Privacy Policy

Owlpass (the provider of the www.epsopass.com website, informs the users of the data management in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, (GDPR).

  1. TERMS
Service Provider* Owlpass (www.epsopass.com) – data controller
Website www.epsopass.com (with all subdomains)
Training Services Preparation offered by the service provider
Visitor Persons who do not engage training services, but they are browsing the Website
Customer Person engaging the Training services  (he has purchased training services)
Registered user User who has registered (either he purchase or not)
User Customer and Visitor
Privacy notice Provide adequate information to the Users on the management of personal information by Service Provider
Legitimate Interest Serve as evidence in case of a lawsuit. Processing the data for claim and law enforcement purposes is the legal interest of both the Service Provider and the User.
Fulfilment of Contract The services provided to the user.
*Service provider shall be deemed as a data controller.

2. PRIVACY POLICY AND USERS

Users automatically acknowledge the present Privacy Policy by accessing the Website and by utilizing our Training Services.

3. AMENDMENTS OF PRIVACY POLICY

Service Provider keeps privacy policy under regular review. For any changes in privacy policy, our page will be updated immediately. We request that all Users carefully read the privacy policy on every Website visit.

4. PERSONAL DATA AND DATA MANAGEMENT

  1. Legal basis for processing client’s data derived from the following legislations:
  • (a) GDPR Article 6 (1): For: Fulfilment of Contract, Legal obligations, Legitimate Interests.
  • (b) Article 13/A of Act CVIII (2001): For: E-Commerce purposes

4.1. Data for the use of Services

Users should provide their data in order to use our Services (e.g. registration, online purchases, billing, communication etc.). The following data should be provided by the Users during those processes:

Website used by Data requested Purpose of data processing Legal basis Deletion tim
tomer Name a) Fulfilment of the Contract, b) Legitimate interest, d) Identification, e) Communication 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) 5 years from the termination of the contract
Registered User & Customer Password a) Fulfilment of the Contract, b) Legitimate interest, d) Identification, e) Communication 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) 5 years from the termination of the contract
Registered User & Customer Email (we use it as username) a) Fulfilment of the Contract, b) Legitimate interest, d) Identification, e) Communication, f) Marketing purposes (if customer gives his consensus) 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) 5 years from the termination of the contract
Customer Billing address a) Contract, b) Legitimate interest, d) Identification, e) Communication, f) Compliance with legal obligation 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) 5 years from the termination of the contract
Customer Completed tests a) Fulfillment of the contract 1) GDPR Article 6 (1) 5 years from the termination of the contract
Customer Results of completed tests a) Fulfillment of the contract 1) GDPR Article 6 (1) 5 years from the termination of the contract
* The Users are entitled to object to the data processing on the legal basis of Legitimate interest. In that case the Service Provider does not process their data further.

4.2 Users contacting the customer service and users communicate via the contact form

Users should provide their data in order to contact us via the contact form. The following data should be provided by the Users during this process:

Website used by Data requested Purpose of data processing Legal basis Deletion time
er service and/or person submiting a question via the contact form Name 1) Identification, 2) Administration, 3) Communication, 4) Legitimate interest 1) GDPR Article 6 (1) Until the withdrawal of consent
Person contacting the customer service and/or person submiting a question via the contact form Email address 1) Identification, 2) Administration, 3) Communication, 4) Legitimate interest 1) GDPR Article 6 (1) Until the withdrawal of consent
Person contacting the customer service and/or person submiting a question via the contact form Comment/Message 1) Identification, 2) Administration, 3) Communication, 4) Legitimate interest 1) GDPR Article 6 (1) Until the withdrawal of consent
* The Users are entitled to object to the data processing on the legal basis of legitimate interest. In that case the Service Provider does not process their data further.

4.3. Users subscribed to our newsletter services (if applicable)

To the users that they have subscribes to our newsletters services we may send electronic direct marketing emails. Those messages contain news, offers, advertisements, discounts, and other.

Users must explicitly express their intention to sign-up to our newsletters by activating the relevant checkbox and providing their e-mail address on the Website. 

Subscribed users can unsubscribe any time: (https://epsopass.com/newsletter/).

The following data should be provided by the Users during this process:

4.3. Users subscribed to our newsletter services

Website used by Data requested Purpose of data processing Legal basis Deletion time
Users subscrribed to the newsletter Email address 1) Merketing purposes (sending direct messaged for offers,advertisemets, new products, ets.), 2) Informations (Website, EU new Jobs, competitions etc.) 1) GDPR Article 6 (1) Until the withdrawal of consent

4.4. Data collected automatically via the Website

We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. Use of cookies results in the processing of personal data, the legal basis for this is Art. 6 paragraph 1 sentence 1 letter f GDPR. This manner of processing serves our legitimate interest in making our website more user-friendly, effective and secure. You can find here what kind of information we collect about you via cookies:

a Subject Name of the cookie Data Category Data Source Purpose of data processing Deletion Time
Users/Visitors visiting the website Google Analytics_gacookie User ID generated by Google Analytics, sites visited, user’s interaction on the website, number of site visits, source of  visit, start and end of the website visit, domain visited Collected automatically Registers a unique ID that is used to generate statistical data on how the visitors uses the website User Identification Customisation of the website 2 Years
Users/Visitors visiting the website Google Analytics_gidcookie User ID generated by Google Analytics, sites visited, user’s interaction on the website Collected automatically Registers a unique ID that is used to generate statistical data on how the visitors uses the website User Identification Customisation of the website Until the end of the session
Users/Visitors visiting the website Facebook _fbp User ID generated by Facebook Pixel code Collected automatically Used by Facebook to deliver a series of advertisement products on Facebook Until the end of the session
Users/Visitors visiting the website Csrftoken Session cookie generated from Django Framework Collected automatically Security measure against Cross Site Request Forgery attacks Until the end of the session
Users/Visitors visiting the website Cookieconsent_status Non identifying user information Collected automatically Information whether the user has seen and dismissed the cookie consent popup in order to avoid showing it repeatedly 5 Years

Cookies strictly necessary for the operation of the Website

The Service Provider does not apply for the moment cookies essentially necessary for the operation of the Website.

