Use of Cookies by the HBP

Cookies are small text files placed on your computer. Some cookies are functional session cookies which are used to provide the user with the experience of a session: e.g. they track login details, remember user choices and preferences, and in some instances determine site permissions. Other cookies are used to provide statistics: e.g. they provide, in anonymous form, the number of visitors accessing a website, features users access during website visits, and the general location of the user based on IP address. To find out more about cookies, including how to determine the cookies that have been set on your computer and how to manage or delete them, visit

This HBP website uses: 

  • functional session cookies not containing personal data, and which are necessary for the proper operation of the website 

  • functional persistent cookies to store your user preferences (language, cookie agreement, mobile vs desktop device type)

  • analytical cookies to extract anonymized statistics on usage of this HBP website (Google Analytics)

  • cookies set by embedded social media content (Twitter, Vimeo, Youtube).

For more information, users can access a detailed list of the cookies related to the HBP website and their function group.

This website protects your privacy by not creating cookies which contain personal data. The selection of third-party websites for social media content is limited to those listed above.

HBP Privacy Policy

The HBP is a large-scale ICT project employing over 500 scientists at more than 130 universities and research institutes.

For more information on Data Protection across the project, visit


Data Controllers for the HBP website

The Swiss Federal Institute of Technology in Lausanne (EPFL) is the data controller for the personal information processed on the HBP Public Website, unless otherwise stated. EPFL’s legal address is Bâtiment CE-3.316, Station 1, CH-1015 Lausanne, Switzerland, and has its HBP Project Coordination Office located at: Biotech Campus, Chemin des Mines 9, CH-1202 Geneva, Switzerland.

EPFL is neither data controller nor in charge of third party embedded content.

All concerns regarding this HBP website, including ethical or data protection issues in the HBP, can be submitted to The POint of REgistration (PORE) here . 


HBP Data Protection Officer (HBP DPO):

To contact the HBP Data Protection Officer directly, please send an email to the following address

The legal basis for data processing in this HBP website include:

  • Consent given by the Data Subject (GDPR Art. 6(1)(a))

  • Necessity for the performance of a contract to which the Data Subject is a party, or for taking steps at the request of the Data Subject prior to entering a contract (GDPR Art. 6(1)(b)). If you register for an HBP event, your contact details and contact information are processed under this legal basis.

  • Compliance with a legal obligation (GDPR Art. 6(1)(c)). For example, where the HBP partners are required to store the data to meet bookkeeping or audit obligations. 

  • Necessity for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller (GDPR Art. 6(1)(e)).

  • If the HBP partners have a legitimate interest that is not overridden by the interests or fundamental rights freedoms of the Data Subject (GDPR Art. 6(1)(f)).

If you are employed by an HBP partner, your data will not be processed based on consent but rather to comply with a legal obligation, to perform a contract, or in some cases, for purposes of a legitimate interest.

This HBP website may process personal data that the Data Subject provides explicitly through account profile entry, login or other forms (e.g. contact forms, event registration, newsletter subscription). This includes required and optional fields entered by the Data Subject.

Additionally, this HBP website logs the IP address used to access the website for security reasons.

Personal data may be processed to provide access to services offered by the HBP website, to facilitate collaboration among users of the HBP website and to contact users to keep them informed of events and HBP news.


Non-HBP Services

This HBP website may receive support and services from providers outside of the project. If any personal data is transferred to these providers, the administrator of this website is required to consult the HBP Data Protection Officer to ensure that all data privacy obligations are met.


Data Shared within the HBP Consortium

The data controller may share data within the HBP Consortium. All HBP partners are required by contract to meet all GDPR requirements. In some cases, HBP partners may be required to report certain anonymized statistical information to the European Commission (EC) such as website traffic.

The data controller may also share data with official authorities if required by an administrative or court order, or with auditors.


Data Shared with Third Parties

No personal data collected from this HBP website is sold or otherwise shared for the purposes of direct marketing or other commercial purposes. 


Transfers of the personal data to any third countries

Personal data may be transferred between HBP service providers based in different countries. Personal data transfers may take place within the EU/EEA and to other countries that have been found to have adequate levels of protection by the European Commission including, but not limited to, Switzerland and Israel. All other personal data transfers are made with adequate safeguards in place including EC Standard Contractual Clauses, Binding Corporate Rules, or as part of the Privacy Shield Framework.


Retention periods for the personal data

Cookies may be erased by the user at the end of each session. Some web browsers offer to do this automatically.

Personal data entered by the Data Subject may be retained up to 2 years after the lifetime of the HBP project and of the ensuing research infrastructure.

Data Subjects may request erasure of their personal data to the HBP DPO. The data controller will execute such requests, except for minimal personal data which may be retained if needed for monitoring legal compliance. Backups may also be retained in case of legitimate interests of the data controller for the continued exploitation of the research infrastructure.


The rights available to individuals, as provided in the General Data Protection Regulation in respect of the processing their personal data, include:

(a) the right to be informed (see further GDPR Articles 12-14, and Recitals 58 and 60-62),

(b) the right to access personal data (see further GDPR Articles 12, 15 and Recitals 63, 64),

(c) the right to rectification including having inaccurate personal data completed if it is incomplete (see further GDPR Articles 5, 12, 16 and 19),

(d) the right to erasure (see further GDPR Articles 18, 19 and Recital 67),

(e) the right to restrict processing (GDPR Article 18),

(f) the right to data portability (GDPR Article 20 and Recital 68),

(g) the right to object (GDPR Article 21).


The right to lodge a complaint with a supervisory authority

The HBP DPO and HBP partners will make every reasonable effort to address your data protection concerns. However, you have a right to lodge a complaint with a data protection authority. Contact information for the European Data Protection Board and EU DPAs is available here: 

Contact information for the Swiss Data Protection authority is available here: 

Contact information for the Israeli Data Protection authority is available here:

Contact information for the Norwegian Data Protection authority is available here:

Contact information for the Turkish Data Protection authority is available here: