Agora Acceptable Use Policy and Privacy Policy

1 AGORA ACCEPTABLE USE POLICY

1.1 Purpose

This Acceptable Use Policy (“AUP”) defines the rules and conditions that govern your access to and use (including transmission, processing, and storage of data) of the Resources (“Resources”) and Acceleration Services (“Services”) of the Agora (hereinafter referred to as "Websites") as granted by the the Universitat Politècnica de Catalunya (UPC) (hereinafter referred to as "Operating Unit").

1.2 Scope

The Operating Unit maintains the Websites to enhance public access to information about innovation, research and educational data, tools and services promoting the EU’s research and innovation policy. Our goal is to keep this information timely and accurate. If errors are brought to our attention, we will try to correct them. However, the Operating Unit accepts no responsibility or liability whatsoever regarding the information, including user-created information, on the Websites.

1.3 Access Policy

Access to Services provided via the Websites is in principle open to all visitors, although some Services may be restricted to registered users with certain attributes. For those Services, additional terms or requirements may apply. The creation of an account and access to the Websites is free of charge. The rights to access and use the Resources and Services are primarily granted for academic research and higher education in Europe, including their associated stakeholders if not otherwise agreed.

1.4 Acceptable Use

The Operating Unit may modify this AUP by posting a revised version on the Websites. By using the Services and/or accessing the Resources, you agree to the latest version of this AUP:

  1. You shall only use the Services in a manner consistent with the purposes and limitations described above; you shall show consideration towards other users including by not causing harm to the Services; you have an obligation to collaborate in the resolution of issues arising from your use of the Services.
  2. You shall only use the Services for lawful purposes and not breach, attempt to breach, nor circumvent legal, administrative or security controls. Services shall not be used:
  1. to threaten, incite, promote, or actively encourage violence, terrorism, or other serious harm;
  2. for any content or activity that promotes child sexual exploitation or abuse;
  3. to violate the security, integrity, or availability of any user, network, computer or communications system, software application, or network or computing device;
  4. to distribute, publish, send, or facilitate the sending of unsolicited mass email or other messages, promotions, advertising, or solicitations (or “spam”);
  5. to process personal data.
  1. You shall respect intellectual property, licenses, and confidentiality agreements.
  2. You shall protect your access credentials (e.g., passwords, private keys or multi-factor tokens), no intentional sharing is permitted. You shall not attempt:
  1. gaining unauthorized access to Services, acting to deny others access to Services, or authorizing any third party to access or use the Services on your behalf;
  2. using the Services to try to gain unauthorized access to any other service, data, account or network by any means.
  1. You shall keep your registered information correct and up to date.
  2. You shall promptly report known or suspected security breaches, credential compromise, or misuse to the Security Contact stated below; and report any compromised credentials to the relevant issuing authorities.
  3. Reliance on the Services shall only be to the extent specified in the User Access Policy referenced below.
  4. Your personal data will be processed in accordance with the Privacy Policy referenced below.
  5. Your use of the Services may be restricted or suspended, for administrative, operational, or security reasons, without prior notice and without compensation.
  6. If you violate these rules, you may be liable for the consequences, which may include your account being suspended and a report being made to your home organisation or to law enforcement.
  7. You shall comply with restrictive measures and export control measures in place pursuant to Article 215 of the Treaty on the Functioning of the European Union when accessing or authorising the access to the Services.
  8. You shall acknowledge that information you provide or upload to the Services may be stored outside of the country in which you reside but stays in EU/EEA jurisdiction.

2 PRIVACY POLICY

This privacy statement provides information about the processing and the protection of your personal data.

Data Controller: UNIVERSITAT POLITECNICA DE CATALUNYA (“UPC”), having its registered office or based in CARRER JORDI GIRONA 31, BARCELONA 08034, Spain, VAT number: ESQ0818003F

2.1 Introduction

The European project “A University Partnership for Acceleration of European Universities” (aUPaEU) funded by the European Research Executive Agency (REA) under grant agreement number 101095314, is based on the collaboration of five academic institutions of two European partnerships in the framework of the European University Initiative, EPiCUR and UNiTE!: Universitat Politècnica de Catalunya (UPC), Karlsruher Institut für Technologie (KIT), Institut Polytechnique de Grenoble (INP GRENOBLE), Politecnico di Torino (POLITO) and Uniwersytet im. Adama Mickiewicza w Poznaniu (AMU) (hereinafter, “the aUPaEU Consortium Members”).

UPC as coordinator in the aUPaEU project is authorised to act on behalf of and represent the aUPaEU Consortium Members in accordance with the aUPaEU Consortium Agreement.

The aUPaEU Consortium Members, in general, and its representative, the Universitat Politècnica de Catalunya (hereafter ‘UPC’) are committed to protecting your personal data and to respecting your privacy. UPC collects and further processes personal data pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter, “GDPR”) .

