This policy constitutes the Institute's position on the use of personal information in fulfilling its obligations to the public.


This website is hosted by the Institute for European Intelligence and Security. Representatives of the Institute may be reached via the contact page.

The Institute needs to gather and use certain information about individuals in order to function. This can include contact details, security, medical, financial and other personal information. This policy describes the Institutes position on how this information must be collected, handled and stored.

This policy ensures that the Institute:

This policy applies to:

The policy applies to all data that the Institute holds relating to identifiable individuals. This can include any information relating to individuals including but not limited to:

This policy helps to protect the Institute from data security risks, including:

Policy Statement

Information provided to the Institute shall be treated in full accordance with the EU regulations and standards.

Personal data will:

Everyone who works for or with the Institute has some responsibility for ensuring data is collected, stored and handled in line with this policy and data protection principles. However, these roles have key areas of responsibility:

All those covered by this policy are required to follow general protection guidelines for personal data:

These guidelines describe how and where personal data should be safely stored. Further questions about storing data can be directed to the data controller:

Personal data is at the greatest risk of loss, corruption or theft at the point of access. Therefore, personal data should:

The law requires that the Institute take reasonable and proportional steps to ensure data is accurate and up to date:

All individuals who are the subject of personal data held by the Institute are entitled to:

Requests for subject information should be made by e-mail, addressed to the data controller at the link below. The data controller can supply standard request forms but individuals do not have to use these.

Once a request for personal data is made by a data subject the data controller must provide the relevant data within 1 month.

Prior to releasing subject information individuals may be required to pay an administrative fee not exceeding €50 and proportional to the expenses incurred in processing the request. The identity of an individual making a request must always be verified prior to the release of any personal information.

In limited circumstances, a subject may make a request to prevent processing if it causes damage or distress. To do so a request must be made by e-mail stating what the objection is, how processing is unwarranted and reasons why handling is causing damage or distress.

Privacy Policy

The Institute aims to ensure that individuals are aware that their data is being processed and that they understand:

For the reasons described in this policy outline how personal data is used by the Institute.

The Chair of the Institute is a designated data controller for the purposes of this policy and relating legislation. The Institute takes takes great care to ensure that personal information is handled appropriately and confidence in their security and discretion is maintained.

The Institute may obtain personal information from a variety of open and closed sources, including government agencies, private individuals and organisations.

Personal information is typically processed by the Institute to facilitate, protect and promote the:

Personal and non-personal information may be processed in the legitimate interests of the Institute when those interests are not overridden by the interests of the fundamental rights and freedoms of the data subject. However, it is strictly prohibited for sensitive information to be processed for ancillary support purposes (e.g. routine administration, public relations, advertising and other marketing activities).

Our website automatically gathers some impersonal information from your computer such as your general location, when and what you viewed. This is collected to provide some insight into our visitors (e.g what pages to people like to visit most, from what countries and when?) so we can improve our site and services. None of the data our site gathers is specific enough to identify an individual.

Cookie policy: Cookies are very small text files that are stored on your computer when you visit some websites. We use cookies to help identify your computer so we can tailor your user experience and track changes you have made to parts of our site (e.g. e-learning entries, messages and other interactive elements). Our website statistics program also uses cookies so we can tell what pages you find most interesting so we can improve the performance of our site. You can prevent your browser storing cookies on your computer, but this may stop our website from functioning properly. Our cookies are designed to provide you with the best user experience. Functional cookies help programs on our website work and targetting cookies allow you to share our data with other websites.

The Institute will never make decisions that may affect an individual based solely upon the automated analysis of personal data.

By voluntarily submitting personal data to the Institute the data subject explicitly grants the Institute permission to process it for the purpose for which it was originally supplied and to retain it for as long as may be required to fulfil that purpose and satisfy any legal obligations relating to it.

The Institute ensures that personal information is handled lawfully and justifiably. Personal information must be as accurate and current as possible, adequate and not excessive to the task, in respect of individual's rights.

The Institute complies with the relevant parts of European data protection regulation, common security policies and ISO27001 information security standards.

Any data breach likely to result in risks to the rights and freedoms of individuals will be reported to the relevant authority within 72 hours of the data controller becoming aware of it.

Oversight: The Inspectorate is the independent regulator responsible for overseeing data protection compliance. In limited circumstances complaints may also be lodged with the relevant national data protection or supervisory authorities. To find out where your relevant authority is located please contact the data controller who will aim to address your query within 14 days.

Sensitive Data Policy

For legal and security reasons the Institute is required hold some sensitive data on data subjects (e.g. in order to satisfy legal obligations to conduct security checks on delegates). Sensitive information is subject to rigorous security standards and may only be used in the interests of public safety and security. The use of such information for ancillary support (e.g. routine administration, public relations, advertising and other marketing activities) is strictly prohibited.

When processing sensitive data, the Institute and its personnel are typically subject to national security, law-enforcement, research/analysis or third-party exemptions.

Related Policy

Risk assessment and mitigation is required whenever specific risks to the rights and freedoms of data subjects are identified. Recurring high risk functions have been identified in legal disclosure, security vetting and unsolicited communication. All risks have been mitigated or reduced through the application of security procedures. Further details are available upon request.

Additional security regulations outlined in 2013/488/EU surround the use of sensitive, privileged and classified material and form the basis of the Institutes standard operating procedure for the protection of that material.

Additional policies regarding the terms and conditions of sale and use of services provided by the Institute are provided in the Institutes general terms and conditions.

Policy reference: IEIS/0202/180524/1
Policy owner: Data Controller
Authorised date: 14 May 2018
Operational date: 25 May 2018
Review schedule: Annual