Privacy Policy

1.Introduction

​

Welcome to MSCA Digital Finance, coordinated by Twente University in Enschede, The Netherlands. Digital Finance is an Industrial Doctoral Network established within the Marie Sklodowska-Curie Actions which aims at training highly skilled doctoral candidates in Digital Finance. Our website https://www.digital-finance-msca.com/) serves as a platform for research dissemination, event promotion, and network collaboration.

This policy explains how we handle and use your personal information and your rights in relation to that information. Under the GDPR of May 2018, the MSCA Digital Finance (“The Network”, “we”, “our” or “us”) is committed to protecting and respecting your privacy.

This Privacy Policy explains why and how we will use the personal information. It describes from where we obtain it, i.e. all the different interactions you may have with us as an academic network, including when you attend our conferences and workshops, social media pages or website currently located at https://www.digital-finance-msca.com/ or when you contact us.

The Network is the controller of personal information in relation to the processing activities described below. This means that the Network decides why and how your personal information is processed. Please see the section at the end of this policy for our contact and legal information.

This policy was last updated on the date that appears at the top of this page.

 

2. Personal Information We Collect About You

​

We receive personal information about you that you give to us, that we collect from your visits to our conferences and workshops, our website, and social media pages and that we obtain from other sources. We only collect personal information which we need and that is relevant for the purposes for which we intend to use it.

INFORMATION THAT WE COLLECT ABOUT YOU – IN PERSON, ONLINE, BY PHONE, SOCIAL MEDIA, AND EMAIL:

• Your name, title and contact details (email address, telephone number, postal address);

• Any information you include in correspondence you send to us or in forms you submit to us at our conferences and workshop or when using our website or social media pages;

• The opinions and other information you provide when responding to academic surveys and academic reviews;

• Institution/affiliation, role, CV, publication history, when you apply for fellowships, training programs, or events through our platform.

• Your identification information when exercising the rights that you have in relation to our processing of your personal information (see further Your rights in relation to your personal information);

• Details of any transactions between you and us;

 

3.Use of Your Personal Information

​

We process your personal information based on one or more of the following legal grounds:

1. Consent (Article 6(1)(a) GDPR): For example, subscribing to our newsletter or responding to surveys and questionnaires.

2. Contractual Necessity (Article 6(1)(b)): To process your participation in events or programs.

3. Legal Obligation (Article 6(1)(c)): For compliance with EU funding reporting requirements.

4. Legitimate Interest (Article 6(1)(f)): For contributing to research and for improving our services and communication within the academic community.

 

4.Where You Have Provided Consent

​

We may use and process your personal information for the following purposes where you have consented for us to do so:

To contact you via email, online or by post (as you have indicated) to manage research applications and project participation, communicate about events, opportunities,  and analyse website traffic and improve our work processes.

You may withdraw your consent for us to use your information in any of these ways at any time. Please see the ‘YOUR RIGHTS IN RELATION TO YOUR PERSONAL INFORMATION’ section below for further details.

​

4.1 Where Necessary To Comply With Our Legal Obligations

​

Under the Marie Skłodowska-Curie Actions (MSCA) Doctoral Network, personal data processing is necessary to comply with the legal obligations set out by the European Commission, primarily for the purposes of grant management, reporting, and ensuring compliance with eligibility, mobility, and recruitment criteria. We will use your personal information to comply with our legal obligations:

• To keep a record relating the exercise of any of your rights relating to our processing of your personal information.

• To take any actions in relation to health and safety incidents required by law.

• To handle and resolve any complaints we receive relating to the research projects and events that we run.

• To comply with eligibility and recruitment requirements for the network.

• To gather and maintain grant and project compliance data.

• To process financial and administrative data to ensure correct payment of researcher allowances, meet the European Commission’s grant agreement obligations and to comply with national employment, tax, and social security laws.

• To maintain monitoring and reporting data to ensure correct payment of researcher allowances, meet the European Commission’s grant agreement obligations and to comply with national employment, tax, and social security laws.

• Equal Opportunity and Diversity Data (optional, but sometimes required in anonymized form)

​

5.Security and Links to Other Websites

​

We take the security of your personal information seriously and use a variety of measures based on good industry practice to keep it secure. Nonetheless, transmissions over the internet and to our website, and our social media pages may not be completely secure, so please exercise caution. When accessing links to other websites, their privacy policies, not ours, will apply to your personal information.

We employ security measures to protect the personal information you provide to us, to prevent access by unauthorised persons and unlawful processing, accidental loss, destruction and damage.

​

6.Research Project Data: Research Ethics and Data Protection Oversight

​

When personal data is collected as part of participation in individual research projects within the MSCA Doctoral Network (e.g., through surveys, interviews, or academic collaborations), the lead institution responsible for that research project acts as the Data Controller under the General Data Protection Regulation (GDPR). This means that the main host institution determines the purposes and means of processing such personal data and is solely responsible for its management, security, and compliance.

All personal data collected for research purposes falls under the oversight of the Data Protection Officer (DPO) of the lead institution conducting the research. The MSCA Doctoral Network as a coordination platform does not collect, control, or process this data, and therefore holds no responsibility for how it is handled. If you have questions about how your personal data is used in a specific research project, please contact the relevant institution directly.

