Privacy Notice

Last updated: 17 April 2026

Introduction

GÉANT Vereniging, an association registered with the Chamber of Commerce in Amsterdam, the Netherlands, under registration number 40535155, with its registered office at Hoekenrode 3, 1102 BR Amsterdam, the Netherlands (“GÉANT”, “we”, “us” or “our”), is committed to protecting personal data and respecting privacy.

This Privacy Notice explains how GÉANT processes personal data where GÉANT acts as a controller under Regulation (EU) 2016/679 (the GDPR) and applicable national data protection laws. It describes what personal data we collect, how and why we use it, how long we keep it, with whom we may share it, whether we transfer it internationally, and what rights individuals have in relation to that processing.

In some cases, GÉANT may process personal data as a processor on behalf of another organisation, such as a member, institution, university, research organisation, project partner or service customer. In those cases, the relevant controller is responsible for providing the applicable privacy information.

GÉANT takes privacy, confidentiality, integrity and availability seriously and applies appropriate organisational, technical and security measures to protect personal data and maintain ongoing compliance with applicable data protection law.

This Privacy Notice does not describe every processing activity carried out by GÉANT in every context. Where GÉANT processes personal data in a specific context requiring more detailed or tailored transparency information, GÉANT may provide a separate privacy notice, information clause or service-specific notice.

Who we are

For the purposes described in this Privacy Notice, the controller is:

GÉANT Vereniging
Hoekenrode 3
1102 BR Amsterdam
The Netherlands
Chamber of Commerce No. 40535155

Data Protection Officer

GÉANT has appointed a Data Protection Officer (DPO).

If you have any questions, concerns or requests regarding this Privacy Notice or the way GÉANT processes your personal data, you may contact the DPO via the contact form.

You may also write to:

Data Protection Officer
GÉANT Vereniging
Hoekenrode 3
1102 BR Amsterdam
The Netherlands

Scope of this Privacy Notice

This Privacy Notice is GÉANT’s general privacy notice and applies where GÉANT acts as controller, unless a more specific privacy notice, information clause or service-specific notice applies.

This Notice applies, in particular, to personal data processed in connection with GÉANT events, services, projects, communications, websites and similar activities, except where a separate notice is provided for a more specific context.

GÉANT may obtain personal data directly from you or indirectly from your employer, affiliated institution, event organiser, project partner, contractor, service administrator or another organisation involved in the relevant activity.

Other privacy notices and information clauses

Depending on the context in which your personal data is processed, a more specific notice or clause may apply, including:

  • the GÉANT Employee Privacy Notice, which applies to the processing of personal data relating to GÉANT employees, workers, interns and similar staff members;
  • the GÉANT Project Privacy Notice, which applies to personal data processed in connection with GÉANT projects where project-specific governance, funding, reporting, dissemination or participation arrangements require a dedicated notice;
  • the Information clause regarding the processing of personal data for signatories and employees of the Contractor, which applies to signatories of agreements with GÉANT and to employees, representatives, authorised persons and other contact persons of the Contractor involved in the negotiation, conclusion, performance, administration or termination of the agreement; GÉANT publishes this as a separate notice.
  • service-specific privacy notices, where a particular GÉANT service, platform or tool provides more detailed information about the processing of personal data;
  • candidate or recruitment privacy notices, where you apply for a role with GÉANT.

Where a more specific notice applies, that notice supplements this Privacy Notice and, in the event of inconsistency, prevails in relation to the relevant processing activity.

How GÉANT collects and uses personal data

Events

Throughout the year, GÉANT organises, hosts, co-organises, supports and promotes events in different formats, including in-person, hybrid and virtual events.

For the purposes of this Privacy Notice, “events” include conferences, seminars, workshops, training sessions, webinars, information-sharing sessions, networking events, task force meetings, SIG meetings, social events and other similar gatherings organised or supported by GÉANT.

Categories of personal data

Depending on the type of event and your role in it, we may collect:

  • name;
  • organisation, institution or affiliation;
  • job title or professional role;
  • email address;
  • telephone number;
  • postal address;
  • billing or payment information, where relevant;
  • registration details and attendance information;
  • accessibility requirements, where voluntarily provided;
  • dietary requirements, where voluntarily provided;
  • special assistance requirements, where voluntarily provided;
  • level of education, experience or prior knowledge, where relevant for training events and voluntarily provided;
  • feedback, survey responses and event evaluation information;
  • photographs, audio recordings and video recordings taken during the event;
  • speaker biography, profile details, photograph and presentation-related information, where provided by the speaker;
  • information required to administer travel, reimbursement or participation support;
  • passport details or other identification details, where strictly necessary to prepare visa invitation or support letters requested by you or your organisation.

