Privacy Policy

BlueActionAA Project Privacy Notice

Last updated: January 2026

This Privacy Notice explains how personal data are collected, used and protected by the European Science Foundation (ESF) (“we”, “us”, “our”) in connection with the BlueActionAA – Empowering CommunityLed Action in the Atlantic and Arctic project, funded under the Horizon Europe Mission Ocean programme. This notice is provided in accordance with the EU General Data Protection Regulation (GDPR) and applies to all visitors to the project website, participants in project activities, and individuals engaging with the BlueActionAA cascade funding scheme.

1. Who is the Data Controller?

The European Science Foundation (ESF) is the Data Controller for all processing carried out through this website and for personal data processed as part of the BlueActionAA cascade funding scheme.

Contact details:

European Science Foundation (ESF)
1 quai Lezay Marnesia | BP 90015 67080 Strasbourg Cedex| France

Data Protection Officer:
Email: database@esf.org

Additional information on ESF data policies and procedures can be found here:
https://www.esf.org/wp-content/uploads/2025/12/GB-GDPR_ESF-Privacy-Policy-2025.pdf

2. What personal data do we collect?

a. When you visit the website

• IP address and technical logs
• Browser type, device information
• Cookies and analytics data:
     o Session Cookies
     o Comments Cookies

b. When you contact us

• Name
• Email address
• Organisation (optional)
• Content of your enquiry

c. When you submit an Expression of Interest (EOI) or an application

• Full name, affiliation, job title
• Professional contact details
• Organisational information (legal entity name, country, PIC number if applicable)
• Project proposal information, work package descriptions, budgets, partner details
• Declarations (conflict of interest, double funding, eligibility)
• Any other information you voluntarily provide as part of the application process

d. When your organisation is awarded funding

• Contractual contact details (name, email, position)
• Information necessary for audit, verification, reporting and publication obligations

We do not intentionally collect special category data unless voluntarily submitted by the applicant and strictly necessary for project purposes.

3. For what purposes do we process your data?

We process personal data for the following purposes:

• Operating and maintaining the project website
• Managing communications, newsletters, and event registrations
• Administering the BlueActionAA cascade funding scheme
• Processing Expressions of Interest and evaluating applications
• Contracting and monitoring awarded projects
• Reporting to the European Commission
• Ensuring compliance with ethics, transparency and audit requirements
• Publishing nonpersonal details of funded projects (see Section 6)

4. What is our lawful basis for processing?

We rely on the following lawful bases under Article 6 GDPR:

• Article 6(1)(e) – task carried out in the public interest (management of Horizon Europe cascade funding activities)
• Article 6(1)(c) – legal obligation (financial, audit and reporting obligations to the European Commission and EU bodies)
• Article 6(1)(b) – performance of a contract (for selected beneficiaries)
• Article 6(1)(a) – consent (only for optional communications such as newsletters)

5. Who do we share personal data with?

Personal data may be shared with:

• BlueActionAA consortium partners
• External evaluators and ethics reviewers
• The European Commission, CINEA, and mandated EU audit bodies (including OLAF, EPPO, ECA)
• The SmartSimple platform (as a processor providing the grant application system)
• Service providers supporting the project website and communication tools
• Mission Ocean Lighthouse partners where obligations apply

We do not sell or commercially share personal data.

6. Public disclosure

In line with Horizon Europe transparency rules, the following nonpersonal information about selected projects will be published:

• Organisation name
• Project title
• Funding amount
• Country
• Project duration

The following personal information about selected projects will be published:

• Project coordinators names
• Project coordinators contact details
• Project coordinators affiliation

7. Data retention

We retain personal data for the duration of the BlueActionAA project plus 5 years for audit and reporting purposes, unless a longer period is required by EU financial regulations.

Website logs may be retained for a shorter technical period.

The information collected about you during your interaction with the website will only be stored as long as necessary for the purpose(s) for which it was collected or for other legitimate business purposes, including to meet our legal, regulatory, or other compliance obligations.

8. Your rights

Under GDPR, you have the right to:

• Access your personal data
• Request rectification or erasure (subject to applicable legal limitations)
• Request restriction of processing
• Object to processing carried out under public-interest grounds
• Withdraw consent for optional communications
• Lodge a complaint with your national Data Protection Authority

9. International transfers

Data may be stored within the EEA. If personal data are transferred outside the EEA, such transfers will be carried out in accordance with the GDPR, including the relevant safeguards under Articles 44–46 and, where applicable, the limited derogations permitted under Article 49.

10. Contact us

If you have questions about this Privacy Notice or how your data are processed, contact the Data Protection Officer at:
database@esf.org