EIPASS is committed to guaranteeing your privacy. Read our Privacy Policy to understand how we collect, use and store your information.
Last update May 2021
Certipass S.r.l. hereinafter also referred to as “Certipass” or the “Controller”, with registered office in Santeramo in Colle (BA), Via Lazio no. 1, VAT no. IT05805441218, as Data Controller of personal data, informs you that the personal data provided in connection with participation in online courses including final certification will be processed in compliance with the principles of fairness, lawfulness, transparency, minimization, integrity, confidentiality and protection of the rights of the data subject provided for by EU Regulation 2016/679 (“GDPR”) and by the national legislation in force on the protection of personal data.
The Data Protection Officer (DPO) can be contacted at the following e-mail address: dpo@eipass.com.
The processing concerns the management of candidate identification procedures and the supervision of examination sessions aimed at providing certification services issued by Certipass S.r.l. through the DIDASKO platform.
Within the scope of the purposes indicated above, the following may be processed:
The images and any audio/video data collected are limited to what is strictly necessary to guarantee the authenticity of the examination session, the correct identification of the candidate, the regularity of the tests, the prevention of fraudulent conduct and the protection of the validity of the certifications issued.
The processing of data collected as part of the identification and supervision procedures does not involve the use of automated biometric recognition systems or biometric identification activities pursuant to Article 9 of the GDPR.
Personal data will be processed exclusively for purposes connected with:
Depending on the service chosen by the candidate, examination sessions may be delivered in person, with a Supervisor, or in self-assessment mode.
The regularity of the examination session is guaranteed by the presence of an authorized Supervisor, who is responsible for verifying the candidate’s identity and the correct performance of the examination procedure.
With reference to self-assessment sessions:
The verification is carried out exclusively by personnel authorized and duly instructed by the Controller.
Access to the images collected is permitted exclusively to specifically authorized persons appointed to carry out checks on the regularity of examination sessions.
The processing does not involve the use of automated biometric recognition systems or the adoption of decisions based solely on automated processing pursuant to Articles 9 and 22 of the GDPR.
The images collected are not used for purposes other than those indicated above.
The processing of personal data is necessary:
The processing of personal data takes place through electronic and telematic tools and organizational procedures suitable to ensure adequate levels of security, integrity, availability and confidentiality of the data processed.
The data will be processed exclusively:
Certipass adopts appropriate technical and organizational measures to protect the data processed, including authentication procedures, access control, logical protection systems, monitoring of operations performed on the data and security measures aimed at preventing unauthorized access, loss, destruction or improper disclosure of information.
No automated processing is carried out for the purpose of adopting decisions based solely on automated processes, nor are profiling activities performed.
Within the limits strictly relevant to the purposes indicated in this privacy notice, personal data may be communicated to:
The updated list of Data Processors may be requested by sending a communication to privacy@eipass.com.
Personal data will not be disseminated.
Personal data will be retained for the time strictly necessary to pursue the purposes indicated above and in compliance with the applicable legal and regulatory obligations.
Depending on the service chosen by the candidate, the certificate may be issued within 5 or 30 days from the conclusion of the examination test.
The images acquired during self-assessment sessions will be retained exclusively for the time necessary to complete the verification and control procedures.
In particular:
Once this period has elapsed, the data will be deleted or anonymized.
The image of the identity document acquired during the initial procedure is processed exclusively for the purpose of verifying the candidate’s identity and is not used for any further purposes.
The provision of the requested data is necessary to allow participation in the examination session and the provision of the certification service.
Any refusal to provide the data or to allow the required checks may make it impossible to take the examination or obtain the requested certification.
The data subject may exercise the rights provided for by Articles 15 et seq. of the GDPR, including:
The request for rectification of inaccurate personal data may be exercised free of charge pursuant to the legislation in force.
Any requests subsequent to the issuance of attestations, certifications or official registrations that involve administrative activities, updating of examination registers, regeneration or re-issuance of documentation may be subject to the administrative fees provided for by the current price list.
The exercise of the right to erasure of personal data may, in cases where the data are necessary to guarantee the validity, traceability, authenticity and verifiability of the certifications issued, make it impossible to keep the issued certification valid and may therefore result in the suspension or cancellation of the related attestation.
It remains understood that certain data may be retained, even after a request for erasure, within the limits and for the time strictly necessary to comply with legal obligations, protect the rights of the Controller, prevent fraud or abuse and manage any requests from competent authorities.
The data subject also has the right to object, on grounds relating to their particular situation, to processing based on the legitimate interest of the Controller, pursuant to Article 21 of the GDPR.
Rights may be exercised by sending a communication:
If the data subject considers that the processing of personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR.
Personal data are processed and stored on systems located within the European Union.
No transfer of data to non-EU countries is envisaged.
Should this become necessary, the transfer will take place in compliance with Articles 44 et seq. of the GDPR and through the adoption of the safeguards provided for by the legislation in force.
For the management of electronic payments, Certipass may use specialized third-party providers of digital payment services, such as PayPal, Banca Sella or other payment providers.
The data necessary for the execution of the transaction are processed directly by the respective payment providers, which act as independent data controllers according to their own privacy notices and contractual terms.
Certipass does not acquire or store the complete data of the payment instruments used by the user.
Certipass S.r.l.
Updated on 26/05/2026