Cookie policy
How EUROPEUM-EDIC uses cookies and other trackers on this website, and how to manage your choices.
EUROPEUM-EDIC — Information Policy on Cookies and Other Trackers
Common parent policy, adapted per site (europeum.eu • EBSI site • EBSI Hub), including the pixels in our newsletters
Version 6.1 (draft)
1. Preamble and purpose
EUROPEUM-EDIC (hereinafter “EUROPEUM”, “the Consortium” or “we”) attaches paramount importance to the protection of the personal data of users of its websites, including the site dedicated to the European Blockchain Services Infrastructure (EBSI).
The purpose of this policy is to inform you, in a clear, transparent and complete manner, about the use of cookies and other trackers stored and/or read on your device (computer, tablet, telephone) when you browse our pages and receive our emails, about the purposes pursued, about the legal regime applicable to each category of tracker, and about the means available to you to exercise your choices. It is coordinated with our general privacy notice, to which it refers for everything that is not specific to trackers.
2. Scope and structure of the document
There is a single data controller: EUROPEUM-EDIC, which publishes the EBSI.
This information policy is designed as a common parent policy for all sites published by EUROPEUM, whose common provisions (identification of the controller, legal framework, definitions, principles, rights, remedies) are identical from one site to another.
It is then adapted, by an annex specific to each site, which sets out the legal basis chosen, the mechanism for obtaining the user’s choice and the exact inventory of trackers used for each site.
Our information policy is therefore designed to be read on two levels:
- The fundamentals (common core for all our services): why, for what purposes and under what legal regime we use trackers, for each of the services offered.
- The specific features of each service: the legal basis chosen, the means of obtaining your choice and the exact inventory of trackers are set out in the corresponding annex.
You can navigate our information policy using the following reading table:
3. Who places the cookies and who is responsible for them?
The cookies and trackers covered by this policy are placed under the responsibility of EUROPEUM-EDIC, which acts as data controller within the meaning of Article 4(7) GDPR.
EUROPEUM-EDIC is a European Digital Infrastructure Consortium (EDIC), established by Commission Implementing Decision (EU) 2024/1432 of 21 May 2024, on the basis of Article 13 of Decision (EU) 2022/2481 establishing the Digital Decade Policy Programme 2030.
Having its own legal personality, it is governed by Union law and by its statutes and, on a subsidiary basis, by the law of the host Member State, Belgium; its registered office is established in Brussels.
EUROPEUM-EDIC is tasked with deploying and operating the European Blockchain Services Infrastructure (EBSI) and, in that capacity, publishes the sites covered by this policy (see the table in Section 2).
Identification of the data controller: EUROPEUM-EDIC, Rue Belliard 40, 1040 Brussels, Belgium. Company / VAT number: BE 1011.199.165.
Data Protection Officer (DPO). For any question relating to this policy or to the exercise of your rights: data.protection@europeum.eu.
4. Applicable legal framework
This policy is established pursuant to the following texts, applicable to a publisher established in Belgium:
- Article 5(3) of Directive 2002/58/EC on privacy and electronic communications (ePrivacy), which makes the storage of information, or access to information already stored, in the user’s device subject to the user’s prior consent;
- Article 129 of the Belgian Act of 13 June 2005 on electronic communications, which transposes this requirement into national law and lays down the principle of prior consent, subject to limited exceptions for strictly necessary trackers;
- Regulation (EU) 2016/679 (GDPR), which defines consent and sets out the conditions for its validity (freely given, specific, informed, unambiguous and revocable), as well as the rights of data subjects;
- the Belgian Act of 30 July 2018 on the protection of natural persons with regard to the processing of personal data;
- the guidance of the Data Protection Authority (APD), the competent supervisory authority in Belgium, and Guidelines 05/2020 of the European Data Protection Board (EDPB) on consent.
5. What is a cookie or a tracker?
The terms “cookie” and “tracker” designate, interchangeably, all technologies enabling the placement of a small file (most often a text file) on the device used to browse our pages, and then the reading of information relating to your browsing. The concept also covers equivalent technologies such as invisible pixels (web beacons), locally stored identifiers (local storage) or device fingerprints.
Not all cookies have the same function or the same legal regime. It is the purpose of the tracker, and not merely its name, that determines whether or not it requires your consent.
