Skip to main content

Privacy notice

This notice describes how the EBSI Hub (hub.ebsi.eu) processes personal data when you visit the site, in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and Directive 2002/58/EC on privacy and electronic communications (ePrivacy).

It is a dedicated, Hub-specific notice issued under the EUROPEUM-EDIC Information Policy on Cookies and Other Trackers, the common parent policy that also covers the institutional site (europeum.eu) and the EBSI website. The EBSI Hub follows a separate, lighter regime from those sites because it is a public technical documentation platform with no account, login, or advertising, as explained in section 8.

1. Data controller

The EBSI Hub is published by EUROPEUM-EDIC, a European Digital Infrastructure Consortium established by Commission Implementing Decision (EU) 2024/1432 of 21 May 2024, on the basis of Article 13 of Decision (EU) 2022/2481 establishing the Digital Decade Policy Programme 2030. EUROPEUM-EDIC has its own legal personality, is governed by Union law and its statutes and, on a subsidiary basis, by the law of its host Member State, Belgium. It is tasked with deploying and operating the European Blockchain Services Infrastructure (EBSI) and, in that capacity, publishes the EBSI Hub. EUROPEUM-EDIC acts as data controller within the meaning of Article 4(7) GDPR for the personal data described below.

Identification of the controller: EUROPEUM-EDIC, Rue Belliard 40, 1040 Brussels, Belgium. VAT number: BE 1011.199.165.

Data Protection Officer (DPO): for any question about this notice or to exercise your rights, contact data.protection@europeum.eu. For general, non-privacy questions about the Hub, use the contact channels published on the EBSI Hub.

2. What data we collect

You can browse the EBSI Hub anonymously — no registration or login is required.

Audience-measurement data (Matomo, self-hosted in the European Union, cookieless mode):

  • IP address, anonymised before storage
  • User-Agent string (browser and operating system)
  • Page URL and page title
  • Time spent on page and navigation between pages
  • Referrer URL (the page that linked to the EBSI Hub)
  • Outbound link clicks and file downloads

No cookie or identifier is stored on your device for this purpose, and the Do Not Track browser signal is respected.

On-site interactions:

  • Search queries you type in the search bar
  • Prompts you submit to the Ask AI assistant, and the assistant's replies, held temporarily in your browser's local storage so the conversation stays visible while you use the Hub (see section 8)

3. Why we process your data

We process this data to:

  • Understand which pages and features visitors find useful
  • Identify content gaps and improve the documentation
  • Provide search and the Ask AI assistant on the site
  • Maintain the security of the website

Your data is not used for any automated decision-making, including profiling, and never for advertising, retargeting, or cross-site tracking.

Audience measurement. Because Matomo runs in cookieless mode — no information is stored on or read from your device — Article 5(3) of the ePrivacy Directive (transposed into Belgian law by Article 129 of the Act of 13 June 2005) is not triggered, and no consent banner is required. Processing instead relies on our legitimate interest (GDPR Article 6(1)(f)) in operating, securing, and improving the EBSI Hub documentation, balanced against your rights through privacy-by-design defaults: no on-device storage, IP anonymisation, respect for Do Not Track, and a one-click right to object (see section 9).

Search and Ask AI. These features process only the text you actively choose to submit, for the sole purpose of answering your question from the public documentation. This also relies on our legitimate interest in providing the functionality you have requested.

5. Who we share data with

Matomo analytics data is stored on infrastructure operated within the European Union and is not shared with any third party, except where required by law.

Search queries and Ask AI prompts are processed by Algolia, Inc., which orchestrates search and the assistant interface, under their own privacy policy. Algolia is certified under the EU-US Data Privacy Framework, and Standard Contractual Clauses apply as an additional safeguard for any residual transfer outside the EU.

Generating Ask AI's answers is handled by Mistral AI, an EU-based provider, under a data processing agreement within the meaning of Article 28 GDPR. Because Mistral AI's processing takes place in the EU, no international transfer occurs for this part of the service.

In line with the transparency obligation of Article 50 of the AI Act (Regulation (EU) 2024/1689), applicable from 2 August 2026, the Ask AI interface clearly indicates that its answers are generated by an artificial intelligence system.

6. How long we keep your data

  • Raw analytics data (individual visits and actions) is retained for approximately 180 days, after which it is permanently deleted.
  • Aggregated analytics reports (statistics that contain no individual record) are retained without time limit.
  • Ask AI conversation history lives only in your browser's local storage. It is never sent to our servers for storage and is removed when you clear your browser data; it is not retained by us.
  • Data processed by Algolia and Mistral AI is retained according to their respective policies and our processing agreements with them.

7. Your rights

Under the GDPR (Articles 15–22), you have the right to:

  • Access the personal data we hold about you
  • Have inaccurate data corrected
  • Have your data erased
  • Restrict or object to the processing of your data — in particular, because analytics and Ask AI processing rely on legitimate interest, you may object at any time under Article 21 GDPR
  • Receive your data in a portable, machine-readable format
  • Lodge a complaint with a data protection authority

These rights are exercised with our Data Protection Officer: data.protection@europeum.eu.

8. Cookies and similar technologies

The EBSI Hub does not place cookies for audience measurement: Matomo is configured in cookieless mode, so no consent banner is shown or required for this purpose, unlike on europeum.eu or the EBSI website, which use a standard consent-based Matomo setup with a Cookiebot banner.

The Ask AI assistant keeps your conversation in your browser's local storage so it remains visible as you navigate the Hub. This is used solely to support the feature you have actively requested, is never read for any other purpose, and is not synced to our servers. You can remove it at any time by clearing your browser's local storage for this site.

9. Opt out of analytics tracking

You can disable analytics tracking entirely on this site. Your choice is stored locally in your browser.

10. Contact and complaints

To exercise your rights or for any question about this notice, contact our Data Protection Officer at data.protection@europeum.eu.

If you consider that your rights under the GDPR have not been respected, you may lodge a complaint with the Belgian Data Protection Authority (APD), Rue de la Presse 35, 1000 Brussels — www.autoriteprotectiondonnees.be — or, under Article 77 GDPR, with the supervisory authority of your own place of residence, place of work, or the place of the alleged infringement.

11. Changes to this notice

This notice may evolve in line with technical, regulatory, and case-law developments. Any change applies as soon as it is published on this page.