Privacy Policy

The European Democracy Hub acts as a focal point for work on democracy, bringing together analysts and policymakers engaged with EU democracy support and democratic challenges in Europe. It is a joint initiative of Carnegie Europe and the European Partnership for Democracy.

The European Democracy Hub website is hosted by The European Partnership for Democracy. As such The European Partnership for Democracy (EPD) manages your personal data in compliance with the European Union’s General Data Protection Regulation (GDPR). Find out what personal data we process for which reasons and how it is being processed.

Who we are

The European Democracy Hub website is hosted by the European Partnership for Democracy (EPD). Our contact details are as follows:

European Partnership for Democracy
Rue Froissart 123-133
B-1040 Brussels
[email protected]

General and contact information

This Privacy Policy governs the processing of your personal data by the EUROPEAN PARTNERSHIP FOR DEMOCRACY ASBL, a nonprofit organization registered in the Belgian Crossroads Bank for Enterprises under the number 0648.708.779, with registered offices at B-1040 Brussels, Rue Froissart 123-133, (hereinafter referred to as “EPD”, “we”, “us” or “our”).

The privacy and security of your (hereinafter referred to as “you” or “your”) personal data are very important to us. We advise you to read our Privacy Policy carefully, as well as our respective Cookie Policies which forms an integral part of our Privacy Policy. These documents contain essential information on how your personal data is processed and what cookies are used.

We may receive your personal data directly from you via our website, its subdomains (e.g., and directories (collectively referred to as the “Platform”), any other means relating to information or communication technology, including emails and voice calls, or via any in-person interactions we might engage in. We may additionally receive your personal data from third-party sources, as set out below.

For the purpose of this Privacy Policy, we are to be considered the controller of your personal data. This means that the applicable data privacy legislation imposes certain obligations on us. The aforementioned legislation includes in particular:

  • the General Data Protection Regulation (Regulation (EU) 2016/679 of 27 April 2016, GDPR),
  • the Belgian Act of 30 July 2018 on the protection of natural persons in relation to the processing of personal data, and
  • the Act of 13 June 2005 on the electronic communication,

hereinafter collectively referred to as the applicable “Data Protection Legislation”, including future adaptations and revisions of the previous.

Should you have any questions regarding this Privacy Policy, or should you feel that your interests are not or are inadequately represented, please address your questions to us at [email protected].

In addition, you have the right to lodge a complaint at or to request more information from the competent Data Protection Authority in accordance with article 10 of this Privacy Policy. Should you ever have any questions or complaints, we invite you to first contact us in order for us to resolve any issues you might encounter.


What personal data do we collect and why? 

The personal data we collect and process about you will always be linked to the specific purposes set out hereunder.

We may gather personal data that you choose to share directly with us, for instance when you come into contact with us by e-mail, when you subscribe to one of our newsletters, participate in one of our events/workshops or when you become one of our members or contract with us as a supplier.

We may also collect your personal data through any other communication or telecommunication technology, notably through automated means, such as cookies for instance. Please refer to our respective Cookie Policies for more information relating to our processing of personal data via cookies and similar technologies: European Partnership for Democracy, European Democracy Hub and/or Youth Democracy Cohort.

Below you will find a more detailed overview of the relevant categories of personal data we gather and process, the purposes of the processing and more generally, how we process your personal data.

EPD processes the following personal data of you within the framework of its activities:


Category 1

Description: if we enter into a contract with you either as a member or supplier we process – depending on the case – your surname, first name, e-mail address, telephone number, organization/company name, registered office address and VAT number and other personal data you voluntarily provide us with in order to be able to perform our end of the contract.

Purpose and Legal basis: we will collect and use your personal data to: (i) be able to execute and perform our end of the contract. When you as an individual are our member or supplier, we rely on the necessity of processing your personal data for executing and performing the contract we have with you. However, if you act on behalf of an organization or other legal entity, we rely on our legitimate interest to be able to contract with members and suppliers when processing your personal data; (ii) do our normal business administration (e.g. invoicing and relationship management), for which we rely on our legitimate interest to manage our business responsibly and professionally; (iii) defend ourselves in legal proceedings, when it is in our legitimate interest to use your personal data in these proceedings.


Category 2 

Description: if you subscribe to one or our newsletters, we process your e-mail address.

Purpose and Legal basis: direct marketing and newsletters by EPD, with the legal basis being our legitimate interest in respect of existing members or your explicit, prior consent if you are not already a member of EPD. You can indicate at any time that you no longer wish to receive our newsletters by using the opt-out option in our newsletters or by contacting us directly by e-mail or telephone.


Category 3

Description: when you communicate with us via social media, email or any other digital communication channel, we may – depending on the form of chosen communication – collect your first and last name, email address, organization/company name, registered office address, social media account name and telephone number.

