Privacy

We would like to inform users of our website what personal data we process and how we process it. According to the GDPR and UK GDPR, any information that identifies you or that can be used to identify you – such as your name, address, email address, user behaviour, or even your IP address – counts as personal data.

When delivering the content of this website or interacting with you, it is therefore unavoidable that we will process and sometimes store some of your personal data. We may need to share it with third-party entities in order to provide website content and to improve it, but we will never sell it. We store as much of this data on European Union servers as is currently feasible and aim to provide you with choices to protect your privacy, without overloading you with these options. We have implemented measures to limit our data collection and to keep your data safe, as described below.

If you have any concerns about the processing of your personal data, please do not hesitate to contact us or our data protection officer using the contact details below.

Controller and data protection officer

This information applies to the entire pan-European ECFR organization, which comprises five legal entities as detailed below. Since all ECFR legal entities operate in a highly integrated manner, they are jointly responsible for processing your personal data according to article 26 of the GDPR and UK GDPR.

The ECFR legal entities, as joint controllers according to article 26 GDPR and UK GDPR, have amongst themselves agreed that European Council on Foreign Relations (ECFR) e.V. will take primary responsibility for ensuring compliance with GDPR and UK GDPR obligations, in particular transparency obligations and individuals’ rights.

Our contact details

Therefore, we kindly ask you to address any questions you might have about how we process your personal data to European Council on Foreign Relations (ECFR) e.V.. The contact details of our ECFR entities are as follows:

Data protection officer

European Council on Foreign Relations (ECFR) e.V. has appointed a data protection officer (DPO). In case of any queries, you can reach the DPO using the contact details above and adding “attn of the DPO” or via e-mail: [email protected]

Your rights

Data subjects’ rights

You are entitled to the following rights towards us regarding your personal data:

  • Right to information
  • Right to rectification or deletion
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability

To exercise your rights, we kindly ask you to address any queries to European Council on Foreign Relations (ECFR) e.V., using the contact details provided above.

Right of appeal to a supervisory authority

You also have the right to complain to the data protection supervisory authorities about our processing of your personal data.

Objection to the processing of your data

Where we base the processing of your personal data on the balancing of interests, you may object to such processing. This is the case if said processing is not required for fulfilling a contract to which you are a party, but for other purposes. We will provide details in the description of those processes below. When exercising an objection, we ask you to specify the reasons arising from your personal situation as to why we should not process your personal data in the manner we intend. In the event of a justified objection, we will examine the situation and either cease to process your data or adjust data processing, or we will share with you our compelling legitimate grounds for continuing to process your data.

If you have consented to the processing of your data, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Obligation to provide personal data

You are not obliged to provide the personal data collected on this website. There is no legal, contractual or other obligation, nor is the provision of your personal data required to conclude a contract. Insofar as data collection is required for a faultless display of this website, data is collected automatically during buildup of the website or after you have provided your consent.

Contacting us or subscribing to our newsletter is usually not possible without providing the minimum data.

Collection of personal data during your visit to our website

Data processed to display our website

We use external suppliers for secure and efficient hosting and delivery of the contents of our website. As a rule, the data is stored on servers within the European Union. Our hosting provider, for example, stores all data on servers located in Germany. Where there is an exception to this rule, we will advise you in the relevant section below.

When you visit our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we will collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security (the legal basis being article 6 (1) 1 lit. f GDPR or UK GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Website transmitting the request
  • Websites accessed by the user’s system via our website
  • Bytes downloaded
  • Browser
  • Operating system and interface
  • Language and version of the browser software

The above data will be stored in a log file for a duration of one week, after which it will be deleted. In case of any malevolent or criminal access, we reserve the right to store said data for further evaluation for a period of up to one month.

Cloudflare

We use the content delivery network of Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, US (hereinafter: Cloudflare) for the delivery of the contents of this website. Cloudflare allows us to provide efficient content delivery based on geographical location as well as enhanced cyber security, for example from denial-of-service attacks.

To this end, when you visit our website, personal data, such as your IP address or other information about your browser or system, are transmitted to the Cloudflare servers. These servers may be located outside the European Union, for instance in the United States or other countries for which there has been no adequacy decision by the European Commission. For transfers from the European Union or the UK to the US, Cloudflare is a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. For other cases, Cloudflare has signed standard data protection clauses to mitigate the risk of your personal data being transferred outside of the European Union. This is an appropriate safeguard according to  Article 46 (2) lit. c GDPR or UK GDPR. Learn more about the EU Standard Data Protection Clauses.

