Skip to content
Home > Privacy policy

Privacy policy

1. Data controller

Your personal data are processed by the COST Association, an International not-for-profit Association (AISBL) under Belgian law, registered in Brussels clerk office under n° 0829.090.573.

If you have any queries about the process or how we handle your information please contact us at:

Address: COST Association, Communications Unit, Avenue du Boulevard – Bolwerklaan 21 – 1210 Brussels | Belgium

Emailprivacy@cost.eu

2. Who is concerned by this private policy ?

Every visitor of our website, people who use our services, e.g. who subscribe to our newsletter, register for an event, participate in a Call for expression of interest, webinar or workshop in the framework of the COST Academy as well as people who email us or tenderers/suppliers.

3. What information about you do we handle, why do we handle that information, what is the legal basis for those processings and for how long do we retain the information ?

We handle the hereunder mentioned personal data that we collect directly from you or via cookies (see cookies policy)

The data processings that we conduct are there because either you have consented to it or for performance of a task carried out in the public interest because the  COST Association was set up by States to execute tasks on their behalf that are better realised by a cooperation body than by those States themselves or because we, our COST Members or your country or institution of affiliation have a legitimate interest to do so or because we have a legal obligation to do so. You can find those reasons and legal bases hereunder.

3.1. When you make use of our website or our online library :

We use a third party service, Matamo, to collect standard internet log information and details of visitor behaviour patterns. We do this to find out things such as the number of visitors to the various parts of the site. This information is only processed in a way which does not identify anyone. We do not make, and do not allow Matamo to make, any attempt to find out the identities of those visiting our website. If we do want to collect personally identifiable information through our website, we will be up front about this. We will make it clear when we collect personal information and will explain what we intend to do with it.

This data processing is based on your consent (article 6.1.a of the GDPR).

You have the right to withdraw your consent at any time (see Your Rights hereunder).

3.2. When you register for newsletters, register for events, webinars, workshops or other COST Academy activities or participate in a call for expression of interests :

Based on your consent (article 6.1.a) of the GDPR) :

  • We collect and process your identification data (name, first name, title and email address) for registration and delivering of our newsletters and for being able to contact you when you participate in a Call for expression of interest. We use a service provider to deliver our newsletters and register your proposals in Call for expression of interest.

You may unsubscribe from our newsletters at any time. We will not keep your data once you have unsubscribed.

When you register for events, we collect through a service provider your identification data (name, first name, title, email address, and phone numbers), personal characteristics (gender) and professional data (position and institution).

When you register for webinars, workshops or other COST Academy activities, we collect and process your identification data (name, first name, title, email address, and phone numbers) and professional data (position, PhD title and year of obtention and institution). Those data are collected for the organisation of the event.

We also collect for the sake of having the right audience at workshops some personal characteristics (year of birth) and career details (your country of affiliation, role in a COST Action and possibly CV).

Should you not provide us with those data, your participation in events, workshops, webinars or other COST Academy activities will be compromised.

Should you speak during a webinar, your voice will be recorded.

The data we collect are kept as long as you do not oppose to it so as to possibly invite you again for other events that might be relevant to your field of research or your career development.

Webinars will be posted on our online library and accessible there as long as their content is relevant.

When you register for events or for webinars or workshop in the framework of the COST Academy, we also ask you:

  •  whether you have special dietary requirements or other specific needs. Those data are collected for the organisation of the event.

We do not keep your dietary requirements or other mentioned specific needs for longer than the event whether you are in agreement with us:

  • including your contact details in the list of participants to the event, webinar or workshop  that is made available to all participants for networking purposes;
  • taking and using pictures during the events, webinars or workshops for promotional and information purposes, including on COST website.

Not providing your consent for taking pictures is without impact on your participation to events, workshops or webinars.

The data we collect is kept as long as you do not oppose to it.

Based on our legitimate interests or those of the COST Members (article 6.1.f of the GDPR),

  • When you register for newsletters, we gather statistics around email opening and clicks using industry standard technologies including clear gifs. This information is only processed in a way which does not identify anyone. We do not make any attempt to find out the identities of those visiting our website.

3.3. When you email us, chat with us or otherwise contact us :

We process your contact details, when required, in order to provide you with the requested support. All our emails are archived for audit purposes for the duration of our audit obligations.

This data processing is based on your consent (article 6.1.a of the GDPR).

3.4. When you contact us to make use of your data subject rights :

We process your contact details and the proof of your identity you send us in order to address your request.  We can also depending on your request process other personal data we have collected also in order to address your request.

This data processing is for compliance with legal obligations to which we are subject (article 6.1.c of the GDPR).

We will store those data for a duration of one year starting at the 1 st Jan of the year following the one where the request was made. This duration aims at having history of the case in case the data subject comes back with further request. Further, all our emails are archived for audit purposes for the duration of our audit obligations.

