Owlpass (the provider of the www.epsopass.com website, informs the users of the data management in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council, (GDPR).
Service Provider* | Owlpass (www.epsopass.com) – data controller |
Website | www.epsopass.com (with all subdomains) |
Training Services | Preparation offered by the service provider |
Visitor | Persons who do not engage training services, but they are browsing the Website |
Customer | Person engaging the Training services (he has purchased training services) |
Registered user | User who has registered (either he purchase or not) |
User | Customer and Visitor |
Privacy notice | Provide adequate information to the Users on the management of personal information by Service Provider |
Legitimate Interest | Serve as evidence in case of a lawsuit. Processing the data for claim and law enforcement purposes is the legal interest of both the Service Provider and the User. |
Fulfilment of Contract | The services provided to the user. |
*Service provider shall be deemed as a data controller. |
2. PRIVACY POLICY AND USERS
Users automatically acknowledge the present Privacy Policy by accessing the Website and by utilizing our Training Services.
3. AMENDMENTS OF PRIVACY POLICY
Service Provider keeps privacy policy under regular review. For any changes in privacy policy, our page will be updated immediately. We request that all Users carefully read the privacy policy on every Website visit.
4. PERSONAL DATA AND DATA MANAGEMENT
4.1. Data for the use of Services
Users should provide their data in order to use our Services (e.g. registration, online purchases, billing, communication etc.). The following data should be provided by the Users during those processes:
Website used by | Data requested | Purpose of data processing | Legal basis | Deletion tim |
---|---|---|---|---|
tomer | Name | a) Fulfilment of the Contract, b) Legitimate interest, d) Identification, e) Communication | 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) | 5 years from the termination of the contract |
Registered User & Customer | Password | a) Fulfilment of the Contract, b) Legitimate interest, d) Identification, e) Communication | 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) | 5 years from the termination of the contract |
Registered User & Customer | Email (we use it as username) | a) Fulfilment of the Contract, b) Legitimate interest, d) Identification, e) Communication, f) Marketing purposes (if customer gives his consensus) | 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) | 5 years from the termination of the contract |
Customer | Billing address | a) Contract, b) Legitimate interest, d) Identification, e) Communication, f) Compliance with legal obligation | 1) GDPR Article 6 (1), 2) Article 13/A of Act CVIII (2001) | 5 years from the termination of the contract |
Customer | Completed tests | a) Fulfillment of the contract | 1) GDPR Article 6 (1) | 5 years from the termination of the contract |
Customer | Results of completed tests | a) Fulfillment of the contract | 1) GDPR Article 6 (1) | 5 years from the termination of the contract |
* The Users are entitled to object to the data processing on the legal basis of Legitimate interest. In that case the Service Provider does not process their data further. |
4.2 Users contacting the customer service and users communicate via the contact form
Users should provide their data in order to contact us via the contact form. The following data should be provided by the Users during this process:
Website used by | Data requested | Purpose of data processing | Legal basis | Deletion time |
---|---|---|---|---|
er service and/or person submiting a question via the contact form | Name | 1) Identification, 2) Administration, 3) Communication, 4) Legitimate interest | 1) GDPR Article 6 (1) | Until the withdrawal of consent |
Person contacting the customer service and/or person submiting a question via the contact form | Email address | 1) Identification, 2) Administration, 3) Communication, 4) Legitimate interest | 1) GDPR Article 6 (1) | Until the withdrawal of consent |
Person contacting the customer service and/or person submiting a question via the contact form | Comment/Message | 1) Identification, 2) Administration, 3) Communication, 4) Legitimate interest | 1) GDPR Article 6 (1) | Until the withdrawal of consent |
* The Users are entitled to object to the data processing on the legal basis of legitimate interest. In that case the Service Provider does not process their data further. |
4.3. Users subscribed to our newsletter services (if applicable)
To the users that they have subscribes to our newsletters services we may send electronic direct marketing emails. Those messages contain news, offers, advertisements, discounts, and other.
Users must explicitly express their intention to sign-up to our newsletters by activating the relevant checkbox and providing their e-mail address on the Website.
Subscribed users can unsubscribe any time: (https://epsopass.com/newsletter/).
The following data should be provided by the Users during this process:
4.3. Users subscribed to our newsletter services
Website used by | Data requested | Purpose of data processing | Legal basis | Deletion time |
---|---|---|---|---|
Users subscrribed to the newsletter | Email address | 1) Merketing purposes (sending direct messaged for offers,advertisemets, new products, ets.), 2) Informations (Website, EU new Jobs, competitions etc.) | 1) GDPR Article 6 (1) | Until the withdrawal of consent |
4.4. Data collected automatically via the Website
We use cookies on our website. Cookies are small text files that are stored by your browser when you visit a website. This identifies the browser used and can be recognized by our web server. Use of cookies results in the processing of personal data, the legal basis for this is Art. 6 paragraph 1 sentence 1 letter f GDPR. This manner of processing serves our legitimate interest in making our website more user-friendly, effective and secure. You can find here what kind of information we collect about you via cookies:
a Subject | Name of the cookie | Data Category | Data Source | Purpose of data processing | Deletion Time |
---|---|---|---|---|---|
Users/Visitors visiting the website | Google Analytics_gacookie | User ID generated by Google Analytics, sites visited, user’s interaction on the website, number of site visits, source of visit, start and end of the website visit, domain visited | Collected automatically | Registers a unique ID that is used to generate statistical data on how the visitors uses the website User Identification Customisation of the website | 2 Years |
Users/Visitors visiting the website | Google Analytics_gidcookie | User ID generated by Google Analytics, sites visited, user’s interaction on the website | Collected automatically | Registers a unique ID that is used to generate statistical data on how the visitors uses the website User Identification Customisation of the website | Until the end of the session |
Users/Visitors visiting the website | Facebook _fbp | User ID generated by Facebook Pixel code | Collected automatically | Used by Facebook to deliver a series of advertisement products on Facebook | Until the end of the session |
Users/Visitors visiting the website | Csrftoken | Session cookie generated from Django Framework | Collected automatically | Security measure against Cross Site Request Forgery attacks | Until the end of the session |
Users/Visitors visiting the website | Cookieconsent_status | Non identifying user information | Collected automatically | Information whether the user has seen and dismissed the cookie consent popup in order to avoid showing it repeatedly | 5 Years |
Cookies strictly necessary for the operation of the Website
The Service Provider does not apply for the moment cookies essentially necessary for the operation of the Website.
