ESIDFI
ESIDFI

Privacy Policy

How ESIDFI handles personal data.

Last updated: 28 May 2026.

Who We Are

ESIDFI, the European Sovereign Institute for Digital Finance, is an independent research and advisory institute focused on European digital finance. This notice explains how we handle personal data when you visit this website, contact us, subscribe to research updates, or participate in ESIDFI activities.

For the purposes of this notice, ESIDFI acts as the controller for personal data submitted through this website, direct correspondence, research subscriptions, event participation, and advisory enquiries.

What We Collect

We collect only the information needed for clear institutional correspondence and basic website operation. This may include your name, organisation, role, email address, message content, event or research interests, and any information you choose to include in a form or email.

Website operation may also create limited technical information, including IP-derived security logs, browser type, device information, page requested, date and time of access, referral source, and cookie preference records. If optional analytics are enabled, we may process aggregate page measurement only after consent.

We do not use this website to intentionally collect special category data, payment data, government identification numbers, or information from children. Please avoid sending confidential or sensitive material through open website forms unless ESIDFI has specifically requested it through an appropriate channel.

Why We Use Personal Data

  • To respond to enquiries and manage correspondence.
  • To send research updates when someone has subscribed or requested them.
  • To administer events, roundtables, briefings, and advisory discussions.
  • To maintain website security, availability, and preference settings.
  • To keep internal records of institutional relationships and publication requests.
  • To comply with applicable legal, accounting, governance, or regulatory obligations.

Legal Bases

Depending on the context, ESIDFI may rely on consent, legitimate interests, contractual necessity, or legal obligations. Newsletter and optional cookie choices are based on consent. Correspondence, event administration, and institutional relationship management are generally handled on the basis of legitimate interests or steps taken at your request.

Where we rely on legitimate interests, we consider the limited nature of the data, the institutional context of the interaction, and the reasonable expectations of website visitors, correspondents, contributors, and event participants.

Sharing and Processors

We do not sell personal data. We may share limited data with service providers that help operate the website, manage email, host forms, administer events, or provide professional support. These providers should process data only for agreed purposes and under appropriate confidentiality and security obligations.

We may also share information if required by law, to protect the security or integrity of ESIDFI systems, or to establish, exercise, or defend legal rights. Public research outputs, event materials, or participant lists are not used to disclose personal data unless that disclosure is appropriate and communicated in context.

Research, Events, and Communications

If you register interest in research updates, events, roundtables, or briefings, ESIDFI may use your contact details to administer that activity and send related communications. You may opt out of non-essential updates at any time by using the unsubscribe mechanism where available or by contacting us.

Where ESIDFI receives professional biographies, speaker details, quotations, or institutional affiliations for publication or event use, those materials may be edited and used for the specific research, event, or communication purpose for which they were provided.

Retention

We keep personal data only for as long as needed for the purpose for which it was collected. Enquiry records are retained for follow-up and institutional continuity. Newsletter preferences are kept until you unsubscribe or ask us to remove them. Event records may be retained where needed for administration, reporting, or legal reasons.

Security logs and technical records are kept for a limited period unless a longer period is necessary to investigate misuse, maintain system integrity, comply with law, or resolve a dispute. When personal data is no longer needed, it is deleted, anonymised, or archived with access restrictions.

Security

ESIDFI uses reasonable organisational and technical measures to protect personal data against unauthorised access, loss, misuse, alteration, or disclosure. No public website, email system, or online form can be made completely secure, so please use appropriate care when deciding what information to send.

Your Rights

Depending on applicable law, you may have the right to request access, correction, deletion, restriction, portability, objection to processing, or withdrawal of consent. You may also have the right to complain to a competent data protection authority.

Withdrawing consent does not affect processing that took place before withdrawal. Some rights may be limited where ESIDFI must retain information for legal, security, archival, research, or legitimate institutional reasons.

International Transfers

If a service provider processes data outside the European Economic Area, ESIDFI should use appropriate transfer safeguards where required, such as adequacy decisions or standard contractual clauses.

Updates to This Notice

ESIDFI may update this Privacy Policy to reflect changes in the website, research activities, service providers, legal requirements, or institute operations. The date above indicates the latest published version.

Contact

To ask about privacy, data rights, or removal from ESIDFI records, contact contact@esidfi.eu.