Skip to main content

ECCP Privacy Policy
Privacy Pact – the Online Commitment Tool for GDPR Compliance is managed by the European Centre for Certification and Privacy (hereafter “ECCP”) located in Luxembourg, which provides services related to certification and data protection. Its Services include, inter alia, website and online information, online and onsite services, newsletter and other communication activities, as well as events and activities related to its aims. This Privacy Policy describes how ECCP, which is the Data Controller of this website, collects and processes personal data.

Data Minimization
ECCP avoids collecting unnecessary personal data and follows “data protection by design” and “data minimization” policies for its data processing activities and retention.

Purpose and Use of Collected Information
The ECCP processes personal data for the sole purposes of its aims, activities and Services, including:

  • Registration, authentication and access rights management;
  • Membership applications and administrative management;
  • Invoicing and billing of users of ECCP Services;
  • Enabling users and ECCP to interact and communicate with each other;
  • Informing ECCP users and visitors about ECCP related events and activities;
  • Improving users experience and the quality of delivered services;
  • Authenticating, securing and collecting statistics on remote connections.

How Data Can Be Collected
ECCP can receive information and personal data through its websites, email notifications, and other interactions means, and may include:

  • Information provided by the users when using our services;
  • Information provided by users’ devices for connectivity, such as your IP address (such data may be logged for security reasons);
  • Cookies and similar technologies, whose use is voluntarily limited and minimized on our website.

Cookies Policy
This website voluntarily minimizes the use of cookies. It may use session cookies to support the user experience and the performance of the website, but it does not deploy any individual profiling cookies in the users’ devices and avoids the use of third party cookies. Here are the cookies we use:

  • The has_js cookie (local storage): Records whether your browser has JavaScript enabled. This cookie is vital in order for website to function properly. It doesn't collect any personal data.
  • The SESS* cookie (local storage): Used to identify website user login session (where applicable)
  • The __stripe_mid__stripe_sid cookies (local storage): Stripe is used to make credit card payments. Stripe uses a cookie to remember who you are and to enable Privacy Pact to process payments without storing any credit card information on its own servers.
  • The cookie-agreed, cookie-agreed-categories cookies (local storage): These cookies are created to store your cookie preferences. 

Policy Towards Children
In principle, ECCP Services are not directed to minors of age. Any participant to an ECCP Service who is a minor of age shall have a parental agreement before sharing any personal data with us. Anyone who becomes aware that someone under 16 years of age has provided us with personal data without parental agreement should contact us.

Data Storage and Retention Period
ECCP servers are located in Europe. The data retention period is minimized and data that are not useful anymore are deleted. The data retention period is determined by taking into account the legal, security, management and other legitimate service requirements.

Sharing and Transfer of Information
Personal data are processed with care and strict rules are applied to avoid any unnecessary data transfers to third parties or to geographic locations that may expose the data at risk. ECCP may share personal data in the following cases:

  • With ECCP processors and partners for its services and activities, such as online payment solutions, onsite registration processes, or data storage infrastructure. The list of data processors is available by simple request to the data protection officer.
  • When required by law or for legitimate purpose, such as protecting the legal rights and safety of ECCP, its partners, and the users of its services.
  • For reporting and information. ECCP usually uses aggregated and anonymized data when reporting on the participants to its events. However, information on its members, employees, and participants attending ECCP activities may appear in public reports, press releases, pictures, and through other information means.

ECCP uses physical, technical, and administrative measures to safeguard information in its possession against loss, theft and unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while ECCP strives to protect the information it processes, this should not be taken as a warranty. If you identify any weakness in our security, please inform us.

Data Subject Rights
Users have rights on their personal data. They can contact our Data Protection Officer in order to assert your rights as a Data Subject, including the right to access, rectify, erase your personal data; the right to withdraw consent and to restrict or object to the processing of your personal data; and the right to portability of your personal data. Data Subjects also have the right to lodge a complaint with a supervisory authority in case their rights would be violated.

Changes to this Policy
ECCP may revise this Privacy Policy from time to time and make changes at its sole discretion. The most current version of the policy will govern ECCP use of processed information and will be available on the Privacy Pact website: By continuing to access or use the Services after those changes become effective, you agree to be bound by the revised Privacy Policy.

Data Protection Officer and Contact
If you have any questions about this policy or your privacy on the Services, you can contact our Data Protection Officer through our contact form.