The legal basis for the use of Cloudflare is article 6 (1) 1 lit. f GDPR or UK GDPR, our legitimate interest being to provide security for our website and efficient delivery of the contents. Cloudflare also uses cookies to deliver its services, including load balancing, content delivery and DNS servers for website operators. The legal basis for these is § 25 (2) no. 1 TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“).

Further information on data protection at Cloudflare

Cookies

In addition to the aforementioned data, cookies are stored on your computer when you visit our website. Cookies are small text files that your browser stores on your hard drive which transmit certain information back to the party that has set the cookie (in this case, us). Cookies cannot run programs or transfer viruses to your computer. They are widely used to make websites function properly as well as to make them more user-friendly and effective.

This website uses the following types of cookies, the scope and functionality of which are explained below:

  • Transient cookies
  • Persistent cookies

Transient cookies are automatically deleted when you close your browser. They include, in particular, session cookies. They store a so-called session ID, which allows separate requests made by your browser to be assigned to the same session. This will enable us to recognise your computer when you return to our website. Session cookies also include the cookies that we use to ensure the correct display of our website on the device used by you. Session cookies will be deleted when you log out or close the browser.

Persistent cookies will automatically be deleted after a specified period of time, which may vary depending on the cookie. You may delete cookies at any time in the security settings of your browser.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

Insofar as cookies are required for the basic functions of our website, the legal basis is § 25 (2) no. 1 TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). These might be cookies to store your consent or to keep pages consistent through your visit. Other cookies will only be used with your consent. In these cases the legal basis is article 6 (1) 1 lit. a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“).

More details on the processing of your personal data in connection with the services using the cookies and the legal basis can be found in the relevant sections below.

You can see a list of cookies that may be set during your visit on our website and change your consent settings for cookies, external media and third-party tools on our consent management page.

Contacting us by email

When you contact us by email, we will store the data you provide (your email address and – where applicable – your name, telephone number, and your message) in order to answer your query.

We process this data to respond to your request or queries. Said processing takes place for the purposes of our legitimate interests (article 6 (1) 1 lit. f GDPR or UK GDPR), as it enables us to communicate with you in a satisfactory manner.

Newsletter

If you consent to receiving one of our newsletters, we will keep you posted about our activities, recent analysis, and other content on our website.

The following newsletters are available:

  • Weekly general ECFR newsletter
  • National language newsletters from one of our offices in Berlin, London, Madrid, Paris, Rome, Sofia, and Warsaw
  • Programme newsletters with specific content about one of our programmes

We use the so-called double opt-in procedure for our newsletter subscription. This means that we will send you a confirmation email after receiving your registration. In this email we will ask you to confirm that you do in fact want to receive our newsletter. If you do not confirm your subscription, your email address will not be added to our list.

After receiving confirmation from you, we will store your email address for the purpose of sending you the newsletter. The legal basis is art. 6 (1) 1 lit. a GDPR or UK GDPR.

We might track your user behaviour in relation to our newsletter. This means that we can track whether you open the newsletter emails we send and how often and on which links you have clicked in the newsletter emails we send. We do this to optimise the content of the newsletter and to provide you with information which may be of interest to you. The legal basis is your consent and therefore article 6 (1) 1 lit. a GDPR or UK GDPR.

You may withdraw your consent and cancel your subscription to our newsletter at any time. Simply click on the link provided in every newsletter email, or write to us at [email protected].

We use a service provider based in Germany to administer and send our newsletter.

Analytics and optimisation

Matomo

We have integrated Matomo Cloud on this website. Matomo Cloud is a web analytics service provided by InnoCraft Ltd, 7 Waterloo Quay, PO Box 625, 6140 Wellington, New Zealand. We have signed a DPA with InnoCraft Ltd to regulate how InnoCraft Ltd may process your personal data following our instructions. New Zealand is a so-called safe country outside of the EU, as both the EU Commission and the UK have granted New Zealand an adequacy decision according to article 45 GDPR and UK GDPR. This means that the EU Commission and the UK recognize data protection standards in New Zealand to be on a par with those in the EU and the UK.

