Last updated: 1 January 2026.
1. Who we are
ESRF.net is the community platform of the European Security & Resilience Foundation, a not-for-profit organisation established in the European Union. For the purposes of the GDPR, the Foundation is the data controller for personal data processed through this website. Questions may be directed to privacy@esrf.net.
2. What we collect
We aim to process the minimum personal data necessary to operate the community. Categories may include:
- Listing data — name, sector, city, country, website and description of organisations that request a listing.
- Contact data — email addresses, names and role titles of individuals who write to us to request listings, submit dispatch items or contribute to the foundation.
- Technical data — anonymised server logs (IP address truncated, user agent, timestamp) kept for security and auditing.
We do not use third-party advertising trackers. We do not sell personal data.
3. Why we process it
Processing grounds under GDPR Article 6:
- Legitimate interest — operating and improving the atlas, directory and dispatch.
- Consent — when you explicitly opt in to receive correspondence from ESRF.net.
- Legal obligation — where retention of certain records is required by law.
4. How long we keep it
Listing data is retained for as long as an organisation appears in the directory, plus a reasonable archival period. Contact data is retained while a conversation is active and for a maximum of twenty-four months thereafter, unless legal obligations require otherwise.
5. Your rights
Under the GDPR you may request access to, rectification of, erasure of or restriction on processing of your personal data, as well as data portability and objection. Write to privacy@esrf.net. You may also lodge a complaint with your national supervisory authority.
6. Cookies
ESRF.net uses a minimal number of functional cookies necessary to operate the website. We do not deploy advertising or cross-site tracking cookies. Where a first-party cookie is optional, we ask for consent.
7. Third parties
We use a small number of trusted processors — in particular, map tile providers (CartoDB, OpenStreetMap) and static hosting infrastructure. These processors operate under GDPR-compliant terms. No personal data from our listings is shared with them.
8. Changes
We will post material changes to this notice on this page. Where a change is substantive, we will also attempt to inform listed organisations by email.