAA training, including assessment and certification activities, as well as all ancillary administrative support activities.  

  1. “Person contributing to EUAA training activities” means any person who is authorised or instructed by the EUAA or by a national administration to perform tasks in connection with EUAA training activities but does not include learners participating in EUAA training.  

  1. “Participants in EUAA training activities” includes persons contributing to EUAA training activities, as well as learners participating in EUAA training, and all administrative support staff.  

  1. “Centre” means the EUAA Training and Professional Development Centre.  

  1. “Training environment” means the physical or virtual space in which the training activities take place. In cases where the training activities take place physically, this could be EUAA premises, premises made available by national authorities or the site of EUAA operational support activities.  

  1. “Conflict of interests” means a situation where the impartial and objective exercise of an individual's functions is compromised by economic or financial interests, family or emotional ties, or any other interest shared with another party.  

  1. “Confidential information” is information which is indicated as such and which an individual may gain access to during their participation in EUAA training activities, and the disclosure of which to third parties is prohibited. Examples include personal data, learners’ individual grades and banks of assessments.  

  1. “Discrimination” means treating a person or group of persons less advantageously than another person or group of persons based on a person’s gender, race, colour, ethnic or social origin, genetic features, language, religion or belief, political or any other opinion, membership of a national minority, property, birth, disability, age or sexual orientation. Discrimination can manifest itself in many forms, including denying or excluding a person or a group of persons from participation in or receiving the benefits of any programme or activity of the Centre.  

  1. “Harassment” means unwelcome verbal or physical conduct directed toward a person or group of persons when such conduct unreasonably interferes with the person’s work or educational performance or creates an intimidating or hostile work or educational environment. Examples may include, but are not limited to, epithets, slurs, and jokes. Harassment includes one-off incidents or a series of incidents and may be carried out in person or online. Harassment may be deliberate, unsolicited and coercive. It may occur between anyone: between peers (e.g., learner to learner, trainer to trainer) or between someone in a position of power or authority and an adult in a subordinate position (e.g. trainer to learner).  

  1. “Sexual harassment” means unwelcome verbal or physical conduct of a sexual nature. Examples may include, but are not limited to, sexual advances, requests for sexual favours, touching, jokes, comments, and sexual violence.  


Professional standards  

  1. All persons contributing to EUAA training activities must perform their assigned tasks to the best of their ability, comply with the relevant terms of reference and take responsibility to maintain the quality of their work, in particular by dedicating enough time to the tasks that they have been assigned.   

  1. Persons contributing to EUAA training activities must strive to work together in a collegiate and cooperative manner with peers and colleagues and be open to and respond positively to constructive feedback. They are encouraged to seek support and guidance where necessary. 

 

Integrity and objectivity  

  1. Persons contributing to EUAA training activities should perform their tasks in an objective and impartial manner.   

  1. They must refrain from taking advantage of their role for any illicit personal gain and in a manner, which is detrimental to the reputation of EUAA training.  

  1. They must not accept gifts that could place them, or be perceived as placing them, under an obligation which could influence them in the performance of their tasks.  

  1. If they find themselves in a situation of a conflict of interest, they should immediately suspend themselves from the EUAA training activities in relation to which the conflict of interests has arisen, and without delay bring the matter to the attention of their immediate supervisor and the EUAA Training and Professional Development Centre, who will provide them with appropriate guidance.  

 

Confidentiality  

  1. Persons contributing to EUAA training activities may not disclose any confidential information to unauthorised third parties. This obligation persists after they have ceased performing their tasks in connection with EUAA training activities and until such time as the EUAA has authorised the public disclosure of that information or until they are lawfully required to disclose it.  

 

General Conduct  

  1. All persons participating in EUAA training activities must, at all times, maintain professional boundaries, be fair, courteous and respectful towards all individuals.  

  1. They are to behave in a culturally sensitive manner, particularly in situations where they interact with individuals with different cultural backgrounds than their own.  

  1. They must refrain from being under the influence or after-effects of drugs, alcohol or other illicit substances during EUAA training activities.  

  1. They should comply with all policies and procedures applicable to their tasks or function, as well as all applicable laws and regulations, in particular as regards health and safety matters.  

  1. In general terms, they must behave professionally in accordance with standards of conduct reasonably expected of individuals in their role or function.  

 

Diversity and equality 

  1. All persons participating in EUAA training activities have a responsibility to contribute to an environment which promotes diversity, equality and inclusiveness. They must not discriminate against any individual during the course of their participation in EUAA training activities.  


Harassment 


  1. Persons participating in EUAA training activities must not commit any act of harassment or sexual harassment against any individual during the course of their participation in EUAA training activities.  

  1. When harassment or sexual harassment takes place and poses an imminent threat or risk to the safety or wellbeing of others, the trainer or other person responsible may take immediate and proportionate steps to address the situation, including by asking the perpetrator to leave the training environment.  


Reporting and Sanctions 

  1. Any person participating in EUAA training activities who has reason to believe that a violation of this Code of Conduct has occurred or is likely to occur may lodge a complaint in accordance with the procedure laid down in the Centre’s Guidelines on the Training Complaints Procedure.   

  1. The Centre will investigate the incident and may take any appropriate and proportionate measures to address the issue and to prevent its re-occurrence. In serious cases, where this is justified by the need to ensure the safety or wellbeing of all persons participating in EUAA training activities, individuals who are found to have committed serious breaches of this Code may be excluded on a temporary or permanent basis from further participation in EUAA training activities.   

  1. No individual should be subject to retaliatory action by reason of having brought a complaint under this article. Any such retaliatory action may be the subject to a complaint under this article.  

  1. The EUAA may refer instances of breaches of this Code by an individual who is not in an employment or contractual relationship with the EUAA to the individual’s employing or contracting organisation. Relations between individuals and their employing or contracting organisations are governed exclusively by the terms of their employment. It is for the employing organisation to determine whether any disciplinary action needs to be taken. The EUAA reserves the right to take the final decision on the individual’s further participation in EUAA training activities.  

 

Dissemination of the Code 
 
  1. The EUAA makes every effort to ensure that this Code is brought to the attention of all persons participating in EUAA training activities. All such persons are informed about how they can access the Code and its content is explained to them on initial engagement with EUAA training activities.  

  1. National asylum and reception administrations are to make every effort to bring the Code to the attention of all persons carrying out tasks in the training environment.  

  1. This Code of Conduct is made publicly available on the EUAA website1.  

 

Monitoring and Review 

  1. The EUAA will monitor the application of this Code on a regular basis and will review and update it as required.