Privacy Policy

Accreditation Europe ("Accreditation Europe”) is committed to protecting your privacy and confidentiality in accordance with its obligations under the European Union (“EU”) Regulation No. 2016/679 of 27 April 2016, known as the General Data Protection Regulation (“GDPR”) and related laws and regulations (with the GDPR, the “Data Privacy Laws”). Throughout this Privacy Policy (the “Policy”), the reference to terms “we”, “us” and “our” refer to Accreditation Europe.

We, Accreditation Europe, are the data controller of the processing activities described in this Policy for the purposes of Data Privacy Laws and can be contacted by mail at Rue d'Egmont 11, 1000 Bruxelles or by email as indicated under XII below.

This Policy explains how we will collect, use, disclose and store Personal Information. We urge you to read the Policy carefully in order to gain a clear understanding of how Accreditation Europe may collect, use or disclose Personal Information.

"Personal Information" means any information, in any form, about an identified individual or an individual whose identity may be inferred or determined from such information, other than business contact information (e.g. name, title, business address).

Please note that this Policy does not cover business contact information, anonymous aggregate information or data from which the identity of an individual cannot be determined. Subject to any agreement between Accreditation Europe and you (or between Accreditation Europe and your employer) otherwise, Accreditation Europe retains the right to use and disclose such information and data in any way that it determines appropriate.

I. Application

This Policy applies to all Personal Information collected by Accreditation Europe including Personal Information we collect from you through our website (when you register for an account or visit anonymously), our Client Portals, Partner Portals, Surveyor Portals, as well as Personal Information provided to Accreditation Europe by individuals who are, represent or work for its clients, contractors (including surveyors), service providers, agents, partners, and affiliated entities participating in Accreditation Europe’s licensed accreditation processes.

It applies to individuals who are, represent or work for our potential, current and past suppliers (including service providers), subject to such specific privacy notice that may be handed to them.

It does not apply to our potential (i.e. candidates), current and past employees, who are invited to consult the corresponding privacy notice.

II. Consent

Accreditation Europe and its agents, partners, contractors or service providers that may collect Personal Information on behalf of Accreditation Europe, will not collect any Personal Information without obtaining the consent of the individual to whom it belongs prior to the collection of the information to the extent required by applicable law. By using our websites, or providing us with your Personal Information over the telephone, by email, in writing, by fax or in person, you acknowledge having been informed that Accreditation Europe may collect, use, disclose and store your Personal Information in accordance with the terms of this Policy.

In most cases and subject to legal and contractual restrictions, you are free to refuse or withdraw your consent to – or if consent is not required object to – the collection, use, disclosure and storage by Accreditation Europe of your Personal Information at any time upon reasonable, advance notice to Accreditation Europe. However, the withdrawal of your consent or objection is not retroactive. It should be noted that in certain circumstances, our products or services can only be offered if you provide us with your Personal Information. Consequently, if you choose not to provide us with the required Personal Information, we may not be able to offer you these products or services. We will inform you of the consequences of the withdrawal of consent as appropriate. Notwithstanding anything in this Policy, we may, from time to time, seek consent from you – or if consent is not required inform you of our intention to – to use and disclose your Personal Information collected for a purpose other than the purposes set out herein.

If you are a client, supplier or partner of Accreditation Europe and you provide us with the Personal Information of other individuals, you are responsible for obtaining the consent of the individuals from whom you collect any Personal Information at the time of collection in accordance with all applicable laws.

III. Collection of Personal Information and Categories of Personal Data Concerned

What Personal Information Do We Collect?

We may collect the following types of Personal Information: your name, email address, and credit card information.

Surveyors: We collect the following Personal Information from surveyors: address, emergency contact information, information about allergies, place of employment, SIN, and similar information collected in the context of entering into a contractual relationship between Accreditation Europe and the surveyor. The terms and conditions for the collection, use and disclosure of this information are set out in the contractual agreements between Accreditation Europe and the surveyors. Accreditation Europe does not disclose any of the surveyor’s information without the surveyor’s prior consent, unless permitted to do so by law.

