DATA PROTECTION, PRIVACY, AND COOKIES POLICY

This “Data Protection, Privacy, and Cookies Policy” (hereafter referred to as the “Privacy Policy”) aims at clarifying the privacy and cookies policy applicable to the processing of personal data on this website and associated online services (hereafter referred to as the “Website”). It provides information for the visitors and users of the Website (hereafter referred to as the “User”), including on their rights as data subjects.

Data Controllers

The Website is managed by the European Centre for Certification and Privacy (hereafter “ECCP”) located in Luxembourg acting as the controller and processor.

Purpose and Use of Collected Information

ECCP avoids collecting or storing unnecessary personal data. It may collect and process personal data in relation to the Website for the following purposes:

• Applications, registrations, access and administrative management of Users and their linked parties;
• Facilitating sharing of information and Content provided by the Users, including support interaction with other Users, with the Service Provider and/or with third parties;
• Informing ECCP users and visitors about ECCP-related events and activities;
• Improving users’ experience and the quality of delivered services;
• Authenticating, securing and collecting statistics on remote connections;
• Enabling the Service Provider to address and handle claims or litigations.

How and What Data Can Be Collected

ECCP can receive information and personal data through its websites, email notifications, and other interactions means, and may include:

• Information provided by the users when using our services, such as their name and contact details;
• Information provided by users’ devices for connectivity, such as your IP address;
• Cookies and similar technologies, whose use is voluntarily limited and minimised on our website.

Legal Basis

The processing of personal data on the Website is by default based on the consent of the data subject. However, some personal data processing is also required for the performance of contracts (i.e. the processing related to the payment of subscription fees) and/or for the legitimate interest of the Service Provider (i.e. security monitoring, keeping useful information in case of legal claims).

Policy Towards Children

ECCP services are not directed to minors of age. Any User who is below the age limit for consent applicable to their country of residence must get clear and explicit consent from their parental authority before sharing any personal data through the Website. Anyone who becomes aware that a User below the age limit has provided us with personal data without parental agreement should inform us.

Data Storage and Retention Period

ECCP servers are located in Europe. The data retention period is minimised and data that are not useful anymore are deleted or anonymised. The data retention period is determined by taking into account the rights of the data subjects, the legal, security, and management requirements and, where applicable, the legitimate interests of ECCP.

Sharing and Transfer of Information

Personal data are processed with care, and our policy aims at avoiding unnecessary data transfers to third parties or to jurisdictions that may expose the data at risk. The Service Provider may share personal data in the following cases:

• With data processors used to deliver the services, such as registration processes, or data storage infrastructure;
• When required by Law and/or for legitimate purposes, such as legal rights and ability to address legal complaints;
• For reporting and information purposes;
• With partner organisations regarding the Website use by their employees.

The Service Provider usually uses aggregated and anonymised data when reporting on its activities and the participants in its events. However, information on its members, employees, and participants attending the Service Provider activities may appear in public reports, pictures, press releases and through other information means.

Data Processors of the Website

Where applicable, the Website may use third-party modules and data processors to deliver certain functionalities. You can request more information on third-party data processors through our contact form.

Security

ECCP uses technical and organisational measures to safeguard information in its possession against loss, theft and unauthorised access, use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while ECCP strives to protect the information it processes, the User is required not to post any sensitive or critical personal information on the Website and to always keep a copy of important information and content shared on the Website. If you identify any weakness in our security, please inform us.

Automated Decision-Making

Personal data collected on this website is not subject to automated decision-making or profiling. Some online services and tasks can be automated, such as registrations to our events or newsletter, but they are not based on analysing the personal profile of the data subject.

External Links and Resources

The Website may contain links to third-party websites and/or online services, which are subject to distinct privacy and cookies policies. Links to external resources do not constitute any form of endorsement or guarantee of their respective policy and/or practice. ECCP declines any responsibility for such external resources and invites the Users to decide on a case per case basis to access or not to access such resources.

Data Subjects’ Rights 

The Users have rights regarding their personal data, including:

• the right to access, rectify, and erase personal data;
• the right to withdraw consent and to restrict or object to the processing of personal data;
• the right to portability of personal data;
• the right to lodge a complaint with a supervisory authority.

The User can contact our Data Protection Officer by post mail sent to the Service Provider or through the contact form of the Website in order to request complimentary information and/or assert their rights as a Data Subject
Where a User withdraws consent or requests the deletion of personal data, the Service Provider will proceed accordingly. Nevertheless, it shall be acknowledged that some personal data may be retained after consent has been withdrawn or deletion requested if such retention is required by a legitimate interest, such as:

•  legal and administrative obligations, including with regard to accounting and VAT;
• enabling the authentication of delivered training and certificates;
• documenting and archiving delivered services;
• addressing potential legal claims.

Data Protection Officer and Contact

If you have any questions about this policy or your personal data protection by the Service Provider, you can contact our Data Protection Officer by post mail at the address of the Service Provider indicated on the contact page of the Website.

Changes to this Policy

The Service Provider may revise this Privacy Policy from time to time and make changes at its sole discretion, which become effective upon posting of the updated version of this Privacy Policy on the Website. Continued access and/or use of the Website by a User after any such changes shall constitute and be accepted as a renewed consent of the User to such changes.

Cookies Policy

ECCP website voluntarily minimises the use of cookies. It may use session cookies to support the user experience and the performance of the website, but it does not deploy any individual profiling cookies on the users’ devices and avoids the use of third-party cookies.