Verian, the data processor, is an independent research, evidence, evaluation, and communications agency which adheres to highest ethical standards and professional codes of conduct, including the WAPOR and ESOMAR.

Everyone who has been invited to take part, including you, has a known, non-zero probability of being selected. The random sample has either been drawn by selecting teachers within sampled schools, with the schools chosen based on the number of IVET teachers, a proxy measure like the number of IVET students, or with equal probability of selection.

All questions related to sensitive or special categories of personal data will only be collected if the explicit consent of the respondent has been received. All questions will include item non-response codes including ‘Don’t know’ and ‘Prefer not to answer’.

Careful consideration is also given to the publication of personally identifiable information. For instance, we thoroughly review and eliminate the possibility of publishing a data file that includes a combination of personal characteristics that could be potentially to identify a respondent, even after all direct personal data are removed and anonymised.

All parties are contractually bound to keep any information they collect and disclose to us or, we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.

For online video/telephone calls, we use tool(s) that are selected based on their compliance with applicable data protection laws and are essential for the effective administration of the surveys. Data collected are used solely for the purpose of conducting the survey.

Cedefop staff involved with the organisation and promotion of this activity will have access to all anonymised microdata collected necessary for organizing this activity. Additionally, Cedefop’s staff internally responsible for audit activities, as well as staff from external entities providing audit services, may access this anonymised microdata collected through this activity to the extent necessary for carrying out audit functions. Finally, the fully anonymised microdata of the survey will be stored at Cedefop’s SharePoint, whose provider, Microsoft Ireland Operations Ltd. will have access to.

For the EVTS implementation, Verian will use the Forsta data collection platform – known as ‘Forsta+’ –. Forsta has numerous mechanisms in place to ensure Forsta+ operates with high availability and ensures safe data storage. These include the use of redundant servers in a server farm, operating behind load-balancers, and the use of mirrored SQL databases allowing for near-instant failover. In addition, Forsta+ leverages Azure's geo-redundant storage architecture, to ensure backups of client data are backed up (encrypted) offsite, in a geographically separate Azure data centre (located in Azure's 'Germany North' data centre). Forsta's Platform in Azure is designed to operate 24x7x365 and to be capable of withstanding system failures and impairments. The data storage in Germany also ensures all data collected remains within the EU.

The same retention rules and procedures shall apply as well for the audio recordings.

As part of the Company Business Continuity plan and as required by ISO 27001, ISO 9001, ISO 20252 and in certain instances the law, our electronic systems are backed up and archived. These archives are retained for a defined period in a strictly controlled environment. Once expired, the data is deleted, and the physical media is destroyed to ensure the data is erased completely.

• Alignment with the ISO 9001:2008 standard for quality management systems which requires that we follow the agreed regulatory principles concerning the processing of records;
• Alignment with the ISO 27001 international standard for data security;
• All applicable data protection rules, including the Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data (hereinafter ‘EUDPR’), the General Data Protection Regulation (GDPR) and the UK 2018 Data Protection Act;
• In all of Verian’s studies, we take all possible measures to ensure that we respect the core principles of the human rights-based approach to data collection (HRBAD), as outlined in the guidance prepared by the Office of the United Nations High Commissioner for Human Rights.

The underlying principle is that the data collector will protect and keep all data private, so that the confidentiality and personal data of respondents is respected and protected. The central coordination team makes all efforts to ensure that the confidentiality of individuals is respected, and that data is collected according to ethical standards. This means that all personally identifiable information (PII) is only collected if the explicit consent of the respondent has been received. All questions will include item non-response codes including ‘Don’t know’ and ‘Prefer not to answer’.

Careful consideration is also given to the publication of personally identifiable information. For instance, a combination of certain characteristics could be used to identify a certain respondent in a datafile even if all immediate personal data are removed and anonymised. Verian takes measures to ensure that the human right to privacy is respected. All parties are contractually bound to keep any information they collect and disclose to us or, we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.

Once we receive your transmission, we will take reasonable steps to ensure our systems are secure. As the data privacy controller, Cedefop will be accountable in ensuring that the necessary data protection measures are correctly undertaken as stated herein.

All our employees are contractually obliged to follow our policies and procedures.

All parties are contractually bound to keep any information they collect and disclose to us or, we collect and disclose to them, confidential and must protect it with security standards and practices that are equivalent to our own.

Verian Group Belgium SA carries out data processing activities within the European Economic Area (EEA). All personal data will be processed within the EU or within the European Economic Area (EEA).

• Right to access your personal data
• Right to rectify your personal data
• Right to erase your personal data from our systems, unless we have legitimate interest reasons for continuing to process the information
• Right to port your personal data (portability right)
• Right to restrict processing of your personal data
• Right to object to the processing of your personal data