Purpose and Legal basis: we will collect and use your personal data to: (i) allow for the communication between you and us, for which we rely on our legitimate interest to be able to respond to requests, questions or remarks or to contact you proactively for inquiries of whatever kind (e.g. when you respond to a blog, use our contact form or contact us via social media, phone or e-mail); (ii) improve the Platform’s and social media pages’ content and the overall experience, for which we rely on our own legitimate interest to offer our visitors an interesting online space; (iii) detect and prevent malware, illegal content and behaviour and other types of misuse, for which we rely on our legitimate interest to keep our online presence safe.


Category 4 

Description: every time you visit our Platform, we may use cookies and similar technologies to collect various personal data about you, in particular your IP address, surfing behaviour, origin and search terms. You can find more information about the way we use cookies in our respective Cookie Policies: European Partnership for Democracy, European Democracy Hub and/or Youth Democracy Cohort.

Purpose and Legal basis: to maintain and improve our Platform and to include personal data in anonymous statistics from which the identity of specific persons or companies cannot be ascertained, with the legal basis of EPD’s legitimate interest in ensuring the security and proper functioning of our Platform in the case of necessary and functional cookies or your explicit, prior consent upon your first visit to our Platform for all other cookies.


Category 5

Description: if we have the pleasure of meeting you in person and you leave us your business card, we process your first and last name, organization/company name, e-mail address and/or telephone number.

Purpose and Legal basis: for normal business relationship management purposes relying on our legitimate interest to process these personal data, which is to be able to build up our network of contacts.


Category 6 

Description: if you register for any events/workshops organized by EPD, we process your first and last name, organization/company name, e-mail address and/or telephone number or any special needs or dietary preferences/restrictions. Group or individual candid photographs or video recordings can be taken at events/workshops.

Purpose and Legal basis: for the purpose of your participation to the event/workshop (your registration, contacting you about practicalities relating to the event …) and to provide you information about similar events/workshops and potential interesting projects or initiatives rely on our legitimate interest. If you don’t wish to be contacted about other events/workshops or initiatives, you will have the possibility to opt out for these emails in the respective communications. Some of the photographs and video images taken at the events/workshops may be published in various media, such as social media, magazines, newspapers. You will only be photographed or filmed when you have consented to this. If you wish photographs and video recordings of yourself to be removed from our website, social networks and archive, please send your request to [email protected].

For all of the personal data we have collected in the aforementioned circumstances, EPD will also process your personal data to: (i) comply with legal obligations or to comply with any reasonable request from competent law enforcement agents or representatives, judicial authorities, governmental agencies or bodies, including competent data protection authorities; (ii) inform a third party in the context of a possible merger with, acquisition from/by or demerger by that third party, even if that third party is located outside the EU, in which case we rely on our legitimate interest to engage in corporate transactions.

1. How long do we keep your personal data?

Your personal data are only processed for as long as needed to achieve the purposes which are described above or, when we asked for your consent, up until such time where you withdraw your consent. In this article we provide you with the information you need to assess how long we will keep your personal data identifiable. As a general rule, we will de-identify your personal data when they are no longer necessary for the purposes outlined above or when the retention period as explained in this article has expired. However, we cannot de-identify your personal data if there is a legal or regulatory obligation or a judicial or administrative order that prevents EPD from de-identifying them.

All personal data we collect through our interactions with you via the Platform, social media, phone, e-mail and other digital communication channels will be kept for as long as required to communicate with you, but also to keep an historical archive of our communications. This allows us to revert back to earlier communications if you return to us with new questions, request, remarks or other input.

All personal data we collect to send you our direct marketing or newsletter will be kept for as long as you remain subscribed to our mailing list or for as long as you remain our client.

All personal data we collect when you hand us your business card will be kept for as long as you do not request us to erase your personal data.

Photographs or video recordings of you at events/workshops are distributed online for as long as you do not request us to remove these.

All personal data we collect in the context of a contractual relationship with you or the organization you represent, will be kept for the duration of the contractual relationship and until ten (10) years thereafter.

2. With whom do we share your personal data

In order to provide our services to you and in order to make our Platform and social media pages available to you, we may share your personal data with third-party contractors and/or other controllers. The sharing of your personal data is either performed on the basis of our contract, in particular where this is necessary for the performance of our services, or is subordinately based on our legitimate interest to provide our services to you in the best possible manner.

We do not share your personal data with third parties for secondary or unrelated purposes than those mentioned in this Privacy Policy, unless expressly otherwise stated at the moment of collecting the particular personal data. Please consider that because of the complexity and changing nature of our services, we are unable to provide you with an exhaustive list of all third parties with whom your personal data may be shared. However, we have identified the following main categories of third-party recipients:

  • Our professional advisers
  • Government and regulatory authorities
  • Professional indemnity or other relevant insurers;
  • Third parties to whom we might outsource certain services such as, without limitation, event planners, IT systems or software providers, IT support service providers, documents and information storage providers.