Purposes

We may use event-related personal data to:

  • register you for an event;
  • communicate with you before, during and after an event;
  • manage attendance, logistics, access control and event administration;
  • provide event-related services, including training delivery and speaker coordination;
  • administer invoices, payments, reimbursements or funding-related requirements;
  • provide accessibility or special assistance arrangements where requested;
  • issue certificates of participation or completion, where applicable;
  • evaluate, improve and report on our events and training activities;
  • contact you after an event for feedback, impact assessment or follow-up collaboration;
  • document and promote GÉANT events and activities using event photography, video or recordings;
  • support travel and immigration administration where visa support documentation is requested.

Legal bases

Depending on the relevant activity, GÉANT processes event-related personal data on the basis of:

  • performance of a contract or taking steps at your request before entering into a contract, including event registration, attendance administration, invoicing, and visa support requested by you;
  • compliance with a legal obligation, including where participant data and supporting records must be retained or disclosed under applicable financial, tax, audit, funding or reimbursement rules;
  • legitimate interests, including GÉANT’s interests in organising, administering, securing, documenting, evaluating and improving professional and community events, and in conducting related communications and follow-up activities;
  • consent, where required by law or where GÉANT chooses to rely on consent, including for certain optional surveys, optional profile materials, or specific uses of images or recordings where consent is the appropriate basis.

Where GÉANT relies on legitimate interests in the event context, those interests include the effective organisation of events, professional community engagement, service improvement, appropriate event security, accountability, record-keeping, reporting and the promotion of GÉANT’s activities.

Mandatory and optional data

Certain personal data is necessary to process your registration, manage your attendance, provide requested services, issue invoices, administer reimbursement, or prepare visa support documentation. If you do not provide data marked as required, GÉANT may be unable to register you, provide the requested support, or allow participation in the relevant event activity.

Accessibility, dietary, special assistance, optional survey and similar information is generally voluntary. Where such information reveals health or similar sensitive information, it should only be provided where necessary and requested for the relevant purpose.

Visa letters and passport details

If you request a visa invitation letter, or if your organisation asks GÉANT to issue one to support your attendance at an event, GÉANT may process additional identification data strictly necessary for that purpose, such as:

  • full name as shown on your passport;
  • passport number;
  • nationality;
  • date of birth;
  • passport expiry date;
  • travel or embassy-related information required for the visa support letter.

We will only process such information where it is necessary to prepare or support the requested documentation. Only the minimum information necessary should be provided, and passport or similar identification data should not be provided unless specifically requested by GÉANT through the designated channel.

Event photography, filming and recordings

GÉANT may take photographs and make audio or video recordings during events for documentation, community engagement, training, reporting, archival and communications purposes. These materials may be used on GÉANT websites, social media channels, blogs, publications and other communication materials.

Where required by law, or where recordings focus on identifiable individuals in a manner that is not reasonably expected in the context of the event, GÉANT will rely on an appropriate legal basis and provide additional notice where necessary.

Speakers, trainers and contributors

If you are a speaker, trainer or contributor, we may process additional professional information such as your name, professional title, organisation, contact details, biography, profile photo, presentation title, abstract and related materials.

Where you choose to provide this information, GÉANT may publish some of it in event programmes, websites, recordings or archives for event administration, educational and community purposes.

Events held with third parties

Some events are organised jointly with partners, sponsors, exhibitors, hosts or other third parties. Where this applies, we will make this clear in the relevant event information. If your personal data will be shared with such third parties, this will be explained on the relevant event page, form or invitation and, where appropriate, we will refer you to the third party’s privacy information.

Where an event is organised as part of a funded project, jointly with partner organisations, or under a specific project framework, a separate event-specific or project-specific privacy notice may supplement this Privacy Notice.

GÉANT services

Depending on the service, GÉANT may process personal data such as:

  • name and affiliation;
  • username or account identifier;
  • email address;
  • IP address;
  • log records;
  • technical log data;
  • device information;
  • SSH public keys;
  • application identifiers;
  • general location or region derived from service access;
  • contact and operational metadata required for identity, trust, federation, authentication, authorisation or service administration.

