Personal data security


  • EPFL ensures the safety and the security of Personal Data by implementing enhanced data security through the use of logical security resources.
  • We deploy appropriate measures at both the technological and organizational level to protect the stored Personal Data of our users from unauthorized access, improper use, alteration, unlawful or accidental destruction and accidental loss.
  • These are consistent with good practice and the latest regulations, considering the risks involved, to protect your Personal Data.
  • You are an actor in the protection of your Personal Data. There are simple but effective measures to ensure the confidentiality, the security in general of your data. The EPFL’s IT security provides you some advice on this website.

Data retention

EPFL keeps your Personal Data for no longer than is necessary for the purposes for which the Personal Data are processed, in accordance with the applicable legislation.
If anonymization is not possible due to the purpose of a research project, Personal Data used in research may be stored for a maximum of 20 years.
For Clinical trials, we need to stored as a minimum the personal data for 10 years (or 15 years if medical device) after the end of the clinical trial. Please note that we also have an obligation to archive for 30 years certain data according to art. 40 LPTh in case of any operation linked with human blood.