Cookies, Privacy, and Data Protection Policy 

The Europrivacy Certification Scheme is managed by the European Centre for Certification and Privacy (hereafter “ECCP”) located in Luxembourg.  ECCP services include, inter alia, website, online and onsite services, newsletter and other communication activities, as well as events and activities related to its aims. This Privacy and Data Protection Policy describes how ECCP, the Data Controller of this website, collects and processes personal data.


Cookies Policy

This website minimises the use of cookies. We only use cookies that are required for a smooth user experience and for securing the navigation within the website, including session cookies (PHPSESSID) and cookies which enable online purchases through the platform (Stripe). No analytics or user monitoring is performed by this site.


Data Minimisation 

 ECCP avoids collecting unnecessary personal data and follows “privacy by design” and “personal data minimisation” policies for data processing and retention.


Purpose and Use of Collected Information

The ECCP processes personal data for the purposes of its aims, activities and services, including: 

  • Registration, authentication and access rights management;
  • Membership applications and administrative management;
  • Invoicing and billing of users of ECCP Services;
  • Enabling users and ECCP to interact and communicate with each other;
  • Informing ECCP users and visitors about ECCP related events and activities;
  • Improving users experience and the quality of delivered services;
  • Authenticating, securing and collecting statistics on remote connections. 


How Data Can Be Collected

ECCP can receive information and personal data through its websites, email notifications and other interactions means, and may include: 

Information provided by the users when using our Services;

  • Information provided by users’ devices for connectivity, such as IP address, etc. Such data may be logged for security and statistical reasons;
  • Cookies and similar technologies, whose use is voluntarily limited and minimized on our website.


Policy Towards Children

ECCP services are not directed to minors of age. Any participant to an ECCP Service who is a minor of age shall have a parental agreement before sharing any personal data with us. Anyone who becomes aware that someone under 16 years of age has provided us with personal data without parental agreement should inform us.


Data Storage and Retention Period

ECCP servers are located in Europe. The data retention period is minimized and data that are not useful anymore are deleted or anonymized. The data retention period is determined by taking into account the legal, security, management and other legitimate service requirements.

The Europrivacy Academy has been established to train and qualify Europrivacy auditors and implementers in professional capacity. In order to prevent the risk of falsification or forgery of the certificates delivered by our platform, we keep a permanent record of each and every delivered certificate with the personal data of the certified expert. This record enables inter alia:

  • ECCP and third parties to check the authenticity of delivered certificates;
  • ECCP to communicate with the qualified auditors and implementers on issues related to Europrivacy, such as changes related to the Europrivacy certification scheme and criteria, webinars, confetences, online services or new training opportunities;
  • Qualified experts to request duplicata of their certificate.


Sharing and Transfer of Information 

Personal data are processed with care and our policy requires to avoid any unnecessary data transfers to third parties or to geographic locations that may expose the data at risk. ECCP may share personal data in the following cases:

  • With ECCP processors and partners for its services and activities, such as online payment solutions, onsite registration processes, or data storage infrastructure. The list of data processors is available by simple request to the data protection officer
  • When required by Law or for legitimate purpose, such as protecting the legal rights and safety of ECCP, its partners, and the users of its services.
  • For reporting and information purpose. ECCP usually uses aggregated and anonymized data when reporting on its activities and the participants to its events. However, information on its members, employees, and participants attending ECCP activities may appear in public reports, pictures, press releases and through other information means.
  • To provide statistics to our partner organizations regarding platform use by their employees. Partner organizations who obtain preferential access to the Europrivacy Academy for their employees or experts may request a report of the registrations and overall course progress to verify compliance with the contract between ECCP and the Partner organization. 



ECCP uses physical, technical, and administrative measures to safeguard information in its possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while ECCP strives to protect the information it processes, this should not be taken as a warranty. If you identify any weakness in our security, please inform us.


Data Subject Rights 

Users have rights on their personal data. They can contact our Data Protection Officer in order to assert their rights as a Data Subject, including the right to access, rectify, erase personal data; the right to withdraw consent and to restrict or object to the processing of personal data; and the right to portability of personal data. Data Subjects also have the right to lodge a complaint with a supervisory authority in case their rights would be violated.


Changes to this Policy

ECCP may revise this Privacy Policy from time to time and make changes at its sole discretion. The most current version of the policy will govern ECCP use of processed information and will be available on the Europrivacy website: By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.


Data Protection Officer and Contact


If you have any questions about this policy or your personal data protection by ECCP, you can contact our Data Protection Officer through our contact form.


(Last updated 29/04/2020)

error: Content is protected !!