Matomo Cloud allows us to collect and evaluate data about the behaviour of visitors on our website. Among other things, this may tell us about the website you came from (so-called referrer), which subpages of the website you accessed or how often and for how long you viewed a subpage, as well as data about your device, browser, or the region you are visiting from. We use this data to optimise our website and the contents provided.

Matomo is operated on EU servers provided by Matomo, where all personal data collected by Matomo as part of the web analysis are stored. Raw data collected by Matomo is deleted after 25 months. This data is not shared with third parties.

We use Matomo without cookies, unless you have consented to the use of Matomo cookies in the cookie settings, where you may also revoke your consent at any time. The use of Matomo with cookies enables us to collect more accurate data about visits to our website, for example enabling us to distinguish between new and recurring visitors to our website. You may also disable cookies in your browser, as described in the section on cookies above; however, this may limit the functionality of our site.

You can opt out by unchecking this button:

You can also activate the “Do not track” setting in your browser to prevent the collection of data generated by Matomo relating to the use of this website altogether.

The legal basis for the use of Matomo is article 6 (1) 1 lit. f GDPR or UK GDPR, our legitimate interest being the optimisation of the website and its contents. If you consent to the version of Matomo using cookies, the legal basis for the storage of those cookies on your device and the processing of your personal data as part of the analysis is article 6 (1) 1 lit. a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link in the footer of the website.

More information on Matomo and privacy

Hotjar

We have integrated Hotjar, a tool for user-testing, on this website. Hotjar is a service provided by Hotjar Limited, Level 2, St Julian’s Business Centre, 3, Elia Zammit Street, St Julian’s STJ 1000, Malta. The processing of your personal data takes place on servers based within the European Union.

Hotjar is disabled unless you consent to the usage of analytics cookies in the cookie settings. All data collected by Hotjar is deleted after 12 months. None of this data is shared with third parties.

Hotjar provides session recordings, heatmaps, and surveys. We have enabled on-page suppression of numeric text and email addresses so they are never tracked. Recordings contain a “Hotjar user ID”, country, hardware info (device, OS, browser) and referral info. All surveys are anonymised.

Using Hotjar allows us to draw extensive conclusions about the way our website is being used as well as identify problems people have with accessing the content of our website, both of which enable us to optimise our website for user interaction. It does not enable us to identify you as a visitor on our website, and nor does Hotjar provide IP-addresses.

The legal basis for the storage of cookies on your device and the processing of your personal data as part of the analysis by Hotjar is art. 6 (1) 1 lit. a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link in the footer of the website.

External resources

Cookiebot

To enable us to block scripts and cookies until you have consented to them, we use Cookiebot, an online consent management tool. Cookiebot is a cloud service provided by Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.

Cookiebot remembers the user’s choice for 12 months after which the banner will automatically pop up to renew the user’s consent. Consent may also be revoked or changed via the link in our Cookie Policy. To keep track of your consent, Cookiebot stores the following data in a cookie in your browser:

  • consent ID
  • consent state
  • date and time
  • URL visited
  • user language
  • user agent (details about browser and operating system)
  • IP address (anonymized)
  • geolocation

Cookiebot also stores a log of granted consents in a database for us so that we may use it to provide proof of your consent. We have configured Cookiebot so that all data is stored on servers within the EU and concluded a DPA (data processing agreement) with Usercentrics A/S.

The legal basis for the integration of Cookiebot on our website is art. 6 (1) 1 lit. f GDPR or UK GDPR, as it allows for our legitimate interest in obtaining your consent for the extended functionalities provided by this website.

hCaptcha

We use the hCaptcha service (hereinafter “hCaptcha”) on our website for security purposes. This service is provided by Intuition Machines, Inc., 350 Alabama St, San Francisco, CA 94110, USA (“IMI”). hCaptcha is used to check whether our website is being accessed by a human or by an automated program. To do this, hCaptcha analyses the behaviour of the website visitor based on various characteristics. This takes place automatically when you first visit our website.

For the analysis, hCaptcha evaluates various information (e.g. IP address, how long you have been on the website, mouse movements, scroll position, keypress events, touch events, or gyroscope / accelerometer information) and also stores cookies in your browser. The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the “invisible mode” may take place completely in the background. Website visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Additionally, those data required to provide the service will be collected by IMI, such as browser type, Internet service provider, platform type, device type, operating system or date and time stamp of access.

