DATA PROTECTION AND INFORMATION SECURITY

Welcome to the EAS™ Data Protection Declaration

EAS™ respects your privacy and is committed to protecting your personal data.

This Data Protection Declaration explains how we collect, use, store, and protect your personal data. Please read this policy carefully to understand our approach to your data and how we handle it.

If you do not agree with our policy and practices, please do not use our website. By using this website, you agree to this Data Protection Declaration.

This policy may change from time to time. Your continued use of this website after changes are made is deemed acceptance of those changes. Therefore, please check this policy periodically for updates.

★★★★★

EAS™ pays special attention to data protection and information security. Our approach is based on ISO/IEC 27001 principles: we not only help organizations safely manage their participants' data but also expect that certified courses will include a separate module on data protection, ethical risks, and legal frameworks for working with people.

★★★★★

Your trust is extremely important to us.

EAS™ respects your privacy and is committed to protecting your personal data. Our Data Protection Declaration transparently explains how we collect, store, and process your data.

What does "personal data" mean?

Personal data is any information relating to an identified or identifiable natural person. This includes, for example:

• Your name

• Your email address

• Your phone number

• Your IP address Anonymized data, from which personal identifiers have been removed, are not considered personal data.

Core principles of our data protection

Lawfulness and transparency

• We process your data only on legal grounds.

• We inform you clearly and openly about the use of your data.

Purpose limitation

• We use your data only for the purposes for which it was collected.

• Any new use requires your explicit consent.

Data minimization

• We collect only the data that is truly necessary for us.

• No excessive or unnecessary data collection.

Security

• We store your data securely.

• Only authorized persons have access.

• We use technical and organizational security measures.

Accountability

• We document all data processing procedures.

• In case of a data leak, we will inform you transparently and promptly.

★★★★★

1. Website Visitors

What we collect:

• IP address (recorded automatically)

• Browser type and version

• Pages visited and duration of stay

• Date and time of your visit

Purpose:

• To ensure website security

• To analyze website usage and its improvement

How long:

• Log files: 90 days

• Cookies: depending on the type (see "Cookies" section)

2. Contact form and inquiries

What we collect:

• First and last name

• Email address

• Phone number (optional)

• Your message

Purpose:

• To provide answers to inquiries

• To provide information about the attestation procedure

• To establish contact with you

How long:

• At least 1 year after the end of correspondence

• In case of active communication: until communication continues

What data do we collect?

★★★★★

3. Applicants for EAS™ Attestation

What we collect:

• Institution data: name, address, contact person(s)

• Qualifications of management and instructors

• Organizational structure

• Course descriptions and curriculum plans

• Samples of certificates and diplomas

• Bank details (for invoicing)

Purpose:

• To conduct the attestation procedure

• To perform quality control and audits

• To manage attestation status

How long:

• At least 7 years after attestation (according to legal requirements for document storage)

• In case of rejected applications: 3 years

Data transfer:

• We do not transfer your data to third parties

• Internal access: authorized personnel only

• If necessary: external independent auditors (subject to confidentiality agreements)

4. Course Participants at Attested Institutions

Important: The attested institution (not EAS™) is the primary controller of your data as a course participant.

Usually collected (by the institution):

• First and last name

• Email and contact address

• Payment information

• Learning progress and results

• Recordings of live sessions (only with your consent)

Purpose:

• To manage your course participation

• To communicate regarding course content

• To process payments

• To issue certificates

EAS™ has access only to:

• General statistics (e.g., number of course participants)

• In case of complaints: only to the data necessary to clarify the circumstances

★★★★★

5. Graduates and Certificate Holders

What we collect:

• First and last name

• Certificate number and date of issue

• Contact data for certificate administration

Purpose:

• Issuance and administration of certificates

• Verification of certificates by third parties (upon request)

• Maintaining the public register of EAS™ certificates (with your consent)

How long:

• Indefinitely (for administration and authentication of certificates)

Public Register:

• With your consent: name and certificate number in the public register

• Without your consent: no publication

• Personal contact data is never public

6. Complaint and Infringement Handling Body

What we collect:

• Name and contact information (optionally anonymous)

• Incident description

• Evidence and documentation

Purpose:

• To review and resolve complaints

• To ensure compliance with ethical standards

• To protect against abuse

How long:

• At least 3 years after the complaint is resolved

Confidentiality:

• Your name remains confidential (upon request — anonymous)

• No data transfer to the institution against which the complaint was filed without your consent

• Retaliatory measures (reprisals) against complainants are prohibited

★★★★★

What are Cookies?

Cookies are small files that your browser stores to remember information between sessions.

Which Cookies do we use?

Cookies and Tracking

Your choice:

• Upon your first visit, you will see a Cookie banner.

• You can decline non-essential Cookies.