3. International data transfers

Our office is located in Belgium and the personal data we collect is stored on servers in the European Economic Area (EEA).

However, for the purposes set out in Article 3, your personal data may be transferred to other jurisdictions outside the European Economic Area (EEA), and therefore not bound by the GDPR. The EEA consists of the EU, Liechtenstein, Norway and Iceland.

Where your personal data is transferred to third parties residing in these jurisdictions, we will implement appropriate safeguards in our agreement with such third parties to ensure that your personal data receives an adequate level of data protection at least equivalent to the level to which you are entitled under the GDPR. To this end, we assess the level of data protection in the country of transit or destination, taking into account in particular the relevant decisions taken by the European Commission. We may use the Standard Contractual Clauses adopted by the European Commission and any other appropriate solution as required or permitted by the applicable Data Protection Legislation.

4. Your data protection rights

Under the applicable Data Protection Legislation, you have certain rights with respect to your personal data that we collect and process.

If you would like more information about your rights as listed below or if you wish to exercise them, please send us an e-mail to . When exercising your data protection rights, we simply ask you to identify yourself correctly so that we can respond to your request within the time limits indicated below.

The exercise of your rights is free of charge and will be carried out within one (1) month of receiving your request. We may extend this period by a further two (2) months for a total period of three (3) months if your request is particularly complex. If we decide to extend the initial time limit, we will inform you of this decision in good time.

In cases where we consider your request to be manifestly unfounded or excessive, we reserve the right to charge you an administrative fee for the execution of your request or to refuse to process it. You will be informed of our decision within the above-mentioned time limits.

Below is a brief overview of the rights you can exercise in relation to your personal data:

  • Withdrawal of consent: you have the right to withdraw your consent for all processing activities subject to it;
  • Right of access: you have the right to request a copy of the data we process and hold about you, in an understandable format;
  • Right of rectification: you have the right to ask us to correct, amend or complete your personal data;
  • Right to erasure: you have the right to request the deletion of the personal data we process or store about you;
  • Right to restrict processing: In certain circumstances, you have the right to ask us to restrict the processing of your personal data. By exercising this right, the relevant personal data will remain in our possession, but we will not be able to process it further;
  • Right to object to processing: where we process and collect your personal data on the basis of our legitimate interest, you have the right to object to the processing of that data;
  • Right to portability of your data: this means that we can, at the request of the data subject, provide him/her with his/her personal data and/or provide it to third parties in a structured and machine-readable form.

5. Security of your personal data

We use generally accepted and reasonable technical and organisational methods, in line with current technological developments in operational security, to provide protection against the loss, misuse, alteration or destruction of all personal data that we store and process.

Our technical and organisational measures are frequently updated in order to adapt these measures to new technical and organisational procedures and to ensure the ongoing security of your personal data.

Our Platform contains links to other websites or Internet resources (hereinafter collectively referred to as “Third Party Sites”), which may also collect personal data, including through cookies or other technologies. We are not responsible for or control these Third Party Sites or their collection, use or disclosure of your personal information. We encourage you to review the privacy policies of these Third Party Sites to understand how they collect and process your personal data.

6. Modifications to this Privacy Policy

We may adapt and amend our Privacy Policy from time to time, in particular to take account of new data protection practices and to give you greater control over your personal data.

We will always make our Privacy Policy available on the Platform in its most recent version. You can also request that we send you the current or previous versions of our Privacy Policy by sending us an e-mail to [email protected]. At the top of this document, you will be able to check the date on which we last modified our Privacy Policy.

7. Your questions and queries

You undertake to provide us with accurate personal data. You can change the personal data we hold at any time by sending us an e-mail to [email protected]. We cannot be held responsible for any failure of our services due to incorrect information provided by you.

If you have any questions about our Privacy Policy or if you feel that your interests are not or are not adequately represented, you may direct any questions to us at the e-mail address listed above.

8. Applicable law and dispute resolution

Our Privacy Policy is governed by and interpreted in accordance with Belgian law, unless mandatory legal provisions state otherwise.

You have the right to lodge a complaint with the competent data protection authority, namely the authority of the Member State of your habitual residence, your place of work or the place of the alleged breach of the Applicable Data Protection Legislation.

The main data protection authority is the Belgian Data Protection Authority (l’Autorité de protection des données / Gegevensbeschermingsautoriteit), which can be reached by the following means of communication:

  • By following the instructions and filling in the form accessible via this link;
  • By sending a letter to the following address: rue de la presse 35, 1000 Brussels, Belgium;
  • By calling the following telephone number: +32 (0)2 274 48 00 ;
  • By sending an e-mail to the following address: [email protected].