European Student Card terms and conditions

Definitions

Please see the terms defined below.

Account

The user account created for accessing the European Student Card Router (ESC-R).

API

A computing interface to a software component or a system that defines how other components or systems can use it. It defines the kinds of calls or requests that can be made, how to make them, the data formats that should be used, the conventions to follow, etc.

Directorate-General for Education, Youth, Sport and Culture (DG EAC)

Directorate-General for Education, Youth, Sport and Culture (DG EAC), a Directorate-General of the European Commission. It is responsible for policies in the field of education, youth, culture, languages, and sport.

Erasmus Charter for Higher Education (ECHE)

The Erasmus Charter for Higher Education (ECHE) provides the general quality framework for European and international cooperation activities a higher education institution may carry out within Erasmus+.

The award of an ECHE is a pre-requisite for all higher education institutions located in a programme country and willing to participate in learning mobility of individuals and/or cooperation for innovation and good practices under Erasmus+.

ECHE holder

A higher education institution that has been awarded the Erasmus Charter for Higher Education.

European Economic Area (EEA)

The European Economic Area consists of the Member States of the European Union (EU) and three countries of the European Free Trade Association (EFTA) (Iceland, Liechtenstein and Norway; excluding Switzerland).

ESC holder

A student who is in possession of a fully active European Student Card.

ESC Router (ESC-R)

A system hosted in the European Commission’s cloud to manage the European Student Cards (ESCs), store the European Student Card Number (ESCN) and provide mechanisms to validate the ESCs. It plays a critical role in facilitating processes related to ESC issuing, validation and ensuring data protection for ESC-R users and cardholders. The ESC-R interacts with a variety of third-party systems so that higher education institutions can ensure student status verification and card management.

European Student Card (ESC)

Result of the set of standards that establishes a common digital and graphic identity for higher education students in Europe. In practice, the ESC system consists of a router (ESC-R) that allows higher education institutions and public authorities - that decide to join it - to add these European elements to their existing student cards in order to facilitate students’ access to services, in particular students on mobility.

European Student Card Initiative (ESCI)

A European Union initiative aimed at simplifying and enhancing the mobility and exchange experiences of students across Europe, composed of three building blocks: the European Student Card, the Erasmus Without Paper Network and the Erasmus+ App.

Higher education institution (HEI)

An institution which, in accordance with national law or practice, offers recognised degrees or other recognised tertiary level qualifications, regardless of what such an establishment is called, or a comparable institution at tertiary level.

Joint Controllership Arrangement (JCA)

A formal agreement between DG EAC and higher education institutions or public authorities that jointly determine the purposes and means of processing personal data in the context of the ESC-R.

Legal or authorised representative

A person officially designated to act on behalf of a higher education institution, public authority or third-party processors. The designation can take place in different ways, according to the rules and procedures of each organisation. 

Privacy statement

A privacy statement is a document or page describing how a website or business collects, uses, stores, and shares personal information.

Public authority

Government bodies at national, regional or local level responsible for issuing student cards or storing student data in their information systems in their respective countries.

Student

An individual enrolled in a higher education institution

Third countries associated to the Erasmus+ Programme

Countries that participate in the Erasmus+ Programme but are not EU Member States, in accordance with Article 19 of the Erasmus+ Regulation, including members of the European Free Trade Association (EFTA) which are also members of the European Economic Area (EEA) (Norway, Iceland, Liechtenstein), and acceding countries, candidate countries, and potential candidates (North Macedonia, Republic of Türkiye, Republic of Serbia).

Third-party processors

Entities authorised to process data on behalf of higher education institutions or public authorities.

User

An individual or entity using the ESC-R with the legal authority to represent an HEI, a public authority or a third-party processor, for the purpose of registering to the ESC-R and accepting the relevant terms of use and privacy documentation on their behalf.

We/Our

The entity managing the ESC-R or belonging to the entity managing the ESC-R.

