The data Accadema collects, why it collects it, and what an individual or an institution can ask us to do with it.
Accadema is research infrastructure. We collect only the data needed to operate the platform for your institution — identity, audit trail, telemetry, content the institution chooses to ingest. We do not sell data, we do not train models on your content, and we do not transfer personal data outside the EU without an explicit contract clause.
This document is the canonical privacy notice for the Accadema platform when operated by Accadema (the controller-of-controllers role). For each institution that deploys Accadema, the institution is the data controller for its own users; Accadema is the processor under Article 28 of the GDPR. See the data processing agreement for the contract terms.
Account identifier, organisational affiliation, role and group membership, last sign-in time. Sourced from the institution's identity provider, never from the public web.
Anonymised request logs, error events, performance metrics. Retained 90 days; aggregated indefinitely for capacity planning. No personal content beyond identifier and request path.
Tamper-resistant log of authentication events, cross-institution access, permission changes. Retained for the duration of the institution's contract plus statutory retention.
Receive a copy of the personal data the institution holds about you, in a machine-readable format. Routed through your institution's data protection officer; Accadema honours the request as processor within ten working days.
Correct inaccurate personal data through the institution's account self-service or the institution administrator.
Subject to statutory retention obligations (archive law, accreditation evidence, audit log retention) the institution administrator can erase a user's personal data; the deletion propagates across modules within 24 hours.
Address objections to the institution's data protection officer in the first instance. Complaints to the relevant supervisory authority (your jurisdiction's data protection regulator) remain your right at any time.
For institution-level questions, address your institution's data protection officer. For platform-level questions, the Accadema data protection contact is reachable through your local partner or through the contact page.