Data Protection, Privacy, and Cookies Policy
This “Data Protection, Privacy, and Cookies Policy” (hereafter referred to as the “Privacy Policy”) aims at clarifying the privacy and cookies policy applicable to the processing of personal data on this website and associated online services (hereafter referred to as the “Website”). It provides information for the visitors and users of the Website (hereafter referred to as the “User”), including on their rights as data subjects.
Data Controllers
The Website is managed by the European Centre for Certification and Privacy located in Luxembourg acting as prime data controller, and Archimede Solutions located in Switzerland acting as co-controllers and processors where applicable (and hereafter collectively referred to as the “Service Provider”).
Purpose and Use of Collected Information
The Service Provider avoids collecting or storing unnecessary personal data. It may collect and process personal data in relation to the Website for the following purposes:
- Applications, registrations, access and administrative management of Users and their linked parties, including, where applicable, invoicing, billing, and accounting;
- Managing access to information, resources, tools, events, and training courses;
- Facilitating sharing of information and Content provided by the Users, including to support interaction with other Users, with the Service Provider and/or with third parties;
- Managing and giving access to registries, such as the registry of certificates and qualifications in order to authenticate and prevent forgery of delivered certificates;
- Improving Users’ experience and the quality of the delivered services;
- Authenticating, securing, and collecting statistics on remote connections;
- Enabling the Service Provider to address and handle claims or litigations.
How and What Data Can Be Collected
The Service Provider can receive information and personal data through the Website, as well as through email notifications and other interactions means with the User. It may include:
- Information provided by the Users when using the Website or interacting with the Service Provider, such as their name and contact details, billing and payment information;
- Information provided by Users’ devices for connectivity, such as IP addresses;
- Cookies and similar technologies, whose use is voluntarily limited and minimised on the Website.
Legal Basis
The processing of personal data on the Website is by default based on the consent of the data subject. However, some personal data processing is also required for the performance of contract (i.e. the processing related to the payment of subscription fees) and/or for the legitimate interest of the Service Provider (i.e. security monitoring, keeping useful information in case of legal claims).
Policy Towards Children
The Website is not directed to minors of age. Any User who is below the age limit for consent applicable to their country of residence must get clear and explicit consent from their parental authority before sharing any personal data through the Website. Anyone who becomes aware that a User below the age limit has provided us with personal data without parental agreement should inform us.
Data Storage and Retention Period
The Service Provider servers are located in Europe. The data retention period is minimised and data that are not useful anymore are deleted or anonymised. The data retention period is determined by taking into account the rights of the data subjects, the legal, security, and management requirements and, where applicable, the legitimate interests of the Service Provider.
The Service Provider is involved in capacity building, assessment and certification activities. Where applicable, it maintains permanent records and registries of delivered certificates and qualifications, to enable their authentication and to prevent the risk of falsification or forgery. It enables:
- The Users, the Service Provider and third parties to check the authenticity of delivered certificates;
- The Service Provider to communicate with trained experts on issues relevant to their qualifications, such as requirements changes and updates, webinars and events, online services, new training, or networking opportunities;
- Qualified experts to request a duplicate of their certificate.
Sharing and Transfer of Information
Personal data are processed with care, and our policy aims at avoiding unnecessary data transfers to third parties or to jurisdictions that may expose the data at risk. The Service Provider may share personal data in the following cases:
- With data processors used to deliver the services, such as online payment solutions, registration processes, or data storage infrastructure;
- When required by Law and/or for legitimate purpose, such as legal rights and ability to address legal complaints;
- For reporting and information purpose;
- With partner organisations regarding the Website use by their employees.
The Service Provider usually uses aggregated and anonymised data when reporting on its activities and the participants to its events. However, information on its members, employees, and participants attending the Service Provider activities may appear in public reports, pictures, press releases and through other information means.
Data Processors of the Website
Where applicable, the Website may use third-party modules and data processors to deliver certain functionalities, such as payment processing. You can request more information on the third-party data processors through our contact form.
Security
The Service Provider uses technical and organisational measures to safeguard information in its possession against loss, theft and unauthorised access, use, disclosure, or modification. Please note however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while the Service Provider strives to protect the information it processes, the User is required not to post any sensitive or critical personal information on the Website and to always keep a copy of important information and content shared on the Website. If you identify any weakness in our security, please inform us.
