Skip to main content

Privacy Policy

Last updated: May 2026

1. Introduction

This Privacy Policy explains how the European Fact-Checking Standards Network (“EFCSN”, “we”, “us”, or “our”), a non-profit association (association loi 1901) registered in France, collects, uses, stores, shares, and protects personal data in connection with its websites, platforms, and online services.

The EFCSN is committed to protecting your privacy and processing your personal data in accordance with the General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), the French Data Protection Act (Loi n° 78-17 du 6 janvier 1978 relative à l’informatique, aux fichiers et aux libertés, as amended), and all other applicable data protection legislation.

This Privacy Policy applies to all websites, platforms, and services operated by the EFCSN (collectively, the “Services”), including but not limited to:

  • efcsn.com — the EFCSN’s main website, providing information about the association, its activities, news, and publications (“Main Website”);
  • grants.efcsn.com — the EFCSN Grants Platform, used for publishing grant calls, receiving and evaluating applications, administering funded projects, and maintaining a public funding database (“Grants Platform”);
  • members.efcsn.com — the EFCSN Members Platform, used for membership applications, compliance assessments against the EFCSN Code of Standards, and member-related services (“Members Platform”);
  • prebunking.efcsn.com – the Prebunking at Scale tool, used for monitoring media and tracking disinformation claims and narratives, and sending user-requested alerts (“Prebunking at Scale”;
  • The EFCSN’s newsletter; and
  • The EFCSN’s social media presence on Bluesky, LinkedIn, Threads, and X (formerly Twitter).
  • Any other websites, subdomains (including any subdomain of efcsn.com), platforms, forms, applications, or digital tools operated by the EFCSN, whether existing at the date of this Privacy Policy or created in the future.

By accessing or using any of the Services, you acknowledge that you have read and understood this Privacy Policy. If you do not agree with the practices described herein, please do not use the Services.

2. Data Controller

The data controller responsible for the processing of your personal data is:

European Fact-Checking Standards Network (EFCSN)

4 rue Belgrand, 75020 Paris, France

Contact person: Stephan Mündges

Email: [email protected]

If you have any questions about this Privacy Policy or wish to exercise your data protection rights, you may contact us at the address above.

3. Personal Data We Collect

The categories of personal data we collect depend on which Services you use and how you interact with us. Below we describe the data collected in connection with each Service.

3.1 Main Website (efcsn.com)

When you visit the Main Website, we may collect:

  • Technical data: IP address, browser type and version, operating system, referring website, pages visited, date and time of access, and similar data collected automatically through server log files and cookies.
  • Email enquiry data: if you contact us by email (including via the email addresses published on our website), we collect your name, email address, and the content of your message.
  • Newsletter subscription data: if you subscribe to our newsletter, we collect your email address and, where provided, your name and organisational affiliation.
  • Complaints form data: if you submit a complaint through the complaints form on the Main Website (hosted via Google Forms), we collect your name, email address, and the content of your complaint, as well as any supporting information you choose to provide.
  • Analytics data: where you have given consent, we collect aggregated, pseudonymised data about your interaction with the Main Website (such as pages visited, session duration, approximate location, device and browser type) through Bürst.

3.2 Grants Platform (grants.efcsn.com)

When you register for and use the Grants Platform, we may collect:

  • Account data: full name, email address, job title, and the organisation with which your account is associated.
  • Organisation data: organisation name, legal form, address, country, website, and such additional organisational information as may be required in connection with grant applications and project administration.
  • Application data: all information, documents, and materials submitted as part of a grant application, including project descriptions, budgets, CVs, and supporting documentation.
  • Project administration data: project reports, deliverables, financial summaries, and other materials submitted in connection with the administration of funded projects.
  • Review data: where you serve as a reviewer, your assessment scores, comments, and evaluation materials.
  • Technical data: IP address, browser type, access logs, and similar data collected automatically.

3.3 Community Platform (community.efcsn.com)

When you register for and use the Community Platform, we may collect:

  • Account data: full name, email address, job title, and the organisation with which your account is associated.
  • Organisation data: organisation name, legal form, address, country, website, and such additional organisational information as may be required in connection with grant applications and project administration.

3.4 Members Platform (members.efcsn.com)

When you use the Members Platform, we may collect:

  • Applicant and assessor data: full name, email address, job title or position, and associated organisation.
  • Membership application data: all information submitted by organisations as part of an application for EFCSN membership, including organisational details, evidence of compliance with the EFCSN Code of Standards, and supporting documentation.
  • Assessment data: evaluations, scores, comments, and reports produced by independent assessors in connection with membership applications.
  • Member data: information about verified member organisations maintained on the platform for member-related services.
  • Technical data: IP address, browser type, access logs, and similar data collected automatically.

