1. Data controller:


Vrije Universiteit Brussel


Business ID: 02/629.20.10

Address: Pleinlaan 2, 1050 Brussel, Belgium

E-mail: dpo (at) vub.be


  1. Data controller’s representative and contacts


Country: Belgium

Organization: Vrije Universiteit Brussel

Name: Jozefien De Marrée

E-mail: jozefien.de.marree (at) vub.be


Country: Finland

Organization: Lahti University of Applied Sciences Ltd (Lahti UAS)

Name: Minna Ulmala

E-mail: minna.ulmala (at) lamk.fi


Country: Lithuania

Organization: Vilnius College of Technologies and Design

Name: Ana Aleknaviciene

E-mail: a.aleknaviciene (at) vdtk.lt


Country: Netherlands

Organization: Wageningen University & Research

Name: Valentina C. Tassone

E-mail: valentina.tassone (at) wur.nl


Country: Portugal
Organization: Maiêutica (ISMAI/IPMAIA)

Name: Claudia Azevedo

E-mail: Projetos (at) maieutica.pt


  1. Data protection officer


Country: Finland

Name: Anne Himanka, Legal Counsel

Address: Lappeenranta University of Technology, Skinnarilankatu 34,

53850 Lappeenranta, Finland

Phone: +358 50 564 4623

E-mail: servicedesk (at) lamk.fi


  1. Purpose of data processing


Personal data in the Higher Education Institutions (HEIs) processes

The HEIs are responsible for processing large amounts of personal data: not just from students, researchers and staff, but also from third party: stakeholders’ workers, partners, experts and visitors, as well as data that is required to perform academic research. We process this data either to fulfil the legal requirements necessary to provide education and perform RDI activities, or in order to improve our services as a HEI.


The purposes for which it is processed


Providing education

Keeping records on student affairs; managing internal and external information flows; registering study results; concluding contracts with students; formulating policy on education matters; being able to provide advice, guidance, and counselling etc.


Performing RDI activities

The RDI workers affiliated with the ENtRANCE project gather, analyse, and manage data, necessary for the advancement of the scientific disciplines represented at the HEIs. Many of the activities carried out by RDI workers involve processing personal data.


Valorisation, outreach, marketing and communication

Recruitment of prospective students; performing market research; concluding and fulfilling contracts with organizations; improving public and customer relations; improving marketing and branding of the ENtRANCE project; managing and improving our website.


All these various types of data will be treated with the utmost care; none will be freely accessible. Persons acting on behalf of the ENtRANCE project who work with such data will only be authorised to do so to the extent necessary for the performance of their duties. Additionally, the ENtRANCE HEIs are continuously committed to maintaining the proper technical and organizational safeguards with regard to information security and data protection.


Website of ENtRANCE project


We process your personal data to maintain, manage and develop the user relationship. The personal data is needed for the implementation of services, such as customer communications.

We also process personal data for the performance of customer communications regarding changes or cancellations in relation to events, for example. In addition to this, we use your personal data for direct marketing conducted by Lahti University of Applied Sciences Ltd as well as for other direct marketing, market surveys and opinion polls, including electronically implemented direct marketing.

In order to be able to provide interesting content, we may target our marketing communications by analysing the data processed in our file, such as service usage information.

Analytic tools are used to collect data on the users of the website.
We also process personal data in order to analyse and develop our services and other business operations, as well as for statistical purposes.


  1. Legal basis of data processing


Legitimate interest
Our right to process your personal data is partially based on the legitimate interest generated by the customer relationship. We process your data to provide services and send marketing materials, for example, to the extent that the processing is necessary for the performance of these activities. We also process your personal data to create profiles and send marketing materials on the basis of legitimate interest.

According to our assessment pursuant to the applicable data protection legislation and official guidelines, your interests, basic rights and freedoms do not override our right to process your personal data based on our legitimate interest. If you so desire, you may exercise your rights, if you wish to object to or limit our processing of personal data.

We process your personal data based on your consent.