Purposes

We may use this personal data to:

  • provide, operate, secure and support the requested service;
  • authenticate users and manage access;
  • meet contractual and service delivery obligations;
  • maintain records for operational, audit and security purposes;
  • diagnose service issues and monitor infrastructure;
  • respond to support requests, concerns and queries;
  • improve service performance, usability and resilience;
  • generate usage statistics and reports where appropriate;
  • enable collaboration features within services;
  • detect, prevent and respond to misuse, incidents or security threats.

Legal bases

Depending on the relevant service activity, GÉANT processes service-related personal data on the basis of:

  • performance of a contract or steps taken at your request or at the request of the relevant customer organisation;
  • compliance with a legal obligation, where applicable;
  • legitimate interests, including GÉANT’s interests in operating, securing, supporting, monitoring and improving services, ensuring network and information security, maintaining records, generating appropriate statistics and protecting systems against misuse or abuse;
  • consent, where required by law for a specific feature or technology.

For some services, GÉANT acts as a processor on behalf of another organisation. In those cases, the relevant customer or institution is the controller and should provide the applicable privacy notice.

If certain account or operational data is not provided, GÉANT may be unable to create, maintain or support the relevant service access.

GÉANT projects

GÉANT participates in and manages national, European and international projects. In that context, GÉANT may process personal data relating to project participants, representatives of partner organisations, speakers, evaluators, reviewers, contributors, beneficiaries, attendees, mailing list participants, reimbursement claimants and other stakeholders.

Purposes

Project-related personal data may be processed to:

  • organise and administer project activities;
  • manage participation, collaboration and communications;
  • meet funding, governance, reporting and audit requirements;
  • manage events, dissemination and training connected with the project;
  • document outputs, participation and accountability;
  • protect project systems, information and operations.

Legal bases

Depending on the activity, GÉANT processes project-related personal data on the basis of:

  • performance of a contract or project arrangement;
  • compliance with a legal obligation or binding funding, audit or reporting requirement;
  • legitimate interests, including GÉANT’s interests in administering projects, maintaining accountability, documenting activities, enabling collaboration and protecting project operations;
  • consent, where appropriate for specific optional processing activities.

Where project-specific processing requires more detailed transparency information, GÉANT may provide a separate GÉANT Project Privacy Notice, which will prevail for that context.

Publications and communications

If you subscribe to receive GÉANT newsletters, updates or similar communications, we may process your name, email address and communication preferences.

Purposes

We use this information to:

  • send you the content you requested;
  • manage your subscription;
  • understand engagement in aggregate form;
  • improve our communications.

Legal bases

Depending on the communication, GÉANT processes this personal data on the basis of:

  • consent, where required for subscription-based communications;
  • legitimate interests, where communications relate to professional engagement, relationship management or requested non-marketing updates and such interests are not overridden by your rights and freedoms.

Where GÉANT relies on legitimate interests in this context, those interests include keeping relevant stakeholders informed about GÉANT activities and improving communications.

You can unsubscribe at any time using the unsubscribe option included in the communication or by contacting GÉANT.

Recruitment

GÉANT’s recruitment process is managed through official recruitment channels and may involve recruitment service providers acting on GÉANT’s behalf.

If you apply for a role with GÉANT, your personal data will be processed in accordance with the applicable Candidate Privacy Notice and, where applicable, the Employee Privacy Notice once an employment relationship begins.

Website use, cookies and analytics

When you visit GÉANT websites, certain information may be collected automatically and stored in log files, such as IP address, browser type and version, device type, operating system, referring URL, pages visited, date and time of access, and usage and navigation information.

Purposes

We use this information to:

  • operate and secure our websites;
  • understand user needs;
  • maintain performance;
  • improve website functionality and user experience;
  • generate analytics and usage insights where permitted.

Legal bases

GÉANT processes website-related personal data on the basis of:

  • legitimate interests, including interests in website operation, security, maintenance and improvement;
  • consent, where required by law for non-essential cookies, analytics or similar technologies.

Cookies and analytics

GÉANT websites may use cookies and similar technologies to support functionality, preferences, analytics and user experience. Further information is provided in the applicable Cookie Policy. Where required by law, non-essential analytics or similar technologies will only be used on the basis of consent.