This privacy policy explains the reason for the processing of your personal data, the way we collect, handle and ensure protection of all personal data provided, how that information is used and what rights you have in relation to your personal data. It also specifies the contact details of the responsible Data Controller with whom you may exercise your rights, the Data Protection Officer.

2.2 Why and how do we process your personal data?

Purpose of the processing operation:

The Data Controller collects your personal information to manage and organize user and stakeholder engagement activities regarding the operation, features, and services of the Agora. These include assembling acceleration services, communicating surveys and questionnaires to the Agora members, organizing digital and physical workshops/events for Agora members, selecting and inviting Agora members in ad hoc panels. Participation in the Agora is voluntary.

The Data Controller may publish your personal information to facilitate the identification of user groups, thematic user communities, and stakeholders. To ensure communication among Agora users, there is no provision for anonymous participation. Your individual contributions in the user and stakeholder engagement activities may be published in public communication material with your explicit consent.

2.3 On what legal ground(s) do we process your personal data?

Lawfulness of the processing operation: 

The Data Controller collects, stores and publishes your personal data indicated in Agora because you gave your explicit consent by requesting to participate in the acceleration services in the respective section of the Agora. Your consent is recorded in the Agora and you can withdraw your consent by informing the Agora Helpdesk at any time .

2.4 Which personal data do we collect and further process?

The personal data necessarily collected in your capacity as a user of the Agora are:

You voluntarily provided this personal data by logging into the Agora.

2.5 How long do we keep your personal data?

All personal data will be removed from our databases five years after your most recent login in Agora membership.

2.6 How do we protect and safeguard your personal data?

All personal data in electronic format (e-mails, documents, databases, uploaded batches of data, etc.) are stored either on the servers of UPC or of its processors within the scope of the European Union.

The UPC’s contractors are subject to the obligations of the GDPR. When any contractor is to process personal data on behalf of UPC, an agreement is formalized in accordance with the provisions of Article 28 of the GDPR .

In order to protect your personal data, UPC has put in place a number of technical and organisational measures in place. Technical measures include appropriate actions to address online security, risk of data loss, alteration of data or unauthorised access, taking into consideration the risk presented by the processing and the nature of the personal data being processed. Organisational measures include restricting access to the personal data solely to authorised persons with a legitimate need to know for the purposes of this processing operation.

In addition, the UPC is subject to compliance with the provisions of the Royal Decree 311/2022 of 3 may, which regulates the National Security Framework (ENS). The ENS establishes the basic principles and minimum requirements necessary for adequate protection of the information processed and the services provided.  

2.7 Who has access to your personal data and to whom is it disclosed?

All personal data you provide can be accessed by internal users of the Agora on a strict 'need-to-know' basis. These internal users are staff members designated by the partner organizations that make up the Agora. A list of these partners is available in the footer of every page on the Agora platform. In the case of the Metagora — the Agora of Agoras — internal users include staff from the aUPaEU Consortium members.

Privacy policies of other websites

This Privacy Policy outlines how UPC, as Data Controller, manages your personal data. If, during your contacts within the Agora, you access another website outside the scope of the Agora (i.e. the website of a partner organization) or if you click on a link to another website, we recommend you to read their privacy policy.

2.8 What are your rights and how can you exercise them?

You have specific rights as a ‘data subject’ under Chapter III (Articles 15-22) of GDPR, in particular the right to access, rectify or erase your personal data and the right to restrict the processing of your personal data. Where applicable, you also have the right to object to the processing or the right to data portability.

You have consented to provide your personal data to the Data Controller for the present processing operation. You can withdraw your consent at any time by notifying the Data Controller. The withdrawal will not affect the lawfulness of the processing carried out before you have withdrawn the consent.

 You can exercise your rights by contacting the Data Controller, or the Data Protection Officer. Their contact information is given below.

2.9 Contact information

2.9.1 The Data Controller

If you would like to obtain general information about the processing that is being carried out within Agora with respect to your personal information,  or if you have comments, questions or concerns on this regards, as well as want to make changes regarding the information that appears in your profile, please feel free to contact the Data Controller, agora_privacy@widening.eu   

2.9.2 The Data Protection Officer (DPO) of UPC

If you would like to exercise your rights under GDPR, or if you have specific questions or concerns regarding data protection, you may contact the Data Protection Officer of UPC (proteccio.dades@upc.edu).

2.9.3 The competent supervisory authority

 If you consider that your rights under GDPR have not been handled properly or how your query has been resolved, and you wish to lodge a complaint, you may contact the competent supervisory authority: Autoritat Catalana de Protecció de Dades (APDCAT) https://apdcat.gencat.cat/en 

Last updated: 29 April 2025