Legal Mentions and Privacy Policy

Legal mentions

Unless clearly stated otherwise, the content of this website is under the editorial responsibility of EU DisinfoLab.

Privacy policy

In compliance with the EU’s General Data Protection Regulation (REGULATION (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data), referred to in this text as “EU GDPR”, ObSINT undertakes all the necessary measures to safeguard your privacy and comply with your choices.

The following privacy policy details how the ObSINT Office (i.e. our employees and members), referred to in this text by “we” or “us”, collects personal data, what data we collect, how we use it, how we safeguard it, the right of data subjects and how to exercise them.

1.1 What data do we collect?

Depending on whether you are a data subject internal or external to ObSINT, or whether you are a member of the staff, the type of data we collect will vary in accordance to the related legitimate purposes and legal or contractual obligations.

We may collect the following personal data: name, surname, Email address, phone numbers, job title, position in your organization, dietary requirements, images and other personal data that you provide voluntarily and/or are required to comply with legal obligations.

1.2 How do we collect your data?

We may collect your personal data:

  • when you subscribe to our newsletter through our website online form
  • when you register to our online or offline events
  • from online public sources in the public domain for legitimate purposes as detailed section 3. of this privacy policy, or within the confines of the “principle of public access to official documents” as detailed at recital 154 of the EU GDPR.
  • through formal and direct online or offline correspondence with the data subject
  • in the frame of online or offline exchanges taking place as part of our activities and events
  • in the frame of our online of offline projects including open data collection within the confines of the “principle of public access to official documents” as detailed at recital 154 of the EU GDPR.

1.3 How do we use your data?

ObSINT processes personal data after having received consent from the data subject. Consent is secured through an active affirmative statement by the data subject, provided upon collection of the data, and is based on a clear, unambiguous explanation of the purposes of the processing of the data. Data subjects have the right and means to withdraw their consent at any time.

Depending on whether you are a data subject internal or external to ObSINT, or whether you are a member of the staff, we may collect and process your data for different legitimate purposes and/or legal and contractual obligations, as detailed below.

1.3.1 Internal data subjects

If you represent an organisation external to ObSINT, we may collect your data for legitimate purposes including:

  • identification within our database of contacts in order to maintain contact for the implementation of joint activities such as: event organization and management; development and implementation of EU projects and tenders; policy advocacy; peer to peer exchanges and good practices dissemination; networking activities;
  • management of your registration and participation in our events and other activities;
  • inform you by email on topics of interest and other activities our organisation and members are involved in;
  • comply with records keeping obligations arising from contracts with the European Commission;
  • recruitment within ObSINT as intern, employee or temporary collaborator.

We may also collect your data to comply with legal obligations arising from EU funding programmes and public procurement related regulations.

1.3.2 ObSINT staff

If you are an employee or contractual collaborator of ObSINT, we may collect your data for legitimate purposes including:

  • administrative human resources management
  • implementation of employment contract and tasks surviving its termination

We may also collect your data to comply with legal obligations arising from your local labour law or EU funding programmes and public procurement related regulations.

If you are a candidate during a recruitment process for an internship or employment contract, we may collect your data for legitimate purposes including:

  • identification, selection and general communication in the frame of the on-going or future recruitment process
  • development of employment/internship contract

We may also collect your data to comply with legal obligations arising from your local labour law or EU funding programmes and public procurement related regulations.

1.4 How do we safeguard your data and for how long?

We are committed to ensuring that your personal information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

CheckFirst is responsible for the security of the website and other related features.

Obsint.eu is hosted by OVH (2 rue Kellerman, 59100 Roubaix, France).

Mailing lists with personal data are managed confidentially by the ObSINT Office. This information is stored in a protected area of our Network Attached Storage device. Under no circumstances do we share the stored data with third organisations, except if a competent authority demands it under the law or if we have your permission.

We use the online marketing platform Sendinblue, based in France, to send our automated email campaigns. Please refer to their Privacy Policy to find out how they process data as service provider.

Analytics data of this website are managed by Piwik. A specific consent is asked to users to authorise this data. You can consult Piwik privacy policy here.

All personal data collected by ObSINT is stored in the European Union.

We store and maintain up-to-date your personal data as long as the legitimate purposes and/or legal/contractual obligations for processing them (as detailed in section 3 of this privacy policy) remain valid, or until you request their erasure. The duration of the storage may also be influenced by data retention periods established in grant agreements and/or contracts of services between ObSINT and the European Commission.

