Skip to content


Privacy Policy

Pursuant to article 13 of Regulation (UE) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data (in brief “GDPR”)

CliVEx is an international virtual exchange project funded by the Erasmus+ programme of the European Union. It is governed by a consortium of 6 organisations, which are listed below and acting as Joint Controllers, according to article 26 of the GDPR. The terms “We”, “Consortium”, “Partners”, “Joint Controllers” refer all to the CliVEx consortium.

This privacy policy refers to all CliVEx programs and their associated online services, including but not limited to the website and the Learning Management System (LMS). This statement explains to you the way in which this project uses personal data, and the way in which the privacy of this data is being protected.

Joint Data Controller and Processors

Pursuant to articles 4, 24 and 26 of GDPR, when two or more data controllers jointly determine the purposes and means of the processing, they are defined as Joint Data Controllers. For the purposes of the CliVEx project, the data controllers set out a specific data sharing agreement.

The Joint Data Controllers are 6 organisations, members of the CLIVEX consortium, and are listed below:

UNIMED – Unione delle Università del Mediterraneo

Address: Corso Vittorio Emanuele II, 244 – 00186 Rome, Italy

Represented for the purposes of Joint data controller by its legal representative

Marcello Scalisi, Director

​​Stichting Sharing Perspectives (Sharing Perspectives Foundation –  SPF)

Address: Adelaarsweg 97, 1021BX Amsterdam, Netherlands

Represented by its legal representative: Casper Van der Heijden, Executive Director

Association Soliya (Soliya Tunisia)

Address: 16 Taieb Mhiri Avenue| Apt A2 | La Marsa | Tunis, Tunis 2074, Tunisia

Represented by its legal representative: Ahmed Ghamgui, President

Università degli Studi di Padova (UNIPD)

Address: Via 8 Febbraio 2, Padova 35122, Italy

Represented by its legal representative: Daniela Mapelli, Rector

An-Najah National University (ANNU)

Address: Omar Ibn Khatab Street, Nablus, Palestine

Represented by its legal representative: Abdel Naser Zaid, President

Lebanese International University (LIU)

Address: LIU Admin blgd Michael Abi Chahla St Mousaitbeth, Beirut, Lebanon

Represented by its legal representative: Abdel Rahim Mourad, President

The Joint Data Controllers take advantage of third parties that provide some services to CliVEx and / or support it in carrying out certain activities: they have been appointed Data Processors pursuant to article 28 GDPR.

The purposes of the data collection are:

  • Program Setup and Implementation – data collected for program setup purposes allow staff of CliVEx consortium to create program groups. Schedule data provides the basis for meeting times for each group, and demographic data ensures that the groups of participants are diverse and balanced. 
  • Program Evaluation – data collected in the evaluation surveys provide feedback to the CliVEx consortium on the impact and quality of our programming. Through your answers to quantitative and qualitative survey questions and your assignment submissions, we are able to assess whether our programs meet their goals, and measure the impact that we have on transversal skills and attitudes, whereby sustainability skills in particular, will be measured in this project’s evaluation.
  • Communication – data collected for communication purposes allows the opening of communication channels that are needed before, during, or after program participation and for promotional purposes of the CliVEx activities, milestones and outputs. Specifically:
    • Enables facilitators to reach their co-facilitator if applicable, the student participants in their groups, and their facilitation coaches.
    • Enables facilitation coaches to reach the facilitators whom they are mentoring.
    • Enables participants to reach their groups’ facilitators.
    • Enables trainers to reach the trainees in their groups, and trainees to reach one another and their trainers.
    • Enables participating professors to reach other participating professors.
    • Enables staff of the CLiVEx consortium and tech support to reach participants, facilitators, coaches, and professors, as well as trainees and trainers, as well as alumni of both programs, the virtual Exchange and the facilitation training.
    • Enables staff of the CLiVEx consortium to send end-of-semester participation certificates and badges to student participants, facilitation trainees, facilitators, coaches, and trainers.
    • Enables staff of the CLiVEx consortium to send programmatic and organisational information and updates periodically to the CliVEx community for continued engagement, and to respond to inquiries.
  • Online Community – data collected for community purposes enables us to create participant profiles on the LMS, and allows the CliVEx Consortium to view basic demographic information about one another, write private messages to each other on the LMS, create blog posts seen by the rest of the community, and comment on each other’s blog posts.

What personal data do we collect?

  • Program Setup and Implementation – Required data collected: first name, last name, email address, age, gender, nationality, current country of residence, university (if applicable), and schedule availability for program durations. Facilitation trainees, facilitators, coaches and trainers are also required to provide their phone number. Throughout the implementation of the programmes, the data submitted by participants and thereby collected by the CliVEx consortium is linked to the course or training progression the students / trainees go through as part of the CLiVEx project, such as attendance, assignment submissions, completion of the project and grading (% of completion).

The online meetings for the CLiVEx exchanges and trainings are hosted on Zoom. Zoom collects basic technical information (such as the user’s IP address, OS details, device details, and the date/time of actions being taken) from meeting participants for troubleshooting and admin reporting purposes. Zoom complies with all applicable privacy laws, rules, and regulations in the jurisdictions in which it operates, including the GDPR and the CCPA.

