The YO-IN project (Youth Organisations for Inclusion), funded under the Erasmus+ Programme (ERASMUS-YOUTH-2025-PCOOP-ENGO), is committed to ensuring full compliance with Regulation (EU) 2016/679 (General Data Protection Regulation – GDPR) and applicable national data protection laws.

This Data Protection Notice applies to all project-related activities involving the collection, storage, processing or dissemination of personal data, including but not limited to:

• Surveys (e.g. WP2 Research Survey)
• Good practice submission forms
• Online self-assessment tools (e.g. YO-INclusiometer)
• Disability Inclusion Plan (DIP) tools and certification-related processes
• Event registrations and participation lists
• Online events, webinars and conference participation
• Mailing lists and newsletters
• Website contact forms and digital engagement
• Website analytics and social media interaction related to project activities
• Dissemination and communication activities
• Photo, video and testimonial collection
• Reporting to the European Commission and project audit requirements

All partners must use this framework for any data processing conducted within the scope of the YO-IN project.

For the purposes of the YO-IN project, the consortium acts as joint controllers of personal data processed within project activities.

The European Disability Forum (EDF), as project coordinator, acts as the primary contact point for data protection matters and oversees compliance within the consortium.

Contact for data protection matters:
 markaya.henderson@edf-feph.org
 European Disability Forum (EDF)
 Avenue des Arts 7-8, 1210 Brussels, Belgium

Each partner organisation remains responsible for ensuring that data processing activities under its direct responsibility comply with this Notice and with GDPR.

The joint controllers of personal data within the YO-IN project are:

• European Disability Forum (EDF), Belgium
• Somos Europa, Spain
• High on Life, Italy
• Bequal, Spain

Within the YO-IN project, data may be collected and processed according to use of products and participation in events.

By using our website, we may collect and process information you provide yourself:

• Forms filled out by you
• Content of correspondence with us
• Subscriptions or registrations
• Information from social media when you link to our website

Similarly, we may automatically collect:

• technical information, including IP address, the geographical location of IP, login information, browser type & version
• information about your visit (pages visited, amount of time spent on each page, visit sequence)
• cookies and other technologies

See the EDF Cookie Policy for more information, the host of the YO-IN sub-website.

By attending YO-IN events, we may collect and process the following data you provide yourself:

• forms filled out by you
• content of correspondence with us
• subscriptions or registration
• information from social media when you link to our website

At events, we may collect, process, and reuse pictures and videos with your consent.

Providing personal data is voluntary; however, certain information may be required to enable participation in specific project activities (e.g., event registration).

Personal data within the YO-IN project are processed solely for the implementation, management and dissemination of project activities, in line with the objectives of the Erasmus+ Grant Agreement.

Data processing serves in particular to support the design and implementation of research and survey activities, the mapping of good practices in inclusion and accessibility, and the development, testing and validation of the YO-IN Quality Label and its related tools (such as the self-assessment and Disability Inclusion Plan instruments).

Personal data are also processed for the organisation and management of project events, conferences, webinars and stakeholder meetings; for communication and dissemination of project results through websites, newsletters and social media; and for monitoring, evaluation and quality assurance activities necessary to ensure effective project delivery.

Where required, personal data may be processed for reporting, audit and accountability purposes in accordance with the obligations set out in the Erasmus+ Grant Agreement.

Under no circumstances will personal data collected within the YO-IN project be used for commercial purposes or shared for marketing activities unrelated to the project.

Data processing under the YO-IN project relies on the following legal bases:

• Consent (Article 6(1)(a) GDPR): for surveys, mailing lists, photo/video use, testimonials.
• Legitimate interest (Article 6(1)(f) GDPR): for professional communication related to project objectives.
• Legal obligation (Article 6(1)(c) GDPR): for reporting and audit obligations under the Grant Agreement.

Where consent is required, it will be freely given, specific, informed and unambiguous.

Personal data may be shared only:

• Within the YO-IN consortium partners for project implementation purposes.
• With the European Commission or authorised EU bodies for reporting, audit or control purposes.
• With contracted service providers acting as data processors (e.g., IT hosting providers or Microsoft Forms platform), under contractual arrangements ensuring compliance with Regulation (EU) 2016/679.