Eg. A consent is given to Lahti University of Applied Sciences Ltd when you subscribe to the newsletter. We also process personal data collected through cookies and other tracking methods based on your consent for setting cookies. If you use our mobile application, we process your location data if you have provided your consent for the processing of this information.

You have the right to withdraw your consent for the processing of personal data by contacting the contact person specified.

  1. Content of data filing system and storage period

It is possible that the ENtRANCE project processes the following categories of personal data:



Place of Birth

Bank Account Number

Telephone number

Date of Birth



Information regarding user interaction (e.g. IP address, cookies, clicking behaviour, information from contact forms etc.)

Images (photos and videos)

Information regarding choice of study programme, study progress and study results

Data gathered in the context of academic research

We will retain your information for as long as it is necessary for performing the purposes of the processing of personal data or observing our contractual and legal obligations.

  • If you have subscribed to our newsletter, we will keep your personal data for as long as the newsletter subscription is effective. If you cancel the newsletter subscription we will stop delivering the newsletter to you without undue delay.
    • We will store personal data collected through cookies and other tracking methods for no more than 5 years from the collection date.


  1. Information systems employed


Automatically collected information on the use of the website:

We process your personal data when you access our website, mobile site or mobile application, even if you have not registered as our customer or logged in to our service. When you navigate to the website or use the mobile application, we process the following information via cookies and other similar technologies:


  • Information regarding your terminal device and online behaviour (e.g. IP address, browser type and browsing history)
    • Browsing time and session duration
    • What links or adds you click and what other adds or contents you have viewed
    • Information derived and profiled based on analytics and tracking methods

Personal data may also be combined with data collected through other services.


  1. Data sources


Primarily, we collect personal data directly by you providing them as you use the interface of ENtRANCE project website and its partners or the online and mobile services. You can provide information about yourself through newsletter registration or participation in a marketing campaign, for example.

In addition to this, we supplement and refine the customer information by collecting data on user history, along with other personal data (e.g. contact information) from our event organiser partners.

We also collect personal data via your terminal devices by means of cookies or other similar technologies.



  1. Use of cookies


Browser-based data filing systems employ cookies to process personal data. A cookie is a small text file that the browser saves on the user’s device. Cookies are used to implement services, facilitate login, and enable the compilation of statistics on services. Users may prevent the use of cookies in their browser programmes, but this may prevent the system from operating correctly.


Cookies are used in data processing in browser-based systems.


  1. Data transfer and disclosure


We disclose personal data in accordance with the permissions and obligations specified in the legislation effective at any given time.


  1. Data transfer and disclosure beyond the EU or EEA

We primarily process your personal data within the EU and EEA area. Our service providers, such as Google Inc., may transfer your personal data outside the EU and EEA area. However, your data will not be transferred to companies other than those that have committed to the Privacy Shield framework and that observe the level of data protection required by the EU.


  1. Safeguards for data processing

The proper protection of personal data is extremely important to us. We collect the information into databases secured with firewalls, passwords and other technical means. The databases and their backups are located in locked and guarded facilities, and the information can only be accessed by certain people designated in advance.

Access to the personal data requires a user ID granted by the main user of the customer database. The main user also defines the access level granted to a user. Furthermore, we have ensured by contractual means that any partners processing personal data on our behalf are also committed to the protection of personal data with regard to their own employees.


  1. Automated decision-making


We do not conduct automatic decision-making through profiling or otherwise.


  1. Rights of the data subject


Data subjects have the right to withdraw their consent if the data processing is based on consent.


Data subjects have the right to lodge a complaint with the Data Protection Officer if the subjects consider that the data processing regarding them is in breach of data processing legislation in force.


Data subjects have the following rights under the EU’s General Data Protection Regulation:

  1. Right of access to data concerning the data subject (article 15)
  2. Right to rectification of data (article 16)
  3. Right to erasure of data (article 17). The right to erasure shall not apply if the processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes if the right to erasure prevents or significantly hinders the data processing
  4. Right to restriction of processing (article 18)
  5. Right to data portability to another data controller (article 20).


The liaison in matters related to the data subject’s rights is the data protection officer; contact details in section 3.