The European Organization for Nuclear Research (“CERN”) is an Intergovernmental Organisation with its seat in Geneva, Switzerland. By virtue of its particular legal status, the Organization enjoys certain privileges and immunities under international law.

CERN processes personal data solely in accordance with its internal legislation. Its data privacy framework is based on principles established in its Member States and, more broadly, within the European Union, and is implemented through appropriate technical and organizational measures. CERN has designated a Data Privacy Adviser (DPA), who acts as a centre of expertise for all matters relating to data protection within the Organization.

As CERN is not subject to any national or equivalent jurisdiction, any disputes arising in connection with the processing of personal data are to be resolved in accordance with CERN’s internal legislation or, failing that, through arbitration.

In this context, it is worth noting that the European Data Protection Board (EDPB), in its Guidelines 3/2018 on the territorial scope of the GDPR (Article 3), recalled that “the application of the GDPR is without prejudice to the provisions of international law, such as those governing the privileges and immunities of non‑EU diplomatic missions and consular posts, as well as international organisations.”

CERN's statement on data privacy protection is available online at: https://home.cern/data-privacy-protection-statement.

CERN will respond to your request in accordance with its internal procedures.