This privacy policy is effective from 16 April 2018 and was last updated on 2 April 2026.
The Data Controller, ETSI (European Telecommunications Standard Institute) is a not-for-profit organisation established under the French law of 1st July 1901 and recognised as a European Standards Organisation dealing with telecommunication, broadcasting and other electronic communication networks and services.
The purpose of this privacy policy is to inform you about the way your personal data is handled and protected by ETSI in accordance with the French law and the General Data Protection Regulation EU 2016/679.
Scope
This privacy policy sets out how the ETSI Secretariat (hereafter “ETSI”) uses and protects any personal data that you provide us with when using the ETSI websites and, services or when participating to ETSI activities.
“Personal data” has the meaning ascribed to it in the French Data Protection Act n°78-17 dated 6 January 1978 modified in 2018 and means any information relating to an identified or identifiable person; an identifiable person being one who can be identified, directly or indirectly by reference to an identification number or to one or more elements specific to the person.
ETSI is committed to ensure that your privacy is protected and adopts appropriate technical and organisational measures to ensure the protection and confidentiality of your personal data is processed in accordance with the provisions of the applicable laws and regulation. When providing us with your personal data, we assure you that we will only use such information in accordance with this Privacy Policy, which describes what information we collect, why we collect it and what we do with it. We may change this privacy policy from time to time by updating this page (Refer to the section “Amendments to this privacy policy” below).
What kind of personal data we collect and why
When using ETSI website, services, and when participating to ETSI activities, we undertake to collect and process only the personal data necessary to achieve the purposes for which your personal data are collected. As far as ETSI members and EC (European Commission) counsellors are concerned, their delegates and representatives can access to most ETSI services and participate to ETSI activities subject to the creation of an EOL (ETSI Online) account on the ETSI portal.
ETSI needs to collect, process and store some of your personal data, namely name and surname, title, phone number (fix and/or mobile), e-mail and professional postal address, function, and eventually signature in the context of following activities:
Administrative Management of membership, ISG/SDG participants and partnerships
- To manage any administrative task in relation with your ETSI membership or engagement as an ISG/SDG Participant or in a context of a Partnership (for example with other Standardisation Development Organisations, National Standard organisations…), such as processing your application or ISG/SDG agreement, partnership agreement, invoicing, sending you any relevant communication in relation with the aforementioned…
This processing is justified by the contract legal basis of the GDPR, to prepare, execute and follow-up the contract ETSI has with you and keep records of them.
- To maintain an updated list of official and voting contacts of the National Standardisation Bodies of the European Union.
This processing is justified by the legal obligation basis of GDPR, for ETSI to comply with European Regulation 1025/12.
Organisation of corporate meetings (general assemblies, boards, special committees…) and meetings of the technical organisation (technical committees…) and management of corresponding work
- For the preparation and implementation, in terms of logistic, of the meetings to which you are entitled or invited to participate to send you invitations, allow you to register, submit written contributions, edit your badge for check-in, third parties that are hosting or co-organising these meetings may also be provided access to these personal data (limited to what is necessary), calculate the quorum, manage the voting process or the remote consensus process, manage the process specific to elaboration of European Standards, and communicate to you any relevant information in relation with the aforementioned.
This processing is justified by:
- The contract legal basis of GDPR in the case of ETSI members, ISG/SDG Participants and representatives entitled to attend a meeting in the context of a partnership (including NSO – National Standards Organisations – agreements).
- The legitimate interest basis of GDPR for EC Counsellors and other guests.
- The legal obligation basis of GDPR as far as elaboration of European Standards are concerned, to comply with regulation 1025/12.
- For the management of written contributions, of ETSI deliverables such as standards, technical reports, and any other documents presented during those meetings or produced in the context of ETSI activities, and keep records of them, as well as keeping track of participants in the minutes.
This processing is justified by:
- The legal obligation basis as far as identification of persons with an official role (General Assembly Chair, Secretary of General Assembly…) in corporate meetings are concerned.
- The legitimate interest basis of GDPR for other participants.
Elections
- For organisation of elections either for roles at corporate level (General Assembly Chair or Vice, Chair, Board…) or at Technical Level (TC Chair, TC Vice Chair…), to receive and process applications, organise the voting process, communicate the results…
This processing is based on the contract legal basis of GDPR, to comply with our Bylaws and operating rules.