Western Balkan Countries (Region 1)

Albania; Bosnia and Herzegovina; Kosovo; and Montenegro ¹ . This designation is without prejudice to positions on status and is in line with UNSCR 1244 and the ICJ Opinion on the Kosovo declaration of independence.
 

Footnote

1. as detailed in the Erasmus+ Programme Guide 2024 ↩ back

Acceptance of Terms and Conditions

Users are explicitly accepting these Terms and Conditions (hereafter T&Cs) by creating an account in the European Student Card Router (hereafter ESC-R). Accepting these T&Cs and the corresponding Privacy Statement indicates that the individual registering as a user in the ESC-R is acting on behalf of a higher education institution (hereafter HEI), public authority, or one of their designated third-party processors and has the legal authority to bind said entity to these T&Cs. 

Furthermore, by accepting the Joint Controllership Arrangement (hereafter JCA), users confirm that they are the legal representatives authorised to bind their respective entity to these Terms and Conditions. By accepting the JCA, the individual affirms that they have the necessary permission and delegation to act within the defined limits, thereby committing that the relevant HEI or public authority will comply with the JCA.

User eligibility and permissions

The European Student Card Router is intended for use by the following categories of users:

1. Higher education institutions or public authorities issuing student cards at local, regional or national level in any EU/EEA Member State or European microstate
2. ECHE holders in third countries (other than EEA) associated to the Erasmus+ Programme and ECHE holders in the Western Balkan countries (Region 1) ¹
3. Third-party processors issuing student cards on behalf of higher education institutions or public authorities registered to the ESC Router

By using the ESC-R, users confirm they meet these eligibility criteria. The ESC-R is not intended for students' use. Users under category 3 have limited access to the platform and can only act on behalf of users in categories 1 and 2. This means users in Category 3 can only manage the issuance of European Student Cards if granted access by users in categories 1 and 2.

Users only have access to the data that they have uploaded on behalf of their HEI or public authority. Users can manage their European Student Cards, including editing, uploading, and deleting student card information. Users in categories 1 and 2 can manage access details for their respective HEIs or public authorities. This includes granting, modifying, and revoking user access permissions within their HEI or public authority. Users under Category 3 can only manage student cards if they have been explicitly authorised to do so by users in Categories 1 and 2. Each user is fully responsible for ensuring the accuracy and continuous updating of all information, including information relating to themselves and all information they upload, regardless of who the information pertains to. We reserve the right to verify the accuracy of the information provided and the authority of the individuals acting on behalf of HEIs, public authorities, and third-party processors.

Use of the ESC-R in violation of the terms in these T&Cs, particularly in the absence of the requirements set forth herein and the provision of false information to obtain access to the platform, will result in the immediate termination of any infringing account at our sole and absolute discretion.

Footnote

1. as detailed in the Erasmus+ Programme Guide 2024 ↩ back

Account use and access

Upon registration/log-in into the new ESC-R, only one user, namely, the legal or authorised representative of the HEI or public authority, must accept the legal documents on behalf of the entity they claim to represent. Once this process has been completed, other users can be associated to an organisation’s account.  HEIs and public authorities are directly responsible for keeping any uploaded data related to their users, including the legal or authorised representative, up to date. This also applies to their contact data, third-party processor data, and student data uploaded to the ESC Router. In case of failure to update the contact data of any entity, we reserve the right, at our sole discretion, to continue recognising the indicated person as the contact point for the relevant HEIs or public authorities.

Obligations and responsibilities

Users are fully responsible for safeguarding their access credentials - including the email and password. Any damages that arise from unauthorised actions are the user's responsibility unless caused by our wilful misconduct or gross negligence. Users must immediately notify the data processor acting on behalf of DG EAC at ESC.support@nttdata.com: (a) any Account-related abuse; and (b) the unauthorised disclosure, use and distribution of their Account credentials by or to any third party.

Following such notification, we will renew the credentials of the respective Account and/or take any other measures reasonably necessary, including its deletion.

