Skip to main content

Privacy Policy

General

This Privacy Policy governs the processing of personal data by the Green European Foundation (GEF), a European political foundation established at Rue du Kiem 96, 8300 Strassen, Luxembourg, registered in RCS under the number F8270, hereinafter referred to as “GEF”.

Your privacy is important to us. This Privacy policy is in accordance with the General Data Protection Regulation of 24 May 2016 concerning the protection of privacy in the processing of personal data, and explains what personal data GEF collects and how it uses them. Please read this Privacy Policy carefully, as it contains essential information on how your personal data is processed.

GEF respects your privacy and your rights to control your personal data and to understand how it is processed.

Definitions

The following definitions will help you to understand this Privacy Policy:

  • “We”, “Our”, “Us”, refers to the Green European Foundation (GEF), as mentioned above.
  • “You”, ”Your” refers to any individual whose personal data we process, including website visitors, newsletter subscribers, event attendees, job applicants, service providers and suppliers.
  • “Personal data” means any information relating to an identified or identifiable natural person (directly or indirectly).
  • “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, such as collection, storage, use, dissemination or deletion.
  • “Data controller” means the natural or legal person that determines the purposes and means of processing personal data.
  • “Data processor” means a natural or legal person that processes personal data on behalf of the data controller.

Personal data

As a data controller, we process your data that you voluntarily provide when you subscribe to our newsletter, register for our events, fill in contact forms, apply for job or internship opportunities, respond to our calls for tender, make a donation, collaborate with us, when you visit our website or engage with us through any of our online platforms.

This data may include your name, email address, organization, function, bank details, country of residence, language, etc.

Processing purposes and legal grounds

Contact forms and communications

When you contact us through our website forms or email communications, we collect your name, email address, country and message content.

We process this information based on your consent pursuant to Article 6(1)(a) of the GDPR, as demonstrated by your voluntary submission of the contact form or initiation of email communication with us.

We retain this information for three years from the date of last contact or until the purpose for which it was collected has been fulfilled.

Direct marketing: Green European Foundation and Green European Journal Newsletters

When you subscribe to our newsletter, we collect your name, surname, email address, country of origin and professional information in so far applicable in order to keep a history of your involvement with us. For the Green European Journal newsletter, we also collect information about your topical and language preferences. The legal basis for this processing is your explicit consent pursuant to Article 6(1)(a) of the GDPR.

Events participation

As GEF receives public funding from the European Parliament, we are obliged to file signed events participation lists. The data gathered when participating in our events may refer to your first name, last name, organisation, function, country and email address.

The legal basis for processing event registration data is based on consent pursuant to Article 6(1)(a) of the GDPR, and our legal obligation to maintain records for European Union funding compliance pursuant to Article 6(1)(c) of the GDPR.

These lists are not used for any other purpose unless explicitly requested by you (for instance, when you tick a box indicating that you’d like to receive our newsletter). In compliance with European legislation (Art. 136, paragraph one of REGULATION No 966/2012), we shall keep records of your event participation for 5 years following the year in which the event took place.

Job/internship applications

When you apply to one of our vacancies, we collect your application materials including your curriculum vitae, cover letter, references, contact information, employment history, and qualifications. The legal basis for this processing is the necessity to take steps at your request prior to entering into a contract, pursuant to Article 6(1)(b) of the GDPR.

Tender applications

For procurement processes, we collect organisation details, proposal documents, contact information, and financial and technical qualifications. This processing is based on our legal obligation under European Union procurement rules pursuant to Article 6(1)(c) of the GDPR.

Supplier relationships

When you provide goods or services to us as a supplier or contractor, we collect and process your contact details, banking and payment information, contract-related correspondence, and any other data necessary for the execution of our contractual and legal obligations. The legal basis for this processing is the performance of a contract pursuant to Article 6(1)(b) of the GDPR, and compliance with legal obligations under applicable financial and tax legislation pursuant to Article 6(1)(c) of the GDPR.

Event media

During our events, we may take photographs, video, and audio recordings to document activities and promote the work of the Green European Foundation. These materials may be published on our website, social media channels, newsletters, reports, or other communication platforms. We process this data based on our legitimate interest to raise awareness about our mission and activities, as permitted under Article 6(1)(f) of the GDPR.

When individuals are prominently identifiable, we always seek their explicit informed consent pursuant to article 6(1)(a) of the GDPR before using or publishing such media. Additionally, where applicable, we process multimedia content to comply with legal or public funding requirements.

Security and storage

We take the processing of your personal data very seriously and strive to implement the necessary technical and organizational measures to protect your personal data and help prevent theft, misuse, and unauthorized access, disclosure, alteration, and destruction of your data.

We regularly monitor our systems for potential security risks and attacks. However, we cannot guarantee the av security of the data you send. In the event of a breach, we will take prompt action and inform the parties involved in case of a serious breach. We cannot be held liable for direct, indirect, or consequential damage caused by incorrect or unlawful use of personal data by a third party.

We store and process the collected personal data at the headquarters of Green European Foundation (GEF) or at our branch office in Belgium, as well as by external service providers located in Europe. Data transfers from the website to our servers occur exclusively over secure connections.

