Data Privacy Protection Policy

In carrying out the mission with which it is entrusted by its Member States, the Organization collects and uses personal data related to people interacting with CERN, including CERN contributors (i.e., members of the personnel, consultants, contractors working on site, or persons engaged in any other capacity at or on behalf of CERN), beneficiaries of the pension fund, prospective members of the personnel, suppliers, and members of the public.

In order to ensure appropriate processing of personal data, CERN commits to managing it in accordance with the CERN Code of Conduct and Operational Circular no. 11 “The Processing of Personal Data at CERN” (OC 11), which constitutes its internal data protection framework.

To this end, CERN educates its personnel on the management of personal data to:

  • strive to collect and process only essential personal data;
  • use personal data efficiently and effectively and only for the purpose(s) described at the point of collection or as otherwise permitted by the Organization’s rules;
  • keep full and accurate records of all data processing operations and make them available to data subjects in form of a privacy notice;
  • inform individuals on how to exercise their rights;
  • make best efforts to ensure that personal data held is accurate;
  • take the necessary security measures to safeguard personal data (including against unauthorised processing and accidental loss or damage);
  • ensure that personal data is not transferred without suitable safeguards;
  • keep personal data only as long as is necessary for the Organization’s purposes; and,
  • destroy personal data which is no longer needed.

CERN has established the Office of Data Privacy, a centre of expertise for data subjects and for its personnel and external entities involved in the processing of personal data, headed by the Data Privacy Adviser.

CERN has also established the Data Protection Commission, its independent data protection supervisory authority, tasked with monitoring compliance with OC 11 and evaluating complaints lodged by data subjects.