Privacy Policy

This privacy policy explains how the BRAINTWIN project website (“we”, “our”, “the website”) may collect, use, store and protect information when you visit and interact with the site. We are committed to respecting your privacy and processing personal data in accordance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and applicable French data protection rules, including the Loi Informatique et Libertés (as amended) and guidance issued by the CNIL (Commission Nationale de l’Informatique et des Libertés).

This website is primarily an information and communication channel about the BRAINTWIN research programme. It is not designed to collect sensitive information about visitors. Where processing occurs (e.g., technical logs, analytics, messages you send us), we aim to apply the principles of data minimisation, privacy by design, purpose limitation and security.

1) Scope of this policy

This policy covers information processed through your use of the public website (pages you view, basic technical information needed to serve content, and messages you send us). It also provides a high-level overview of how research data is handled within the BRAINTWIN project. Research data governance is broader and subject to additional legal and ethical frameworks; it should not be confused with basic website browsing.

2) Who is responsible for processing (website publisher)

The BRAINTWIN website is published for research communication purposes. For any privacy-related questions about the website, you can contact: braintwin@icm-institute.org. Depending on the context (website hosting, analytics provider, institutional infrastructure), certain service providers may process technical data on our behalf as processors (GDPR terminology) under appropriate agreements.

3) What information we may collect

We collect and process as little information as possible. Depending on your interactions with the website, we may process:

  • Technical information (server logs): IP address (or partial IP depending on configuration), date/time of access, pages requested, approximate geographic area (inferred from IP at broad level), browser type/version, operating system, referring page, and technical identifiers needed to deliver the site securely.
  • Aggregated usage information (analytics): statistical indicators such as number of visits, page views, navigation flows, approximate location distribution (country/city level), and device categories. These metrics are used to understand and improve the website.
  • Information you voluntarily provide: if you contact us by email, we will receive your email address and the content of your message. Please do not include sensitive personal data (e.g., medical information) in emails.

4) Purposes and legal bases for processing (GDPR)

Under GDPR, processing must rely on a legal basis. Depending on the context, we may rely on:

  • Legitimate interests (GDPR Art. 6(1)(f)) for operating the website, ensuring security, preventing abuse, and improving content. Our legitimate interest is balanced against your rights and freedoms, and we minimise data collection accordingly.
  • Consent (GDPR Art. 6(1)(a)) where required, in particular for optional analytics cookies or non-essential tracking technologies. Where consent is used, you may withdraw it at any time via your browser settings and/or cookie preferences (when implemented).
  • Compliance with legal obligations (GDPR Art. 6(1)(c)) in limited cases, for example if retention is required to respond to lawful requests.

Website Analytics

This website may use analytics services to understand visitor behaviour and improve content (e.g., which pages are most useful, how visitors find the site, and the overall geographic distribution of visits). Analytics is intended to be used in an aggregated and privacy-respecting manner.

We aim to configure analytics to minimise personal data collection (for example, shortened retention, avoidance of cross-site profiling, and technical measures such as IP truncation where available). Analytics does not aim to identify you by name. However, depending on the analytics provider and setup, technical identifiers may still be processed to produce reliable statistics.

If you use privacy tools (e.g., content blockers) or disable scripts/cookies in your browser, some analytics may be blocked.

Visitor counter / world map widget

The website may display a visitor counter and a world-map widget that illustrates approximate locations of visits. Such widgets typically rely on technical information (e.g., IP-derived location, browser type) to estimate counts and geographic distribution. These are approximate and intended for communication/illustration rather than precise tracking of individuals.

If you prefer not to be included in such aggregated statistics, you can restrict scripts or tracking technologies via your browser settings and privacy tools.

Cookies

Cookies are small text files stored on your device. The BRAINTWIN website is designed to use minimal cookies needed for basic functionality (for example, remembering a user interface preference). We do not intentionally use advertising cookies.

If optional analytics cookies or similar technologies are used, they may be subject to consent requirements under European and French rules on electronic communications and CNIL guidance. If a cookie banner/preference manager is implemented, you can choose your preferences there.

You can also control cookies directly in your browser settings. Blocking some cookies may affect certain website features.

External Links

This website contains links to external sites (e.g., partner institutions, funders, publications, social networks). When you click an external link, you leave the BRAINTWIN website. We are not responsible for the privacy practices, content, or security of third-party websites. We encourage you to review their privacy policies, especially when those sites may set their own cookies or collect additional data.

Data sharing and recipients

We do not sell personal data collected through this website. Technical data may be processed by service providers that help us operate the site (e.g., hosting services, analytics/widget providers). When such providers are used, they act under contract and are authorised to process data only to deliver the requested service and in accordance with GDPR requirements.

International transfers

Where website-related service providers process information outside the European Economic Area (EEA), transfers may occur. In such cases, we seek to ensure appropriate safeguards are in place as required by GDPR (for example, adequacy decisions or Standard Contractual Clauses, and additional measures where relevant). When possible, we prefer configurations and providers that process data within the EU/EEA.

Data retention

We retain information only for as long as necessary for the purposes described in this policy:

  • Server/security logs are retained for a limited period necessary to ensure website security, troubleshoot issues, and prevent abuse.
  • Analytics data is retained according to the analytics configuration and is intended to be stored only as long as needed to produce meaningful aggregated statistics.
  • Emails and correspondence are retained for the time necessary to respond to requests and manage follow-up, and may be archived for institutional record-keeping where appropriate.

Your rights (GDPR)

Under GDPR and French law, you may have rights regarding your personal data, including: access, rectification, erasure (where applicable), restriction, objection, and data portability (where applicable). If processing is based on consent, you may withdraw consent at any time.

To exercise your rights, contact: braintwin@icm-institute.org. We may request additional information to verify your identity before responding, to protect your data and prevent unauthorised disclosure.

You also have the right to lodge a complaint with the French supervisory authority: CNIL.

Security

We implement reasonable technical and organisational measures to protect information processed through the website against unauthorised access, alteration, disclosure or destruction. This includes access controls, secure hosting practices, and minimisation of data collected. However, no method of transmission or storage is completely secure; we therefore cannot guarantee absolute security.

Research Data

BRAINTWIN is a research programme that may involve the processing of health-related data within the scope of ethically and legally governed research activities. Research data handling is distinct from website browsing and is subject to additional requirements under GDPR and French rules applicable to health and biomedical research (including approvals and oversight by relevant institutional and regulatory bodies as applicable).

As a general principle, BRAINTWIN applies:

  • Data minimisation: only data necessary for the scientific objectives is processed.
  • Pseudonymisation: research datasets use coded identifiers with controlled access.
  • Access limitation: access is restricted to authorised personnel under confidentiality obligations.
  • Governance and oversight: processing occurs under appropriate governance, ethics review, and institutional procedures.

For detailed information about BRAINTWIN research data governance, participant rights, and applicable approvals, please contact: braintwin@icm-institute.org.

Contact

For questions about this privacy policy or requests regarding your data, contact: braintwin@icm-institute.org.

Last updated: January 2026