6. The principle: prior consent, save for a strictly defined exception
The principle. Under Belgian law, the storage and reading of cookies on your device are subject to your prior consent, obtained under the conditions of Articles 4(11) and 7 GDPR. This consent must be freely given, specific, informed and unambiguous: it results from a clear positive act on your part, by purpose, and continued browsing does not constitute consent. It may be withdrawn at any time, as easily as it was given.
The exception. Excluded from this obligation, and therefore placed without obtaining your consent, are only those trackers whose sole purpose is to enable the transmission of a communication by electronic means, or which are strictly necessary for the provision of an online communication service that you have expressly requested. This exception is to be interpreted strictly.
Our audience-measurement cookies. Audience measurement (counting visits, analysing page views and traffic sources) falls under neither of these two exceptions, since a site functions without visit statistics. Consequently, all our trackers that are not strictly necessary, including those for audience measurement, are subject to your consent. The means of obtaining and managing this consent are set out in Section 7 (“Obtaining and managing your consent”) and in the annexes specific to each site.
7. Obtaining and managing your consent
For all our sites equipped with a banner, we apply a single standard for obtaining consent, by means of our consent management tool Cookiebot.
Obtaining. On your first visit to a site equipped with a banner, an information banner allows you to accept or refuse, by purpose, the cookies subject to consent. Refusal is as simple as acceptance, and no option is pre-ticked. Until you have expressed a choice, no tracker that is not strictly necessary is placed.
Modification and withdrawal. You may modify or withdraw your choices at any time, free of charge, by reopening the consent management module accessible from every page (link “Manage cookies” / “Review my preferences”). Withdrawal of consent does not affect the lawfulness of placements made before that withdrawal.
Good to know. The recording of your refusal itself relies on a cookie: if you delete all the cookies on your device, or if you change device or browser, this choice will have to be expressed again.
8. Configuring your browser
Independently of our consent management tool, you can configure your browser to accept, refuse or delete cookies. The procedure is set out in the help menu of each browser (Google Chrome, Mozilla Firefox, Safari, Microsoft Edge). We draw your attention to the fact that refusing certain cookies may impair access to certain features of the site.
9. Retention periods
The lifespan of each cookie is set out in the tables of the applicable annex. In any event, the trackers subject to consent and placed on your device have a limited lifespan, proportionate to their purpose, and your consent is sought again after a period not exceeding thirteen (13) months. The audience-measurement data collected via these trackers are retained for a period not exceeding twenty-five (25) months, then deleted or anonymised.
10. Your rights and remedies
Under the conditions provided for by the GDPR, you have, with regard to the data processed by means of cookies, the following rights:
- right of access (Art. 15), rectification (Art. 16) and erasure (Art. 17);
- right to restriction of processing (Art. 18) and right to data portability (Art. 20);
- right to object (Art. 21) and right to withdraw your consent at any time (Art. 7(3)).
These rights are exercised with our Data Protection Officer: data.protection@europeum.eu. For details of the procedures, retention periods and any transfers, please refer to our general privacy notice.
If, after contacting us, you consider that your rights are not respected, you may lodge a complaint with the Data Protection Authority (APD), Rue de la Presse 35, 1000 Brussels; www.autoriteprotectiondonnees.be. In accordance with Article 77 GDPR, you may also refer the matter to any other national supervisory authority competent for your place of residence, place of work or the place of the alleged infringement.
11. The pixels measuring opens and clicks of our newsletters
Unlike the cookies placed when browsing our sites, the pixels referred to here are inserted into the emails of our newsletter: a single newsletter, common to EUROPEUM and the EBSI, distributed by means of the HubSpot tool. A tracking pixel is an invisible image (the size of a pixel) embedded in an email, which makes it possible to know whether the message has been opened and which links have been clicked, for the sole purposes of measuring engagement and improving our content.
These are in no way advertising, retargeting or behavioural-profiling pixels. However, in legal terms, these pixels carry out a reading or writing operation on your device and therefore fall under the same regime as cookies (Guidelines 2/2023 of the EDPB, version 2.0 of 7 October 2024).
11.1. Legal regime: your prior consent
As with cookies, the insertion of a tracking pixel into our emails is subject to your prior consent (freely given, specific, informed and unambiguous) pursuant to Article 5(3) of Directive 2002/58/EC (ePrivacy) for the principle of consent, and Articles 4(11) and 7 GDPR for its definition and conditions.
We apply to all our subscribers a single, protective standard: we require your consent for the pixels measuring the open and click rate of our newsletters.
