Privacy Policy

Privacy Policy

Last updated: 20 May 2026

Joint data controllers

For the processing of personal data carried out through the website www.teacheracademy.eu and related to the common initiatives of the Teacher Academy network, the following entities act as joint controllers pursuant to Article 26 GDPR:

  • Europass SRL, registered office in Florence (FI), Via Sant’Egidio n. 12, CAP 50122, Tax ID/VAT 04393630480, PEC europassfirenze@legalmail.it;
  • Europass Foundation ETS, registered office in Florence and, solely for the purposes of registration in the RUNTS, Via dei Servi n. 49, PEC europassfoundation@legalmail.it.

The joint controllers jointly determine the purposes and essential means of processing relating to the conception, organisation, promotion, management and delivery of common initiatives of an educational, training, cultural, editorial, dissemination or guidance nature, as well as the related communication and follow-up activities.

Excluded from joint controllership, and falling under the sole responsibility of each entity, are the processing activities carried out for their own administrative, accounting, tax, employment, corporate, business security or legal compliance purposes.

Newsletter communications and social media channels are managed solely by Europass SRL as independent controller.

Data subjects may exercise their rights against either joint controller. To do so, or to contact the Data Protection Officer, please write to privacy@europassnetwork.eu. The Data Protection Officer (DPO) for both controllers is Avv. Luca Spaziani, email: lucaspazianiavvocato@gmail.com.

Scope of this policy

This privacy policy describes the processing of personal data carried out through the website www.teacheracademy.eu, with particular reference to: website browsing; information requests; course enrolment; administrative and organisational management of participation; newsletter subscription; IT security management; cookies and other tracking tools.

For specific courses or activities delivered by accredited local providers/academies, additional or complementary privacy notices issued by the entities involved in the concrete organisation and delivery of the service may apply.

Categories of personal data processed

Depending on the features used, the following categories of personal data may be processed:

  1. browsing data: IP addresses, access logs, technical identifiers, browser and device information, date and time of access, referral URL, pages visited and technical events necessary for the security and operation of the website;
  2. data submitted via the contact form: first and last name, email address, nationality, information about the availability of an Erasmus+ grant, message content, any newsletter subscription request and other data voluntarily provided;
  3. data submitted via the course enrolment form: identifying and contact details of the applicant and/or their institution, billing details, addresses, OID/VAT numbers or equivalent data, project references, participant details and preferences relevant to enrolment management;
  4. data for newsletters and promotional communications: name, email address and preferences/consents relating to the receipt of informational or promotional communications;
  5. data processed through cookies and similar tools, as detailed in the updated cookie policy.

Purposes of processing and legal bases

Personal data are processed for the following purposes and on the following legal bases:

a) to enable browsing, ensure website security, prevent unlawful use and manage the correct functioning of IT systems; legal basis: legitimate interests of the joint controllers pursuant to Article 6(1)(f) GDPR;

b) to respond to information requests, manage pre-contractual contacts, and provide support and clarification on courses and services; legal basis: performance of pre-contractual measures at the request of the data subject pursuant to Article 6(1)(b) GDPR;

c) to receive and manage enrolment applications, organise participation in courses, coordinate the delivery of training activities and related support; legal basis: performance of pre-contractual and/or contractual measures pursuant to Article 6(1)(b) GDPR;

d) to comply with regulatory, administrative, accounting and tax obligations; legal basis: legal obligation pursuant to Article 6(1)(c) GDPR;

e) to send transactional communications related to course enrolment and participation management; legal basis: performance of contractual measures pursuant to Article 6(1)(b) GDPR. Newsletter, promotional communications and social media activities are managed solely by Europass SRL as independent controller;

f) to establish, exercise or defend a right in extra-judicial or judicial proceedings; legal basis: legitimate interests pursuant to Article 6(1)(f) GDPR;

g) to install cookies and other non-technical tracking tools; legal basis: consent, where required by applicable law.

Nature of data provision

The provision of data marked as required in the website forms is mandatory to the extent that such data are necessary to respond to the request, manage the enrolment or perform the relationship. Failure to provide mandatory data may prevent the joint controllers from following up on the request or completing the enrolment procedure.

The provision of data for newsletter and marketing purposes is optional and the related consent may be withdrawn at any time.

Methods of processing

Processing is carried out by paper and electronic means, in accordance with the principles of lawfulness, fairness, transparency, minimisation, accuracy, integrity and confidentiality. The joint controllers implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, disclosure or unlawful use.

Recipients of personal data

Personal data may be processed by authorised staff of the joint controllers and communicated, within the limits of the purposes set out above, to entities acting as independent controllers or processors, including:

  • providers of hosting, maintenance, technical management, email marketing, CRM, helpdesk, live chat or appointment management services, acting as data processors pursuant to Article 28 GDPR. The updated list of data processors is available upon request by writing to privacy@europassnetwork.eu;
  • administrative, tax, legal and IT consultants;
  • local companies/academies/accredited providers involved in the organisation and delivery of the chosen course or initiative. Upon enrolment, the relevant personal data will be made accessible to the local academy or accredited provider responsible for delivering the selected course through our management platform and, where applicable, via our shared communication infrastructure, for the sole purpose of managing participation and delivering the training. Such providers are contractually bound not to use the data for any purpose other than the delivery of the course;
  • public authorities or entities to whom disclosure is required by law.

International transfers

Where some of the joint controllers’ providers are established outside the European Economic Area or process data on infrastructure located in third countries, processing will take place in compliance with Chapter V GDPR, by verifying the conditions for lawfulness and adopting the safeguards required by applicable law.

Retention periods

Unless different legal obligations apply or further retention is necessary to protect the rights of the joint controllers, data are retained for differentiated periods according to the purpose of processing. In particular:

  • data collected via the contact form: up to 12 months from the handling of the request, unless a further contractual or pre-litigation relationship arises;
  • data relating to courses and administrative management: for the duration of the relationship and, thereafter, for the time necessary to comply with legal and tax obligations, generally ten years;
  • newsletter and marketing data: until consent is withdrawn or the list is unsubscribed from, and in any case for a maximum period of 24 months from the last meaningful interaction;
  • website logs and security data: for the time strictly necessary for the technical and security needs of the website, in accordance with proportionality and minimisation principles.

Rights of data subjects

Data subjects may exercise, in the cases provided for by Articles 15–22 GDPR, the rights of access, rectification, erasure, restriction of processing, data portability, objection to processing and withdrawal of consent.

To exercise these rights, data subjects may write to privacy@europassnetwork.eu or contact the DPO Avv. Luca Spaziani at lucaspazianiavvocato@gmail.com.

Data subjects also have the right to lodge a complaint with the Italian Data Protection Authority (Garante per la protezione dei dati personali), without prejudice to the right to bring proceedings before the competent courts.

Automated decision-making

Personal data collected through the website are not, as a rule, subject to solely automated decision-making processes that produce legal effects or similarly significantly affect the data subject.

Cookies and other tracking tools

The website uses cookies and similar tools. Technical and strictly necessary cookies do not require consent; any non-anonymised analytics, profiling, marketing or third-party tools generally require prior user consent in accordance with applicable law. For full details please refer to our Cookie Policy.

Updates

This privacy policy may be updated over time. In the event of significant changes, the joint controllers will give adequate notice on the website.