European Informatics Passport

+39 06 8635 8950

    

contact@eipass.com

Logo Certipass

CERTIPASS, is the provider of EIPASS (European Informatics Passport), the international programme that certifies the users' ICT competencies. It establishes, implements, maintains and continuously improves a quality management system, including the necessary processes and their interactions, in compliance with the requirements of ISO 9001: 2015 and UNI CEI EN ISO/IEC 17024.

Contact

Via Lazio, 1
70029 Santeramo in Colle (BA) Italy
contact@eipass.com
+39 06 8635 8950

Follow us

Privacy Policy

EIPASS is committed to guaranteeing your privacy. Read our Privacy Policy to understand how we collect, use and store your information.

Last update May 2021

Data Controller

Certipass S.r.l. hereinafter also referred to as “Certipass” or the “Controller”, with registered office in Santeramo in Colle (BA), Via Lazio no. 1, VAT no. IT05805441218, as Data Controller of personal data, informs you that the personal data provided in connection with participation in online courses including final certification will be processed in compliance with the principles of fairness, lawfulness, transparency, minimization, integrity, confidentiality and protection of the rights of the data subject provided for by EU Regulation 2016/679 (“GDPR”) and by the national legislation in force on the protection of personal data.

The Data Protection Officer (DPO) can be contacted at the following e-mail address: dpo@eipass.com.

Subject of processing

The processing concerns the management of candidate identification procedures and the supervision of examination sessions aimed at providing certification services issued by Certipass S.r.l. through the DIDASKO platform.

Types of personal data processed

Within the scope of the purposes indicated above, the following may be processed:

  • candidate identification and personal data;
  • contact details;
  • data relating to the identity document shown during the identification procedure;
  • images of the candidate’s face acquired during the initial identity verification procedure;
  • images strictly necessary to verify the regularity of the examination session via webcam;
  • audio/video data that may be processed during remote sessions with live supervision;
  • technical data relating to the use of the DIDASKO platform, the devices used and the examination sessions, including technical logs, IP addresses, timestamps and session events;
  • any further data strictly necessary for the management of the certification procedure.

The images and any audio/video data collected are limited to what is strictly necessary to guarantee the authenticity of the examination session, the correct identification of the candidate, the regularity of the tests, the prevention of fraudulent conduct and the protection of the validity of the certifications issued.

The processing of data collected as part of the identification and supervision procedures does not involve the use of automated biometric recognition systems or biometric identification activities pursuant to Article 9 of the GDPR.

Purposes of processing

Personal data will be processed exclusively for purposes connected with:

  • the administrative and organizational management of the services provided by Certipass;
  • the provision of training and certification services;
  • the verification of the candidate’s identity;
  • the supervision and regularity of examination sessions;
  • the prevention of fraudulent conduct or improper use of the certifications issued;
  • the protection of the reliability, security and validity of the certifications issued;
  • the management of any complaints, disputes, checks or proceedings relating to the regularity of the tests taken.

Depending on the service chosen by the candidate, examination sessions may be delivered in person, with a Supervisor, or in self-assessment mode.

Sessions with a Supervisor

The regularity of the examination session is guaranteed by the presence of an authorized Supervisor, who is responsible for verifying the candidate’s identity and the correct performance of the examination procedure.

Self-assessment sessions

With reference to self-assessment sessions:

  • the guided system requires the acquisition of an image of the identity document shown by the candidate;
  • during the examination session, limited images may be acquired via webcam, strictly necessary to verify the regularity of the test and the candidate’s identity;
  • at the end of the session, authorized Certipass personnel carry out a visual check between the image acquired at the initial stage and the images collected during the examination, in order to verify the correspondence of the candidate’s identity and the regularity of the test.

The verification is carried out exclusively by personnel authorized and duly instructed by the Controller.

Access to the images collected is permitted exclusively to specifically authorized persons appointed to carry out checks on the regularity of examination sessions.

The processing does not involve the use of automated biometric recognition systems or the adoption of decisions based solely on automated processing pursuant to Articles 9 and 22 of the GDPR.

The images collected are not used for purposes other than those indicated above.

Legal basis of processing

The processing of personal data is necessary:

  • for the performance of the contract or pre-contractual measures requested by the data subject pursuant to Article 6, paragraph 1, letter b) of the GDPR;
  • for the pursuit of the legitimate interest of the Controller pursuant to Article 6, paragraph 1, letter f) of the GDPR, consisting in the need to guarantee the security, authenticity, correctness, reliability and regularity of examination and certification procedures, as well as the prevention of fraudulent conduct or improper use of the certifications issued.