11.2. Obtaining and withdrawing your consent
Obtaining upon subscription. Your consent to the pixels is obtained at the time of your subscription to the newsletter, via a double opt-in procedure (confirmation by email). It is sought specifically, by means of clear information naming this purpose and a choice distinct from your decision to subscribe (a dedicated, non-pre-ticked checkbox): refusing the pixels does not prevent you from receiving the newsletter.
Withdrawal. You may withdraw your consent at any time, as easily as it was given, by means of the unsubscribe link and a dedicated link appearing at the foot of each email. Upon withdrawal, no further pixel is inserted into subsequent emails and the pixels of emails already sent are no longer used.
11.3. Data collected, minimisation and processor
In accordance with the principle of minimisation, only strictly necessary data are processed (open, date of open, clicks on links), to the exclusion of any profiling or cross-referencing with other data. Limited retention periods are defined. The routing of emails and the measurement are carried out by HubSpot, acting as processor within the meaning of Article 28 GDPR; the main hosting of the data is configured within the European Union (Germany) and a data processing agreement (DPA) is in force.
11.4. Information for subscribers whose address was collected before EUROPEUM-EDIC took over the sending of our newsletters
If your address was collected before this takeover, your consent to the use of the pixels will be specifically requested again by means of an email free of any pixel subject to consent. Until you have expressed it, no pixel subject to consent is used in the emails sent to you, and you may object at any time.
11.5. Pixels exempt from consent
Exempt from consent are only those pixels that are strictly necessary for security/authentication, or the individual measurement of the open rate for the sole purposes of deliverability (cleaning of “inactive” addresses), limited to retaining the date of the last open (without the time). As our purpose is statistical and content-improvement, our pixels fall under consent and not under this exemption.
12. Amendment and entry into force
This policy enters into force on the date of its publication online. It is liable to evolve in line with technical, regulatory and case-law developments. Any amendment applies as soon as it is published.
Version: 6.1 (draft). Date of last update: [to be completed before publication]. Last verification of legal sources: 23 June 2026. Cookie inventory of the EBSI site verified on the site build: 6 July 2026.
Annex B: Adaptation for the EBSI site (ebsi.eu)
Regime adopted: Matomo audience measurement subject to consent, obtained via Cookiebot; the Matomo script only loads after acceptance of analytics cookies. No session recording, advertising tracking, retargeting or behavioural profiling is used. The site is published under the exclusive editorial responsibility of EUROPEUM-EDIC.
Before you have expressed any choice, no cookie is placed on your device and the Matomo measurement script is not loaded. After consent, the site places exactly three first-party cookies, listed in the tables below. The site uses no local or session storage, no advertising or marketing cookies and no third-party tracking cookies.
B.1. Strictly necessary cookies (placed without consent)
This cookie is essential to recording your choices. It cannot be disabled from our consent management tool.
B.2. Audience-measurement cookies: Matomo (subject to your consent)
These trackers enable us to compile attendance and usage statistics (visits, page views, traffic sources, content performance) for the sole purposes of analysing the audience and improving the site. The data are processed by means of Matomo, self-hosted within the European Union (appstats.ebsi.eu), and are neither shared with advertising partners nor used for targeted advertising, retargeting or profiling. The Matomo script is loaded, and these cookies are placed, only after your consent has been obtained.
Minimisation measures applied: anonymisation of IP addresses, deactivation of cross-site tracking, limited retention, respect for the “Do Not Track” signal. These measures reduce the impact on privacy but, under Belgian law, do not dispense with consent.
[TO CONFIRM] The durations shown are the standard Cookiebot and Matomo values; they depend on the retention settings configured in our tools. Confirm the configured values and verify the exact expiry dates on the production domain before publication.
B.3. Contact and registration forms: no HubSpot cookies
The site’s forms (newsletter subscription and contact) are native forms which transmit the data you enter to HubSpot’s Forms API endpoint, configured within the European Union. No HubSpot script is loaded on the site and no HubSpot cookie is placed on your device, whether when browsing the pages or when submitting a form.
The measurement of opens and clicks of the newsletter emails (HubSpot pixel) does not relate to browsing the site: it is dealt with in Section 11 of this policy.
B.4. Tools that do not place a cookie on your device
Google Search Console. This SEO tool provides us with statistics from the Google index (keywords, position, indexing). It relies on a verification of site ownership and places no cookie or tracker on visitors’ devices. It therefore requires no consent on that basis.