  • Program Evaluation – Personal Identifying Information (PII) is not collected for the purpose of program evaluation. Data collected to allow for more refined analysis of the evaluation are age, gender, nationality, country of residence and university. Other data collected for programme evaluation are: the course / training progression of the students in this project (attendance, assignments and completion levels) as well as survey data related to lifestyle, habits and perceptions around climate change and climate justice to measure changes in sustainability competence as a result of the programme. The analysis of the evaluation data will only occur after the data is disconnected from Participant’s Identifying Information (PII) and will not be used to validate completion of the CliVEx learning opportunities. Completion of the Virtual Exchange course Climate Justice and the Online Facilitation Training are only measured through attendance and participation in the assignments – for details, review the course syllabuses.

The CliVEx consortium may record the audiovisual, textual, and graphical interactions during the online meetings of the participants and on the LMS for evaluation purposes and quality control. Such recordings may include activities in the main meeting rooms or break out rooms while programming is in progress. These recordings are created in order to provide feedback and training to facilitators, trainers and program leaders to ensure quality control, and for impact evaluation. If recordings are needed for further educational purposes including fundraising materials or marketing and promotional activities of the CliVEx project, and its consortium partners, additional permissions from the recorded persons will be sought prior to such use.

  • Communication – Required data collected from program participants: username and email address. Data collected for the purposes of continued engagement: name and email address.
  • Online Community – Required data collected: username, password, first name, last name, email address, role on the LMS. Optional data that you can choose (not) to provide: profile picture, country, university and your role at the university, hobbies and habits and social media networks.

Which technical means do we use for processing your data?

Data collected for the programme’s initial set-up is done using Google Workspace. Data collected during the programmes’ implementation phase is done on the LMS which is a Brightspace environment.

Data collected for evaluation purposes is done through forms on the LMS.

Evaluation data analysis is done on R, SPSS and Cloud based NLP programmes. However, this data is only analysed in these programmes after the removal of the PII of participants / trainees.

Online meetings are held on Zoom / Google Workspace. Recordings of these meetings for quality assurance purposes are stored on the administrator’s Zoom/Google Workspace accounts for a limited duration (needed to provide feedback & perform quality control tasks).

Who has access to your information and to whom is it disclosed?

  • Program Setup and Implementation – Data collected for the program setup and data informing course progression of participants / trainees (attendance, assignment submissions and course completion) is accessible to staff of the CliVEx Consortium, facilitators, coaches and trainers and data subject’s own academic institution (if applicable).
  • Program Evaluation – Data collected for program evaluation is anonymized and accessible by staff of CliVEx Consortium members as well as evaluation partners. Aggregated data by university, country, region, or for the entire program is available to the public.
  • Communication – Contact information is accessed by staff of the CliVEx consortium partners  Names and email addresses of participants are also available to facilitators & coaches, names and email addresses of facilitators are available to coaches, and names and email addresses of trainees are accessible by trainers.
  • Online Community – Data collected for this purpose is accessible to all members of the present CliVEx community, who log in to the LMS.

CliVEx does not share participant or trainee information with third parties for a purpose that is materially different from the original purposes without their consent.

The CliVEx consortium assumes liability for the improper processing of user data by consortium staff and third party agents acting on the project’s behalf, unless the event giving rise to the damage is outside the CliVEx consortium’s control.

How long do we keep your data?

Data is retained for a maximum of 3-year period after the user’s last login. 

You can at any moment request to have your account removed and any or all your personal data deleted.  If you wish to have your account removed and/or your personal data deleted, please email

How can you access your personal data, verify its accuracy and, if necessary, correct it?

You can view and make modifications to your profile at any time by going to, logging in with your username and password, clicking on your name, select profile, adjust your data and click “save & close”. You can also email to request your personal data that is not visible on your profile, correct it, or ask for it to be deleted.  If a request to be forgotten is made, the user’s data will be deleted from CliVEx implementation-related contact lists and the servers where your information is hosted.

What are the security measures taken to safeguard your information against possible misuse or unauthorised access?

CliVEx uses IT industry standards to secure our technology stack, including all our users’ personal data.  Our data and services are hosted on both Google and Amazon Web Services (AWS). Google and AWS are leaders in security compliance both globally and regionally, and all Google and AWS services are GDPR ready.

On the LMS, data is collected via the datahub, internal to our specific instance of D2L/Brightspace. Data in transit is encrypted using TLS. Data at rest is encrypted AES-256. 

For security assessments, D2L/Brightspace completes annual internal and external audits, annual external penetration tests and vulnerability scans. Risk assessment revisions  are conducted in line with D2L/Brightspace ISO27001 certification. You can read more about D2Ls/Brightspace certifications here.

For further details, we refer to the D2L/Brightspace Privacy Policy, Data Processing Addendum and  security controls.

Whom to contact if you have queries or complaints about data protection?

You should contact