In addition, when applying to a role at corporate level, we ask you to enclose a CV with your application. We only ask you to provide us only with the necessary professional information to enable the ETSI membership to appreciate your application, excluding any sensitive information such as religious faith or political affiliation.
This processing of additional information is justified by the legitimate interest basis of GDPR.
- For the declaration of Elected Officials before relevant French authorities when required by Law.
This Processing is justified by the legal obligation basis of GDPR.
ETSI IPR Database
- For the creation of your account to submit declarations of Standard Essential Patents (SEPs) and licensing commitments, as well as allowing us to process your declaration.
- To make your declarations publicly available in accordance with the ETSI IPR policy, with the provided contact person to address requests in relation with your SEPs.
These processing are justified by the contract legal basis of GDPR.
Learning Management System (LMS)
- For the creation of your account to the ETSI eLearning courses on standardisation, and to be able to progress at different stages through the courses, to generate certificates upon course completion, for ETSI to monitor your progress. This information may be retained for a maximum period of 2 year after the course completion.
- To receive communications related to the Learn content and standards education information and activities.
These processing are justified by the legal obligation basis of GDPR.
Events (conferences, plugtests, webinars…)
- For the preparation and implementation of the events to which you participate, in terms of logistic, to send you invitations, allow you to register, edit your badge for check-in, third parties that are hosting or co-organising these events may also be provided access to these personal data (limited to what is necessary), manage confidentiality issues with NDAs (Non-Disclosure Agreements) when applicable, and communicate to you any relevant information in relation with the aforementioned.
- For the management of presentations for conferences, display for information the names of speakers on the programme, event’s website and other medias used to communicate on the event.
These processing are justified by:
- The legitimate interest legal basis of GDPR or the contract legal basis when you are bound by a contract with us.
- The legal obligation basis of GDPR, as far as acknowledgement of authors is concerned, in accordance with copyright law.
- In addition, should you request an invitation letter for the purpose of obtaining a visa to attend a meeting or an event organised by ETSI, we will need your passport number and data indicating on it, as required by the hosting country’s immigration law. Such personal data shall be stored up to two years.
These processing is justified by the legitimate interest legal basis of GDPR, as this retention period is necessary to enable ETSI to respond to any legitimate requests from immigration or legal authorities and to address potential misuse of the invitation process.
Online store (algorithms, codes, ISG – Industry Specification Groups – Meetings…)
- For the creation of your account to purchase items, licenses or services sold on the ETSI online store, and allow us to process your purchase, the corresponding invoicing, and ensure the follow-up of your contract with us, keep records of the latter.
This processing is based on the contract legal basis of GDPR.
- To fulfil export control obligations before relevant French Authorities when applicable.
This processing is justified by the legal obligation basis of GDPR.
Marketing communication (Newsletters, Magazines…)
If you provide your consent, ETSI will give you the possibility to subscribe to dedicated mailing list to receive marketing information about ETSI activities, standardisation, relevant news, services and future events.
You may unsubscribe at any time by contacting to [email protected].
This processing is justified by the consent legal basis of GDPR.
Management of ETSI IT system
- For the management of your accounts of the ETSI tools you use or of the e-mail lists to which you subscribed, when participating to ETSI activities. For the management of requests made to the Helpdesk in relation with our IT environment, the management of the information systems, of security issues, and communicate to you any relevant information in relation with your use of the ETSI IT environment.
This processing is justified by the legitimate interest basis of GDPR.
Statistics and reporting
- For compiling statistics and producing reporting for ETSI’s own needs, to evaluate ETSI’s activities and their impact, or in the context of funding/grant agreements such as grant agreements with the European Commission.
This processing is justified by the legitimate basis of GDPR.
Cookies
We use cookies, or similar technologies to collect data about your use of ETSI websites and services. Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. We use cookies to capture information about your visit for the following purpose:
- Statistical or survey purposes to improve ETSI websites and services for you or evaluate the impact of ETSI’s activities.
- Authentication.
- To administer and provide you with the content of ETSI websites and services.
- Strictly necessary cookies: essential for the technical functioning of the website.
- Functional cookies: enhance features and user experience.
- Analytics and performance cookies: help measure site usage and improve its performance.
- Advertising/experimentation cookies: used for Google/YouTube testing or optimisation features.
- Third-party cookies: especially those placed by YouTube when videos are embedded.
You may change your preferences at any time via the “Manage cookies” link available at the bottom of home page.
