Privacy and Data Protection Policy
The Europrivacy Certification Scheme is managed by the European Centre for Certification and Privacy (hereafter “ECCP”) located in Luxembourg. ECCP services include, inter alia, website, online and onsite services, newsletter and other communication activities, as well as events and activities related to its aims. This Privacy and Data Protection Policy describes how ECCP, the Data Controller of this website, collects and processes personal data.
ECCP avoids collecting unnecessary personal data and follows “privacy by design” and “personal data minimization” policies for data processing and retention.
Purpose and Use of Collected Information
ECCP processes personal data for its aims, activities and services, including:
- Registration, authentication and access rights management;
- Facilitating access to information, resources, tools, events and service providers;
- Membership, partnership, and administrative management;
- Invoicing and billing of users of ECCP Services;
- Enabling users and ECCP to interact and communicate with each other and/or with partners;
- Informing users and visitors about ECCP related events and activities;
- Improving users experience and the quality of delivered services;
- Delivering training courses, exams and certifications;
- Providing access to registry of certificates in order to authenticate and prevent forgery of delivered certificates;
- Developing a community of users, experts and partners;
- Authenticating, securing and collecting statistics on remote connections.
How Data Can Be Collected
ECCP can receive information and personal data through its websites, email notifications and other interactions means which may include:
- Information provided by the users when using our Services.
- Information provided by users’ devices for connectivity, such as IP address, etc. Such data may be logged for security and statistical reasons.
- Cookies and similar technologies, whose use is voluntarily limited and minimised on our website.
Policy Towards Children
ECCP services are not directed to minors of age. Any participant to an ECCP Service who is a minor of age shall have a parental agreement before sharing any personal data with us. Anyone who becomes aware that someone under 16 years of age has provided us with personal data without a parental agreement should inform us.
Data Storage and Retention Period
ECCP servers are located in Europe. The data retention period is minimised and data that are not useful anymore are deleted or anonymized. The data retention period is determined by taking into account the legal, security, management and other legitimate service requirements. Where data subject withdraw consent or request the deletion of their data, ECCP will proceed accordingly. Nevertheless, where applicable, some personal data may be kept by ECCP even after consent has been withdrawn if required by a legitimate purpose such as:
- Legal and administrative obligations, including with regards to accounting and VAT;
- Enabling the authentication of delivered trainings and certificates;
- Documenting and archiving delivered services;
- Potential legal claims.
Sharing and Transfer of Information
Personal data are processed with care and our policy requires to avoid any unnecessary data transfers to third parties or to geographic locations that may expose the data at risk. ECCP may share personal data in the following cases:
- With ECCP processors and partners for its services and activities, such as online payment solutions, onsite registration processes, or data storage infrastructure. The list of data processors is available by simple request to the data protection officer.
- When required by law or for legitimate purposes, such as protecting the legal rights and safety of ECCP, its partners, and the users of its services.
- For reporting and information purpose. ECCP usually uses aggregated and anonymised data when reporting on its activities and the participants to its events. However, information on its members, employees, and participants attending ECCP activities may appear in public reports, pictures, press releases and through other information means.
ECCP uses physical, technical, and administrative measures to safeguard information in its possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while ECCP strives to protect the information it processes, this should not be taken as a warranty. If you identify any weakness in our security, please inform us.
Data Subject Rights
Users have rights on their personal data. They can contact our Data Protection Officer in order to assert their rights as a Data Subject, including the right to access, rectify, erase personal data; the right to withdraw consent and to restrict or object to the processing of personal data; and the right to portability of personal data. Data Subjects also have the right to lodge a complaint with a supervisory authority in case their rights would be violated.
Changes to this Policy
Data Protection Officer and Contact
If you have any questions about this policy or your personal data protection by ECCP, you can contact our Data Protection Officer through our contact form.