Cookies for statistical purposes
The data collected by statistical & analytical cookies are processed based on based on consent according to GDPR (Article 6 (1) a))
Cookies for statistical purposes allow the Service Provider to count visits and traffic sources so the Service Provider can measure the performance of the Website. You can set your browser to block these cookies
The Service Provider processes the data collected by the statistical cookies based on consent according to Article 6 (1) a) of the GDPR. The User can withdraw his/her consent at any time.
Marketing cookies
We may use cookies to monitor the preferences of the Visitors/Users and be able to display relevant advertisements. The User can withdraw his/her consent at any time. The Service Provider processes the data collected by the statistical, analytical cookies based on consent according to Article 6 (1) a) of the GDPR.
Control of cookies
If User does not wish for Service Provider to use cookies when User visits the Website, he/she may refuse usage. If no such change has been made, Service Provider will view User/Visitors as having given consent to the sending of any kinds of cookies.
Information about cookies
For further information of cookies, including types, management and removal, visit Wikipedia.org or www.allaboutcookies.org or www.aboutcookies.org.
Information about Google Analytics
For more information about Google Analytics cookies, please visit: http://www.google.com/policies/privacy/
If you want to switch off the Google Analytics tracking, please click on the following link: http://tools.google.com/dlpage/gaoptout.
If you want to switch off the Facebook Pixel tracking, please click on the following link: https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen
Modifying the cookie settings
You can find more information about cookie settings here: http://www.youronlinechoices.com/hu/.
The cookie settings for the most popular browsers:
5. CONTROLLER OF PERSONAL DATA AND ACCESS
5.1. The data controller
The controller of the personal data is the Service Provider. Service Provider is not required by the law to appoint a data protection officer.
Owl Pass
E-mail address: info@epsopass.com
Website: www.epsopass.com
Data are accessible to the employees of Service Provider (where access is essential to the performance of their duties).
5.2. Data processors
For the processing of the personal data of representative and contact persons, we engage the following companies. The following data processors conduct the processing of personal data:
Data Processor | ||
---|---|---|
Data Processing Activities | ||
Google LLC. (USA, Google Data Protection Office, 1600 Amphitheatre Pkwy Mountain View, California 94043 – Google Analytics) | ||
Webanalytics services | ||
Cloud services | ||
Pixel Actions Ltd, Stasinou 1, 2401, Engomi, Nicosia, Cyprus | ||
Provision of customer services, provision of customer support activities | ||
Braintree, 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B 118 349. | ||
Online bank card payment service provider | ||
Paypal, 22-24 Boulevard Royal, L-2449, Luxembourg, R.C.S. Luxembourg B 118 349. | ||
Electronic billing and invoicing services | ||
6. TRANSFER YOUR PERSONAL DATA
We transfer your personal data only to the data processors. Besides of them we do not transfer your data to anyone.
a) Processors of the controller based in the EU
- Pixel Actions Ltd is seated in and is processing data in Cyprus, in the territory of the EU.
- Braintree is seated in and is processing data in Cyprus, in the territory of the EU
- Paypal is seated in and is processing data in Cyprus, in the territory of the EU
Data transfer to these companies shall not be considered as data transfer abroad, thus it does not require an explicit authorization or consent.
b) U.S.-based processors used by the controller, which are on the Privacy Shield List:
Some of the data processors we use process your personal data outside of the European Union. We hereby inform you concerning the data transfers to abroad as follows:
Google LLC are on the U.S. – EU Privacy Shield List set up based on the adequacy decision laid down in Article 45 of the GDPR and by the regulation 2016/1260 of the European Commission, thus the explicit consent of the data subjects is not required. In addition transferring data to these companies is allowed under Article 45 of the GDPR.
7. YOUR RIGHTS AS A DATA SUBJECT
The rights of the Users are set forth in the applicable provisions of the GDPR. You can find a summary below:
In respect to the aforementioned rights, we will respond to requests for personal data and, where applicable, will correct, amend or delete your personal data. You can send the relevant request to the following e-mail address: info@epsopass.com
National Authority for Data Protection and Freedom of Information
Commissioner for Personal Data Protection
1 Iasonos Street,
1082 Nicosia
P.O. Box 23378, CY-1682 Nicosia
Tel. +357 22 818 456
Fax +357 22 304 565
E-mail: commissioner@dataprotection.gov.cy
Website: http://www.dataprotection.gov.cy/
8. MEASURES TAKEN FOR THE PURPOSES OF DATA SECURITY
Owlpass (www.epsopass.com) takes the appropriate measures to ensure a level of security appropriate to protect any personal data provided to us from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed.
The Company implements appropriate technical and organisational measures such as access management procedure and business continuity and disaster recovery. Additionally, the Company limits access to the Client’s personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process the Client’s personal data on the Company’s instructions and they are subject to a duty of confidentiality.