The Aquila Consortium is the data controller for personal data processed through this website. This statement explains what data we collect, why, and how you can exercise your rights under the General Data Protection Regulation (GDPR).
1. Data we collect and why
1.1 Contact form
When you use the contact form, we collect your name, email address, subject, and message. This data is transmitted by email to consortium members who handle enquiries; it is not stored in our database. The legal basis is your consent (GDPR Art. 6(1)(a)) and our legitimate interest in responding to correspondence (Art. 6(1)(f)).
1.2 Membership data
When you become a member of the consortium (by accepting an invitation), we store:
- Name (first name and last name)
- Email address(es)
- Institution / location
- Biography, ORCID identifier, homepage URL (optional, provided by you)
- Forgejo account login (derived from your email address at onboarding)
- Membership dates (joined, alumnus date if applicable)
This data is processed on the basis of the membership contract (Art. 6(1)(b)) and is necessary to manage your participation in the consortium.
1.3 Scientific activity
We record your authorship of posts, talks, claimed publications, and collaboration project content (updates and comments) that you create on this platform. These records support the consortium’s collaborative work and are retained for as long as you are an active or alumni member (Art. 6(1)(b)).
1.4 Authentication & sessions
When you log in via our OAuth2 provider, we store a session cookie (PHPSESSID) and
issue a short-lived JSON Web Token (JWT) valid for 24 hours. These are strictly necessary
for authentication and expire automatically (Art. 6(1)(f) — security and operational
necessity).
1.5 Email log
Every outgoing email sent by the platform (invitations, activity digests) is recorded in an internal log containing the recipient address, subject, timestamp, and any delivery error. This log is used for administrative auditing (Art. 6(1)(f)).
2. Cookies
| Cookie | Purpose | Consent required? |
|---|---|---|
PHPSESSID |
PHP session — authentication | No (strictly necessary) |
tarteaucitron |
Stores your cookie preferences | No (strictly necessary) |
3. Data sharing and transfers
We do not sell or share your personal data with third parties for marketing purposes.
- Forgejo instance (
git.aquila-consortium.org): a Forgejo account is created for each new member as part of the onboarding process. The account login (derived from your email address) and your email address are transmitted to this service.
4. Your rights
Under the GDPR, you have the following rights regarding your personal data:
- Right of access (Art. 15): obtain a copy of all data we hold about you.
- Right to rectification (Art. 16): correct inaccurate or incomplete data — you can do this at any time via your profile page in the members’ area.
- Right to erasure (Art. 17): request deletion or anonymisation of your personal data.
- Right to object (Art. 21): object to analytics processing — withdraw consent via the cookie-consent panel at any time.
To exercise the rights of access or erasure, or for any other privacy enquiry, please use our contact form.
We will respond within 30 days as required by the GDPR.
You also have the right to lodge a complaint with a supervisory authority — in France: the CNIL (Commission Nationale de l’Informatique et des Libertés), 3 Place de Fontenoy, 75007 Paris.
5. Data retention
| Data | Retention |
|---|---|
| Session token (JWT) | 24 hours |
| Contact form | Never stored (email only) |
| Member profile & activity | Until an erasure request is fulfilled |
| Email log | Administrative retention (no fixed schedule) |
Last updated: May 2026