Datenschutz

This Privacy Policy explains how Luxembourg Institute of Socio-Economic Research (“LISER”, “we”, “us”) processes personal data in connection with the IZA platforms,  World of Labor (WOL), Discussion Papers Series (DP), the IZA@LISER Network, associated websites such as   iza.org,  wol.iza.org and related subdomains operated under LISER’s responsibility (hereinafter collectively referred to as the “Platforms”).

As part of the current organizational integration, certain publications may continue to appear under the “IZA” brand. Notwithstanding this branding continuity, LISER acts as the sole data controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (“GDPR”) for all processing activities described in this Policy. 

LISER processes personal data lawfully, fairly and transparently in accordance with GDPR and applicable Luxembourg data protection laws. 

All terms used in this Policy shall have the meanings assigned to them under the GDPR. 

Luxembourg Institute of Socio-Economic Research (LISER), a public establishment (établissement public) established under Luxembourg law, registered with the Luxembourg Trade and Companies Register under number J57, and having its registered office at 11, Porte des Sciences, 4366 Esch-sur-Alzette, Grand Duchy of Luxembourg. 

For any questions regarding this Privacy Policy or the processing of your personal data, you may contact us :

• General : info@liser.lu 

• Data Protection Officer (DPO) : dpo@liser.lu

3.1 Processing related to the IZA@LISER Network

3.1.1 Admission and management of members  

The IZA@LISER Network brings together researchers and fellows in order to promote academic collaboration and scientific exchange. Membership in the network requires the processing of certain identification and professional data.

More information 

Purposes of processing 

Personal data are processed in order to assess and manage membership within the IZA@LISER Network, including the creation and administration of member accounts. 

They are also used to create, maintain and update public and private member profiles, ensure accurate affiliation information, and facilitate communication within the network. 

Legal basis 

Processing relating to the administration and governance of the IZA@LISER Network is based on Article 6(1)(f) GDPR (legitimate interest in managing and promoting a scientific research network). 

Processing relating to the creation, and management of user accounts and profiles for IZA@LISER Network members and the acceptance of the applicable membership terms of use is based on Article 6(1)(b) GDPR (performance of a contract). 

Categories of personal data 

Identification and professional information such as name, academic title, institutional affiliation, professional biography, research interests, academic identifiers (e.g., ORCID) and contact details. 

Recipients 

Authorized LISER administrative staff, Platforms users (for data designated as publicly visible) and external service providers who process personal data on LISER’s instructions in accordance with Article 28 GDPR.  

Retention 

Personal data are retained for the duration of affiliation/membership and for a limited period thereafter where necessary for administrative continuity, legal compliance, or research record-keeping. 

3.1.2 Discussions Papers Series  

The Discussion Papers Series enables the dissemination of research produced by IZA@LISER Network. In this context, LISER processes identification and professional data relating to authors. 

More information 

Purposes of processing 

Personal data are processed in order to receive and manage manuscript submissions, verify authorship information, and communicate with authors throughout the editorial process. 

Where a manuscript is accepted, personal data are further processed to prepare the paper for publication, ensure proper attribution of authorship, and make the Discussion Paper available through the Platforms. 

Publication also involves the dissemination and indexing of the paper as part of the scientific working paper series, thereby contributing to academic exchange and the visibility of research outputs. 

Legal basis 

Processing relating to the submission of Discussion Papers is based on Article 6(1)(f) GDPR (legitimate interest in the dissemination and management of scientific research). 

Categories of personal data 

Identification and professional information such as name, institutional affiliation, academic identifiers (e.g., ORCID), contact details. 

Recipients 

Authorized LISER editorial staff, Platforms users (for data designated as publicly visible) and external service providers who process personal data on LISER’s instructions in accordance with Article 28 GDPR. 

Retention 

Personal data relating to manuscript submissions are retained for as long as necessary to manage the editorial process and ensure administrative accountability. 

Where a Discussion Paper is accepted and published, author information and publication metadata are retained as part of the scientific working paper series and the academic record. 

3.1.3 World of Labor 

The World of Labor platform enables the publication of policy-oriented research articles aimed at disseminating economic knowledge to a broader audience. In this context, LISER processes identification and professional data relating to authors and individuals involved in the editorial process. 

More information 

Purposes of processing 

Personal data are processed in order to receive and manage article submissions, coordinate the editorial and peer review process, and communicate with authors throughout the evaluation process. 

Where an article is accepted, personal data are further processed to prepare the article for publication, ensure proper attribution of authorship, and disseminate the content through the WOL platform. 

Publication may also involve dissemination, indexing, and archiving as part of the scientific and policy-oriented publication record. 

Legal basis 

Processing relating to the submission and editorial evaluation of articles is based on Article 6(1)(f) GDPR (legitimate interest in managing scientific and policy-oriented publications). 