- List of cookies used:
A complete list of cookies used on the website, including their purpose, retention period and provider, is presented in the table below.
Necessary cookies
(Strictly required for the operation of the website.)
| ID | First Found URL | Duration | Description |
| wt_consent | https://etsi.org/privacy/ | 1 year | The WebToffee GDPR Cookie Consent plugin sets this cookie to store the user’s consent preferences, allowing the website to recognise those choices on future visits. The cookie does not collect or store any personal or identifiable information about the visitor. |
| wpEmojiSettingsSupports | https://etsi.org/privacy/ | Session | WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user’s browser can display emojis properly. |
| VISITOR_PRIVACY_METADATA |
https://etsi.org/ | 6 months | YouTube sets this cookie to store the user’s cookie consent state for the current domain. |
Functional cookies
(Used to enhance functionality and support embedded services such as YouTube.)
| ID | First Found URL | Duration | Description |
| VISITOR_INFO1_LIVE |
https://etsi.org/ | 6 months | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
| yt remote connected devices |
https://etsi.org/ | Never | YouTube sets this cookie to store the user’s video preferences using embedded YouTube videos. |
| yt remote device id | https://etsi.org/ | Never |
YouTube sets this cookie to store the user’s video preferences using embedded YouTube videos. |
| ytidb::LAST_RESULT_ENTRY_KEY | https://etsi.org/ | Never |
The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future. |
| yt remote session name | https://etsi.org/ | Session |
The yt-remote-session-name cookie is used by YouTube to store the user’s video player preferences using embedded YouTube video. |
| yt remote fast check period |
https://etsi.org/ | Session |
The yt-remote-fast-check-period cookie is used by YouTube to store the user’s video player preferences for embedded YouTube videos. |
| yt remote session app | https://etsi.org/ | Session |
The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player. |
| yt remote cast available | https://etsi.org/ | Session |
The yt-remote-cast-available cookie is used to store the user’s preferences regarding whether casting is available on their YouTube video player. |
| yt remote cast installed | https://etsi.org/ | Session |
The yt-remote-cast-installed cookie is used to store the user’s video player preferences using embedded YouTube video. |
Advertisement cookies
(Used for advertising features, experiments, or security. Requires consent.)
| ID | First Found URL | Duration | Description |
| _Secure ROLLOUT_TOKEN | https://etsi.org/ | 6 months | YouTube sets this cookie to manage feature rollout and experimentation. It helps Google control which new features or interface changes are shown to users as part of testing and staged rollouts, ensuring consistent experience for a given user during an experiment. |
| _Secure YNID |
https://etsi.org/members/sateliot/ | 6 months | YouTube cookie used to protect user security and prevent fraud, especially during the login process. |
| _gcl_au | https://etsi.org/members/cinderella-aps/ | 3 months | Google Tag Manager sets this cookie to experiment advertisement efficiency of websites using their services. |
Analytics cookies
(Used to measure site performance and usage. Requires consent.)
|
ID |
First Found URL | Duration | Description |
| _ga | https://etsi.org/privacy/ | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and track site usage for the site’s analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognise unique visitors. |
| _ga_* |
https://etsi.org/privacy/ | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| YSC |
https://etsi.org/ | Session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
Others
| ID | First Found URL | Duration | Description |
| _Secure YEC | https://etsi.org/ | Past | YouTube sets this cookie to store the user’s video player preferences using embedded YouTube video. |
Whilst these websites and services use cookies, you can set up your browser to reject cookies, but disabling their use may materially impact your interaction with ETSI websites and services.
Reasons we communicate personal data to third parties
We never sell, lease, or rent your personal data.
We communicate your personal data to third parties only with your consent or when it is necessary in the context of activities described above in section “What Kind of Personal Data We Collect And Why”, or otherwise when required by law or to respond to a legal proceeding, to protect our users, to protect lives, to maintain the security of our products, and to protect the rights or property of ETSI.
We may hence share your personal data with:
• Suppliers and service providers working on our behalf, partners operating on a contractual basis with us;
• Public or Legal Authorities, when required by law or to respond to legal proceedings;
• Public Agencies or Public Entities (such as European Commission) funding and/or collaborating with ETSI.
