PRIVACY POLICY AND PERSONAL DATA PROTECTION POLICY
For the users of the website https://www.ebdh.org/ (the "Website")
Last update: Thursday, March 6, 2025
1. WHY A PERSONAL DATA PROTECTION POLICY?
The European Brain Data Hub ("EBDH" or "We") is committed to protecting your personal information. This policy explains how we use your data, what your rights are, and how you can exercise them. We act transparently and in compliance with applicable regulations, including Regulation (EU) 2016/679 of April 27, 2016 ("GDPR") and relevant national laws on privacy protection.
Technical terms such as "processing," "recipient," "data controller," "processor," "personal data," and "health data" are used as legally defined by the GDPR.
2. WHO IS THE DATA CONTROLLER?
We act as the data controller of your personal data.
Our contact details are:
European Brain Data Hub (EBDH)
International non-profit-organisation
Rue d’Egmont 11, 1000 Brussels
Company number: BCE 1013.171.235
Data processing carried out via EBDH's social media pages is jointly controlled by the respective social media platforms.
3. WHY AND HOW DO WE PROCESS YOUR DATA?
3.1 Managing interactions with the public
Purpose 1
Handling inquiries, messages, and calls
EBDH has a legitimate interest in appropriately responding to individuals who contact us via email, postal mail, social media, or telephone.
Purpose 2
Promotion of EBDH activities
This includes sending brochures about our services, newsletters, event invitations, and promotional activities related to our work.
​
Legal basis: EBDH has a legitimate interest in processing your personal data to promote its services and training programs, provided they are similar to those already offered. Sending newsletters generally falls under Article XII.13(1) of the Economic Code and the Royal Decree of April 4, 2003, requiring prior consent from recipients.
3.2 Operations related to training organization
Purpose 3
Organization of training and certification
Legal basis: Under Article 6.1.b of the GDPR, we process the personal data of our current partners, prospective partners, participants, and prospective participants as part of our pre-contractual and contractual. Additionally, EBDH has a legitimate interest in processing personal data to facilitate the participation of individuals in its conferences and training sessions (Article 6.1.f).
3.3. Operations related to personnel management and recruitment
Purpose 4
Processing applications and managing interviews
Legal basis: This processing is based on our pre-contractual and contractual relationships (Article 6.1.b).
Purpose 5
Creating a CV database
Explanation: We maintain a CV database to contact candidates whose profiles interest us when new positions become available.
Legal basis: The retention of CVs is based on the candidate's consent (Article 6.1.a). We also rely on our legitimate interest (Article 6.1.f) to build a candidate pool and improve our recruitment processes.
3.4. Other Operations Related to Site Traffic
Purpose 6
​Improving Our Services Through Website Usage Analysis
Purpose Explanation:
Enhancing our services by analyzing website usage (e.g., most visited sections and content, consultation duration). This analysis helps us improve the relevance and usability of our services.
Legal Basis:
We base these data processing activities on your consent (Article 6.1.a). In accordance with Article 122 of the Law on Electronic Communications, which transposes the ePrivacy Directive (Directive 2002/58/EC as amended by Directive 2009/136/EC on the processing of personal data and the protection of privacy in the electronic communications sector), EBDH processes your personal data only after obtaining your prior consent. (For more information, please refer to our Cookie Policy and click here).
Purpose 7
Ensuring the Security and Proper Functioning of the Website
Legal Basis:
EBDH has a legitimate interest in maintaining a technically functional and secure website, particularly by assigning user requests, remembering their preferences, ensuring session continuity, and guaranteeing the cybersecurity of its website (Article 6.1.f).
3.5. Operations related to the exercise of rights, disputes, and legal matters
Purpose 8
Managing requests for the exercise of rights
Legal basis: This is based on EBDH’s legal obligations under the GDPR (Article 6.1.c).
Purpose 9
Ensuring the protection and defense of our interests
Legal basis: We have a legitimate interest in processing your data in connection with any legal disputes (Article 6.1.f).
We do not use automated decision-making techniques that produce legal effects or significantly affect individuals.
4. DATA SOURCES AND CATEGORIES OF DATA PROCESSED
Data is collected directly from you or from third parties (e.g., former candidates, in the context of a legal disputes). Data may be gathered through forms, phone calls, or emails.
Processed data includes:
• Identification data (name, surname, address, email, phone number)
• Personal information contained in communications (messages, form data, etc.)
• Professional data (occupation, experience, job title)
• electronic identification data collected via our cookies (IP address, connections, location, date and time of connection, as well as other metadata).
5. DATA RETENTION PERIOD
Unless stated otherwise, we retain your data for five (5) years from our last interaction with you (e.g., end of contractual relationship, legal obligation, last contact, event-related data collection, etc.).
• General inquiry emails are usually deleted once a response is provided.
• Data from unsuccessful candidates is deleted within three (3) business days after a decision is made.
• Data from unsuccessful candidates who consent to being contacted for future positions is retained for one (1) year, extendable with renewed consent.
• Newsletter subscription data is retained for up to three (3) years after the last engagement unless unsubscribed earlier.
• In any case, the retention period for information collected through cookies is a maximum of six (6) months from the date the corresponding cookie is placed.
• In case of legal disputes, data is retained for ten (10) years after the case is closed.
Once retention periods expire, personal data is deleted or anonymized.
6. WHO HAS ACCESS TO YOUR DATA?
6.1. Internal recipients
Only personnel whose roles require access to your personal data can view it. Access is regularly reviewed and secured.
6.2. External service providers and partners
We may share data with:
1. Cloud storage and file-sharing service providers
2. Our website host
3. Academic partners (e.g., researchers and professors)
4. Partners involved in altruistic data projects
5. External IT service providers
6. Social media platforms
7. Event management websites
6.3. Legal authorities and other entities
Certain parties may access your data within their legal jurisdiction:
• Judicial bodies and public authorities (e.g., courts, administrative authorities like the Data Protection Authority)
• Lawyers, experts, etc.
• Other legally authorized services or organizations
6.4. Are your data transferred outside the European Economic Area ("EEA")?
Your data is not transferred outside the EEA, except to Switzerland, which benefits from a European Commission adequacy decision ensuring an equivalent level of protection under the GDPR.
7. YOUR RIGHTS
Under Articles 15 to 22 of the GDPR, you have the following rights:
• Right of access: You may request a copy of your personal data.
• Right to rectification: You may request correction of inaccurate or outdated data.
• Right to object: You may ask us to stop processing your data under certain conditions.
• Right to erasure: You may request deletion of your data (this is subject to legal exceptions).
• Right to restriction: You may request limited processing of your data.
• Right to data portability: You may request a structured copy of your data or its transfer to another controller.
• Right to withdraw consent: If processing is based on consent, you may withdraw it at any time.
To know more about your rights, you can visit the relevant page from the Belgian Data Protection Authority. To do so, please click here.
8. HOW TO EXERCISE YOUR RIGHTS
Requests can be sent via email to braindatahub@ebdh.org or by mail to our headquarters. A response will be provided within one (1) month, extendable by two (2) months if necessary.
9. COMPLAINTS TO A SUPERVISORY AUTHORITY
If you believe your rights are not being respected, you may file a complaint with your national Data Protection Authority.
In Belgium, you have two options:
1. Via the Data Protection Authority website, or
2. Via Mail:
Data Protection Authority
Rue de la Presse 35, 1000 Brussels
You may also pursue legal action if necessary.