Skip to main content


We would like to inform users of our website what personal data we process and how we process it. According to the GDPR and UK GDPR, any information that identifies you or that can be used to identify you – such as your name, address, email address, user behaviour, or even your IP address – counts as personal data.

When delivering the content of this website or interacting with you, it is therefore unavoidable that we will process and sometimes store some of your personal data. We may need to share it with third-party entities in order to provide website content and to improve it, but we will never sell it. We store as much of this data on European Union servers as is currently feasible and aim to provide you with choices to protect your privacy, without overloading you with these options. We have implemented measures to limit our data collection and to keep your data safe, as described below.

If you have any concerns about the processing of your personal data, please do not hesitate to contact us or our data protection officer using the contact details below.

Controller and data protection officer

The re-Engage website and newsletter are brought to you by the European Council on Foreign Relations (ECFR).

This information applies to the entire pan-European ECFR organization, which comprises five legal entities as detailed below. Since all ECFR legal entities operate in a highly integrated manner, they are jointly responsible for processing your personal data according to article 26 of the GDPR and UK GDPR.

The ECFR legal entities, as joint controllers according to article 26 GDPR and UK GDPR, have amongst themselves agreed that European Council on Foreign Relations (ECFR) e.V. will take primary responsibility for ensuring compliance with GDPR and UK GDPR obligations, in particular transparency obligations and individuals’ rights.

Our contact details

Therefore, we kindly ask you to address any questions you might have about how we process your personal data to European Council on Foreign Relations (ECFR) e.V..

The ECFR contact details of our ECFR entities are as follows:

European Council on Foreign Relations (ECFR) e.V.


  • Registered Office: First Floor, 10 Queen Street Place
    London, EC4R 1BE
  • [email protected]
  • +44 (0) 20 7227 6860

Consejo Europeo de Relaciones Exteriores

Le Conseil européen – ECFR

The European Council on Foreign Relations Italy

Data protection officer

European Council on Foreign Relations (ECFR) e.V. has appointed a data protection officer (DPO). In case of any queries, you can reach the DPO using the contact details above and adding “attn of the DPO” or via e-mail: [email protected]

Your rights

Data subjects’ rights

You are entitled to the following rights towards us regarding your personal data:

  • Right to information
  • Right to rectification or deletion
  • Right to restriction of processing
  • Right to object to the processing
  • Right to data portability

To exercise your rights, we kindly ask you to address any queries to European Council on Foreign Relations (ECFR) e.V., using the contact details provided above.

Right of appeal to a supervisory authority

You also have the right to complain to the data protection supervisory authorities about our processing of your personal data.

Objection to the processing of your data

Where we base the processing of your personal data on the balancing of interests, you may object to such processing. This is the case if said processing is not required for fulfilling a contract to which you are a party, but for other purposes. We will provide details in the description of those processes below. When exercising an objection, we ask you to specify the reasons arising from your personal situation as to why we should not process your personal data in the manner we intend. In the event of a justified objection, we will examine the situation and either cease to process your data or adjust data processing, or we will share with you our compelling legitimate grounds for continuing to process your data.

Withdrawal of consent

If you have consented to the processing of your data, you may withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

Obligation to provide personal data

You are not obliged to provide the personal data collected on this website. There is no legal, contractual or other obligation, nor is the provision of your personal data required to conclude a contract. Insofar as data collection is required for a faultless display of this website, data is collected automatically during buildup of the website or after you have provided your consent.

Contacting us or subscribing to our newsletter is usually not possible without providing the minimum data.

Collection of personal data during your visit to our website

Data processed to display our website

We use external suppliers for secure and efficient hosting and delivery of the contents of our website. As a rule, the data is stored on servers within the European Union. Our hosting provider, for example, stores all data on servers located in Germany. Where there is an exception to this rule, we will advise you in the relevant section below.

When you visit our website for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect the personal data that your browser transmits to our server. When you visit our website, we will collect the following data, which are technically necessary for us to display our website to you and to ensure stability and security (the legal basis being article 6 (1) 1 lit. f GDPR or UK GDPR):

  • IP address
  • Date and time of the request
  • Time zone difference to Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status/HTTP status code
  • Website transmitting the request
  • Websites accessed by the user’s system via our website
  • Bytes downloaded
  • Browser
  • Operating system and interface
  • Language and version of the browser software

The above data will be stored in a log file for a duration of two weeks, after which it will be deleted. In case of any malevolent or criminal access, we reserve the right to store said data for further evaluation for a period of up to one month.