Categories of recipients

GÉANT may share personal data, where necessary and in accordance with applicable law, with:

  • service providers and processors acting on GÉANT’s behalf;
  • event partners, co-organisers, sponsors or exhibitors, where this has been communicated to you and is relevant to the event;
  • project partners, funders or stakeholders, where necessary for participation, administration, reporting, reimbursement, audit or compliance;
  • professional advisers, auditors and insurers;
  • public authorities, regulators, supervisory authorities or law enforcement bodies, where legally required or permitted;
  • other organisations where necessary to protect rights, safety, property, systems or legal interests.

Where GÉANT uses third-party service providers, it will put in place appropriate contractual, confidentiality and security safeguards and require them to process personal data only on documented instructions and only for the relevant purposes.

GÉANT does not sell personal data.

International transfers of personal data

GÉANT is established in the Netherlands and also operates in the United Kingdom. Personal data may therefore be processed in those locations and, where necessary, in other countries.

Where personal data is transferred outside the European Economic Area (“EEA”) or, where applicable, outside the United Kingdom, GÉANT will ensure that the transfer is made in accordance with applicable data protection law.

Where the European Commission or, where applicable, the competent UK authority, has adopted an adequacy decision in respect of the destination country, territory or framework, GÉANT may rely on that adequacy decision for the relevant transfer. Under the GDPR, adequacy decisions are a recognised route for international transfers.

Where no adequacy decision applies, GÉANT may rely on the European Commission’s Standard Contractual Clauses (“SCCs”) as an appropriate safeguard for the transfer. The current EU SCCs were adopted by Commission Implementing Decision (EU) 2021/914.

Where GÉANT relies on SCCs, GÉANT will assess, before the transfer and where appropriate on an ongoing basis, whether the law and practice of the destination country may affect the effectiveness of the SCCs and whether additional safeguards are required. This assessment is commonly referred to as a Transfer Impact Assessment (“TIA”). The EDPB recommends this assessment and, where needed, supplementary technical, contractual and organisational measures to ensure a level of protection essentially equivalent to that guaranteed under EU law.

Where required, GÉANT will implement supplementary measures in addition to the SCCs, such as data minimisation, contractual restrictions, access controls, encryption, pseudonymisation, internal governance controls or other technical, contractual or organisational measures appropriate to the circumstances of the transfer.

You may request further information about the safeguards used for a particular transfer, including the relevant transfer mechanism relied upon and information about how to obtain a copy of the applicable safeguards, by contacting the GDPR team. Article 13 GDPR requires the notice to identify the applicable safeguards and the means by which a copy may be obtained or where they have been made available.

General storage and retention rules

GÉANT stores personal data in a manner that is appropriate to the nature of the processing activity, the sensitivity of the data, applicable legal and regulatory requirements, operational needs, security requirements and accountability obligations.

As a general rule, GÉANT retains personal data only for as long as necessary for the purposes for which it was collected and processed, including, where applicable, to:

  • provide services and administer relationships;
  • organise events, projects and community activities;
  • comply with contractual, legal, tax, accounting, audit, funding and reporting obligations;
  • maintain appropriate business and security records;
  • investigate incidents, complaints or disputes;
  • establish, exercise or defend legal claims;
  • meet archiving, research, historical or statistical requirements where permitted by law and subject to appropriate safeguards.

Retention periods may therefore differ depending on the category of data, the context of the processing and the applicable legal basis.

At the end of the relevant retention period, personal data will be deleted, anonymised or securely archived, unless further retention is required or permitted by law.

Where GÉANT maintains internal retention schedules, records management rules, document classification rules or storage rules, personal data will also be retained in accordance with those internal governance rules, as applicable.

Indicative retention periods by processing context

Without prejudice to the general retention principles above, the following indicative retention periods apply unless a specific notice, contract, funding rule, legal requirement, litigation hold, audit requirement or documented exception requires longer retention.

Events

Unless a different period is specified for a particular event or required by law:

  • attendee lists for conferences, training sessions and meetings are generally retained for no longer than 4 years;
  • feedback forms are generally retained for no longer than 4 years;
  • photographs and recordings may be retained for a longer period, including for archival, historical, educational and communications purposes, unless removal is required by law or justified on request;
  • where participants claim reimbursement under European Commission or other funding rules, participant lists and related supporting documentation may be retained for the duration of the relevant project and for up to 10 years after the end of the project, or longer if required by applicable funding, audit or legal rules;
  • passport details or visa-support identification data will be retained only for as long as necessary to prepare, issue and administratively support the relevant visa documentation, unless a longer retention period is required by law or justified for audit, funding or dispute-management purposes.

