LAWGID – Law and Gender, Intersectionality and Diversity
Erasmus Mundus Joint Master Programme
Last updated: February 24, 2026
The LAWGID programme is coordinated by the University of Belgrade – Faculty of Law (Serbia), in partnership with Libera Università Maria SS. Assunta (LUMSA) (Palermo, Italy) and Örebro University (Sweden).
Data Controller (lead joint controller):
University of Belgrade – Faculty of Law
Bulevar kralja Aleksandra 67, 11000 Belgrade, Serbia
Email: lawgid@ius.bg.ac.rs
The three partner universities act as joint controllers for the processing of personal data in the context of the LAWGID Erasmus Mundus Joint Master Programme, in accordance with Article 26 GDPR.
This Privacy Notice explains how we collect, use, share and protect your personal data when you register on our website, submit an application for admission, or interact with us otherwise. We process your data in full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national laws.
1. What personal data do we collect?
- During website registration / account creation (optional / for future notifications):
- Email address
- Country of residence (optional)
- During application for admission and/or scholarship (mandatory for processing your application):
- Personal identification: full name, date of birth, place of birth, nationality, gender
- Contact details: email address, phone number, current and/or permanent address (including city, postal code, country)
- Passport or national ID details (scan/copy if required for verification)
- Educational background: CV/résumé, academic transcripts, diplomas, proof of English language proficiency
- Application documents: motivation letter, recommendation letters (if applicable), other supporting documents you upload
- Scholarship-specific data: socio-economic information (if relevant for needs-based elements), mobility track preferences
We do not collect special categories of data (sensitive data under Art. 9 GDPR) unless you voluntarily include them in your documents and they are necessary for the assessment (e.g. health data only if relevant for visa/mobility).
2. Purposes and legal basis for processing
We process your personal data exclusively for the following purposes:
| Purpose | Legal basis (GDPR) | Categories of data |
|---|---|---|
| Managing user registration on the website | Legitimate interest (Art. 6(1)(f)) – to provide access to programme information and updates | Email, country (optional) |
| Processing and evaluating your application for admission to the LAWGID programme | Necessary for the performance of a task in the public interest (Art. 6(1)(e)) + pre-contractual measures (Art. 6(1)(b)) | All application data |
| Assessing eligibility for Erasmus Mundus scholarship and ranking candidates | Necessary for the performance of a task in the public interest (Art. 6(1)(e)) – execution of Erasmus+ programme funded by the EU | All application data + scholarship-specific info |
| Administrative management (enrolment, mobility, visa support, diploma issuance) – if admitted | Contractual necessity (Art. 6(1)(b)) + legal obligation (Art. 6(1)(c)) | Relevant subset of data |
| Compliance with Erasmus+ / EACEA reporting and auditing requirements | Legal obligation (Art. 6(1)(c)) | Scholarship holders’ data |
| Statistics and quality assurance (anonymised) | Legitimate interest / public interest | Aggregated/anonymised data only |
3. How long do we keep your data?
- Unsuccessful applications → retained for 1 year after the end of the selection procedure (for possible complaints / appeals)
- Successful applicants (enrolled students) → retained for the duration of studies + 5–10 years after graduation (for diploma verification, alumni relations, Erasmus+ audits)
- Website registration data → until you request deletion or inactivity for 3 years
- Logs / technical data → up to 2 years
After these periods, data is deleted or irreversibly anonymised, unless longer retention is required by law.
4. Who do we share your data with?
Your data is shared only with authorised persons and on a strict need-to-know basis:
- Joint controllers – Örebro University and LUMSA University (for joint evaluation and mobility coordination)
- Erasmus+ / EACEA (European Education and Culture Executive Agency) – for scholarship holders, reserve list and selected non-scholarship candidates (mandatory under Erasmus Mundus rules; see EACEA privacy statement: https://eacea.ec.europa.eu/data-protection_en)
- Processors (with GDPR-compliant agreements): hosting provider, application platform provider (if external), email service
- Public authorities – when required by law (e.g. visa authorities, tax offices, auditors)
We do not sell your data or use it for commercial marketing.
5. International data transfers
Data is processed mainly within the EU/EEA. As Serbia is not part of the EEA, transfers to the University of Belgrade are covered by appropriate safeguards (e.g. standard contractual clauses or derogations for public interest tasks under Erasmus+). Partners in Italy and Sweden are within the EEA.
6. Your rights under the GDPR
You have the right to:
- Access your data
- Rectify inaccurate data
- Erase data (subject to legal retention obligations)
- Restrict processing
- Object to processing based on legitimate interest
- Data portability (where technically feasible)
- Withdraw consent (if any processing is consent-based – currently none)
To exercise your rights, contact: lawgid@ius.bg.ac.rs
We will respond within 1 month (extendable in complex cases).
You also have the right to lodge a complaint with a supervisory authority:
- In Serbia: Commissioner for Information of Public Importance and Personal Data Protection (www.poverenik.rs)
- Or any EU supervisory authority (e.g. in Sweden or Italy, depending on your residence).
7. Cookies and website technologies
The website uses only essential cookies for functionality. Analytics cookies (if any, e.g. Google Analytics) require your consent via our cookie banner. See our Cookie Policy (link if separate) for details.
8. Security
We implement appropriate technical and organisational measures (encryption, access controls, regular reviews) to protect your data (Art. 32 GDPR). In case of a data breach likely to result in high risk, we will notify you and the supervisory authority.
9. Changes to this Notice
We may update this notice. Check the “Last updated” date. Significant changes will be communicated via the website or email.
Contact: lawgid@ius.bg.ac.rs
By submitting your application or registering, you acknowledge that you have read and understood this Privacy Notice.
