Terms & Conditions


1) Privacypact.org offers the possibility to companies located outside of the European Union, such as China, Japan, Korea and US, to voluntarily commit to comply with the European General Data Protection Regulation (GDPR). Neither Privacy Pact, nor the entities linked to its management ARE RESPONSIBLE FOR ANY LITIGATION between users/data subjects and the committed companies.

2) For any privacy complaint, the user should contact the Data Protection Authority in order to report the supposed violation made by the committed companies. Neither Privacy Pact, nor the entities linked to its management, ARE RESPONSIBLE IN LITIGATION SOLVING.

3) The Privacy Pact (or Voluntary Compliance Commitment Tool) is a voluntary and legally binding commitment made by a legal entity (hereafter referred as the “Applicant”) to process personal data in accordance with the European Regulation EU 2016/679 on the protection of personal data, also known as the “General Data Protection Regulation », hereinafter GDPR.

4) The Applicant voluntarily undertakes to comply with the obligations arising out of the Privacy Pact in order to demonstrate its compliance with the GDPR and/or establish safeguards and standards for the collection, processing, transfer, storage and maintenance of Personal Information.

5) Privacy Pact provides the opportunity to unilaterally commit to respect the GDPR through an online contractual instrument. Nevertheless, Privacy Pact does not assess the effective compliance of applicants, which remain under their sole and exclusive responsibility. In case a commitment would be contested by a third party, a request to cancel a registration can be applied only if grounded on decision of a tribunal or a Data Protection Authority which identifies a registered company as non-compliant with the GDPR. The contract with the entity can be receded and removed from the public list only if such a decision has been taken. The entity in charge of managing the Privacy Pact registry reserves the right to temporarily or permanently withdraw a company from the public registry.

6)The Pact is provided against a minor application fee intended to support this service. The price is determined by the European Center for Certification and Privacy (ECCP) and published on the Privacy Pact website.

7) The Pact shall be effective for a period of twelve (12) months upon its signature by the Applicant, then it automatically terminates, unless the renewed option has been selected by the Applicant and the renewal fee is paid.

8) In case of withdrawal, termination, legal decision and/or Data Protection Authority non-compliance decision, or upon request by the ECCP the Applicant should remove without undue delay from its website/materials the iFramed Label issued by Privacy Flag upon signature of the Pact .

9) A Supervising Expert (DPO) is entrusted by the Privacy Pact with the drafting, the update and the control on the lawfulness of the substantive provisions of the Pact: v.pavese@istitutoprivacy.it