The legal basis for the use of hCaptcha is article 6 (1) f GDPR or UK GDPR, as it is based on our legitimate interest in protecting the website from abusive automated crawling and spam. The legal basis for the cookies used is § 25 (2) no. 1 TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). We have concluded a DPA (data processing agreement) with IMI to regulate how IMI may process your personal data on our instructions. IMI will use aggregated and/or de-identified information to build or improve the quality of its services.

Your data will be processed by IMI in data centres in the United States and other worldwide locations, which may be outside the European Union. This can result in risks for the users – for instance, enforcing the users’ rights might be more difficult. IMI has incorporated the so-called Standard Data Protection Clauses into the DPA to provide an adequate level of protection for your personal data. Learn more about the EU Standard Data Protection Clauses.

For more information, you can read hCaptcha and IMI’s privacy policyand terms of use.

Visualisation tools

We use tools to visualise data and statistics on this website. To display these charts, maps and graphics, our website will establish a connection to the servers of the companies providing these visualisation tools, and transmit those data which are technically required to display the content in your browser. Usually, this will be at least the IP address as well as information about the browser and device, the date & time and the pages viewed.

The legal basis for displaying these charts, maps and graphics on our website and transmitting the required data to the service providers is your consent according to article 6 (1) a GDPR or UK GDPR, insofar as we have blocked the content prior to display, or our legitimate interest in providing this content to you in a way that is easy to view and relate to, and therefore article 6 (1) f GDPR or UK GDPR.

Currently, we use following visualization tools:

DataWrapper, which is provided by DataWrapper GmbH, Raumerstraße 39, 10437 Berlin, Germany. DataWrapper may use the data transmitted by your browser to monitor how we embed the charts, maps or graphics provided by them into our website and to learn about global traffic. According to DataWrapper, they will not collect IP addresses of website visitors, and are therefore not able to connect any data to individuals. DataWrapper uses a so-called pixel to keep track of how many times visualizations provided by DataWrapper are called up on our website. A pixel is a tiny piece of code transmitted by the server that helps Datawrapper measure traffic. DataWrapper uses it solely for counting views of our visualizations. It doesn’t track other personal data or visitor activity. For more information on how Datawrapper may process your personal data, please view their privacy notice. Fonts displayed in DataWrapper content are provided by Adobe. To find out more about how Adobe may use technical data to display the fonts and verify licensing please refer to their privacy notice.

Mapbox, which is provided by Mapbox, Inc., 740 15th Street, NW, 5th Floor, Washington DC 20005, USA. Mapbox will use the data collected for internal diagnostic and analytic purposes, to provide and improve the mapping products and services and to generate aggregated and anonymized usage statistics. For more information on how Mapbox may process your personal data, please view their privacy notice.

Flourish, which is provided by Flourish Team, Canva, 33 Hoxton Square, London N1 6NN, UK. The EU Commission has recognized the UK as a so-called safe country, which means that the data protection standard is comparable to that of the UK. The transfer of your data to the UK is therefore based on article 45 GDPR.

Our World in Data, which is provided by the Global Change Data Lab, a registered charity in England and Wales. The EU Commission has recognized the UK as a so-called safe country, which means that the data protection standard is comparable to that of the UK. The transfer of your data to the UK is therefore based on article 45 GDPR. For more information on how the Global Change Data Lab may process your personal data, please view their privacy notice.

Open Street Maps, which is a dynamic map provided by the OpenStreetMap Foundation, St John’s Innovation Centre, Cowley Road, Cambridge, CB4 0WS, United Kingdom (short OSMF). The OSMF stores data on servers based in the UK, Ireland and the Netherlands. The EU Commission has recognized the UK as a so-called safe country, which means that the data protection standard is comparable to that of the UK. The transfer of your data to the UK is therefore based on article 45 GDPR. For more information on how the OSMF may process your personal data, please view their privacy notice. Open Street Maps also use the content delivery network of Fastly Inc., a company based in San Francisco, US for the efficient delivery of the maps displayed. For transfers from the European Union or the UK to the US, Fastly is a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. More info on how Fastly may process technical data can be found in their privacy notice.

Landbot

On the Power Atlas section of our website, we have included a link to a chatbot to help you navigate the Power Atlas. This chatbot is a service provided by HELLO UMI S.L., a company based in Barcelona. If you click on the link, you will be redirected to the website of the provider, where you can ask questions of the chatbot. For details about the processing of your data on the website of the provider, please refer to Landbot’s privacy notice.