Besides, activities within ETSI are based on collaborative work between ETSI members, the Secretariat, Counsellors, and other partners involved in ETSI’s activities. When participating to such activities within ETSI, you agree that your personal data as you provide it to us (Title, name, surname, e-mail and postal address, function, organisation, phone number), will be accessible to other ETSI members, the Secretariat, EC Counsellors, and other partners to enable you collaborate with them and vice versa. Such personal data may also be available on contributions and other ETSI documents that are shared with other ETSI members, Counsellors and when entitled, to other partners in the context of such collaborative work. However, your personal data, as accessible to other ETSI members, may not be used for another purpose than collaborating with you in the context of ETSI’s activities, may it be in ETSI’s technical activities or ETSI’s corporate activities.
Transfer of personal data outside of the European Economic Area (EAA)
In certain situations, ETSI transfer your personal data outside the EEA (EUROPEAN ECONOMIC AREA). Such Transfer is made on the following basis:
- The countries have been deemed by the Commission of the European Union to have an adequate level of protection of personal data (so called safe third countries).
- Otherwise, we will request on a contractual basis that adequate protection for your personal data is provided by our service providers and partners.
- In particular, when you participate to ETSI’s activities, and given that ETSI’s membership is global, this implies that ETSI members located outside the EEA have access to your personal data, in the conditions indicated in the section “Reason We Communicate Personal Data to Third Parties” hereabove.
Sensitive data
Unless expressly invited or requested to do so, for specific purpose and needs, we ask you not to communicate to us confidential or sensitive personal data such as passport or ID card number, health insurance number, date of birth, driving license number. In case of a request from us involving confidential or sensitive data, you shall be informed of the purpose and method used.
In this instance, you are informed that when registering to an event or a meeting, for which ETSI offers a meal, we may invite you, on a voluntary basis, to inform us of any special dietary requirements to consider. Such personal data is not stored following the event or the meeting for which you provided such personal data.
Accuracy of your personal data
We take all reasonable measures to keep the personal data we process accurate and to delete incorrect or unnecessary personal data.
Children’s privacy
Part of ETSI websites and services are open to a general audience and are designed to allow visitors to browse through the websites without providing any personal data.
However, ETSI’s website and more generally, ETSI activities are not intended for minors. We do not knowingly collect personal data from anyone under the age of 15 and will immediately destroy such information from our records if we discover it.
Links to other websites
We may provide links to other websites for your convenience and information, but these websites may operate independently from ETSI and have their own privacy notice or policy which we strongly recommend that you review those organisations’ policies insofar as they apply to your visit to those websites. We are not responsible for the content of those websites and their privacy practices.
Retention
We retain your personal data as described in the present privacy policy for as long as we need it to provide you with our services or to comply with a legal request unless a longer retention period is required or permitted under the applicable law, or unless justified by ETSI’s legitimate interest in the context of its activities.
The security of your personal data
Wherever your personal data may be held by ETSI, we will take reasonable and appropriate measures to protect the personal data that you share with us from unauthorised access or disclosure.
You are responsible to safeguard your credentials, IDs, and passwords. If you suspect that your credentials, IDs and/or passwords have been compromised, please inform us immediately, using the contact methods detailed below.
Amendments of this privacy policy
This privacy policy may be updated from time to time and without prior notice to you in order to reflect changes in our practices related to personal data.
We recommend you visit this page regularly to view the current terms and conditions, bearing in mind that the date of effectiveness will always be mentioned at the top of this privacy policy with the date of the latest update.
Your rights
You have rights of access, rectification, objection, and erasure related to the personal data we hold about you. You may exercise your rights by contacting us by e-mail or regular mail (see section Contact Us below) or by managing your account and choices through available profile management tools available through our services. When updating your personal data, we may ask you to prove your identity before acting on your request. We may also reject requests that are repetitive, require disproportionate technical effort, conflict with legal requirements, harm the privacy rights of others or would be extremely impracticable.
Contact us
If you have any questions or comments about this Privacy policy or if you would like to exercise your rights mentioned in the above section “Your rights”, please contact us by e-mail at [email protected]; you may also write to:
ETSI
Privacy and Legal department
650 Route des Lucioles
06921 Sophia-Antipolis CEDEX
France
Right to lodge a complaint
If you consider, after contacting us, that your data protection rights have not been respected, you have the possibility of lodging a complaint before the CNIL online or by regular mail at:
Commission Nationale de l’Informatique et des Libertés
Service des Plaintes
3 places Fontenoy
TSA 80715
75334 Paris Cedex 07