In particular, certain project-related information may be processed through the European Commission’s Funding & Tenders Portal and related systems used for grant management and reporting (including SyGMA). The processing of personal data within these systems is governed by the European Commission’s applicable data protection framework.

Further information is available in the Funding & Tenders Portal Privacy Statement:
https://ec.europa.eu/info/funding-tenders/opportunities/docs/2021-2027/common/ftp/privacy-statement_en.pdf

No personal data will be transferred outside the European Economic Area unless adequate safeguards are in place.

Online events and data collection tools may involve the use of platforms such as Microsoft Teams and Microsoft Forms and Google Drive. These platforms operate under their own privacy policies and data processing terms compliant with applicable EU data protection legislation.

Access to personal data is restricted to the consortium partners who are directly involved in the implementation of the project, as well as EU bodies responsible for monitoring, audit or control tasks under the Grant Agreement.

The YO-IN project does not carry out automated decision-making or profiling producing legal effects concerning individuals.

Personal data will be retained only for as long as necessary for the implementation of the project and in accordance with the requirements of the Erasmus+ Grant Agreement. Project-related documentation, including personal data, will be retained for audit, control and reporting purposes for a period of 5 years following the final payment of the grant, as required under the Grant Agreement.

The YO-IN project does not carry out automated decision-making or profiling producing legal effects concerning individuals.

Individuals whose personal data are processed within the framework of the YO-IN project are entitled to exercise the rights granted under Regulation (EU) 2016/679 (GDPR). These include the right to request access to their personal data and to obtain information on how such data are processed, the right to request rectification of inaccurate or incomplete data, and, where applicable, the right to request erasure of their data.

Data subjects also have the right to request restriction of processing or to object to the processing of their personal data, where the conditions set out in the GDPR are met. Where processing is based on consent, individuals may withdraw their consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.

Withdrawal of consent may result in the inability to continue participation in certain project activities where personal data are necessary for organisational purposes.

In addition, individuals have the right to lodge a complaint with their national Data Protection Authority if they believe that their data have been processed in violation of applicable data protection legislation.

Requests can be addressed to:
markaya.henderson@edf-feph.org

The YO-IN consortium implements appropriate technical and organisational measures to ensure the security and confidentiality of personal data processed within the project. These measures include restricted access to project-related data, role-based access controls for sensitive data, the use of secure cloud-based platforms, such as Microsoft Forms, for data collection and storage, and the use of password-protected systems for sensitive data. 

Project documentation containing personal data is stored in secure digital environments with controlled access. Partners are required to apply adequate safeguards when handling data locally and must ensure that personal data are not stored on unsecured personal devices or shared through unprotected channels. Where necessary, additional protective measures, such as encryption or secure file-sharing systems, will be used to prevent unauthorised access, alteration or loss of data.

In the event of a personal data breach, the consortium will act in accordance with the notification and mitigation obligations set out in Regulation (EU) 2016/679 (GDPR) and applicable national legislation.

Providing personal data within the framework of the YO-IN project is generally voluntary. However, certain information may be required to enable participation in specific activities, such as event registration, survey participation, or certification processes. Where mandatory fields are indicated, failure to provide the requested information may prevent participation in the relevant activity.

The YO-IN project does not engage in automated decision-making or profiling that produces legal effects concerning individuals. Any analytical tools developed within the project (including self-assessment instruments) are intended solely to support organisational development and do not generate legally binding decisions concerning individuals.

Where personal data are processed through digital platforms or third-party service providers, such providers act as data processors under contractual arrangements ensuring compliance with Regulation (EU) 2016/679 (GDPR). Appropriate safeguards are applied to ensure confidentiality, integrity and security of personal data.

In the event of a personal data breach, the consortium will act in accordance with the notification and mitigation obligations set out in the GDPR and applicable national legislation.

As the YO-IN project website is hosted on the European Disability Forum (EDF) website infrastructure, certain website-related data processing activities (such as server logs, cookies, and website analytics) are subject to the EDF Privacy Statement. For further information on how website-related data are processed, please consult the EDF Privacy Statement available.

Particular care is taken when processing personal data relating to youth participants or individuals from potentially vulnerable groups. All processing activities are conducted in a manner that respects dignity, proportionality and the core values of inclusion and accessibility underpinning the YO-IN project.