Font Awesome

This website uses icons provided by Font Awesome. Font Awesome is a service provided by Fonticons, Inc., 6 Porter Road Apartment 3R, Cambridge, MA 02140, USA. To display the icons, they are downloaded from a CDN (content delivery network) operated on behalf of Font Awesome. Technically, Font Awesome will receive at least your IP address to deliver the icons to your browser. This allows us to deliver our website to you much faster and more efficiently than hosting these icons on our own server, as only those icons which are required will be downloaded by your browser. The legal basis for the download of these icons is art. 6 (1) 1 lit. f GDPR and UK GDPR, based on our legitimate interest to effectively provide our website to you. Font Awesome does not use any cookies and by their own account will only use your data to provide the service to us. For more information about how Font Awesome will process your personal data please review their privacy notice, especially in the section “Font Awesome collects data about use of its content delivery networks”.

Media Mentions

When posting recent mentions of ECFR in the media, we have embedded so-called Favicons provided by Google. These are small icons which display the logo of the relevant news outlet that the post relates to. They are downloaded by your browser automatically from servers operated by Google to allow us to dynamically display them according to the related posts.

This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. To download the icons, your browser will transfer your IP address and possibly other technical data to Google.

The legal basis for the transfer of your data to Google is Article 6 (1) f GDPR, as it is based on our legitimate interests in displaying the relevant icons. 

We have no influence on how Google may process your personal data. Insofar as Google processes data on US servers, the transfer takes place on the basis of Art. 45 GDPR. The EU Commission has issued an adequacy decision for the USA. Google maintains a corresponding certification. Please refer to Google’s privacy policy for more information on how Google will process your personal data and your rights in this regard, as well as options for protecting your privacy:  https://policies.google.com/privacy?hl=en

jsDelivr CDN

On some sub pages, we are loading script libraries from a free content delivery network (CDN) for open source projects provided by Volentio JSD Limited (jsDelivr), a company registered in England and Wales at Suite 2a1, Northside House, Mount Pleasant, Barnet, England, EN4 9EB.

Script libraries are code which is used to display certain sections of the website or provide certain functionality. To download these efficiently and be able to automatically provide the latest version, your browser will load them directly from the CDN hosted by jsDelivr. To download the libraries, your browser will transfer your IP address and possibly other technical data to jsDelivr. To find out more about how jsDelivr may process these technical data, please visit their privacy notice.

The legal basis for the transfer of your data to jsDelivr is Article 6 (1) f GDPR, as it is based on our legitimate interests in efficiently loading the scripts and a speedy display of our website. 

Embedded third-party content

Some entries in our website might have embedded content provided by third-party services, such as charts, graphics, posts, videos or audio. We initially block most of this third-party content, and it will only be loaded when you choose to.

To enable you to conveniently navigate the website, your setting for that specific third-party service will be stored in a cookie. If you prefer to be asked every time, simply opt out of this by disabling the checkbox or delete the cookie in your browser. When you re-enter/reload the website, you will be asked again about integrating the third-party content.

YouTube videos

We have embedded YouTube videos within our website. YouTube is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. These videos will only be displayed if you activate them in your browser.

The videos are stored on https://www.youtube.com and can be viewed directly from our website. We embed most of these videos using the privacy-enhanced mode. This means no data will be collected to personalise your viewing experience in YouTube. We have no influence on the scope of data collected by YouTube beyond that. In some cases, YouTube may use other Google services, such as Google Fonts, when displaying or playing the videos.

Upon playback of these videos YouTube will receive information about your visit to the corresponding subpage of our website. Furthermore, the following data will be transferred:

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Website transmitting the request
  • Websites accessed by the user’s system via our website
  • Bytes downloaded
  • Browser
  • Operating system and interface
  • Language and version of the browser software

This takes place regardless of whether YouTube provides a user account that you are logged in with or whether no such user account exists. If you are logged in to Google, your information will be directly associated with your account. If you do not wish to be associated with your profile on YouTube, you must log out before activating the function. YouTube will store your data within a usage profile and will use it for purposes of advertising, market research, and/or demand-orientated design of its website. Your data will thus be evaluated (even that of users who are not logged in), notably to provide demand-orientated advertising and to inform other users of Google’s social network about your activities on our website. You have the right to object to the creation of such user profiles, however you must contact YouTube to exercise this right.