We collect only such Personal Information as we deem to be reasonably required in the circumstances for the purpose(s) for which it is collected.

Except as set out in this Policy (or unless otherwise permitted by the applicable laws), Accreditation Europe does not collect Personal Information without first obtaining the consent of the individual concerned to the collection of such Personal Information.

How Do We Collect Your Personal Information?

We collect Personal Information from individuals who create accounts with our website or who create (or are provided) accounts with any Client Portal, Partner Portal or Surveyor Portal operated by Accreditation Europe.

We also collect Personal Information from individuals who place orders through the website for goods and services, who respond to online or email surveys, or provide information to us in person, in writing, by fax or over the telephone when asked for such information (including proof of any accreditation process).

We may also indirectly collect and store in our systems Personal Information which is uploaded by clients and contractors of Accreditation Europe pursuant to our accreditation processes or which is provided to us indirectly by clients, contractors (including surveyors), service providers, agents, partners, and affiliated entities participating pursuant to any of our licensed accreditation processes.

We collect Personal Information from surveyors at the time of entering into a contractual relationship with the surveyor.

We use only fair and lawful methods to collect Personal Information.

IV. Use of Personal Information

What Do We Use Your Personal Information For?

We use Personal Information for the following purposes:

  1. For the performance and delivery of accreditation services and related services;
  2. For the performance and delivery of education and training sessions and webinars;
  3. To process transactions for the purchase of goods and services;
  4. To perform activation services and generate reports;
  5. To improve our products and services;
  6. To improve our website;
  7. To enter and maintain a contractual relationship with a surveyor;
  8. To inform or offer goods or services or seek donations;
  9. To comply with our statutory obligations or any judicial order or judiciary rule of procedure;
  10. To provide information reasonably required by debt or equity investors envisaging investing or who have invested, directly or indirectly, in any of our entities, businesses or assets, or by our potential or existing donators;
  11. To generate statistical data that, to the extent that anonymized data ceases to be personal data, we may use for a variety of purposes.

Unless permitted or required by the applicable laws, Accreditation Europe does not use Personal Information for other purposes.

Surveyors that perform surveys on behalf of Accreditation Europe as part of the accreditation process may have access to the Personal Information in the custody or control of our clients. Surveyors do not collect any Personal Information, do not remove it offsite and do not disclose it to Accreditation Europe or any third party. The surveyors’ use of any Personal Information of Accreditation Europe’s clients is limited to the purposes of assessment and provision of recommendations by the surveyors to Accreditation Europe during the survey process. Personal Information that may be accessed by surveyors is further protected by contractual means.

We also use information collected from surveyors about themselves in order to enter into and manage the contractual relationship between Accreditation Europe and the surveyor.

How do we use your data for marketing?

We may, occasionally, send you information by electronic means (this includes email, telephone, text message (SMS) or automated calls about our products and services, competitions and special offers which may be of interest to you as well as appropriate for soliciting donations.

Other entities within our group or which we have selected carefully may also send you similar marketing messages, depending on what you agree with us or as appropriate.

We will also regularly send you information via email/SMS/other automated means to ask about your marketing preferences. We will also ask you to confirm whether you would like us and other businesses to send you marketing messages when you tick the relevant boxes when you, for instance, complete a survey or application online.

If you have consented to receive marketing from our group or other businesses, you can opt out at any time. See 'Your Rights’ for further information.

What's the legal basis for these uses under Data Privacy Laws?

We inform you that we are allowed to process your personal data on the following legal bases.