1.5 Do we share your data with third parties?

We do not share the stored data with third organisations, unless:

  • the competent authorities or any other legal entities require them to fulfil legal obligations or for purposes of law enforcement;
  • in case of a joint event, we might share the data for the event organisation purposes and with the co-organiser or supporting partner, in accordance with the consent you provided upon registration;
  • if you consent to it.

1.6 What are your data protection rights?

Right to be informed: data subjects have the right to request ObSINT for confirmation as to whether or not personal data concerning him or her are being processed. ObSINT will provide confirmation within 5 working days.

Right of access by the data subject: data subjects have the right to request ObSINT copies of their personal data in a easily accessible and easily understood form. ObSINT will provide copies of personal data within 8 working days in a easily accessible and easily understood form.

Right to rectification: data subjects have the right to request ObSINT to modify or complete any information. Upon request of data subject, ObSINT will rectify inaccurate or complete incomplete personal data concerning the data subject.

Right to erasure (right to be forgotten): data subjects have the right to request ObSINT to erase their personal data. Upon request of data subject, ObSINT will erase the subject’s personal data if the grounds set out in art.17 of the EU GDPR apply.

Right to restrict processing: data subjects have the right to request ObSINT to restrict the processing of their personal data. Upon request of data subject, ObSINT will restrict the processing of the subject’s personal data in the applicable cases set out in art.18 of the EU GDPR.

Right to data portability: data subjects have the right to request ObSINT to transfer the data they have collected to another organisation or directly to them. Upon request of data subject, ObSINT will provide to the subject their personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided under the conditions set out in art.20 GDPR.

Right to object to processing: data subjects have the right to object to ObSINT’s processing of their personal data. Upon request of data subject, ObSINT shall no longer process the personal data unless the ObSINT demonstrates compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defense of legal claims.

Data subjects may exercise the right above by contacting the ObSINT office at gdpr@obsint.eu

Data subjects have the right to lodge a complaint with the Belgian supervisory authority in charge of data protection.

1.7 Change to our privacy policy

ObSINT keeps its privacy policy under regular review and notifies any updates on this web page. This privacy policy was last updated on 3 April 2023.

1.8 Our cookies policy

ObSINT uses cookies to make ObSINT’s website easier to use and to better adapt both the website and the products to the interests and needs of users. Cookies can also be used to make future experiences and activities on the Site faster. ObSINT also uses cookies to compile aggregate anonymous statistics that allow us to understand how people navigate the Site and to improve its structure and contents.

What are cookies?

Cookies are small text files that the sites visited by users send to their terminals, where they are memorised in order to be retransmitted to the same sites on successive visits. Cookies are used for various purposes, they have many characteristics, and can be used both by the owner of the site being visited and by third parties.

Consent is not required for any technical cookies, therefore they are installed automatically upon accessing the Site. Any cookies which are different from the technical ones are only installed or activated following the express consent of the user on their first visit to the Site. Consent can be expressed in a general way, by interacting with the brief information banner found on the website landing page (for instance by closing the banner or scrolling the page or clicking on any of its elements); or it can be provided selectively, using the following methods. A record of this consent is kept for successive visits. Nevertheless, the user always maintains the right to revoke previously expressed consent in full or in part.

We use Piwik PRO Analytics Suite as our website/app analytics software and consent management tool. We collect data about website visitors based on cookies. The collected information may include a visitor’s IP address, operating system, browser ID, browsing activity and other information. See the scope of data collected by Piwik PRO.

We calculate metrics like bounce rate, page views, sessions and the like to understand how our website/app is used. We may also create visitors’ profiles based on browsing history to analyse visitor behaviour, show personalised content and run online campaigns.

We host our solution on Microsoft Azure in Germany/Sweden, and the data is stored for 14 months.

The purpose of data processing: analytics and conversion tracking based on consent. Legal basis: Art. 6 (1)(a) GDPR.

Piwik PRO does not send the data about you to any other sub-processors or third parties and does not use it for its own purposes. For more, read Piwik PRO’s privacy policy.

1.9 How to contact us

If you have any questions about ObSINT’s privacy policy, the data we hold on you or you would like to exercise one of the data protection rights (section 6 above), please do not hesitate to contact us at gdpr@obsint.eu.