3.5 Prebunking at Scale (prebunking.efcsn.com)

When you visit the Prebunking at Scale Platform, we may collect:

  • Technical data: Device, IP address, browser type and version, operating system, referring website, pages visited, date and time of access, and similar data collected automatically through server log files and cookies.
  • Account data: full name, email address, job title, the organisation with which your account is associated, and user suggested keywords and accounts.

3.6 Newsletter

When you subscribe to the EFCSN newsletter, we collect your email address and, where voluntarily provided, your name and organisational affiliation. We also collect technical data related to your interaction with the newsletter, such as open rates and click-through data, for the purpose of improving our communications.

3.7 Social Media

The EFCSN maintains a presence on Bluesky, LinkedIn, Threads, and X (formerly Twitter). When you interact with our social media accounts (for example, by following, liking, commenting, or sending messages), the respective social media platform may process your personal data in accordance with its own privacy policy. The EFCSN does not collect personal data directly through its social media accounts beyond what is made available to us by the platform as part of standard account functionality (such as follower counts and publicly visible comments). We do not use social media for direct data collection, profiling, or advertising.

For information about how each platform processes your data, please refer to their respective privacy policies.

3.8 Other Forms and Data Collection

From time to time, the EFCSN may collect personal data from members, applicants, or other stakeholders through online forms (including Google Forms, Softr forms, and other tools listed in Section 5.1) for a range of purposes related to its mission and activities. These may include, without limitation, surveys, consultations, event registrations, working group coordination, feedback collection, nominations, expressions of interest, and any other activities in pursuit of the EFCSN’s objectives.

The personal data collected through such forms will vary depending on the specific purpose but may include your name, email address, job title, organisational affiliation, and any other information you provide in your responses. Each form will identify the purpose of the data collection. The data collected will be processed in accordance with this Privacy Policy and, where applicable, any additional information provided at the point of collection.

4. Purposes and Legal Bases for Processing

We process personal data for the purposes and on the legal bases set out below. Where we rely on legitimate interest as a legal basis, we have conducted a balancing test to ensure that our interests are not overridden by your rights and freedoms.

Processing Activity Purpose Legal Basis (GDPR)
Account registration and management (Grants Platform, Community Platform, Members Platform, Prebunking at Scale) To create and maintain your account, verify your identity, and enable access to platform functionalities Performance of a contract or pre-contractual measures (Art. 6(1)(b))
Processing grant applications To receive, evaluate, and make decisions on grant applications, including sharing with reviewers and evaluation bodies Performance of a contract or pre-contractual measures (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Project administration and reporting To administer funded projects, monitor progress, and process project reports Performance of a contract (Art. 6(1)(b))
Public Database (transparency) To publish information about funded projects and organisations for public transparency Legitimate interest (Art. 6(1)(f)) — transparency in grant-making
Membership applications and assessments To process applications for EFCSN membership, conduct compliance assessments, and maintain membership records Performance of a contract or pre-contractual measures (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Newsletter and communications To send newsletters, grant call announcements, and updates about EFCSN activities Consent (Art. 6(1)(a)) for marketing; Legitimate interest (Art. 6(1)(f)) for operational communications
Contact form and email enquiries To respond to your enquiries and requests Legitimate interest (Art. 6(1)(f))
Platform security and maintenance To ensure the security, integrity, and proper functioning of the Services, prevent fraud, and investigate misuse Legitimate interest (Art. 6(1)(f))
Automated platform emails To send transactional and operational notifications (application status, reporting reminders, account-related alerts) Performance of a contract (Art. 6(1)(b)); Legitimate interest (Art. 6(1)(f))
Legal compliance To comply with applicable legal obligations, including tax, accounting, and regulatory requirements Legal obligation (Art. 6(1)(c))
Analytics To measure and evaluate the usage and performance of all services. Consent (Article 6(1)(a))
Surveys, consultations, forms, and other ad-hoc data collection To gather input, feedback, or information from members, applicants, and other stakeholders in connection with the EFCSN’s mission and activities Legitimate interest (Art. 6(1)(f)); Consent (Art. 6(1)(a)) where specifically obtained

5. Data Recipients and Processors

We may share your personal data with the following categories of recipients:

5.1 Third-Party Service Providers (Data Processors)

We use third-party service providers who process personal data on our behalf and under our instructions. These providers are contractually bound to process data only as instructed by us and to implement appropriate technical and organisational security measures. Our current processors include:

General / Cross-Platform

The following providers may be used across any of the EFCSN’s Services, including current and future platforms, forms, websites, and digital tools operated by the EFCSN:

  • Softr — platform hosting, front-end interfaces, and forms
  • Airtable — database management and data storage
  • Google Workspace (including Google Forms, Gmail, Google Drive, and Google Docs) — internal administration, email, document management, and form hosting
  • MailerLite — email communications, newsletter distribution, and subscriber management (previously Mailchimp; historical subscriber data may have been migrated)
  • Zapier — workflow automation
  • DocuSign — electronic signature and agreement management
  • Proton (Proton Mail, Proton Drive, Proton Pass) — secure email, file storage, and password management
  • Google Analytics — Measurement and tracking of website traffic and performance, including anonymized site visit data.