We use the content delivery network of Cloudflare Inc, 101 Townsend St., San Francisco, CA 94107, US (hereinafter: Cloudflare) for the delivery of the contents of this website. Cloudflare allows us to provide efficient content delivery based on geographical location as well as enhanced cyber security, for example from denial-of-service attacks.

To this end, when you visit our website, personal data, such as your IP address or other information about your browser or system, are transmitted to the Cloudflare servers. These servers may be located outside the European Union, for instance in the United States or other countries for which there has been no adequacy decision by the European Commission. For transfers from the European Union or the UK to the US, Cloudflare is a certified participant of the Trans-Atlantic Data Privacy Framework, which constitutes an Adequacy Decision of the European Commission according to Article 45 GDPR and has been approved as a so-called data bridge by the UK according to UK GDPR Article 45. For other cases, Cloudflare has signed standard data protection clauses to mitigate the risk of your personal data being transferred outside of the European Union. This is an appropriate safeguard according to  Article 46 (2) lit. c GDPR or UK GDPR. Learn more about the EU Standard Data Protection Clauses.

The legal basis for the use of Cloudflare is article 6 (1) 1 lit. f GDPR or UK GDPR, our legitimate interest being to provide security for our website and efficient delivery of the contents. Cloudflare also uses cookies to deliver its services, including load balancing, content delivery and DNS servers for website operators. The legal basis for these is § 25 (2) no. 1 TTDSG („Telekommunikation-Telemedien-Datenschutzgesetz“).

Further information on data protection at Cloudflare


Cookies are small text files that your browser stores on your hard drive which transmit certain information back to the party that has set the cookie (in this case, us). Cookies cannot run programs or transfer viruses to your computer. They are widely used to make websites function properly as well as to make them more user-friendly and effective.

This website currently does not use any cookies.

Contacting us

When you contact us by email or via the contact form, we will store the data you provide (your email address and message and – where applicable – your name) in order to answer your query.

We process this data to respond to your request or queries. Said processing takes place for the purposes of our legitimate interests (article 6 (1) 1 lit. f GDPR or UK GDPR), as it enables us to communicate with you in a satisfactory manner.


If you consent to receiving our newsletter, we will keep you posted about our activities, recent analysis, and other content on our website. We will also add your email and name to our ECFR database, as described in the ECFR privacy notice. If you are already in our database, we will connect the information with other ECFR data, such as data about ECFR mailings. The legal basis for this is our legitimate interest in maintaining a contact database of stakeholders and press members relevant to European foreign policy, and therefore Article 6 (1) f GDPR and UK GDPR. 

We use the so-called double opt-in procedure for our newsletter subscription. This means that we will send you a confirmation email after receiving your registration. In this email we will ask you to confirm that you do in fact want to receive our newsletter. If you do not confirm your subscription, your email address will not be added to our list.

After receiving confirmation from you, we will store your email address for the purpose of sending you the newsletter. The legal basis is Article 6 (1) 1 lit. a GDPR or UK GDPR.

We might track your user behaviour in relation to our newsletter. This means that we can track whether you open the newsletter emails we send and how often and on which links you have clicked in the newsletter emails we send. We do this to optimise the content of the newsletter and to provide you with information which may be of interest to you, as well as to provide statistical analysis about how our project is received to the other organisations involved in re-Engage and to our funders. The legal basis is your consent and therefore Article 6 (1) 1 lit. a GDPR or UK GDPR.

You may withdraw your consent and cancel your subscription to our newsletter at any time. Simply click on the link provided in every newsletter email, or write to us at  [email protected].

We use a service provider based in Germany to administer and send our newsletter.

To document your consent, we will store your IP address and the date and time of your subscription. We will store documentation of your consent based on our legitimate interest in proving that you have subscribed to the newsletter. The legal basis is Article 6 (1) 1 lit. f GDPR or UK GDPR. We may store this documentation for an additional 3 years after you revoke your consent.

