Legal

Privacy Policy

How the European Initiative for Security Studies (RNA: 751263001) handles personal data on this website, in compliance with the GDPR and the French Data Protection Act.

The European Initiative for Security Studies (hereinafter "EISS", "we", "us", or "our") is committed to protecting and respecting your privacy. This Privacy Policy describes what personal data we process when you visit eiss-europa.com, what we do not do, and what rights you have.

This policy is in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the French Data Protection Act (Loi Informatique et Libertés).

1. Controller and Data Protection contact

The controller responsible for any personal data processing under this policy is:

The European Initiative for Security Studies (EISS)
CERI-Sciences Po, 56 Rue Jacob
75006 Paris
France

For any question, request, or complaint regarding your personal data, contact contact@eiss-europa.com.

2. What we do not do

To save you reading: on this website we do not

  • set any cookies of our own;
  • use any web analytics, tracking pixels, fingerprinting, or visitor measurement service;
  • embed any social-media widgets that load before you click them;
  • run any advertising network or programmatic ads;
  • sell, rent, or share any data with marketers.

This site is a plain static website. It runs in your browser, fetches a small CSS and JavaScript file, and that's it.

3. Data we may process

We minimise the personal data we process. The categories below are the only ones in scope of this policy:

  1. Server access logs. The site is hosted on GitHub Pages. When you load a page, GitHub records the request — IP address, user-agent string, and the requested URL — for security, abuse-prevention, and operational reasons. EISS does not have access to those raw logs. GitHub acts as our hosting processor and is bound by its own privacy statement.
  2. Contact correspondence. If you email us at contact@eiss-europa.com, we keep that correspondence in order to answer you, follow up, and manage our records.
  3. Membership and conference registration. If you become an EISS member or register for a conference, additional data is collected by the relevant third parties (see §5). Those interactions are governed by the policies of those services and by any explicit consent you give at the point of registration.

4. Browser storage

The site uses one localStorage entry, eiss-theme, to remember whether you have manually set the site to light or dark mode. It is written to your browser only when you click the theme-toggle button in the header. It contains the literal value "light" or "dark" and is never transmitted to us or to anyone else. You can remove it by clearing your browser's site data for eiss-europa.com.

This is not a cookie. It cannot be read by third-party scripts and does not follow you across other sites.

5. Third-party services

These third parties may receive data — typically your IP address and user-agent — as a technical side effect of loading or following content on this site:

  • Google Fonts (fonts.googleapis.com, fonts.gstatic.com). The site loads the Inter font stylesheet and font files directly from Google's CDN. Per Google's Fonts privacy statement, requests are logged briefly and the data is not used for ad personalisation.
  • GitHub Pages (github.io infrastructure) — see §3.1 above.

When you click an outbound link on this site — for example to Stripe (membership management), Indico (indico.eiss-europa.com, our events platform), YouTube, the COST Association, or any partner institution — you leave this website and become subject to that service's own privacy policy. None of those services are embedded on the pages of this site; they only see you when you choose to visit them.

6. Purpose and legal basis

The (very limited) processing described above rests on:

  • Your consent (GDPR Article 6(1)(a)) when you write to us or sign up for an EISS service;
  • Our legitimate interests (GDPR Article 6(1)(f)) in operating a secure, functional website — for example, GitHub's access logs for abuse prevention, and Google Fonts for displaying readable typography.
  • Legal obligations (GDPR Article 6(1)(c)) such as responding to lawful requests from public authorities.

7. Retention

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Email correspondence is kept while the matter is open and for a reasonable period afterwards for archival reasons. Server access logs are retained by GitHub according to their own schedule, which is outside our control.

8. International transfers

GitHub Pages is operated by GitHub Inc. in the United States. Google Fonts is operated by Google Ireland Limited with US-affiliated infrastructure. Both transfers rely on Standard Contractual Clauses approved by the European Commission and on the EU–US Data Privacy Framework where applicable, as documented in each provider's privacy statement.

9. Your rights

Under the GDPR and French data protection law, you have the right to —

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • request erasure, subject to legal requirements;
  • restrict or object to processing;
  • receive your data in a structured, commonly used format (portability);
  • withdraw any consent you have given, without affecting earlier lawful processing;
  • lodge a complaint with a supervisory authority — in France, the Commission Nationale de l'Informatique et des Libertés (CNIL).

To exercise any of these rights, email contact@eiss-europa.com. We aim to answer within one month.

10. Security

The site is served over HTTPS with HTTP Strict Transport Security. The source code is public (github.com/EISSeuropa/EISSeuropa.github.io), so any third party can inspect what runs in your browser. We take appropriate technical and organisational measures to protect any personal data we hold against unauthorised access, alteration, disclosure, or destruction.

11. Children's privacy

Our services are not directed at individuals under the age of 16, and we do not knowingly collect personal data from children under 16. If you believe we have received data from a child, please email us and we will delete it.

12. Links to third-party websites

This website contains links to external sites (see §5). This Privacy Policy does not apply to those sites and we are not responsible for their content or privacy practices. We encourage you to review their policies before disclosing any personal data.

13. Changes to this Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or in applicable law. The current version is always available at eiss-europa.com/policy.html, and the full history is preserved in the public Git repository linked above. Material changes will be flagged on the home page.

14. Contact

For any question, request, or complaint regarding your personal data or this Privacy Policy:

Email: contact@eiss-europa.com
Postal address:
The European Initiative for Security Studies (EISS)
CERI-Sciences Po, 56 Rue Jacob
75006 Paris
France

Last updated: 15 May 2026.