• You can change your settings at any time in the "Privacy Settings" section.

★★★★★

Technical measures Encryption:

• SSL/TLS encryption for all website transmissions (https://)

• Encrypted data storage in certified data centers

Access control:

• Strict password requirements

• Two-factor authentication (2FA) for administrative accounts

• Access to your data is restricted to authorized persons only

System protection:

• Regular software updates and security patches

• Firewall and Intrusion Detection Systems (IDS)

• Regular security audits

• Backup and Disaster Recovery plans

Organizational measures Personnel:

• Data protection training for all staff

• Confidentiality obligations

• Restricted access rights

Processes:

• Documented data processing procedures

• Clearly defined areas of responsibility

• Regular reviews and audits

Storage locations:

• Germany and EU (GDPR compliant)

• Certified data centers (ISO 27001)

• No storage outside the EU without Standard Contractual Clauses (SCC)

Data Security

★★★★★

In the event of a data breach (unauthorized access, loss, deletion):

What we do:

• Notification within 72 hours after discovery

• Information about risks and protective measures

• Report to the relevant data protection authority (in case of high risk)

• Documentation of the incident

What you should do:

• Change your password (if your account is affected)

• Pay attention to suspicious activity

• In case of questions, contact us at: kontakt@eas-standard-certification.com

Data Breach

★★★★★

1. Right of Access

You can ask at any time which data we store about you.

2. Right to Rectification

You can demand the correction of inaccurate or incomplete data.

3. Right to Erasure

You can demand the deletion of your data if:

• You have withdrawn your consent

• The data is no longer necessary

• You have objected to the processing

Exceptions:

• Legal retention obligations (e.g., accounting: 7 years)

• Active contracts

• Legal claims

4. Right to Restriction

You can demand that data be processed only to a limited extent.

5. Right to Data Portability

You can download your data in a structured format (e.g., CSV) and transfer it to another organization.

6. Right to Object

You can object to the processing of your data, especially for:

• Marketing and newsletters

• Processing for legitimate interests

7. Right to Complain

If you believe that EAS™ is violating the GDPR, you can file a complaint with the competent data protection authority.

Your Rights

You have the following rights regarding your personal data:

How you can exercise your rights:

Contact us:

• 📧 E-mail: kontakt@eas-standard-certification.com

• 📬 Post: European Attestation Standard™ Attn: Data Protection Officer [Schulstraße 4, Moosbach 92709]

What you will need:

• Proof of identity (copy of ID/passport)

• Clear indication of the right you wish to exercise

Response time: Within 30 days

★★★★★

We use the services of the following providers for data processing:

Third-Party Providers

Security: All service providers are contractually obligated to comply with GDPR requirements.

We do NOT share your data with:

• Advertising or marketing companies

• Data brokers

• Insurance companies or employers

We share data only:

• To authorities in case of a legal obligation (with proof)

• To attested institutions in case of complaints (only necessary data)

★★★★★

Retention Periods

Your data will be deleted after the retention period has expired.

★★★★★

EAS™ services are generally intended for adults (18 years and older).

If minors participate:

• Explicit written consent from parents/guardians is required.

• Special measures are taken to protect privacy.

• Minors' data is not used for marketing purposes.

Data storage only in the EU:

• All data is stored within the European Union.

• When working with international partners: Standard Contractual Clauses (GDPR Art. 46) are used.

• No data transfer to countries without an adequate level of protection is performed.

Children and Minors

International Data Transfer

★★★★★

This Data Protection Declaration may be updated by EAS™ as needed for:

• New functions or services

• Changes in data protection law

• New security requirements

In case of changes:

• The new version will be published on the website

• Significant changes: e-mail notification

• Continued use = consent to the new version

📧 E-Mail: kontakt@eas-standard-certification.com

📬 Post:
European Attestation Standard™ Attn:

Data Protection Officer [Schulstraße 4, Moosbach 92709]

🌐 Website: eas-standard-certification.com

Response time: Within 5 working days

Changes to this Declaration

Data Protection Authorities

Contact for Data Protection Issues

Complaints to:

Germany:

Bavarian State Office for Data Protection Supervision (BayLDA) or the data protection authority of your federal state.

Austria:

Austrian Data Protection Authority. Website: dsb.gv.at

Switzerland:

Federal Data Protection and Information Commissioner. Website: edoeb.admin.ch

EU (General):

European Data Protection Board.

Website: edpb.europa.eu

★★★★★

Summary of your rights.

All inquiries: kontakt@eas-standard-certification.com

★★★★★

Dr. Mariia Bohach

Certification Director European Attestation Standard™ (EAS™)

Effective from: January 01, 2025

This Data Protection Declaration complies with GDPR requirements and is updated regularly.

Created and approved by:

★★★★★