Processing relating to the publication of articles following the conclusion of an authorship/publication agreement is based on Article 6(1)(b) GDPR (performance of a contract). 

Categories of personal data 

Identification and professional information such as name, institutional affiliation, academic identifiers (e.g., ORCID), contact details, and information necessary to formalize authorship/publication agreements and publication records. 

Recipients 

Authorized LISER editorial staff, Platforms users (for data designated as publicly visible), electronic signature service providers used to formalize authorship/publication agreements (e.g., Adobe Sign), and other external service providers who process personal data on LISER’s instructions in accordance with Article 28 GDPR. 

Retention 

Personal data relating to submissions and peer review are retained for as long as necessary for editorial management and accountability. Published articles form part of the academic and policy publication record and are retained accordingly. 

3.2 Processing related to Platforms use and communication  

3.2.1 Platforms access and technical logs 

LISER processes certain technical data when users access the  Platforms in order to ensure their proper functioning and security. 

More information 

Purposes 

Personal data are processed to ensure the technical functionality, stability, and security of the  Platforms, to detect and prevent misuse or unauthorized access, and to maintain the integrity of the Platforms.   

Legal basis 

Processing is based on Article 6(1)(f) GDPR (legitimate interest in ensuring the security, proper functioning, and protection of the Platforms and their users). 

Categories of personal data  

Technical information such as IP address, browser information, timestamps, accessed pages. 

Recipients  

Authorized LISER technical and administrative staff, as well as external service providers who process personal data on LISER’s instructions in accordance with Article 28 GDPR. 

Retention 

Technical logs are retained for a limited period necessary to ensure security and system integrity, unless further retention is required in the context of security incidents or legal obligations. 

3.2.2 Contact form 

When users contact LISER through the contact forms available on the  Platforms or by email, personal data are processed in order to respond to their enquiries. 

More information 

Purposes 

Personal data are processed to receive, manage and respond to enquiries submitted via the contact forms on the Platforms or by email, and to ensure appropriate follow-up where necessary.  

Legal basis 

Processing is based on Article 6(1)(f) GDPR (legitimate interest in responding to communications and managing enquiries addressed to LISER).  

Categories of personal data 

Identification and contact information such as name, email address, message content. 

Recipients  

Authorized LISER technical and administrative staff, as well as external service providers who process personal data on LISER’s instructions in accordance with Article 28 GDPR. 

Retention 

Personal data are retained only for as long as necessary to process the enquiry and any related follow-up, unless further retention is required to comply with legal obligations or to establish, exercise or defend legal claims. 

3.2.3 Institutional newsletters 

LISER processes personal data in order to distribute institutional newsletters and updates relating to the activities of the Platforms. 

More information 

Purposes 

Personal data are processed to send newsletters, institutional updates and information about activities, publications or events related to the Platforms.  

Legal basis 

Processing is based on Article 6(1)(a) GDPR (consent). Subscribers may withdraw their consent at any time, in particular by using the unsubscribe link included in each newsletter, without affecting the lawfulness of processing carried out prior to withdrawal. 

Categories of personal data  

Identification and contact information such as email address. 

Recipients  

Authorized LISER staff responsible for communication activities, and external email distribution service providers acting on LISER’s instructions in accordance with Article 28 GDPR. 

Retention  

Personal data are retained for as long as the individual remains subscribed to the newsletter. In the event of prolonged inactivity, contact details may be removed from the mailing list after a reasonable period. 

3.2.4 Organization of events 

LISER processes personal data in connection with the organization of academic conferences, workshops and related events within the framework of the Platforms. 

More information 

Purposes  

Personal data are processed to manage event registrations, organize participation, coordinate logistical arrangements, communicate with participants, and ensure the proper conduct of academic events. 

Where applicable, personal data may also be processed to facilitate follow-up communication relating to the event.  

Legal basis 

Processing relating to the organization, administration and coordination of events is based on Article 6(1)(f) GDPR (legitimate interest in organizing and managing academic activities).  

Categories of personal data 

Identification and professional information such as name, affiliation, contact details, participation preferences. 

Recipients  

Authorized LISER administrative and organizational staff, and, where necessary, external service providers involved in the organization of events (such as venue providers or technical service providers) acting on LISER’s instructions in accordance with Article 28 GDPR. 

Retention 

Personal data are retained for the duration necessary to organize and manage the event and to comply with applicable administrative, accounting and legal obligations. 

Cookies are small text files that are stored on your device (computer, tablet, or smartphone) when you visit a website. They are widely used to ensure the proper functioning of websites, improve user experience, and provide information to website operators about how the website is used.

The Platforms use cookies and similar technologies to ensure their proper functioning and, where applicable, to analyze how the Platforms are used. 

