Legal

Privacy Policy

How Generation Europe processes personal data when you visit our website, contact us, or submit one of our forms.

Last updated: 9 May 2026

This Privacy Notice explains how Generation Europe ("Generation Europe", "we", "us") processes personal data when you visit our website (generationeurope.eu), contact us, or submit one of our forms.

Generation Europe is currently an informal group of individuals operating under the name "Generation Europe". Until a formal legal structure is established, this Notice applies to processing carried out under that name and managed by the individuals responsible for the website and communication channels.

1) Data Controller (who is responsible)

Data Controller: Generation Europe (informal group of individuals)
Contact email: info@generationeurope.eu

If you require a postal contact for formal correspondence, please email us and we will provide the appropriate details.

2) What personal data we process

A. Data you provide via website forms

Our website hosts two forms — the Join Us form and the Contact form. When you submit a form, we process the personal data you provide:

  • Join Us form: full name, email address, country, area of contribution (selected from a list), and any optional message you choose to include.
  • Contact form: name, email address, subject, and message content.
  • Privacy consent: the timestamp at which you marked the privacy consent checkbox, kept as evidence of valid consent.

B. Data you provide via direct email

If you contact us directly at info@generationeurope.eu (rather than through a form), we process the personal data you provide, such as your email address, your name (if included), the content of your message and any attachments, and any other personal data you choose to share.

C. Data processed automatically when you visit the website (technical data)

Our website is hosted on Netlify. When you access the site, Netlify's infrastructure processes technical data ("server logs"), such as:

  • IP address;
  • date and time of access;
  • pages requested and request details;
  • browser/device information (user agent);
  • referrer URL (where available);
  • error logs and security-related events.

This information is necessary to operate, secure, and maintain the website.

D. Links to third-party platforms (social media)

Our website contains links to third-party platforms (Instagram, Telegram, WhatsApp). When you click a link, you leave our website and the third party processes your personal data under its own privacy policy. We recommend reviewing those policies. We do not embed any tracking pixels or social widgets on our pages — only outbound links.

3) Why we process personal data (purposes)

We process personal data for the following purposes:

  1. Form submissions and enquiry handling. To read, route, and respond to messages submitted through our forms or sent to our email address; to coordinate your participation in the movement (digital teams, local chapters, working groups) if you have signed up.
  2. Website operation and security. To deliver the website, ensure stability, prevent abuse, and troubleshoot technical issues.
  3. Protection of rights and handling disputes. To prevent fraud or misuse, manage security incidents, and establish, exercise, or defend legal claims where necessary.

4) Legal bases (GDPR)

We process personal data under the following legal bases:

  • Consent (Article 6(1)(a) GDPR) when you submit one of our forms and tick the privacy consent checkbox, or when you voluntarily send us personal data via email. You may withdraw consent at any time (see Section 10).
  • Legitimate interests (Article 6(1)(f) GDPR) for operating and securing the website, preventing abuse, and ensuring IT stability.
  • Compliance with a legal obligation (Article 6(1)(c) GDPR) where applicable (e.g., if we must retain certain records to respond to lawful requests).

Where we rely on legitimate interests, we balance those interests against your rights and reasonable expectations.

5) Cookies and similar technologies

This website does not use cookies for advertising, behavioural profiling, or web analytics. We do not embed Google Analytics, Meta Pixel, or any third-party tracking tools.

The only cookies that may be set are strictly necessary technical cookies served by our hosting provider (Netlify) for essential functions such as load balancing, security, and the delivery of the website itself. These cookies do not require consent under Article 5(3) of Directive 2002/58/EC (ePrivacy Directive).

If we ever introduce non-essential cookies (e.g., analytics, marketing pixels, embedded social widgets that track users), we will update this Notice and implement an appropriate consent mechanism (cookie banner with opt-in for non-essential cookies) before activating them.

6) Who we share personal data with (recipients)

We share personal data only where strictly necessary for the purposes above, with the following categories of recipients:

  1. Netlify, Inc. (website hosting and form processing) — Netlify hosts the website and, where Netlify Forms is used, processes form submissions on our behalf. In GDPR terms, Netlify acts as a processor for visitor and form data processed on our behalf, and may also act as an independent controller for certain processing in accordance with its own policies. See Netlify's privacy notice at netlify.com/privacy.
  2. Zoho Mail / our email provider — provides our email service. Acts as a processor for messages and related data on our behalf, and may also process certain data as an independent controller for service administration and security according to its own policies.
  3. Service providers assisting with IT/security, only if necessary for maintenance, troubleshooting, or incident response.
  4. Public authorities, only where required by law or where necessary to protect rights, safety, and security.

