Privacy Policy – REFLECT Project

Last updated: 14/05/2026

1. Introduction

This Privacy Policy explains how personal data are collected and processed in the context of the REFLECT Project, including the project website, the REFLECT Virtual Hub and the Moodle learning platform available at learn.reflect-project.eu.

The REFLECT Project is an EU co-funded initiative implemented by a transnational consortium of organisations from Europe and Sub-Saharan Africa. The project promotes inclusive digital learning, virtual exchange, intercultural dialogue, digital skills, media literacy and civic participation.

2. Data Controller and privacy contact

For the purposes of the management of the REFLECT website, the Virtual Hub and the Moodle learning platform, the operational data controller and main privacy contact is:

Cosvitec S.r.l.
Registered office: Via Galileo Ferraris 141, Naples, Italy
Email: info@cosvitec.eu

The privacy contact for the REFLECT digital services is the legal representative of Cosvitec S.r.l.

Personal data may also be processed, where necessary, by the REFLECT Project partners according to their respective roles in the implementation of project activities.

Lead Coordinator

Youth for Exchange and Understanding (YEU)

Project Partners

  • Cosvitec S.r.l. – Training & Digital Hub Partner
  • IVAIGO Association – Innovation & Media Literacy Leader
  • Busitema University – Academic & Outreach Lead
  • VOCAX Startup Hub and Training Centre – Entrepreneurship & Grassroots Partner
  • Champions Factory Africa (CHAF) – Intercultural Inclusion Partner
  • Kagera Youth Forum – Grassroots Implementation & Community Empowerment Partner

Where specific project activities are managed directly by other consortium partners, those partners may process personal data as authorised project partners, independent controllers, joint controllers or processors, depending on the activity and the applicable project arrangements.

3. Purposes of processing

Personal data may be processed for the following purposes:

  • management of registration and access to the Moodle platform and REFLECT Virtual Hub;
  • delivery of online training activities, courses, intercultural dialogues and storytelling labs;
  • administrative, organisational and reporting management of the REFLECT Project;
  • participation in live sessions, group interactions, workshops and collaborative activities;
  • communication with participants, facilitators, alumni, partners and stakeholders;
  • creation, use and archiving of educational materials generated during project activities;
  • management of civic actions, volunteering activities and community initiatives;
  • monitoring of project participation and learning outcomes;
  • compliance with EU-funded project obligations, audit requirements and reporting duties;
  • management of website functionality, security, cookies and analytics, where applicable.

4. Types of personal data processed

The REFLECT Project may process the following categories of personal data:

  • identification data, such as name, surname and username;
  • contact data, such as email address;
  • participation data, such as country, role, organisation, participation profile and selected activities;
  • training data, such as course enrolment, attendance, assignments, learning progress and contributions;
  • technical data, such as IP address, access logs, browser information, device information and platform usage data;
  • user-generated content, such as assignments, comments, shared materials, posts, media and collaborative outputs;
  • communication data, such as messages submitted through contact forms or project communication channels;
  • images, audio or video recordings, only where applicable and subject to appropriate information and consent where required.

5. Legal basis for processing

Personal data are processed on the basis of one or more of the following legal grounds:

  • Consent, where the participant has provided consent during registration, application, participation in specific activities, or for the use of optional materials such as images, recordings or testimonials.
  • Participation in the REFLECT Project, where processing is necessary to enable access to learning activities, online courses, virtual exchanges and project services requested by the participant.
  • Legal and administrative obligations, where processing is necessary to comply with EU-funded project management, reporting, audit and documentation requirements.
  • Legitimate interest, where processing is necessary for project organisation, platform security, prevention of misuse, internal coordination, communication and improvement of project activities, provided that such interests do not override the rights and freedoms of the data subject.

6. Processing methods and security measures

Personal data are processed mainly by electronic means through the REFLECT website, Moodle platform, digital learning tools and communication systems used for project implementation.

Access to personal data is restricted to authorised personnel, facilitators, project staff, technical administrators and consortium partners only where necessary for the performance of their role.

Appropriate technical and organisational measures are implemented to protect personal data against unauthorised access, loss, misuse, alteration or disclosure. These measures may include access controls, user authentication, role-based permissions, secure hosting, platform monitoring and internal data management procedures.

7. Moodle platform and Virtual Hub

The REFLECT Moodle platform and Virtual Hub are used to manage digital learning, virtual exchanges, courses, guided activities, storytelling labs, mentoring and community participation.

The Moodle platform may collect and store information related to user accounts, course participation, assignments, learning progress, messages, forum contributions, uploaded materials, access logs and technical activity required for the correct functioning of the platform.

Participants are responsible for using the platform respectfully and for avoiding the upload or sharing of unnecessary personal data relating to themselves or third parties.

8. Live sessions, recordings and participant-generated content

Training activities may include live online sessions conducted through tools such as Zoom, Google Meet or equivalent platforms.

