Effective Date: 23rd of August, 2023

Privacy Notice  

Our main goal at European Crypto Initiative (hereinafter the “EUCI”) is to shape EU regulation to favour open, permissionless, decentralised applications leveraging blockchain technology while advocating for an innovative EU environment, supporting technological development for SMEs and innovative Crypto Assets Service Providers. At EUCI we are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and the California Privacy Rights Act (CPRA). This Privacy Policy outlines how we collect, use, disclose, and protect your personal information when you interact with our website found on the https://eu.ci/ (hereinafter the “Website”) . By accessing or using our website and services, you consent to the practices described in this Privacy Policy.

1 What data we collect 

We may collect various types of personal information from you when you visit our Website. We only process your personal data if this is necessary to provide a functional website or to provide you with our contents and services. The processing of personal data only takes place based on the appropriate legal basis and as permitted by law. 


For those who choose to subscribe to our Newsletter, we gather the following information, among others:

  • Name and surname, so we can personalize our communications.
  • Your username.
  • Email address or other contact information, allowing us to keep you updated with relevant content.


Currently our system does not actively gather data relating to your computer system. It’s important to note, however, that we reserve the right to collect such data in the future, in line with our policies. Potential data points that could be collected include, but are not limited to:

  • Device information, such as your IP address, browser type, operating system, and other technical data.
  • Internet or other electronic network activity information, which includes information about your interactions with our website, pages visited, time spent on each page, and referring URLs, date and time of your access to our website
  • Geolocation data, if you choose to provide it or if your device’s settings allow us to access such information.
  • Any additional information you voluntarily provide to us through forms, surveys, or communications on our website.

2 How do we use collected data & On what legal basis 

We may use the information under Section 1 for various purposes, including but not limited to:

  • Providing you with the information you request.
  • Responding to your inquiries and providing support.
  • Sending you relevant updates, newsletters, and promotional materials related to our activities, as long as you’ve opted to receive them. 
  • Analyzing website usage and trends to improve and customize our content and user experience.
  • Ensuring compliance with the relevant laws and regulations.
  • Other communication with you.

If you are a partner or a member of EUCI, we reserve the right to communicate information and newsletters about our efforts based on a legitimate interest. You have the right to unsubscribe at any time. Our legitimate interest in accordance with Article 6(1)(f) GDPR arises from the need to inform you about our recent and upcoming activities, events and initiatives.

In addition to legitimate interest, we might also process your data with your explicit consent  in accordance with Article 6(1)(a) GDPR. Instances include when you register for a newsletter or support initiative by EUCI.

Additionally, in the future we might use collected data for other purposes such as data analysis, identifying usage patterns, assessing the efficacy of our promotional campaigns, and enhancing our services, products, marketing strategies, and, most importantly, your overall experience with the Website. 

3 Cookies and Tracking Technologies

At this time, our Website does not employ any cookies or tracking tools. However, while we currently do not utilize these technologies, we do retain the right to potentially implement them in the future. Should such a development occur, we will promptly notify our subscribers and adjust this policy accordingly.

Cookies, as you may be aware, are small fragments of data transmitted from certain websites to your web browser. These cookies are designed to capture information related to your previous browsing activities.

4 Third-Party Services

We may engage third-party services, such as analytics providers, advertising partners, and social media platforms, to assist us in understanding website usage, delivering targeted advertisements, and providing relevant content. These third-party services may also collect information about your interactions with our website and services. We may share your personal information with these third-party service providers to help us fulfill the purposes outlined in this Privacy Policy. Please be aware that these external services are governed by their respective privacy policies, and we encourage you to review them to understand how they handle your information. We use the following Third-Party Services:

  • Notion

Notion serves as our Customer Relationship Management (CRM) tool. This tool aids in managing our interactions and communications with you, ensuring that we provide efficient and personalized assistance. For a deeper understanding of Notion’s practices, you can review Notion Terms and Privacy Policy.

  • Google Workspace

We use your email address to communicate with you. For this purpose, we use Google Workspace, a communication and collaboration platform. Additionally, we utilize Google Drive, an integral part of Google Workspace, to securely store relevant information. For a deeper understanding of Google Workspace’s practices, please review Google Workspace’s terms at Google Workspace Terms and their privacy policy at Google Privacy Policy.


Our Newsletter subscription and analytics are managed by BREVO (formerly Sendinblue). This service facilitates seamless communication and allows us to analyze the effectiveness of our outreach. Learn more about Brevo’s practices at BREVO Terms of Use and BREVO Privacy Policy.

  • Google Analytics 

We use Google Analytics, a web analytics service provided by Google, Inc., to help us analyze how users use our site. For more information please see Google Analytics Terms.

5 International Data Transfers

It’s important to note that your Personal Data might be moved from your home country to third parties. If you’re an EU resident, this could involve transferring data to countries that might not offer an equivalent level of protection for your Personal Data. However, any such data transfer will only occur once we’ve established appropriate measures to safeguard your Personal Data. You can reach out to us to receive a copy of the safeguards we’ve implemented. Our contact details are provided at the end of this document.

Apart from the third-party services outlined in Section 4, we do not share your data with any other third parties, and we do not engage in international data transfers. Furthermore, it’s crucial to emphasize that third-party processors are strictly prohibited from transferring or allowing the transfer of personal data to countries beyond the EU and/or the European Economic Area (EEA) without obtaining prior written consent from EUCI. In situations where personal data processed is moved from a country within the European Economic Area to a country outside it, both parties will take concerted efforts to ensure the adequate protection of the Personal Data. As a standard approach, the parties will rely on EU-approved standard contractual clauses for the secure transfer of Personal Data, unless alternative arrangements have been mutually agreed upon.