Cookies used on the Platforms fall into the following categories: 

• Strictly necessary cookies, required for the operation and security of the Platforms ; 

• Preference cookies, which store user preferences and settings ; 

• Analytics cookies, which help us understand how visitors interact with the Platforms ; 

• Third-party cookies, which are set by external service providers.

4.1 Cookies used on wol.iza.org

The following cookies may be used on wol.iza.org:

Strictly necessary cookies 

Consent and preference cookies 

The cookie storing the user’s cookie preferences is considered strictly necessary as it records the user’s consent choices 

Analytics cookies 

Analytics cookies are only activated after the user has provided consent via the cookie banner. If the user does not consent, these cookies are not stored on the user’s device.

Third‑party cookies 

These cookies are controlled by Google and are subject to Google’s own privacy and cookie policies. 

4.2 Cookies used on iza.org 

The following cookies may be used on iza.org :  

Strictly necessary cookies 

Consent and preference cookies 

The cookie storing the user’s cookie preferences is considered strictly necessary as it records the user’s consent choices. 

Analytics cookies 

Analytics cookies are only activated after the user has provided explicit consent via the cookie banner. If the user does not consent, these cookies are not stored on the user’s device. 

Third-party cookies 

These cookies are controlled by the respective third‑party providers and are subject to their own privacy policies. 

4.3 Important note

Users may configure their browser settings to block cookies. However, disabling strictly necessary cookies may affect the functioning of the Platforms.

Users may withdraw their consent at any time by adjusting their cookie preferences through the cookie settings available on the Platforms.

Personal data are primarily processed in Luxembourg and, more generally, within the European Economic Area (EEA). We prioritise local or European data storage and processing solutions.

In certain specific cases, if we need to use a service provider located outside the EEA, we ensure that such international data transfers are subject to appropriate legal safeguards.

This means we first verify whether the destination country benefits from an adequacy decision by the European Commission or, if not, we enter standard contractual clauses approved by the European Commission with the service provider, supplemented by additional security measures where necessary. 

LISER implements appropriate technical and organizational measures pursuant to Articles 24 and 32 GDPR. 

Security framework aligned with ISO/IEC 27001 and ISO/IEC 27701 standards. 

Measures include access controls, authentication procedures, encryption where appropriate, logging, monitoring and incident response procedures. 

As a data subject, you have the following rights under GDPR: 

• Right of access: you may request confirmation as to whether personal data relating to you are processed and obtain a copy of such data. 

• Right to rectification: you may request the correction of inaccurate personal data and the completion of incomplete personal data. 

• Right to erasure: in certain cases, you may request the deletion of your personal data, in particular where such data are no longer necessary for the purposes for which they were collected. 

• Right to restriction of processing: you may request that the processing of your personal data be restricted, for example while the accuracy of the data is being verified. 

• Right to data portability: where processing is based on your consent or on a contract and carried out by automated means, you may request to receive your personal data in a structured, commonly used and machine-readable format. 

• Right to withdraw consent: where processing is based on your consent, you may withdraw such consent at any time.  

• Right to object: you may object, on grounds relating to your particular situation, to the processing of your personal data where such processing is based on legitimate interestssubjects have the rights of access, rectification, erasure, restriction, objection, portability and protection against automated decision-making under Articles 15–22 GDPR. 

Where processing is carried out for scientific research purposes, certain rights may be limited in accordance with Articles 89 and 17(3)(d) GDPR. 

Please note that your data protection rights are not absolute. In certain circumstances, and where permitted by applicable data protection laws, we may refuse or restrict the exercise of your rights. If this is the case, we will inform you of the reasons for our decision, unless we are legally prevented from doing so. 

a. How to exercise your rights 

Data subjects may exercise their rights by contacting LISER’s Data Protection Officer at dpo@liser.lu.  

Requests will be handled in accordance with Articles 12–23 GDPR and will be responded to within one month of receipt of the request. 

The response period may be extended by up to two additional months where necessary, taking into account the complexity and number of requests received. In such cases, we will inform you of the extension within one month of receiving your request, together with the reasons for the delay. Where the request is submitted electronically, the information will, where possible, be provided by electronic means, unless you request otherwise. 

If we decide not to take action on your request, or if we fail to process it within the timeframe mentioned above, you have the right to lodge a complaint with the Commission Nationale pour la Protection des Données (as mentioned below) and to seek a judicial remedy against our decision. 

b. Right to lodge a complaint 

If a data subject considers that processing infringes the GDPR, they may lodge a complaint with the: 

Luxembourg National Commission for Data Protection (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg. 

Website: www.cnpd.lu.  

LISER reserves the right to update this Privacy Policy to reflect legal, technical or organizational changes. 

Updated versions will be published on the relevant Platforms with an updated 'Last update' date. 

Last update : 13/03/2026