Sessions are not necessarily recorded. Where recordings are made, participants will be informed in advance. Recordings, screenshots, images, audio, video or other identifiable materials will be used only for educational, internal, dissemination or project-related purposes, and only where an appropriate legal basis applies, including consent where required.

Materials produced by participants during training activities may be stored and used for learning, documentation, project reporting, dissemination and follow-up purposes. Where such materials contain identifiable personal data, appropriate safeguards will be applied.

9. Data relating to minors and vulnerable participants

The REFLECT Project may involve young participants, including participants from refugee, migrant or marginalised backgrounds.

Where participants are minors, personal data will be processed only where appropriate consent, authorisation or other valid legal basis has been obtained in accordance with applicable data protection rules and project procedures.

The project applies particular care when processing data relating to young people, vulnerable participants or persons with lived experience of displacement, in line with the principles of dignity, inclusion, participation and equal opportunities.

10. Data disclosure and recipients

Personal data may be shared only where necessary and only with the following categories of recipients:

  • REFLECT Project consortium partners;
  • authorised project staff, trainers, facilitators and mentors;
  • technical administrators of the website, Moodle platform and Virtual Hub;
  • hosting, IT, platform and digital service providers;
  • video conferencing providers used for training and project activities;
  • EU institutions, auditors or competent bodies, where required for project reporting, monitoring or legal compliance.

Personal data are not sold and are not publicly disclosed, unless the data subject has given specific consent or publication is otherwise lawfully permitted in the context of project activities.

11. Third-party tools and services

The REFLECT Project may use the following third-party tools and services:

  • Moodle platform for learning management;
  • video conferencing tools such as Zoom, Google Meet or equivalent platforms;
  • Google Analytics for website statistics, where activated and subject to cookie consent where required;
  • Complianz cookie management plugin for cookie consent management;
  • DominiOK.it as hosting provider and technical infrastructure provider;
  • email and communication tools used for project coordination.

Third-party providers process personal data according to their own terms, privacy policies and applicable data protection safeguards.

12. Cookies and analytics

The REFLECT website uses technical cookies that are necessary for the proper functioning of the website and, where consent is provided, analytical cookies to help understand how the website is used and to improve user experience.

Cookie consent is managed through the Complianz plugin. Users can accept, refuse or manage their cookie preferences through the cookie banner or consent settings available on the website.

The Moodle platform uses technical cookies required for authentication, session management, security and platform functionality.

For more information, please refer to the Cookie Policy.

13. Data retention

Personal data are stored only for as long as necessary for the purposes for which they were collected.

Data related to participation in the REFLECT Project may be retained for the duration of the project and for the additional period required to comply with EU-funded project reporting, audit, administrative and legal obligations.

After the applicable retention period, personal data will be deleted, anonymised or securely archived, unless further retention is required by law or by legitimate project documentation obligations.

14. International data transfers

Personal data are primarily processed within the European Union or by providers applying appropriate data protection safeguards.

Some third-party tools or service providers, such as video conferencing or analytics providers, may involve transfers of personal data outside the European Economic Area. Where this occurs, the transfer will be protected by appropriate safeguards, such as adequacy decisions, Standard Contractual Clauses or other mechanisms provided under applicable data protection law.

15. Rights of data subjects

Data subjects may exercise the following rights, subject to the conditions and limitations provided by applicable data protection law:

  • right of access to personal data;
  • right to rectification of inaccurate or incomplete data;
  • right to erasure of personal data, also known as the “right to be forgotten”;
  • right to restriction of processing;
  • right to object to processing;
  • right to data portability;
  • right to withdraw consent at any time, where processing is based on consent;
  • right to lodge a complaint with a competent Data Protection Authority.

Requests can be submitted to:

info@cosvitec.eu

Data subjects may also contact the Italian Data Protection Authority:

Garante per la protezione dei dati personali
Website: www.garanteprivacy.it

16. Nature of data provision

The provision of personal data is necessary for registration, access to the Moodle platform, participation in learning activities and involvement in REFLECT Project activities.

Failure to provide the required data may prevent the user from accessing the platform, joining training activities or participating in specific project services.

The provision of data for optional activities, such as testimonials, images, recordings or public dissemination materials, is voluntary and may require separate consent.

17. Automated decision-making

The REFLECT Project does not use personal data for automated decision-making or profiling that produces legal effects or similarly significant effects on data subjects.

18. Links to external websites

The REFLECT website and Moodle platform may contain links to external websites or third-party services. The REFLECT Project is not responsible for the privacy practices, content or security of external websites. Users are encouraged to read the privacy policies of any external services they access.

19. Changes to this Privacy Policy

This Privacy Policy may be updated at any time to reflect legal, technical, organisational or project-related changes.

Any updated version will be published on the REFLECT Project website with the date of the latest update.

20. Contact

For questions about this Privacy Policy or the processing of personal data within the REFLECT Project, please contact:

Cosvitec S.r.l.
Registered office: Via Galileo Ferraris 141, Naples, Italy
Email: info@cosvitec.eu

Scroll to Top