  1. Legitimate interests. We are permitted to process your personal data if it is based on our ‘legitimate interests’ i.e. we have good, sensible, practical reasons for processing your personal data which is in our interests. To do so, we have considered the impact on your interests and rights, and have placed appropriate safeguards to ensure that the intrusion on your privacy is reduced as much as possible. The following personal data processing activities are based on this ground:
    1. contacting or verifying the authority of an individual representing an organisation in relation to the execution or performance of a contract with that organisation and keeping exchanges with that individual as evidence in case of a possible dispute with that organisation;
    2. anonymising personal data for generating statistics that can be used for, amongst others, improving our products and services and our website;
    3. improving our products and services and our website when this cannot be done without first anonymising the data;
    4. providing information to debt or equity investors or donators in order to incite them to invest or donate or continue to do so;
    5. presenting or communicating on our good or services or requests for donations when we do not need consent;
  2. Contract. We are also permitted to process your personal data every time it is necessary for the entry into or the performance of the contract you have agreed to enter with us. If you do not provide the necessary personal data, we will not enter the contact for which it is necessary or we will not be able to carry out our obligations thereunder in case of personal data necessary for its performance.
  3. Legal obligation. We are also permitted to process your personal data every time it is necessary for the purposes of complying with applicable regulatory, accounting and financial rules, health and safety and to make mandatory disclosures to government bodies and law enforcements.
  4. Consent. Your consent may be asked for the presenting or communicating on our goods or services or requests for donations when when this cannot be done on the sole basis of our legitimate interests, You can withdraw this consent at any time.
  5. Public interest or official authority. We are also permitted to process your personal data when necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us by the relevant authorities, namely accreditation of health organisations when laid down by applicable law.

V. Disclosure of Personal Information and Categories of Recipients of Personal Data

Accreditation Europe may disclose your Personal Information between its related entities, as well as to third party individuals or organizations who are our trusted partners, service providers, contractors or agents who assist us in delivering or performing our services, conducting our business, operating our website, doing marketing (as indicated above), so long as those parties agree to use, disclose and store the Personal Information disclosed to them solely for the purpose(s) such Personal Information was provided to them, and to otherwise keep your Personal Information confidential and have appropriate safeguards for the protection of the information.

Unless permitted or required by the applicable laws, Accreditation Europe does not disclose Personal Information for other purposes.

It is important that you note that if you are an employee, contractor, surveyor or consultant of a health services organization that is a client of Accreditation Europe, Personal Information you provide to Accreditation Europe as part of the accreditation process or use of other services provided by Accreditation Europe may be provided to and used by related companies of Accreditation Europe engaged by Accreditation Europe to provide such services, and/or contractors and consultants of Accreditation Europe and its affiliates for the purpose of allowing such persons and entities to perform and deliver such services to your organization.

Except as set out otherwise in this Policy, or except as you may permit from time to time in the manner set out herein, Accreditation Europe will not sell, exchange, transfer or give your Person Information to any other person or entity for any reason whatsoever.

Where Disclosure Can Be Made Without Consent

Please note that there are circumstances where the use and/or disclosure of Personal Information may be justified or permitted without your consent or where Accreditation Europe is obliged to disclose Your Personal Information without consent. Such circumstances may include, without limitation and subject to applicable laws:

  1. where use or disclosure of Personal Information is required by applicable law or by order or requirement of a court, administrative agency or governmental tribunal;
  2. where Accreditation Europe believes, upon reasonable grounds, that the use or disclosure of Personal Information is necessary to protect the rights, privacy, safety or property of an identifiable person or group;
  3. where the use or disclosure of Personal Information is necessary to permit Accreditation Europe to pursue available remedies or limit any damages that we may sustain;
  4. where the Personal Information is public as permitted by applicable law;
  5. where the use or disclosure of Personal Information is reasonable for the purposes of investigating a breach of an agreement, or actual or suspected illegal activity; or
  6. where the use or disclosure of Personal Information is necessary for the purpose of a prospective business transaction (including any equity or debt investment in our entities, businesses or assets) or donation if use or disclosure of such Personal Information is necessary to determine whether to proceed with the transaction or donation or to complete the transaction or donation, or a completed business transaction where the information is necessary to carry on the activity that was the object of the transaction; or
  7. where the disclosure is to an affiliate (e.g., Health Standard Organization) a third-party service provider acting on our behalf.

Where obliged or permitted to disclose Personal Information without consent, Accreditation Europe will not disclose more Personal Information than is necessary for the relevant purposes of such disclosure.