The legal basis for the provision of these videos is Article 6 (1) a GDPR or UK GDPR, as they will only be displayed with your consent. The legal basis for any cookies used by YouTube when you play the videos is Article 6 (1) a GDPR or UK GDPR in connection with § 25 (1)  („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

Google may process your personal data on servers in the United States. Since this is based on your consent, the legal basis is Article 49 (1) a GDPR or UK GDPR. Google is also a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. The transfer of your data to the US may therefore also be based on Article 45 GDPR or UK GDPR.

Regarding the purpose and scope of said data collection and further processing and use of these data by YouTube, as well as your rights and optional settings with regard to the protection of your privacy, please consult the Google privacy policy.

Vimeo videos

We have embedded Vimeo videos within our website, which are provided by vimeo.com Inc, 555 West 18th Street, New York, New York 10011, USA. These videos will only be displayed if you activate them in your browser.

We have embedded these videos using the privacy-friendly “Do not track” parameter. This means Vimeo will not collect any tracking data related to the videos you view on our website. Vimeo is responsible for the subsequent processing of your data. We have no influence on the data collected by Vimeo or the circumstances of processing, nor are we aware of the full extent of the data collected, the purposes Vimeo may use them for or the storage period. Vimeo may also integrate other external services such as Akamai or New Relic, resulting in  these servers being called when you play a video on our website. Akamai is a content delivery network (CDN) which Vimeo may use to deliver the video. New Relic is an analysis tool which Vimeo uses in certain cases for error analysis.

When you visit a page with a Vimeo video, and consented to these videos being displayed, your browser will establish a connection to Vimeo servers. This means Vimeo will be aware that you have visited our website and which pages you have visited. In addition, any information which is technically required for the display and playback of the videos, such as your IP address or location data, will be transmitted to Vimeo.

The legal basis for the provision of these videos is Article 6 (1) a GDPR or UK GDPR, as they will only be displayed with your consent. The legal basis for any cookies used by Vimeo when you play the videos is Article 6 (1) a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

Vimeo will process your personal data at least partially on servers in the United States. Since this is based on your consent, the legal basis is article 49 (1) a GDPR or UK GDPR. Vimeo is also a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. The transfer of your data to the US may therefore also be based on Article 45 GDPR or UK GDPR.

For more information on the purpose and scope of data collection and processing by Vimeo, please refer to Vimeo’s privacy policy, where you will also receive further information about your rights in this regard and about options for protecting your privacy.

Tableau

We use a software called Tableau to visualise certain contents and display the results as charts, diagrams, or other visualised formats. Using Tableau’s embed functionality, we integrate these visualisations into our website. Tableau is provided by Salesforce, Inc., Salesforce Tower, 415 Mission Street, 3rd Floor, San Francisco, CA 94105, United States.

As a result of this, your IP address and other technical device-related information such as screen resolution, browser, and operating system used are transferred to Tableau’s servers. In principle, Tableau cannot draw any conclusions about your person from this data, but will know, for example, where you are (geographically).

The legal basis for the provision of Tableau content is Article 6 (1) a GDPR or UK GDPR, as it will only be displayed with your consent. You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

Salesforce may process your personal data on servers in the United States. Since this is based on your consent, the legal basis is article 49 (1) a GDPR or UK GDPR. Salesforce is also a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. The transfer of your data to the US may therefore also be based on Article 45 GDPR or UK GDPR.

Please refer to Salesforce’s privacy policy for more information.

Twitter

We have embedded content (“tweets”) by X (formerly Twitter) on our website, displaying content such as images, videos, text, or buttons. X is a social media network provided within the EU, EFTA states and the UK by the Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland. Outside of the EU and the UK, X is provided by X Corp., 1355 Market Street, Suite 900, San Francisco, CA 94103, United States. This content will only be displayed if you activate it in your browser.

If you decide to load this embedded content, your IP address and, potentially, other technical device-related information such as screen resolution, browser, and operating system used are transferred to X’s servers. If you are logged in to X while displaying this content, X may be able to associate this information with your account.