Services

Personal data used to provide GÉANT services is generally retained for the duration of service use and for a limited period afterwards, for example to manage queries, continuity, audit and security follow-up. Service-specific retention periods may be described in the relevant service privacy notice.

Publications and communications

Subscription data is retained for as long as you remain subscribed or until you unsubscribe, object or the service is discontinued.

Recruitment

Personal data relating to unsuccessful candidates is generally retained for up to 12 months after a hiring decision, unless a different period is stated in the applicable candidate privacy information or you ask GÉANT to retain your details for future opportunities. If you join GÉANT, relevant recruitment information may become part of your employment record and be retained in accordance with applicable employment retention rules and the Employee Privacy Notice.

Projects

Project-related personal data may be retained for the duration of the relevant project and for an additional period necessary to meet funding, reporting, audit, accountability, legal or archival requirements, as described in the applicable GÉANT Project Privacy Notice or project-specific documentation.

Contractors and business counterparties

Personal data relating to signatories and employees, representatives or other contact persons of GÉANT’s contractors is retained in accordance with the dedicated contractor information clause and applicable contractual, accounting, tax, audit and legal claims retention requirements. GÉANT publishes that contractor clause separately.

Your rights

Subject to applicable law, you may have the right to:

  • request access to your personal data;
  • request rectification of inaccurate or incomplete personal data;
  • request erasure of your personal data;
  • request restriction of processing;
  • object to processing carried out on the basis of legitimate interests;
  • withdraw consent at any time, where processing is based on consent;
  • request data portability, where applicable;
  • lodge a complaint with a competent supervisory authority.

To exercise your rights, please contact the GDPR team.

GÉANT may need to verify your identity before responding to a request. This verification is necessary to protect personal data and to ensure that rights are exercised by the correct individual.

If some personal data is required to fulfil a legal or contractual requirement, establish or maintain a service, process an event registration, or provide visa or reimbursement support, GÉANT may be unable to perform that activity if the required data is not provided. Article 13 GDPR requires the notice to explain this where applicable.

Automated decision-making

GÉANT does not carry out solely automated decision-making producing legal effects or similarly significant effects on individuals in the context of this general Privacy Notice, unless otherwise stated in a more specific notice. If that position changes, GÉANT will provide the information required by applicable law.

Complaints to supervisory authorities

You may lodge a complaint with the supervisory authority in the country where you live, work or where the alleged infringement took place, including:

The Netherlands
Autoriteit Persoonsgegevens

United Kingdom
Information Commissioner’s Office (ICO)

Security of your personal data

GÉANT implements appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access.

These measures are designed taking into account the nature of the personal data, the risks involved and the state of the art, and may include access controls, logging, monitoring, encryption, secure development practices, contractual safeguards, staff training and incident management procedures.

While GÉANT works to protect personal data, no online environment can be guaranteed to be completely secure. Users should also take appropriate steps to protect their credentials, devices and communications.

Changes to this Privacy Notice

GÉANT may update this Privacy Notice from time to time to reflect legal, operational, technical or organisational changes. The most recent version will always be published in the relevant location and will indicate the date of the latest update.

Latest changes: this revision clarifies the scope of the Notice, updates the Data Protection Officer contact details, introduces clearer rules on events, recordings and visa-support processing, adds references to separate employee, project and contractor privacy notices, strengthens the explanation of legal bases and retention rules, and updates the section on international transfers. This revision of the Privacy Notice was prepared by GÉANT’s Data Protection Officer.

We encourage you to review this Privacy Notice periodically.

Questions, concerns and complaints

If you have any questions, concerns or complaints about this Privacy Notice or how GÉANT processes your personal data, please contact:

Data Protection Officer
Contact form

Postal address:
GÉANT Vereniging
Hoekenrode 3
1102 BR Amsterdam
The Netherlands

GÉANT Association

Hoekenrode 3 1102 BR – Amsterdam – Zuidoost- The Netherlands

Tel number: +31 20 530 4488 | Contact form

If you wish to raise a complaint directly with the relevant supervisory authority, their details are:

For Netherlands

Dutch Data Protection Authority:  Autoriteit Persoonsgegevens
Postbus 93374 2509 AJ DEN HAAG.
Telephone number: (+31) – (0)70 – 888 85 00.
GÉANT’s registration number in Netherlands is FG004357

For United Kingdom

Information Commissioners Office
Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF
https://ico.org.uk/global/contact-us/
GÉANT’s registration number in the UK is ZA187860