Some data is stored and processed by external service providers outside the European Union. When this happens, we ensure that an equivalent level of data protection as within the EU is maintained. Where necessary, we apply appropriate safeguards in accordance with Article 46 of the GDPR, such as the use of standard contractual clauses with additional guarantees (e.g., encryption or pseudonymization of personal data with encryption keys retained within the EU), as well as adequacy decisions under Article 45 GDPR.

Data sharing and third-party processors

Your personal data will not be transferred to or shared with third parties, unless necessary for the above-described purposes.

Therefore, we work with several data processors who handle your personal data on our behalf under strict contractual arrangements. These include Mailchimp (The Rocket Science Group LLC) for newsletter delivery, CiviCRM for contact and event management, Monday.com for project and data management, Matomo for website analytics on our self-hosted servers, and Hotjar for user experience analysis. All these processors operate under strict data processing agreements ensuring GDPR compliance.

Furthermore, to process your personal data, we grant access only to our employees and authorised appointees. We guarantee a similar level of protection by making sure that all such individuals or entities are bound by confidentiality obligations and have received adequate training on data protection and privacy compliance.

Finally, and only to the extent legally required or strictly necessary for service provision or to protect our rights or the rights of affiliated third parties, we will share your personal data with law enforcement authorities, investigative bodies, affiliated companies, or in legal proceedings. In such cases, we will make efforts to inform you in advance, where possible.

Cookies and website analytics

When you visit our website, certain data are collected automatically by our IT systems. These data are primarily technical in nature, such as your browser type, operating system, referring URL, time of access, and IP address, and are necessary to ensure the proper functioning and security of the website. In addition to these essential technical data, we also use cookies to enhance your user experience and to better understand how visitors interact with our website.

Cookies are small text files that your browser stores on your device when you access a website. Our website uses both functional and analytical cookies. Functional cookies are necessary to ensure the usability of the website. They allow us to remember your preferences and browser settings, so that the website displays correctly and efficiently.

Analytical cookies help us to monitor website usage and optimise performance. They collect aggregated and anonymised data such as which pages are visited, how long visitors remain on a page, and how they navigate through the site. For this purpose, we use Matomo Analytics, an open-source platform installed on our own servers, which does not collect personally identifiable information and is fully compliant with the GDPR. Additionally, we use Hotjar for certain analytical insights to better understand user behaviour.

You will be asked for your consent before any non-essential cookies (such as analytical or third-party cookies) are placed on your device. Refusing these cookies will not prevent you from accessing the website or its core functionalities. However, it may affect your browsing experience and limit certain features.

You can manage your cookie preferences at any time through your browser settings.

Our website integrates plug-ins from third-party platforms, including Meta (Instagram), X, Google (YouTube) and Microsoft (LinkedIn). These plug-ins may collect personal data about your interaction with our website and transfer it directly to the respective third parties. In accordance with Article 26 of the GDPR, we act as a joint controller together with these platforms for the initial collection and transmission of such data. For more information about how each party processes your data and your rights under this joint controllership, please consult the privacy policies of Meta and Microsoft.

Our websites may contain links to other websites run by other organisations. This privacy policy applies only to our websites‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access those using links from our website. In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third party site and recommend that you check the policy of that third party site.

Retention period

We retain personal data only for as long as necessary to fulfil the specific purposes for which it was collected, to comply with legal and regulatory obligations, and to protect our legitimate interests. Retention periods are determined based on the type of data, the lawful basis for processing, statutory requirements, and the operational needs of our organisation.

Personal data processed for direct marketing purposes, such as through our newsletter or social media engagement, as well as data submitted via the contact form, will be retained for a maximum period of one year. Personal data related to website widgets will be stored for up to two years.

Data collected in the context of supplier relationship management will be retained for a maximum of ten years, in line with contractual and legal obligations. Personal data submitted in the context of calls for tender will be stored for five years, in accordance with applicable EU procurement regulations.

Your rights regarding your data

As a data subject, you have the right to access the personal data we process about you at any time. You may request the rectification of inaccurate or incomplete data, the restriction of processing, the transfer of your data to another controller, or under certain conditions the erasure of your personal data. You also have the right to object, free of charge, to the processing of your data for direct marketing purposes.

You can withdraw your consent for receiving marketing communications at any time by clicking the “unsubscribe” link included in every email you receive from us.

We do not use personal data for decision-making based solely on automated processing, including profiling.

Where the processing of your data is based on your consent, as outlined in Article 6(1)(a) of the GDPR, you have the right to withdraw that consent at any time. Please note that if you withdraw your consent for certain processing activities, we may no longer be able to provide you with certain communications or services.

You can exercise the aforementioned rights by sending an email to info@gef.eu or via the contact page.

If you believe that your rights under the GDPR have been violated, you have the right to lodge a complaint with the competent supervisory authority:

Commission Nationale pour la Protection des Données (CNPD), 3, avenue du Rock’n’Roll, L-4361 Esch-sur-Alzette, Luxembourg, website: https://cnpd.public.lu

16 OR UNDER

We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission before you provide us with personal information.

Changes of the Privacy Policy

If necessary, we may update or amend this Privacy Policy to reflect changes to our website or our data processing practices.

We encourage you to review this statement periodically to stay informed about how we collect, use, and protect your personal information.

For any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us at info@gef.eu