The legal basis for the embedded tweets is Article 6 (1) a GDPR or UK GDPR, as they will only be displayed with your consent. The legal basis for any cookies used by X when tweets are displayed is Article 6 (1) a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

X may process your personal data on servers in the United States. Please note that the United States are regarded by the European Commission as an unsafe country, as the standard of data protection may not be equivalent to that in the EU. The processing of your personal data by X within the United States may therefore imply risks to your personal rights and freedom. The transfer of your personal data to the US only happens with your consent, the legal basis being Article 49 (1) a GDPR or UK GDPR.

Please refer to the X privacy policy for more information.

Facebook

We have embedded Facebook content on our website, displaying content such as posts, images, videos, text, or buttons. Facebook is a social media network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Quay, Grand Canal Bridge, Dublin 2, Ireland. This content will only be displayed if you activate it in your browser window.

If you decide to load this embedded content, your IP address and, potentially, other technical device-related information such as screen resolution, browser, and operating system used are transferred to Meta servers. If you are logged in to Facebook while displaying this content, Meta may be able to associate this information with your account.

We have embedded Facebook content so that we may enable you to access and share this content. The legal basis is your consent and therefore Article 6 (1) a GDPR or UK GDPR. The legal basis for any cookies used by Meta to display content is Article 6 (1) a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

Meta may process your personal data on servers in the United States. Since this is based on your consent, the legal basis is Article 49 (1) a GDPR or UK GDPR. Meta is also a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. The transfer of your data to the US may therefore also be based on Article 45 GDPR or UK GDPR.

Please refer to the Meta privacy policy for more information.

Instagram

We have embedded Instagram content on our website, displaying content such as posts, images or videos. Instagram is a social media network provided by Meta Platforms Ireland Ltd., 4 Grand Canal Quay, Grand Canal Bridge, Dublin 2, Ireland. This content will only be displayed if you activate it in your browser window.

If you decide to load this embedded content, your IP address and, potentially, other technical device-related information such as screen resolution, browser, and operating system used are transferred to Meta servers. If you are logged in to Instagram while displaying this content, Meta may be able to associate this information with your account.

We have embedded Instagram content so that we may enable you to access and share this content. The legal basis is your consent and therefore Article 6 (1) a GDPR or UK GDPR. The legal basis for any cookies used by Meta to display content is Article 6 (1) a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

Meta may process your personal data on servers in the United States. Since this is based on your consent, the legal basis is Article 49 (1) a GDPR or UK GDPR. Meta is also a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. The transfer of your data to the US may therefore also be based on Article 45 GDPR or UK GDPR.

Please refer to the Meta privacy policy for more information.

Podcasts

We have embedded audio content (so-called podcasts) via a web player on our website for you to stream, download, or share. When you visit pages on our website which contain podcasts, your IP address and, potentially, other technical device-related information will be transferred to the providers who host these podcasts for us so that the podcast can be played via the web player. If you are logged in to an account with a podcast provider while displaying this content, they may be able to associate this information with your account.

These podcasts are part of our website content and are embedded based on our legitimate interest to present this content to you in an easily accessible way and enable you to access and share this content. The legal basis for any processing of personal data, including the transfer of technical data to the hosting providers, is Article 6 (1) f GDPR or UK GDPR. Insofar as the providers use cookies to play the podcasts, these will only be set with your consent. The legal basis for these cookies is Article 6 (1) a GDPR or UK GDPR in connection with § 25 (1) TDDDG („Telekommunikation-Digitale-Dienste-Datenschutzgesetz“). You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

At the time of writing, we use several providers to host and display our podcasts on the website: Acast, Soundcloud and Mixcloud.

Acast is a service provided for listeners in the EU, UK or Switzerland by Acast AB, a company registered in Sweden whose principal place of business is Kungsgatan 28, 111 35 Stockholm, Sweden. Acast have explained to us that they use servers in the EU to store data of these listeners. All the same, some data may be transmitted to servers outside the EU. Acast, by their own account, have committed to follow GDPR requirements for these tranfers, such as concluding Standard Contractual Clauses published by the EU Commission with the data importers and supplementary measures to safeguard the personal data transferred. For other listeners, the service is provided by Acast Stories Inc., a company with a registered office at 79 Walker Street, New York, NY 10013. For more information on how Acast process personal data of listeners, please refer to the Acast privacy notice.

