Data Protection, Privacy, and Cookies Policy
The Website is managed by the European Centre for Certification and Privacy located in Luxembourg acting as prime data controller, and Archimede Solutions located in Switzerland acting as co-controllers and processors where applicable (and hereafter collectively referred to as the “Service Provider”).
Purpose and Use of Collected Information
The Service Provider avoids collecting or storing unnecessary personal data. It may collect and process personal data in relation to the Website for the following purposes:
- Applications, registrations, access and administrative management of Users and their linked parties, including, where applicable, invoicing, billing, and accounting;
- Managing access to information, resources, tools, events, and training courses;
- Facilitating sharing of information and Content provided by the Users, including to support interaction with other Users, with the Service Provider and/or with third parties;
- Managing and giving access to registries, such as the registry of certificates and qualifications in order to authenticate and prevent forgery of delivered certificates;
- Improving Users’ experience and the quality of the delivered services;
- Authenticating, securing, and collecting statistics on remote connections;
- Enabling the Service Provider to address and handle claims or litigations.
How and What Data Can Be Collected
The Service Provider can receive information and personal data through the Website, as well as through email notifications and other interactions means with the User. It may include:
- Information provided by the Users when using the Website or interacting with the Service Provider, such as their name and contact details, billing and payment information;
- Information provided by Users’ devices for connectivity, such as IP addresses;
- Cookies and similar technologies, whose use is voluntarily limited and minimised on the Website.
The processing of personal data on the Website is by default based on the consent of the data subject. However, some personal data processing is also required for the performance of con-tract (i.e., the processing related to the payment of subscription fees) and/or for the legitimate interest of the Service Provider (i.e., security monitoring, keeping useful information in case of legal claims).
Policy Towards Children
The Website is not directed to minors of age. Any User who is below the age limit for consent applicable to their country of residence must get clear and explicit consent from their parental authority before sharing any personal data through the Website. Anyone who becomes aware that a User below the age limit has provided us with personal data without parental agreement should inform us.
Data Storage and Retention Period
The Service Provider servers are located in Europe. The data retention period is minimised and data that are not useful anymore are deleted or anonymised. The data retention period is determined by taking into account the rights of the data subjects, the legal, security, and management requirements and, where applicable, the legitimate interests of the Service Provider.
The Service Provider is involved in capacity building, assessment and certification activities. Where applicable, it maintains permanent records and registries of delivered certificates and qualifications, to enable their authentication and to prevent the risk of falsification or forgery. It enables:
- The Users, the Service Provider and third parties to check the authenticity of delivered certificates;
- The Service Provider to communicate with trained experts on issues relevant to their qualifications, such as requirements changes and updates, webinars and events, online services, new training, or networking opportunities;
- Qualified experts to request a duplicate of their certificate.
Sharing and Transfer of Information
Personal data are processed with care, and our policy aims at avoiding unnecessary data transfers to third parties or to jurisdictions that may expose the data at risk. The Service Provider may share personal data in the following cases:
- With data processors used to deliver the services, such as online payment solutions, registration processes, or data storage infrastructure;
- When required by Law and/or for legitimate purposes, such as legal rights and ability to address legal complaints;
- For reporting and information purpose;
- With partner organisations regarding the Website use by their employees.
The Service Provider usually uses aggregated and anonymised data when reporting on its activities and the participants to its events. However, information on its members, employees, and participants attending the Service Provider activities may appear in public reports, pictures, press releases and through other information means.
Data Processors of the Website
Where applicable, the Website may use third-party modules and data processors to deliver cer-tain functionalities, such as payment processing. You can request more information on the third-party data processors through the Website’s contact form.
The Service Provider uses technical and organisational measures to safeguard information in its possession against loss, theft and unauthorised access, use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while the Service Provider strives to protect the information it processes, the User is required not to post any sensitive of critical personal information on the Website and to always keep a copy of important information and content shared on the Website. If you identify any weakness in our security, please inform us.
Personal data collected on this website is not subject to automated decision-making or profiling. Some online services and tasks can be automated, such as registrations to our events or news-letter, but they are not based on analysing the personal profile of the data subject.
External Links and Resources
The Website can contain links to third-party websites and/or online services, which are subject to distinct privacy and cookies policies. Links to external resources do not constitute any form of endorsement or guarantee of their respective policy and/or practice. The Service Provider declines any responsibility for such external resources and invites the Users to decide on a case per case basis to access or not to access such resources.
Data Subjects’ Rights
The Users have rights regarding their personal data, including:
- the right to access, rectify, and erase personal data;
- the right to withdraw consent and to restrict or object to the processing of personal data;
- the right to portability of personal data;
- the right to lodge a complaint with a supervisory authority.
The User can contact our Data Protection Officer by post mail sent to the Service Provider or through the contact form of the Website in order to request complimentary information and/or assert their rights as a Data Subject.
Where a User withdraws consent or requests the deletion of personal data, the Service Provider will proceed accordingly. Nevertheless, it shall be acknowledged that some personal data may be retained after consent has been withdrawn or deletion requested if such retention is required by a legitimate interest, such as:
- legal and administrative obligations, including with regards to accounting and VAT;
- enabling the authentication of delivered training and certificates;
- documenting and archiving delivered services;
- addressing potential legal claims.
Data Protection Officer and Contact
If you have any questions about this policy or your personal data protection by the Service Provider, you can contact our Data Protection Officer by post mail at the address of the Service Provider indicated on the Contact page of the Website.
Changes to this Policy
This website does not use any cookies.
General Information About Cookies
Cookies were initially developed to improve user experience when visiting a website. Different types of cookies exist, depending on their features and functions, including:
- Session cookies that are necessary for the functioning of the Service and to provide the users with the requested Service.
- Technical analytics cookies used by the Services’ manager to collect aggregate information on the number of visitors and the pattern of visits to the Services. Information is processed in an aggregated and anonymous fashion. The data controller may use such aggregate information to identify security threats, analyse trends and information on visitors, and administer the Services.
- Technical functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language.
- Third Party Cookies, which are owned by sites and web servers different from the websites that you are actually visiting.
Cookies may be stored on the user device for different timeframes:
- Session cookies are cancelled at the end of each visit.
- Persistent cookies remain on the user device for a longer period of time but can be easily deleted by the user.
- Everlasting cookies are unfriendly cookies that attempt to stay on the user device even if the user tries to delete or get rid of them.
According to the European General Data Protection Regulation (GDPR), users must be informed about the cookies used by the websites they visit. Users must provide their prior informed consent, except for some technical cookies, such as:
- Cookie analytics insofar as they are used directly by the website manager to collect aggregate information on the number of visitors and the pattern of visits to the website.
- Browsing or Session cookies used to log-in to the website.
- Functional cookies, which allow users to navigate as a function of certain pre-determined criteria such as language.
For Profiling cookies, namely those aimed at creating user profiles and used to send advertising messages in line with the preferences shown by the user during navigation, the user’s prior consent is necessary.
(Last updated 06/10/2022)