Automated Decision-Making
Personal data collected on this website is not subject to automated decision-making or profiling. Some online services and tasks can be automated, such as registrations to our events or newsletter, but they are not based on analysing the personal profile of the data subject.
External Links and Resources
The Website can contain links to third-party websites and/or online services, which are subject to distinct privacy and cookies policies. Links to external resources do not constitute any form of endorsement or guarantee of their respective policy and/or practice. The Service Provider declines any responsibility for such external resources and invites the Users to decide on a case per case basis to access or not to access such resources.
Data Subjects’ Rights
The Users have rights regarding their personal data, including:
- the right to access, rectify, and erase personal data;
- the right to withdraw consent and to restrict or object to the processing of personal data;
- the right to portability of personal data;
- the right to lodge a complaint with a supervisory authority.
The User can contact our Data Protection Officer by post mail sent to the Service Provider or through the contact form of the Website in order to request complimentary information and/or assert their rights as a Data Subject.
Where a User withdraws consent or requests the deletion of personal data, the Service Provider will proceed accordingly. Nevertheless, it shall be acknowledged that some personal data may be retained after consent has been withdrawn or deletion requested if such retention is required by a legitimate interest, such as:
- legal and administrative obligations, including with regards to accounting and VAT;
- enabling the authentication of delivered training and certificates;
- documenting and archiving delivered services;
- addressing potential legal claims.
Data Protection Officer and Contact
If you have any questions about this policy or your personal data protection by the Service Provider, you can contact our Data Protection Officer by post mail at the address of the Service Provider indicated on the Contact page of the Website.
Changes to this Policy
The Service Provider may revise this Privacy Policy from time to time and make changes at its sole discretion, which become effective upon posting the updated version of this Privacy Policy on the Website. Continued access and/or use of the Website by a User after any such changes is conditioned to the acceptance of these changes and constitutes a renewed consent of the User to such changes.
Cookies Policy
The Website minimises the use of cookies. It focuses on cookies that are required for a smooth user experience and for securing the navigation within the website, including session cookies. Cookies may also be used by third-party services used by the Website, such as online payment modules. While we cannot necessarily avoid all third-party cookies, we do our best effort to avoid any unnecessary cookies and welcome any suggestions for improvement.
Strictly Necessary Cookies
Strictly Necessary Cookies allow core functionalities of the Website. These cookies shall be enabled at all times to ensure that the Website functions properly.
Name: moove_gdpr_popup
Provider: GDPR Cookie Compliance WP Plugin
Description: An auto-generated session cookie that stores the options from accepting or rejecting the GDPR pop-up announcement on the website.
Duration: From 4 to 6 hours, alternatively, until the expiration/deletion of the session in the browser history/when all the browser windows are closed.
Name: stripe_sid
Provider: Stripe
Description: An auto-generated session cookie that stores data used by the plugin or integration on the website to prevent fraud.
Duration: Until the expiration/deletion of the session in the browser history/when all the browser windows are closed, alternatively, 30 minutes.
Name: stripe_mid
Provider: Stripe
Description: An auto-generated session cookie that stores data used by the plugin or integration on the website to prevent fraud.
Duration: Until the expiration/deletion of the session in the browser history/when all the browser windows are closed, alternatively, 1 year.
Name: wp_woocommerce_session
Provider: Woocommerce
Description: An auto-generated session cookie for identifying customer and session information.
Duration: 2 days
Name: woocommerce_items_in_cart
Provider: Woocommerce
Description: An auto-generated session cookie for identifying changes in cart products and orders.
Duration: Until the expiration/deletion of the session in the browser history/when all the browser windows are closed.
Name: wordpress_logged_in_
Provider: WordPress ORG
Description: An auto-generated session cookie for identifying a user once the user is logged in.
Duration: Until the expiration/deletion of the session in the browser history/when all the browser windows are closed.
Name: wordpress_sec
Provider: WordPress ORG
Description: An auto-generated session cookie to provide protection against hackers.
Duration: 15 days
Name: wordpress_test_cookie
Provider: WordPress ORG
Description: An auto-generated session cookie to identify whether cookies are enabled in the web browser.
Duration: Until the expiration/deletion of the session in the browser history/when all the browser windows are closed
Name: PHPSESSID
Provider: PHP module in server
Description: An auto-generated session cookie that is used to store and identify a user’s session ID to manage user session on the website.
Duration: Until the expiration/deletion of the session in the browser history/when all the browser windows are closed
(Last updated 04/10/2022)