Last Update - September 2024

Conscious of the importance of ensuring the confidentiality and protection of personal data, the association “European co-operation for Accreditation” (EA) takes strong undertakings as regards the personal data protection.

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter ‘GDPR’), as well as with Act no. 78-17 of 6 January 1978 in its latest applicable version (hereinafter together “Applicable regulations on Personal Data protection”), we would like to inform you of the manner in which we collect, use and disclose your personal data in relation to the services that we offer and/or provide to you.

This Personal Data Protection Policy (also referred to as “Data Protection Policy”) describes how European co-operation for Accreditation (hereinafter “we”, “us” and “our”), whose registered secretariat office is located at 75 avenue Parmentier - 75 544 Paris Cedex 11 (France), processes the personal data that it collects as part of its activities.

We are responsible for managing the personal data that you entrust to us. For clarity, please note the following.

Personal data is information allowing to directly identify a person, such as a name, an address, date of birth, e-mail address, IP address, or a telephone number or any other information which allows to indirectly identify a person, or which may enable the identification of a person when used in conjunction with other information.

Personal data processing refers to everything that we do with your Personal Data. This includes the collection, saving, storing, use, consultation, modification, disclosure, dissemination, restriction or destruction of your Personal Data.

When you use the website www.european-accreditation.org, hereinafter the “website”, including the Members only page, we collect the following data, depending on the type of forms that you fill out:

• Data directly provided by you: name and first name, title, address, telephone, e-mail address and any information necessary for using the Members only page and features;
• Data that we passively collect about you such as use of cookies for follow up and statistics purposes regarding the use of the different features of the website. For further information on cookies, please consult the EA Privacy Policy available here.

In accordance with Applicable regulations on Personal Data protection, we wish to inform you of the following, which are the subject of specific paragraphs:

• the identity and contact details of the data controller
• the processing purposes for which the data are intended and the legal grounds for such processing,
• the recipients of the data,
• intentions to transfer personal data towards third countries or international organisations,
• the retention period of your data,
• your right to lodge a complaint with a supervisory authority,
• the compulsory or optional nature of information and any potential consequences of a failure to reply to a field in our questionnaires and forms,
• your rights to access, rectification, or erasure and to request the portability of your personal data. Your rights to limit or to object to our processing of your personal data and your right to set out directives on the post-mortem fate of your personal data.

IDENTITY OF THE DATA CONTROLLER 

Your Personal Data is collected and processed by European cooperation for Accreditation, in its capacity as data controller.

We process your Personal Data for the purposes specified on the form you fill in, based on the legal grounds set out below for each processing purpose:

Your Personal Data are disclosed to:

• EA members, partners and stakeholders, European Commission and EFTA appointed contacts, ILAC and IAF secretariat for communication purposes,
• our service providers acting in the capacity of sub-contractors who will process your Personal Data according to the instructions given as relevant. These data recipients are submitted to strict obligations regarding confidence and security and will have access to Personal Data solely for the purpose of the processes described above. Furthermore, we inform you that we give the data processors that we use (as well as any sub-contractors that they may engage) strict instructions through written contracts and request, in particular, that they do not use your Personal Data for purposes other than those for which your Personal Data were collected. We also subject them to strict obligations as regards data confidentiality, security, access management, restricted use of data and return or erasure of such data in accordance with the requirements of applicable legislation.
• We may also be required to disclose your Personal Data to the relevant authorities to comply with a legal obligation or a legal request from a public authority.

Personal data may be transferred to third countries outside of the EU, in particular to organisations such as ILAC, International Laboratory Accreditation Cooperation or IAF, International Accreditation Forum. We ensure that these transfers are made in compliance with GDPR requirements, in particular by using standard contractual clauses approved by the European Commission or by referring to adequacy decisions.

If you wish to know more about these guarantees, you may contact us at the address indicated below.

We do not intend to retain your data for longer than is necessary to provide you with the services for which you contacted us.

In accordance with the Commission Nationale Informatique et Libertés, CNIL’s recommendations, we will retain your Personal Data for a period of 36 months (3 years) as from the date on which you last made contact with us.

We commit to ensuring that the Personal Data that we store concerning you are accurate and up-to-date from the date of your last consent to us.

In accordance with Applicable regulations on Personal Data protection, you may exercise, at any time, a right to access, rectification, and erasure of your Personal Data, subject to the conditions set out by the abovementioned Applicable regulations on Personal Data protection. You also have the right to limit or to object to our processing of your Personal Data and the right to set out directives on the post-mortem fate of your Personal Data.

You may exercise all of these rights by writing to the e-mail address DataProtection@european-accreditation.org, or by letter to the following postal address European co-operation for Accreditation 75 avenue Parmentier - 75 544 Paris Cedex 11 (France).

Lastly, we remind you that you may also ask to unsubscribe to our newsletters, publications or events at any time.

You also have the right to lodge a complaint with the competent supervisory authority, in France, the Commission Nationale Informatique et Libertés (CNIL).

We regularly set up training workshops to raise EA’s employees awareness on the principles of data protection and practices complying with GDPR. These training workshops are meant to ensure that every member of our staff remain  conscious of their responsibilities with regards to personal data processing.

We implement appropriate technical and organisational measures to protect your personal data against non-authorized access, disclosure, alteration or destruction. It includes use of encryption technologies, rigorous security policies and strict controls of access.

Should you have any questions on the manner in which EA processes your Personal Data, you may contact us at the following e-mail address DataProtection@european-accreditation.org or at the following postal address: European co-operation for Accreditation 75 avenue Parmentier - 75 544 Paris Cedex 11 (France).

We may be need to update our Personal Data Policy, in particular to reflect legislative and regulatory developments.

You will find information on the date on which this Personal Data Policy was last updated in the “LAST UPDATE” section at the top of this Policy.