1. Introduction This Data Collection Policy outlines the principles and practices governing the collection, use, and protection of data by ATHEA, an Association for Transnational Higher Education Accreditation (hereinafter referred to as "ATHEA"). This policy is designed to ensure compliance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.
2. Scope This policy applies to all data collected by ATHEA from individuals, institutions, or other entities participating in the accreditation process, with a specific emphasis on compliance with GDPR.
3. Legal Basis for Data Processing ATHEA will clearly define and communicate the legal basis for processing institutional/personal data. This may include the necessity of processing for the performance of a contract, compliance with a legal obligation, protection of vital interests, consent, the performance of a task carried out in the public interest or in the exercise of official authority, and legitimate interests pursued by ATHEA or a third party.
4. Data Minimization ATHEA will only collect institutional/personal data that is strictly necessary for the purpose for which it is processed. Unnecessary data will not be collected. 4. Types of Data Collected ATHEA may collect the following types of data:
5. Data Subjects' Rights Individuals and institutions whose data is processed by ATHEA will be informed of their rights under the GDPR, including the right to access, rectification, erasure, restriction of processing, data portability, and objection. ATHEA will provide mechanisms for data subjects to exercise these rights.
6. Data Processing Transparency ATHEA will provide clear and concise information about the processing of institutional/personal data, including the purposes of processing, the legal basis for processing, the period for which the data will be stored, and the rights of data subjects.
7. Data Security ATHEA is committed to ensuring the security of collected data. Appropriate technical and organizational measures will be in place to prevent unauthorized access, disclosure, alteration, and destruction of data. In the event of a data breach, ATHEA will comply with the GDPR's notification requirements.
8. International Data Transfers If ATHEA transfers institutional/personal data to countries outside the European Economic Area (EEA), it will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses or other mechanisms recognized by the GDPR.
9. Data Protection Impact Assessment (DPIA) Where required by the GDPR, ATHEA will conduct Data Protection Impact Assessments to assess and mitigate the risks associated with data processing activities that are likely to result in high risks to the rights and freedoms of data subjects.
10. Data Retention Data will be retained only for the duration necessary to fulfill the purposes for which it was collected or as required by law. Once the purpose is fulfilled, data will be securely deleted or anonymized.
11. Data Processing Records ATHEA will maintain records of its data processing activities, as required by the GDPR.
12. Data Protection Officer (DPO) ATHEA may appoint a Data Protection Officer responsible for monitoring compliance with the GDPR and advising on data protection matters.
13. Review and Updates This Data Collection Policy will be reviewed periodically and updated as necessary to ensure its continued relevance and compliance with GDPR and other applicable data protection laws.
14. Contact Information For questions or concerns regarding data protection, individuals may contact ATHEA TEAM members.
By adhering to this Data Collection Policy, ATHEA is committed to maintaining the privacy, security, and integrity of the data collected in the accreditation process while complying with the GDPR and other relevant data protection laws.