Soundcloud is a service provided by SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany. Soundcloud may transfer your data to servers outside the EU, where the level of data protection may not be equivalent to that within the EU. The transfer of your personal data by Soundcloud may therefore imply risks to your personal rights and freedom. The transfer of your personal data by Soundcloud only happens with your consent, the legal basis being article 49 (1) a GDPR or UK GDPR. Please refer to the Soundcloud privacy policy for more information.

Mixcloud is a service provided by Mixcloud Ltd., 447-453 Hackney Rd, London E2 9ED, United Kingdom. The EU Commission has recognized the UK as a so-called safe country, which means that the data protection standard is comparable to that of the UK. The transfer of your data to the UK is therefore based on article 45 GDPR. Mixcloud may transfer your data to servers outside the EU, where the level of data protection may not be equivalent to that within the EU. The transfer of your personal data by Mixcloud may therefore imply risks to your personal rights and freedom. The transfer of your personal data by Mixcloud only happens with your consent, the legal basis being article 49 (1) a GDPR or UK GDPR. Please refer to the Mixcloud privacy policy for more information.

PredictionsDB

We have embedded content provided by PredictionsDB, which allows you to view predictions made by ECFR and compare them to the actual outcomes. If you make predictions of your own, you may also comment on these predictions.

If you decide to load this embedded content, at least your IP address and, potentially, other technical device-related information will be transferred to PredictionsDB.

The legal basis is your consent and therefore Article 6 (1) a GDPR or UK GDPR. You may revoke your consent at any time, using the link to “Cookies” in the footer of the website.

PredictionsDB have also integrated Google Analytics to analyse and improve their service. Data may be used by Google for their own purposes and may be combined with other data collected by Google. Google may process your personal data on servers in the United States. Since this is based on your consent, the legal basis is Article 49 (1) a GDPR or UK GDPR. Google is also a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. The transfer of your data to the US may therefore also be based on Article 45 GDPR or UK GDPR.

Social media profiles

We maintain a company profile on some social networks as detailed below in order to facilitate communication with users and interested parties and to provide further information or content. In this context, we use a service called Buffer to schedule posts and tweets and to analyse how these posts and tweets are interacted with.

Please note that user personal data may be processed outside the European Union. This can result in risks for the users – for instance, enforcing the users’ rights might be more difficult.

If you leave us messages or comment on these profiles, we process your personal data to communicate with you. This represents a legitimate interest; the legal basis is art. 6 (1) 1 lit f GDPR or UK GDPR. No further storage of communication data takes place outside these networks on our part.

The terms and conditions of the operators of these platforms apply. Be aware that we cannot provide further information as to any personal data processed by these operators during your visit to the above networks. We kindly ask you to refer directly to the information provided by these platforms and have included links to privacy policies or other relevant information below.

Also, should you have any requests for information or would like to assert your data subject rights, we would like to state that these can most effectively be asserted with the providers. Only they have access to their users’ data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you may of course contact us.

Facebook page

Details of the provider: Meta Platforms Ireland Ltd., 4 Grand Canal Quay, Grand Canal Bridge, Dublin 2, Ireland.

We are jointly responsible with Meta for the collection of the personal data of visitors to our Facebook page – but not for any further processing by Meta. We have concluded a joint control agreement with Meta.

Meta has agreed to deal with requests by data subjects about their rights. Users may, for example, send information or deletion requests directly to Meta. However, your rights as data subjects (especially with regards to information about the processing of your personal data, deletion of personal data, objection to processing, and complaints to the competent supervisory authority) are not restricted in any way by our agreement with Meta.

See “Things you and others do and provide” in the Meta Data Policy Statement to find out more about the personal data included, such as information about the types of content users view or interact with, or the actions they take.

As for information collected about a user’s devices, see “Device Information” – this may include IP addresses, operating system, browser type, language settings, or cookie information.

Meta also collects and uses information to provide analytics services, called “page insights”, to page operators to help them understand how people interact with their pages and with content associated with them. Information by Meta on the “Insights” pages.

Twitter

Details of the provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

Privacy policy

Soundcloud

Details of the provider: SoundCloud Limited, Rheinsberger Str. 76/77, 10115 Berlin, Germany.

Privacy policy

LinkedIn

Details of the provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Privacy policy

YouTube

Details of the provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.

Privacy policy

Bluesky Social

Details of the provider: Bluesky PBLLC, Seattle, WA US.Privacy policy