Cookies for statistical purposes

The data collected by statistical & analytical cookies are processed based on based on consent according to GDPR (Article 6 (1) a))

Cookies for statistical purposes allow the Service Provider to count visits and traffic sources so the Service Provider can measure the performance of the Website. You can set your browser to block these cookies

The Service Provider processes the data collected by the statistical cookies based on consent according to Article 6 (1) a) of the GDPR. The User can withdraw his/her consent at any time.

Marketing cookies

We may use cookies to monitor the preferences of the Visitors/Users and be able to display relevant advertisements. The User can withdraw his/her consent at any time. The Service Provider processes the data collected by the statistical, analytical cookies based on consent according to Article 6 (1) a) of the GDPR.

Control of cookies

If User does not wish for Service Provider to use cookies when User visits the Website, he/she may refuse usage. If no such change has been made, Service Provider will view User/Visitors as having given consent to the sending of any kinds of cookies.

Information about cookies

For further information of cookies, including types, management and removal, visit Wikipedia.org or www.allaboutcookies.org or www.aboutcookies.org.

Information about Google Analytics

For more information about Google Analytics cookies, please visit: http://www.google.com/policies/privacy/

If you want to switch off the Google Analytics tracking, please click on the following link: http://tools.google.com/dlpage/gaoptout.

If you want to switch off the Facebook Pixel tracking, please click on the following link: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen

Modifying the cookie settings

You can find more information about cookie settings here: http://www.youronlinechoices.com/hu/.

The cookie settings for the most popular browsers:

5. CONTROLLER OF PERSONAL DATA AND ACCESS

5.1. The data controller

The controller of the personal data is the Service Provider. Service Provider is not required by the law to appoint a data protection officer.

Owl Pass
E-mail address: info@epsopass.com
Website: www.epsopass.com

Data are accessible to the employees of Service Provider (where access is essential to the performance of their duties).

5.2. Data processors

For the processing of the personal data of representative and contact persons, we engage the following companies. The following data processors conduct the processing of personal data:

Data Processor
Data Processing Activities
Google LLC. (USA, Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043 – Google Analytics)
Webanalytics services
Cloud services
Pixel Actions Ltd, Stasinou 1, 2401, Engomi, Nicosia, Cyprus
Provision of customer services, provision of customer support activities
Braintree, 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B 118 349.
Online bank card payment service provider
Paypal, 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B 118 349.
Electronic billing and invoicing services

6. TRANSFER YOUR PERSONAL DATA

We transfer your personal data only to the data processors. Besides of them we do not transfer your data to anyone.

a) Processors of the controller based in the EU

- Pixel Actions Ltd is seated in and is processing data in Cyprus, in the territory of the EU.

- Braintree is seated in and is processing data in Cyprus, in the territory of the EU

- Paypal is seated in and is processing data in Cyprus, in the territory of the EU

Data transfer to these companies shall not be considered as data transfer abroad, thus it does not require an explicit authorization or consent.

b) U.S.-based processors used by the controller, which are on the Privacy Shield List:

Some of the data processors we use process your personal data outside of the European Union. We hereby inform you concerning the data transfers to abroad as follows:

Google LLC are on the U.S. – EU Privacy Shield List set up based on the adequacy decision laid down in Article 45 of the GDPR and by the regulation 2016/1260 of the European Commission, thus the explicit consent of the data subjects is not required. In addition transferring data to these companies is allowed under Article 45 of the GDPR.

7. YOUR RIGHTS AS A DATA SUBJECT

The rights of the Users are set forth in the applicable provisions of the GDPR. You can find a summary below:

  • Right of access – you have the right to request from us to provide you with a copy of the personal data that we hold about you.
  • Right of rectification – you have a right to request from us to correct the personal data that we holds about you that is inaccurate or incomplete.
  • Right to be forgotten – you have a right to request from us in certain circumstances to erase your personal data from our records. In case that these circumstances apply to your case and provided that no exception to this obligation applies (e.g. where we are obliged to store your personal data in compliance with a legal obligation under Cypriot or EU law), the Company acting as your controller will erase your personal data from its records.
  • Right to restriction of processing – you have a right to request from us where certain conditions apply, to restrict the processing of your personal data.
  • Right of portability – you have the right to request from us where certain conditions apply, to have the data we hold about you transferred to another organisation. Where these conditions apply the Company will transfer your personal data to another organisation.
  • Right to object – you have the right to object on grounds relating to your particular situation, to certain types of processing or where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which overrides your rights and freedoms.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Right to withdraw consent where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

In respect to the aforementioned rights, we will respond to requests for personal data and, where applicable, will correct, amend or delete your personal data. You can send the relevant request to the following e-mail address: info@epsopass.com

National Authority for Data Protection and Freedom of Information 
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456 
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
Website: http://www.dataprotection.gov.cy/

8. MEASURES TAKEN FOR THE PURPOSES OF DATA SECURITY

Owlpass (www.epsopass.com) takes the appropriate measures to ensure a level of security appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.

The Company implements appropriate technical and organisational measures such as access management procedure and business continuity and disaster recovery. Additionally, the Company limits access to the Client’s personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process the Client’s personal data on the Company’s instructions and they are subject to a duty of confidentiality.


Disclaimer: This website (and the owner Company) are unrelated and independent from EPSO and the European Union Institutions.
2015-2024 EPSOPASS All Rights Reserved
Scroll to Top