We do not sell personal data. We do not share personal data with marketing partners or for advertising purposes.

7) International data transfers

Some of our providers (notably Netlify, headquartered in the United States) may process data outside the European Economic Area (EEA). Where this occurs, we rely on appropriate safeguards required by the GDPR, such as:

  • adequacy decisions, where applicable;
  • Standard Contractual Clauses (SCCs) and supplementary measures where required.

If you would like more information about the safeguards relevant to our specific configuration, please contact us at info@generationeurope.eu.

8) Data retention

We keep personal data only as long as necessary for the purposes described above:

  • Server logs (technical data): retained for a limited period needed for security and troubleshooting, in accordance with Netlify's retention configuration.
  • Form submissions and email correspondence: retained as long as necessary to respond to you, manage your participation in the movement, and thereafter only as needed for record-keeping, security, or legal purposes.
  • Records of consent (privacy checkbox timestamp): retained for as long as the underlying processing is active, plus a reasonable archival period for accountability under Article 7(1) GDPR.
  • Security incidents and legal claims: retained for as long as necessary to investigate or to establish, exercise, or defend legal claims.

You may request deletion of your data at any time (see Section 10). We may retain minimal information where strictly required for legal or security reasons.

9) Security

We implement reasonable technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These include encrypted transport (HTTPS), access restrictions, and reliance on reputable infrastructure providers. No internet-based service can guarantee absolute security, but we work to maintain protections appropriate to the risks.

10) Your rights

Depending on your location and applicable law (including GDPR), you have the right to:

  • access the personal data we hold about you;
  • rectify inaccurate or incomplete data;
  • erase your data in the circumstances foreseen by law (right to be forgotten);
  • restrict processing in certain cases;
  • object to processing based on legitimate interests;
  • data portability (where applicable);
  • withdraw consent at any time, where processing is based on consent — without affecting the lawfulness of processing carried out before withdrawal.

To exercise your rights, contact info@generationeurope.eu. We will respond within 30 days. We may request information necessary to verify your identity.

Right to complain

You also have the right to lodge a complaint with your local data protection authority (supervisory authority) in the EEA/UK, typically in the country of your habitual residence, workplace, or where you believe an infringement occurred.

11) Children

Our website is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take appropriate steps to delete it.

12) Third-party services and external links

Our website contains links to third-party platforms (including social media platforms such as Instagram, Telegram, and WhatsApp). We are not responsible for the content, security, or privacy practices of those third parties. Please review their privacy policies before providing them with any personal data.

13) Changes to this Privacy Notice

We may update this Notice from time to time. The "Last updated" date at the top indicates when it was most recently revised. Where changes are material, we will make reasonable efforts to highlight them on the website.

14) Contact

For privacy-related enquiries, requests to exercise your rights, or any question about this Notice, contact us at:
info@generationeurope.eu

15) Legal Notice / Site Imprint

This section provides information about the publisher and operation of generationeurope.eu, in accordance with applicable transparency requirements (including, where relevant, § 5 of the German Telemediengesetz / Digitale-Dienste-Gesetz).

Publisher

Generation Europe — informal group of individuals operating under that name. Generation Europe does not currently exist as a registered legal entity; the website is operated and maintained by the contributors responsible for it on behalf of the movement. A formal legal structure may be established in the future, at which point this section will be updated accordingly.

Editorial responsibility

Editorial responsibility for the content of this website lies with the Generation Europe contributors collectively. For any content-related question, write to info@generationeurope.eu.

Hosting

This website is hosted by Netlify, Inc., 44 Montgomery Street, Suite 300, San Francisco, CA 94104, United States — netlify.com.

Liability for content

The content of this website is provided in good faith, for general information and engagement purposes related to the political project of European unification. Despite our efforts, we cannot guarantee that all content is at all times complete, accurate, or up to date.

Liability for external links

Our website contains links to third-party websites whose content we do not control. Responsibility for those external pages lies exclusively with their respective operators. We have no influence over their current or future content.

Copyright

Unless otherwise indicated, the content of this website (text, graphics, layout) is the work of Generation Europe contributors and is protected under European copyright law. Reuse for non-commercial, civic, and educational purposes is generally welcomed; please contact us at info@generationeurope.eu for any other use.