Privacy Policy

Last updated: May 2026

We are committed to protecting your personal data and respecting your privacy. This Privacy Policy explains what personal data we collect when you visit our website, how we use it, who we share it with, and what rights you have in relation to your data. It applies to all visitors to this website and is written in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws.

Who We Are

This website is operated by EPICENTER, located at The Library Ambiorix Square Ambiorix 10, 1000, Brussels. For the purposes of the GDPR, we are the data controller responsible for your personal data. If you have any questions about this Privacy Policy or how we handle your personal data, you can contact us at:

Email: info@epicenternetwork.eu
Address: The Library Ambiorix Square Ambiorix 10, 1000, Brussels

What Data We Collect

We collect the following categories of personal data when you visit our website:

Technical data — including your IP address, browser type and version, operating system, referring URLs, pages visited, and time and date of your visit. This data is collected automatically by our hosting infrastructure and security services.
Usage data — including information about how you navigate and interact with our website, such as pages viewed and time spent on each page. This data is collected only if you consent to Analytics cookies.
Cookie data — including your cookie consent preferences and session identifiers. Please refer to our Cookie Policy for full details of the cookies we use.
Contact data — including your name, email address, and any other information you voluntarily provide when you contact us through any contact form or email address listed on this website.

How We Use Your Data

We use your personal data for the following purposes:

To operate and secure the website — We process technical data and IP addresses to protect the website from malicious traffic, prevent fraud, and ensure its availability and integrity. The legal basis for this processing is our legitimate interest (Article 6(1)(f) GDPR).
To analyse website performance — With your consent, we use Google Analytics 4 to understand how visitors use our website and to improve its content and performance. The legal basis for this processing is your consent (Article 6(1)(a) GDPR). You may withdraw your consent at any time via the cookie settings in the footer of this website.
To respond to enquiries — If you contact us, we process your contact data to respond to your message. The legal basis for this processing is our legitimate interest in handling communications (Article 6(1)(f) GDPR), or the performance of a contract where applicable (Article 6(1)(b) GDPR).
To remember your preferences — We store your cookie consent choices so that you are not prompted repeatedly on return visits. The legal basis for this processing is compliance with our legal obligations under the ePrivacy Directive and GDPR (Article 6(1)(c) GDPR).

Third-Party Service Providers

We work with the following third-party service providers who may process your personal data on our behalf as data processors. We have ensured that each provider offers appropriate safeguards for the protection of your data.

Cloudflare, Inc. — Provides content delivery, DDoS protection, and bot management services. Cloudflare processes visitor IP addresses and request metadata to protect this website from malicious traffic. Cloudflare is certified under the EU-U.S. Data Privacy Framework. For more information, visit cloudflare.com/privacypolicy.
WP Engine, Inc. — Provides website hosting services. WP Engine processes data as a data processor on our behalf and stores website data on servers within the European Economic Area or under appropriate transfer safeguards. For more information, visit wpengine.com/legal/privacy.
Defiant, Inc. (Wordfence) — Provides website security and firewall services. Wordfence processes IP addresses and HTTP request data to identify and block malicious activity. For more information, visit wordfence.com/privacy-policy.
Google LLC (Google Analytics 4) — With your consent, we use Google Analytics 4 to collect anonymised usage statistics. Data may be transferred to Google servers in the United States. Google LLC is certified under the EU-U.S. Data Privacy Framework. You may opt out of Google Analytics at any time by adjusting your cookie preferences. For more information, visit policies.google.com/privacy.

International Data Transfers

Some of our third-party service providers are based outside the European Economic Area (EEA). Where personal data is transferred outside the EEA, we ensure that appropriate safeguards are in place in accordance with GDPR Chapter V, including reliance on adequacy decisions, Standard Contractual Clauses (SCCs), or participation in the EU-U.S. Data Privacy Framework.

Specifically, Google LLC and Cloudflare, Inc. are both certified under the EU-U.S. Data Privacy Framework, which has been recognised by the European Commission as providing an adequate level of protection for personal data transferred from the EU to the United States.

How Long We Retain Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

Technical and security logs — retained for up to 30 days by our hosting and security providers, unless retention is required for longer in connection with a security incident.
Analytics data — retained for 14 months within Google Analytics, in line with our GA4 data retention settings.
Cookie consent records — retained for 1 year, in line with the expiry of the consent cookie.
Contact enquiries — retained for as long as necessary to resolve your enquiry, and for up to 2 years thereafter unless a longer retention period is required.

Right to Lodge a Complaint

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in the EU member state where you are habitually resident, where you work, or where the alleged infringement took place.

A full list of EU data protection supervisory authorities is available at edpb.europa.eu.

Automated Decision-Making and Profiling

We do not use automated decision-making or profiling that produces legal or similarly significant effects on individuals as described in Article 22 of the GDPR.

Links to Third-Party Websites

Our website may contain links to third-party websites. This Privacy Policy applies only to this website. We are not responsible for the privacy practices of third-party websites and encourage you to review their privacy policies before providing any personal data.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices or applicable law. The date at the top of this page indicates when the policy was last updated. We encourage you to review this page periodically. Where changes are material, we will take reasonable steps to notify you.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us at:

EPICENTER, located at The Library Ambiorix Square Ambiorix 10, 1000, Brussels. Email: info@epicenternetwork.eu

Cookie	Provider	Purpose	Expiry
`cf_clearance`	Cloudflare	Stores the result of a passed Cloudflare security challenge, granting the visitor access to the website and protecting it from malicious traffic.	1 year
`__cf_bm`	Cloudflare	Used by Cloudflare's bot management service to distinguish between legitimate human visitors and automated bots, protecting the website from fraud and abuse.	30 minutes
`wordpress_logged_in_*`	This website	Authenticates logged-in users and maintains their session, allowing access to protected areas of the website.	Session
`wordpress_sec_*`	This website	Provides additional security hardening for the WordPress admin area by verifying user identity on sensitive requests.	Session
`wordpress_test_cookie`	This website	Verifies that the visitor's browser supports cookies. Required for the login process to function correctly.	Session
`wfwaf-authcookie-*`	Wordfence	Security cookie set by the Wordfence Web Application Firewall. Used to verify administrator-level access and block malicious requests before they reach the website.	Session
`wpe-auth`	WP Engine	Set by WP Engine hosting infrastructure to manage authenticated user sessions and ensure secure access to the website.	Session
`moove_gdpr_popup`	This website	Stores your cookie consent preferences as selected in this cookie manager. Ensures your choices are remembered and applied on every subsequent visit without prompting again.	1 year

Cookie	Provider	Purpose	Expiry
`_ga`	Google Analytics (GA4)	Registers a unique ID used to generate statistical data on how the visitor uses the website. Used to distinguish individual users across sessions.	2 years
`_ga_K7K4MX7TS1`	Google Analytics (GA4)	Used by Google Analytics 4 to persist session state and track individual measurement sessions associated with this website's specific GA4 property.	2 years

Privacy Policy

Who We Are

What Data We Collect

How We Use Your Data

Third-Party Service Providers

International Data Transfers

How Long We Retain Your Data

Right to Lodge a Complaint

Automated Decision-Making and Profiling

Links to Third-Party Websites

Changes to This Privacy Policy

Contact Us

EPICENTER, the European Policy Information Center, is an independent network of twelve leading think tanks from across Europe. It seeks to inform the European policy debate and promote the principles of a free society by bringing together the expertise of its members.

Contact

MFF

Useful