Methods of processing

The processing of personal data takes place through electronic and telematic tools and organizational procedures suitable to ensure adequate levels of security, integrity, availability and confidentiality of the data processed.

The data will be processed exclusively:

  • by authorized and duly instructed personnel pursuant to Article 29 of the GDPR and Article 2-quaterdecies of Legislative Decree 196/2003;
  • by any Data Processors formally appointed pursuant to Article 28 of the GDPR.

Certipass adopts appropriate technical and organizational measures to protect the data processed, including authentication procedures, access control, logical protection systems, monitoring of operations performed on the data and security measures aimed at preventing unauthorized access, loss, destruction or improper disclosure of information.

No automated processing is carried out for the purpose of adopting decisions based solely on automated processes, nor are profiling activities performed.

Communication of data

Within the limits strictly relevant to the purposes indicated in this privacy notice, personal data may be communicated to:

  • consultants and freelance professionals;
  • banking and insurance institutions;
  • IT and technology service providers;
  • companies appointed to maintain and manage the systems;
  • public bodies or competent authorities in the cases provided for by law;
  • judicial authorities and supervisory authorities;
  • entities formally appointed as Data Processors.

The updated list of Data Processors may be requested by sending a communication to privacy@eipass.com.

Personal data will not be disseminated.

Data retention period

Personal data will be retained for the time strictly necessary to pursue the purposes indicated above and in compliance with the applicable legal and regulatory obligations.

Depending on the service chosen by the candidate, the certificate may be issued within 5 or 30 days from the conclusion of the examination test.

Retention of images

The images acquired during self-assessment sessions will be retained exclusively for the time necessary to complete the verification and control procedures.

In particular:

  • in the event of regular issuance of the certificate, the frames and images collected will be retained for 15 (fifteen) days from the issuance of the certification;
  • in the event of suspension of the certificate issuance procedure, checks on the regularity of the session, complaints, disputes, detected anomalies or requests from competent authorities, the data may be retained for up to 90 (ninety) days from the conclusion of the last test taken.

Once this period has elapsed, the data will be deleted or anonymized.

The image of the identity document acquired during the initial procedure is processed exclusively for the purpose of verifying the candidate’s identity and is not used for any further purposes.

Provision of data

The provision of the requested data is necessary to allow participation in the examination session and the provision of the certification service.

Any refusal to provide the data or to allow the required checks may make it impossible to take the examination or obtain the requested certification.

Rights of the data subject

The data subject may exercise the rights provided for by Articles 15 et seq. of the GDPR, including:

  • right of access;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to data portability;
  • right to object to processing in the cases provided for by the legislation in force.

The request for rectification of inaccurate personal data may be exercised free of charge pursuant to the legislation in force.

Any requests subsequent to the issuance of attestations, certifications or official registrations that involve administrative activities, updating of examination registers, regeneration or re-issuance of documentation may be subject to the administrative fees provided for by the current price list.

The exercise of the right to erasure of personal data may, in cases where the data are necessary to guarantee the validity, traceability, authenticity and verifiability of the certifications issued, make it impossible to keep the issued certification valid and may therefore result in the suspension or cancellation of the related attestation.

It remains understood that certain data may be retained, even after a request for erasure, within the limits and for the time strictly necessary to comply with legal obligations, protect the rights of the Controller, prevent fraud or abuse and manage any requests from competent authorities.

The data subject also has the right to object, on grounds relating to their particular situation, to processing based on the legitimate interest of the Controller, pursuant to Article 21 of the GDPR.

Rights may be exercised by sending a communication:

  • to the e-mail address privacy@eipass.com;
  • or by registered letter to the Controller’s registered office.

Complaint to the Supervisory Authority

If the data subject considers that the processing of personal data violates the provisions of the GDPR, they have the right to lodge a complaint with the Italian Data Protection Authority pursuant to Article 77 of the GDPR.

Transfer of data abroad

Personal data are processed and stored on systems located within the European Union.

No transfer of data to non-EU countries is envisaged.

Should this become necessary, the transfer will take place in compliance with Articles 44 et seq. of the GDPR and through the adoption of the safeguards provided for by the legislation in force.

Electronic payments

For the management of electronic payments, Certipass may use specialized third-party providers of digital payment services, such as PayPal, Banca Sella or other payment providers.

The data necessary for the execution of the transaction are processed directly by the respective payment providers, which act as independent data controllers according to their own privacy notices and contractual terms.

Certipass does not acquire or store the complete data of the payment instruments used by the user.

Data Controller

Certipass S.r.l.
Updated on 26/05/2026