Each research institution participating in the Network operates under the supervision of its own independent Data Protection Officer (DPO) and, where applicable, an institutional ethics committee. All research projects conducted within the network are subject to these internal compliance structures and must adhere to strict legal and ethical standards. Before any project begins, institutions implement thorough review and approval procedures to ensure full compliance with data protection legislation, including the GDPR. Researchers receive dedicated training to understand their responsibilities when processing personal data, including principles of lawfulness, fairness, transparency, data minimisation, and security. This structured approach ensures that personal data is handled with integrity and in line with both national and European regulatory requirements.

​

7.The Periods For Which We Retain Your Personal Information

​

The Network is obliged to retain certain information to ensure accuracy, to help maintain quality of service and for legal, regulatory, fraud prevention and legitimate academic purposes.

Personal data collected within the Network is retained only for as long as necessary to fulfil the purposes for which it was collected and to comply with applicable legal and contractual obligations. In accordance with the Horizon Europe Model Grant Agreement, most administrative, financial, and reporting data, such as employment contracts, researcher declarations, eligibility documents, and financial records, are retained for a period of five years from the date of the final payment by the European Commission. This retention is required to enable audits, reviews, and investigations by the European Commission, the European Court of Auditors, OLAF, or relevant national authorities.

Data collected during recruitment, such as CVs, academic records, and mobility confirmations, is also retained for five years following the project’s conclusion to demonstrate compliance with MSCA eligibility rules. Information published for communication and dissemination purposes, such as researcher names, profiles, and participation in events, may be retained beyond the end of the project, particularly where it forms part of the project’s public record or is archived in open-access repositories. However, this is done with appropriate safeguards and, where required, with the individual’s consent.

Personal data collected for newsletters or mailing lists is retained only for the duration of the project or until the individual unsubscribes, whichever comes first. Website usage data collected through analytics tools (e.g., Google Analytics) is retained for a period consistent with standard practices, typically between 13 and 26 months, to monitor and improve website performance.

Once the applicable retention periods expire, all personal data is securely deleted or irreversibly anonymized, unless continued retention is required for the establishment, exercise, or defence of legal claims, or explicitly permitted by law.

​

8.Data Sharing and Third Parties

​

Where necessary, we may share your personal data with carefully selected third parties to support the functioning and transparency of the Network. This includes project partners and affiliated institutions within the consortium who require access to certain information to coordinate research activities, manage recruitment, or provide training and supervision. We are also obligated to share specific data with funding bodies such as the European Commission or its executive agencies, for the purpose of grant monitoring, compliance, and reporting, in line with the requirements set out in the Grant Agreement. All data sharing is carried out with due diligence and in accordance with the GDPR.

​

9.Your Rights in Relation to Your Personal Information

​

You have certain rights in respect of your personal information and we have processes to enable you to exercise these rights.

 

9.1Right of Access

 

This is known as a Data Subject Access Request or a DSAR in short. If you want to know if we are processing personal data relating to you and to have access to any such personal data you can email the Data Protection Officer in Twente University, Enschede, the Netherlands[1]. In order to furnish you with a copy of your personal data that we hold we will need to verify your identify.

You have the right to access any personal information that the Network processes about you and to request information about:

• What personal data we hold about you

• The purposes of the processing

• The categories of personal data concerned

• The recipients to whom the personal data has/will be disclosed

• How long we intend to store your personal data for

• If we did not collect the data directly from you, information about the source

​

9.2Right to Rectification

​

If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.

If you believe that we hold inaccurate personal data about you, then you can get in touch with us at the DPO email address above. Depending on the type of personal data you believe is inaccurate, we may ask you for further proof to ensure that the personal data is being corrected properly. If we are satisfied that the personal data is inaccurate, we will make the necessary changes.

​

9.3Right to Erasure

​

You also have the right to request erasure of your personal data or to restrict processing (where applicable) in accordance with the data protection laws. Where applicable, you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.

You have a right to ask for your personal data to be erased in certain circumstances. However, this right does not apply where we have to comply with a legal obligation or where we need personal data for the establishment, exercise or defence of legal claims.

​

9.4Right to Restriction

​

You have a right to request that processing of personal data is restricted in certain circumstances. However, we shall still continue to process the personal data for storage purposes, for the establishment, exercise or defence of legal claims or with your consent.

​

9.5Right to Object

​

Where we are relying on legitimate interests as a legal basis to process your data, you have a right to object to such processing on grounds relating to your particular situation.

​

9.6Right to Portability

​

In certain circumstances, you can request that we provide to you your personal data in a commonly used format. If you wish to make such a request, you can email us at the DPO email address above.

​

9.7Right to Complain to the Supervisory Authority

​

You have the right to lodge a complaint with the Autoriteit Persoonsgegevens (AP), the Dutch Supervisory Authority and more details can be found on their website: https://autoriteitpersoonsgegevens.nl.

For more information or to exercise your data protection rights, please contact us using the contact details above.

If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.

​

10.Changes to Our Privacy Policy

​

Please check this page regularly for changes to this policy.

You can contact us with your queries in relation to this policy or for any other reason by email.

Please email us at our DPO email address: dpo@utwente.nl

 

 

[1] If you are involved in a research project, you can email the main research institution of the research project directly.

 

Section Revised

v1.0

16/06/2025

Maria Moloney