Grants Platform (grants.efcsn.com)

In addition to the cross-platform providers listed above, the Grants Platform uses:

  • DocsAutomator — automated document generation

Members Platform (members.efcsn.com)

  • Fundación Maldita.es — technical maintenance and hosting support. Personnel from Maldita.es may access personal data stored on the Members Platform solely for the purpose of technical maintenance and administration, pursuant to a maintenance agreement with the EFCSN.

Main Website (efcsn.com)

  • Linode (Akamai) — server hosting for the Main Website
  • Dinahosting — domain registration and DNS management

PaS(https://prebunking.efcsn.com/)

  • MailGun — email delivery service for sending, receiving, and tracking emails.
  • Google Cloud — platform hosting, front-end interfaces

5.2 Reviewers and Assessors

In connection with the Grants Platform and the Members Platform, your data (including application materials) may be shared with independent external reviewers and assessors contracted by the EFCSN for the purpose of evaluating applications. These individuals are bound by confidentiality obligations under their respective agreements with the EFCSN.

5.3 Public Disclosure

Certain information about funded projects is published in the Public Database on the Grants Platform for transparency purposes. This includes organisation name, consortium partners, project title, funding amount, project dates, project summary, country, and the associated grant call. Verified EFCSN members are listed publicly on the Members Platform. By using these Services and accepting funding or membership, you consent to such publication.

5.4 Legal and Regulatory Disclosures

We may disclose personal data where required to do so by applicable law, regulation, legal process, or enforceable governmental request, or where necessary to protect the rights, safety, or property of the EFCSN, its users, or the public.

6. International Data Transfers

Some of the third-party service providers listed in Section 5.1 may process personal data outside the European Economic Area (EEA). Where such transfers occur, we ensure that appropriate safeguards are in place in compliance with the GDPR, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission;
  • Adequacy decisions by the European Commission for the relevant jurisdiction; or
  • Other appropriate safeguards as provided for under Article 46 of the GDPR.

You may request further information about the safeguards applied to international transfers by contacting us at [email protected].

7. Data Retention

We retain personal data for as long as necessary to fulfil the purposes for which it was collected, to comply with legal obligations, and to protect our legitimate interests. The specific retention periods are as follows:

Data Category Retention Period Justification
Grants Platform — account data Duration of the account plus 5 years after account closure or last activity Record-keeping, audit, and legal obligations
Grants Platform — application data (successful) Duration of the funded project plus 10 years Legal and regulatory record-keeping; funder reporting obligations
Grants Platform — application data (unsuccessful) 5 years from the date of the funding decision Record-keeping, institutional learning, and dispute resolution
Grants Platform — Public Database Duration of the EFCSN’s existence and 10 years thereafter Public transparency in grant-making activities
Community Platform — account data Duration of the account plus 5 years after account closure or last activity Record-keeping, audit, and legal obligations
Members Platform — membership application data Duration of the EFCSN’s existence and 10 years thereafter Institutional record of compliance assessments and membership history; essential for the integrity of the EFCSN’s accreditation function
Members Platform — assessor data Duration of the EFCSN’s existence and 10 years thereafter Institutional record-keeping and verification of assessment processes
Prebunking at Scale – account data Duration of the account + 5 years Recording-keeping, audit, and legal obligations
Newsletter subscriber data Until you unsubscribe, plus up to 12 months for suppression list purposes To honour your unsubscribe request and prevent re-subscription
Contact form enquiries 3 years from the date of the enquiry Follow-up, record-keeping
Server log files and technical data 12 months Security, troubleshooting, and legal compliance
Surveys, consultations, and other ad-hoc form data 3 years from the date of collection, or as specified at the point of collection Record-keeping, institutional purposes; specific retention may be communicated per form

Where personal data is retained indefinitely, this is because the data serves an ongoing institutional function that is essential to the EFCSN’s mission (such as maintaining the integrity of membership records and the public transparency of funded activities). In all cases, data that is no longer necessary for any of the stated purposes will be securely deleted or anonymised.

After the applicable retention period expires, personal data will be securely erased or anonymised, unless a longer retention period is required or permitted by applicable law.