Analytics and optimisation


We have integrated Matomo, a web analytics service, on this website.

Matomo allows us to collect and evaluate data about the behaviour of visitors on our website. Among other things, this may tell us about the website you came from (so-called referrer), which subpages of the website you accessed or how often and for how long you viewed a subpage, as well as data about your device, browser, or the region you are visiting from. We use this data to optimise our website and the contents provided.

Raw data collected by Matomo is deleted after 36 months. This data is not shared with third parties.

We use Matomo without cookies.

You may choose to prevent this website from aggregating and analyzing the actions you take here. Doing so will protect your privacy, but will also prevent the owner from learning from your actions and creating a better experience for you and other users.

You can also activate the “Do not track” setting in your browser to prevent the collection of data generated by Matomo relating to the use of this website altogether.

The legal basis for the use of Matomo is article 6 (1) 1 lit. f GDPR or UK GDPR, our legitimate interest being the optimisation of the website and its contents.

More information on Matomo and privacy

External resources

Embedded third-party content

Some entries in our website might have embedded content provided by third-party services, such as charts, graphics, posts, videos or audio. We initially block most of this third-party content, and it will only be loaded when you choose to.

To enable you to conveniently navigate the website, your setting for that specific third-party service will be stored in a cookie. If you prefer to be asked every time, simply opt out of this by disabling the checkbox or delete the cookie in your browser. When you re-enter/reload the website, you will be asked again about integrating the third-party content.

Visualisation tools

We use tools to visualise data and statistics on this website. To display these charts, maps and graphics, our website will establish a connection to the servers of the companies providing these visualisation tools, and transmit those data which are technically required to display the content in your browser. Usually, this will be at least the IP address as well as information about the browser and device, the date & time and the pages viewed.

The legal basis for displaying these charts, maps and graphics on our website and transmitting the required data to the service providers is our legitimate interest in providing this content to you in a way that is easy to view and relate to, and therefore article 6 (1) f GDPR or UK GDPR.

Currently, we use following visualization tools:

DataWrapper, which is provided by DataWrapper GmbH, Raumerstraße 39, 10437 Berlin, Germany. DataWrapper may use the data transmitted by your browser to monitor how we embed the charts, maps or graphics provided by them into our website and to learn about global traffic. According to DataWrapper, they will not collect IP addresses of website visitors, and are therefore not able to connect any data to individuals. DataWrapper uses a so-called pixel to keep track of how many times visualizations provided by DataWrapper are called up on our website. A pixel is a tiny piece of code transmitted by the server that helps Datawrapper measure traffic. DataWrapper uses it solely for counting views of our visualizations. It doesn’t track other personal data or visitor activity. For more information on how Datawrapper may process your personal data, please view their privacy notice.

Social media profiles

We maintain a profile for re-Engage on some social networks as detailed below in order to facilitate communication with users and interested parties and to provide further information or content. In this context, we use a service called Buffer to schedule posts and tweets and to analyse how these posts and tweets are interacted with.

Please note that user personal data may be processed outside the European Union. This can result in risks for the users – for instance, enforcing the users’ rights might be more difficult.

If you leave us messages or comment on these profiles, we process your personal data to communicate with you. This represents a legitimate interest; the legal basis is art. 6 (1) 1 lit f GDPR or UK GDPR. No further storage of communication data takes place outside these networks on our part.

The terms and conditions of the operators of these platforms apply. Be aware that we cannot provide further information as to any personal data processed by these operators during your visit to the above networks. We kindly ask you to refer directly to the information provided by these platforms and have included links to privacy policies or other relevant information below.

Also, should you have any requests for information or would like to assert your data subject rights, we would like to state that these can most effectively be asserted with the providers. Only they have access to their users’ data and can take appropriate measures and provide information directly. Should you nevertheless require assistance, you may of course contact us.


Details of the provider: Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2 D02 AX07, Ireland.

Privacy policy


Details of the provider: Meta Platforms Ireland Ltd., 4 Grand Canal Quay, Grand Canal Bridge, Dublin 2, Ireland.


Details of the provider: LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland.

Privacy policy

Subscribe to our newsletter

Subscription Form