6 Data Security

We implement appropriate security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction. Our data storage and processing practices are designed to ensure the confidentiality and integrity of your data. However, it is important to acknowledge that no method of transmission over the internet or electronic storage is entirely secure. Therefore, while we strive to protect your data, we cannot guarantee its absolute security.

We don’t share your personal information with others unless you give us permission. Our services are for people who are old enough to have their personal information protected by the law. We work to keep your data safe, but it’s important to know that sending and storing data online has some risks.

According to the CCPA/CPRA rules, “selling” personal information means giving it away for money or something valuable. We want you to know that we don’t sell your personal information and we have no intention of doing it in the future either.

8 Children’s Privacy

Our Website is not directed at or intended for children under the age of 13. We do not knowingly collect or solicit personal information from individuals under the age of 13. If you believe that we have unintentionally collected information from a child under 13, please contact us immediately, and we will take prompt measures to delete such information from our records.

9 Data Retention

We keep your personal information as long as it’s necessary for the purposes described in this Privacy Policy, or as required by the law. When we no longer need your personal information, we’ll make sure to get rid of it securely and in a manner that preserves your privacy.

10 Your Rights 

As a data subject covered by the GDPR or CCPA/CPRA, you have certain rights regarding your personal information. If you wish to exercise any of these rights (listed below under point 10) or have any privacy-related concerns, please contact us using the contact information provided at the end of this Privacy Policy.

10.1 Right of Access to Information 

You have the right to ask us whether we’re processing any personal data related to you. If we are, you can request specific details:

  • The types of personal data being processed.
  • How long we plan to store your personal data, or if that’s not certain, the criteria we use to determine the retention period.
  • The reasons for processing your personal data.
  • Your right to correct or delete your personal data, or limit its processing.
  • Your right to lodge a complaint with a data protection supervisory authority.

10.2 Right to Erasure

You have the right to request the deletion of your personal data without delay, and we must comply if any of the following situations apply:

  • You withdraw your consent and there’s no other legal basis for processing.
  • You object to processing under Article 21(1) of the GDPR, and there’s no overriding legitimate reason.
  • Your personal data is no longer needed for the reasons it was collected or processed.
  • Your personal data was processed unlawfully.
  • Deletion is necessary to follow Union or Member State law.
  • Your personal data was collected when you were a minor and offered information society services under Article 8(1) of the GDPR.

If your personal data has been made public and we’re required to delete it under Article 17(1) of the GDPR, we’ll take suitable measures, considering technology and costs, to inform other processors handling your personal data about your deletion request, including sharing links or copies.

The right to erasure doesn’t apply if processing is needed:

  • For legal claims.
  • To fulfill a legal obligation under Union or Member State law.
  • To uphold freedom of expression and information.
  • For tasks carried out in the public interest or official authority.
  • For public interest, scientific, historical, or statistical research, following Article 89(1) of the GDPR.

10.3 Right to Restriction of Processing

Under certain circumstances, you can request that we limit the processing of your personal data. We’ll make sure to inform you before lifting any processing restrictions. Before-mentioned circumstances include:

  • If we no longer need your personal data for processing purposes, but you need it to establish, exercise, or defend legal claims.
  • If you’ve objected to processing under Article 21(1) of the GDPR, and we’re still deciding whether our legitimate grounds outweigh your reasons.
  • If processing your personal data is unlawful, but you don’t want it erased. In this case, you can ask for its use to be restricted.
  • If you dispute the accuracy of your personal data, you can ask us to hold off processing until we verify its accuracy.
  • If we restrict your personal data, we’ll only use it for storage purposes or with your consent, for legal claims, for protecting others’ rights, or for vital public interests.

10.4 Right to Rectification

If we have incorrect or incomplete personal data about you, you can ask us to fix it, or provide any missing information. We’re committed to making these corrections promptly.

10.5 Right to Notification

If you’ve exercised your rights for correction, deletion, or processing restriction, we must inform recipients who’ve received your personal data unless it’s impossible or disproportionately effortful. If you want, we can give you information about these recipients.

10.6 Right to Data Portability

You have the right to receive your personal data that you’ve provided to us in a structured, easily readable format. You can also transfer this data to another controller without any interference from us. This applies if:

  • Processing relies on your consent under Article 6(1)(a) or Article 9(2)(a) of the GDPR, or on a contract under Article 6(1)(b) of the GDPR. 
  • Processing is automated.

If technically feasible, you can request us to send your personal data directly to another controller. This right doesn’t affect others’ rights and freedoms. However, it doesn’t apply to processing essential for tasks in the public interest or official authority.

10.7 Right to Object

You have the right to object if your personal data is processed based on Article 6(1)(e) of the GDPR, including profiling. We’ll stop processing your personal data unless we have strong legitimate reasons that outweigh your interests, rights, and freedoms, or if processing is necessary for legal claims. If your personal data is processed for direct marketing, you can object to it, including related profiling. In this case, we won’t process your personal data for these purposes anymore. 

10.8 Right to Withdraw Consent

You can withdraw your consent to process your personal data at any time. This doesn’t affect the legality of processing before the withdrawal. 

11 Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data practices or changes in applicable laws and regulations. The revised version will be effective once posted on this page, with the “Effective Date” reflecting the most recent update. We encourage you to review this Privacy Policy periodically to stay informed about how we handle your personal information.

12 Contact information

Contact information
Company name:EUCI ASBL
Address:2-4 rdpt Robert Schuman, 1040 Brussels, BELGIUM
Reg. No.: 0787409079

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at info@eu.ci. We will gladly assist you and address any privacy-related issues promptly.

By accessing and using the Website, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your personal information as described herein. We thank you for trusting us with your data and assure you that we will continue to uphold the highest standards in protecting your privacy.