8. Cookies and Similar Technologies

8.1 Main Website (efcsn.com)

The Main Website uses cookies, local storage, and session storage to ensure proper functioning and to improve the user experience. The following cookies may be set:

Cookie Name Purpose Duration
wordpress_test_cookie Determines whether cookies are enabled in the browser Session
PHPSESSID Stores the current PHP session for website functionality Session
wordpress_akm_mobile WordPress administration area functionality 1 year
wordpress_logged_in_* WordPress administration area authentication Session
wp-settings-* WordPress administration area user preferences Session
akm_mobile Stores preference for mobile version of the website 1 day

8.2 Grants Platform (grants.efcsn.com)

The Grants Platform, built on Softr and Airtable, may use cookies and similar technologies for authentication, session management, and platform functionality. These are essential for the operation of the platform and cannot be disabled without affecting functionality. For details on Softr’s use of cookies, please refer to Softr’s privacy policy.

8.3 Grants Platform (community.efcsn.com)

The Grants Platform, built on Softr and Airtable, may use cookies and similar technologies for authentication, session management, and platform functionality. These are essential for the operation of the platform and cannot be disabled without affecting functionality. For details on Softr’s use of cookies, please refer to Softr’s privacy policy.

8.4 Members Platform (members.efcsn.com)

The Members Platform may use session cookies and similar technologies for authentication and session management. These are strictly necessary for the operation of the platform.

8.5 Managing Cookies

You can manage or disable cookies through your browser settings. Please note that disabling cookies may affect the functionality of the Services. Most browsers allow you to refuse or delete cookies; instructions for doing so vary by browser.

9. Your Rights Under the GDPR

Under the GDPR, you have the following rights in relation to your personal data:

  • Right of access (Art. 15): You have the right to obtain confirmation as to whether we process personal data concerning you and, if so, to obtain a copy of that data together with information about the processing.
  • Right to rectification (Art. 16): You have the right to request the correction of inaccurate personal data and the completion of incomplete personal data.
  • Right to erasure (Art. 17): You have the right to request the deletion of your personal data where, among other grounds, the data is no longer necessary for the purposes for which it was collected, or where you withdraw your consent. Please note that this right is subject to limitations, including where retention is necessary for compliance with legal obligations or the establishment, exercise, or defence of legal claims, or where data is retained for reasons of public interest.
  • Right to restriction of processing (Art. 18): You have the right to request restriction of the processing of your personal data in certain circumstances, such as where you contest the accuracy of the data.
  • Right to data portability (Art. 20): You have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller, where the processing is based on consent or contract and is carried out by automated means.
  • Right to object (Art. 21): You have the right to object, on grounds relating to your particular situation, to processing of your personal data based on our legitimate interests (Art. 6(1)(f)). We will cease processing unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms. You have the right to object at any time to the processing of your personal data for direct marketing purposes.
  • Right to withdraw consent (Art. 7(3)): Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing carried out before the withdrawal.
  • Right not to be subject to automated decision-making (Art. 22): You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. The EFCSN does not engage in automated decision-making or profiling.

To exercise any of these rights, please contact us at [email protected] or at the postal address provided in Section 2. We will respond to your request within one month of receipt, as required by the GDPR. This period may be extended by a further two months where necessary, taking into account the complexity and number of requests.

Please note that the exercise of certain rights (such as erasure) may affect your ability to use the Services. Where we are unable to comply with a request, we will explain the reasons.

10. Data Security

The EFCSN has implemented appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures are designed to ensure a level of security appropriate to the risk, taking into account the state of the art, the costs of implementation, and the nature, scope, context, and purposes of the processing.

While we take all reasonable precautions, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee the absolute security of your personal data.

11. Automated Decision-Making and Profiling

The EFCSN does not engage in automated decision-making or profiling as defined in Article 22 of the GDPR. All decisions regarding grant applications, membership assessments, and other matters are made with meaningful human involvement.

12. Children’s Data

The Services are not directed at children under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without appropriate parental consent, we will take steps to delete such data as soon as practicable.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our data processing practices, legal requirements, or operational needs. Updated versions will be published on our website with a revised “Last updated” date. We encourage you to review this Privacy Policy periodically. Where changes are material, we will make reasonable efforts to notify affected users, such as by posting a prominent notice on the relevant Service or by email.

14. Supervisory Authority

If you believe that our processing of your personal data infringes the GDPR or applicable data protection legislation, you have the right to lodge a complaint with a supervisory authority. The competent supervisory authority for the EFCSN is:

Commission Nationale de l’Informatique et des Libertés (CNIL)

3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

Website: https://www.cnil.fr

You also have the right to lodge a complaint with the supervisory authority of your habitual residence, place of work, or place of the alleged infringement.

15. Contact Us

For any questions about this Privacy Policy, your personal data, or to exercise your data protection rights, please contact:

European Fact-Checking Standards Network (EFCSN)

Stephan Mündges

4 rue Belgrand, 75020 Paris, France

Email: [email protected]