Notwithstanding the above disclosures, we reserve the right at any time to request confirmation and/or proof of identity of the individuals associated with any accounts, including to ensure that there is no unauthorised access to the ESC Router.

Users must ensure they have the right to upload personal data from students and comply with all relevant laws. They must keep the uploaded data accurate and up-to-date. Any breach of these obligations may result in account termination. Users agree to take responsibility for any damages arising from a breach of these commitments.

We cannot be held responsible for the improper or illegal use of users' accessible information by other users.

Users commit to following the specifications outlined in the ESC graphic charter and to implementing the new ESC combined logo within the stipulated timeframes.

Students (the data subjects) shall receive the privacy statement by their HEI or the responsible public authority upon registration to the HEI/public authority or upon request of a student card from said institution. The privacy statement will be accessible to users on the ESC-R and on the European Student Card Initiative website. Should users become aware of any violation of these T&Cs, including by another User, Users are required to promptly notify the data processor acting on behalf of DG EAC at the email address ESC.support@nttdata.com.

Termination of accounts

Regardless of what is stated elsewhere in these T&Cs, an Account remains open and operational until:

1. The user of such Account terminates such Account
2. The user does not accept the necessary documentation, including the T&Cs, Privacy Statement, and Joint Controllership Arrangement, within three months of registration or when changing their account details or when updating third-party processor details that require a new signature of such documents
3. We determine that such an Account is inactive if no active European Student Cards have been linked to an Account of a user (HEIs, public authorities, third-party processors) in the last 12 months, or if there are no longer reasons to keep the relevant data stored; or
4. We determine to sanction a violation of these T&Cs by terminating such Account

Reciprocity of recognition

All users agree to the principle of reciprocity of recognition, whereby they commit to recognising the European Student Cards issued by any other user and granting ESC holders enrolled in their institution as part of a student mobility programme access to the same services and quality of service that they would grant to their own students. This reciprocity of recognition supports students' seamless mobility and integration across the participating HEIs and throughout Europe.

Data protection specifications

Data protection will be governed through the Privacy Statement and the JCA, which must be accepted by the legal or authorised representative of the respective HEIs and public authorities registering to the ESC-R. These documents outline the specific responsibilities, roles, and data processing activities each party undertakes.

Consent to communication

Users' contact information may be accessed and used for communications related to the ESC-R. We may contact users to verify information, handle issues, or communicate important information related to the functioning of the ESC-R and the ESCI.

We may contact Users to request more information at any time about the data they submitted upon the registration of the Accounts or, in any other instances, to ensure that the registration and account validation procedures are in line with the highest security standards or to handle any potential issues, obstacles, or concerns that may arise.

Security

We make substantial efforts to maintain a secure operating environment for the information collected on the ESC-R. Our security measures include, but are not limited to, data encryption, access control, regular security audits, and incident response plans.

Despite our best efforts to secure the platform, users are ultimately responsible for the security of their login credentials.

Users are responsible for securing their login credentials and should:

1. Use strong, unique passwords
2. Keep passwords confidential
3. Update passwords regularly
4. Log out after use, especially on shared computers
5. Monitor accounts for suspicious activity and report it immediately

By following these precautions and our implemented security measures, users can help us maintain a secure operating environment and protect their personal information. If users have any questions or concerns about our security practices, they can contact us at ESC.support@nttdata.com for further assistance.

External identity providers

When users access the European Student Card Router using EU Login or MyAcademicID, we use the external identity provider to verify accounts and ensure secure access to the ESC-R, only fetching authentication data with the user's consent.

Contact information

For questions or to withdraw approval of these T&Cs, contact:

NTT DATA BELGIUM Private Company (SPRL), acting on behalf of DG EAC
Email: ESC.support@nttdata.com 

Update of T&Cs

The present T&Cs are subject to change and updates. Any major update will be communicated to users of the European Student Card Router via email before becoming effective.

Last updated: 18/10/2024