3.5. We can also collect data that you otherwise made public in order to contact you when we think it is relevant for your and our business (journalists, service providers…)

This data processing is based on our legitimate interests and aims at creating collaboration in our fields of activities (article 6.1.f of the GDPR).

We retain those data as long as they are relevant.

3.6. When you tender for a contract with us or when you are one of our suppliers :

We process your identification data (name, first name, title, email address and phone numbers), financial data (bank account) to communicate with you and process your invoices.

This data processing is based on the performance of your contract or in view of its conclusion (article 6.1.b of the GDPR).

We will retain your data for the period where we are subject to audit under Belgian law or under our Framework Agreement with the European Commission. To calculate this period, the following elements have to be clarified:

With regard to Belgian law, we are bound to keep data for audit purposes for a period of  7 years as of 1st of January of the year following the closing of the accounting period (1 May – 30 April) within which those data have been collected.

In order to comply with our audit obligation with regard to our Framework Agreement with the European Commission, we retain the data for audit purposes for the duration of our Framework Partnership Agreement (currently 2014-2021) plus 3 years should we face no audit (the audit can start up to two years after validation by the European Commission of the Final Financial Report for the Programme (COST).

Should we be audited with regard to the Framework Agreement where we had a contract with you, those data need to be kept until the end of the audit.

As a conclusion, your personal data that we need to keep for audit purposes will be kept for the longest of the three durations above. This exact duration will depend on the date creation of the data and on events that we cannot define in advance (such as audits).

  • When you tender following a call for tender that we published or sent, we:

Will process according to the law on public procurement different personal data (identification data – name, first name, title and email address of the contact points – and financial data (bank account number).

Further, for the company which enters into consideration for awarding of the contract:

  • when your company is a personal company, we process your nationality and some identification data provided by public services (VAT n°, fiscal and social debts and the legal situation of the company)
  • for all companies, we collect an extract of the criminal register for the manager and Executive Board members of the company when required by law.

This data processing is for compliance with legal obligations to which we are subject (article 6.1.c of the GDPR).  In compliance with the law, we store those data for 10 years after the end of the procurement procedure (for non-awarded tenderers).

We might use service providers to support us in the processing of our public procurement and supply contracts.

4. Use of service providers and transfer to third parties

We do have recourse to service providers as mentioned above.

Those service providers otherwise referred to as data processors are third parties who provide elements of support to COST Association. We have contracts in place with our data processors which exclude the transfer of personal data to a third country or international organisation. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us. They will hold it securely and retain it for the period we instruct.

We do not transfer any of your data collected as mentioned above to any third party for commercial purposes.

5. How do we protect your personal data ?

Your personal data are handled in full confidentiality. We make all necessary effort to take technical and organisational measures that might be required so as to ensure security of your personal data.

6. How long is the information retained for ?

All incoming and outgoing emails to COST and other auditable documents (invoices…) are archived for the period where we are subject to audit under Belgian law or under our Framework Agreement with the European Commission. To calculate this period, the following elements have to be clarified:

With regard to Belgian law, we are bound to keep data for audit purposes for a period of  7 years as of 1st of January of the year following the closing of the accounting period (1 May – 30 April) within which those data have been collected.

In order to comply with our audit obligation with regard to our Framework Agreement with the European Commission, we retain the data for audit purposes for the duration of our Framework Partnership Agreement (currently 2014-2021) plus 3 years should we face no audit (the audit can start up to two years after validation by the European Commission of the Final Financial Report for the Programme (COST).

Should we be audited with regard to the Framework Agreement where your Action was funded, then, those  data need to be kept until the end of the audit.

As a conclusion, emails will be kept for the longest of the three durations above. This exact duration will depend on the date creation of the data and on events that we cannot define in advance (such as audits).

7. Your rights

Under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), you have rights as an individual which you can exercise in relation to the information we hold about you:

  • right to request from us access to and rectification of your personal data;
  • right to request erasure of your data (right to be forgotten) in the cases foreseen by article 17 of the  GDPR ;
  • right to obtain from us restriction of processing where there is contestation about the data processing for a period enabling to solve the issue;
  • right to data portability;
  • where the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Withdrawing your consent means that we will not make use of your data anylonger, including pictures. However, use made of your data in the past remains valid.
  • Your right to object
  • You have the right to object, on grounds relating to your particular situation, at any time to processing of your personal data which is based on Article 6(1), (f) of the GDPR (our legitimate purposes) as mentioned above.

To exercise those rights, please send us an email to privacy@cost.eu together with a proof of your identity or write us to the following address: COST Association, Privacy department, Avenue Louise 149, 1050 Brussels, Belgium.

Please note that you always have the right to lodge a complaint with the Belgian Privacy Commission at commission@privacycommission.be

This Privacy Policy was last updated on 2 May 2018.