VI. Storage and Transfer of Personal Information

Hard copies of your Personal Information are stored by Accreditation Europe in Ontario, Canada. Electronic copies of your Personal Information are stored on servers and/or operated by or for Accreditation Europe in Ontario, Canada. Personal Information collected from or about you offline may also be stored in Canada.

We may however transfer and store your personal data in the European Economic Area ("EEA"), Canada and other countries deemed to offer an adequate level protection according to the European Commission as well as the United States of America, provided that any recipient of your personal data based in the United States of America adopted corporate binding rules or entered into a data transfer agreement containing clauses offering an adequate level protection according to the European Commission or benefits from the U.S. "Privacy Shield" accreditation.

VII. Protection of Personal Information

How Do We Protect Your Personal Information?

We employ a variety of physical, technical and organizational security measures to maintain the safety of Personal Information.

We offer the use of a secure server. All sensitive financial (e.g. credit card) information, any information provided via Accreditation Europe’s websites, Client Portal and Surveyor Portal is transmitted via Secure Socket Layer (SSL) technology and then encrypted into our payment gateway providers’ database, where it is only accessible by those authorized with special access rights to such systems, and who are required to keep the information confidential.

What Do We Do In Case Of A Security Breach?

We will also comply with the documentation and notification requirements of articles 33 and 34 of the GDPR in case of a personal data breach as defined in the GDPR.

VIII. Cookies and Embedded Scripts

Cookies

We use cookies, which are small data files that are saved to your device when you visit our website and use the service. The cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

i. Type of cookies we use: We may use both session cookies and persistent cookies. A session cookie is a temporary file which is only active while you are on the website and is erased once you close your browser. Unlike a session cookie, a persistent cookie is not deleted when you close your browser and will remain on your device indefinitely. We use cookies to identify when you return to our website, save login information (excluding passwords), track usage statistics, and store your preferences. We also use traffic log cookies to identify which pages are being used. This helps us analyze data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system but from time to time we may use this information for running a remarketing/retargeting online advertising campaign. More specifically, the table below explains the cookies we use and why as well as their maximum duration (all strictly necessary cookies may not appear).

Developer Name Purpose Duration
  cookie-agreed This cookie is used to remember a user’s choice about cookies. Where users have previously indicated a preference, that user’s preference will be stored in this cookie. 100 days
Drupal has_js This cookie to indicate whether or not the visitors browser has JavaScript enabled. End of session.
Universal Analytics (Google) _ga
_gali
_ gat_UA-91005729-1
_gid
These cookies are used to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and blog, where visitors have come to the website from and the pages they visited. Read Google's overview of privacy and safeguarding data (https://support.google.com/analytics/answer/6004245) maximum period of 2 years.
YouTube cookies PREF*
VSC*
VISITOR_INFO1_LIVE*
remote_sid*
We embed videos from our official YouTube channel using YouTube’s privacy-enhanced mode. This mode may set cookies on your computer once you click on the YouTube video player, but YouTube will not store personally-identifiable cookie information for playbacks of embedded videos using the privacy-enhanced mode. Read more at YouTube’s embedding videos information page. (http://www.google.com/support/youtube/bin/answer.py?hl=en-GB&answer=171780) PREF - * Expires after eight months
VSC - * expires at the end of your session
VISITOR_INFO1_LIVE - *expires after eight months
remote_sid - * expires at the end of your session
  _session_id Allows Shopify to store information about your session (referrer, landing page, etc). sessional
  _shopify_visit Used by our website provider’s internal stats tracker to record the number of visits Persistent for 30 minutes from the last visit
  _shopify_uniq Counts the number of visits to a store by a single customer. expires midnight (relative to the visitor) of the next day
  cart, unique token, Stores information about the contents of your cart. persistent for 2 weeks
  _secure_session_id unique token, sessional
  storefront_digest If the shop has a password, this is used to determine if the current visitor has access. Indefinite (linked to contractual relationship)

 

ii. Adjusting cookie settings on your browser: By default, most browsers will automatically accept cookies. However, you can disable cookies completely, or be prompted prior to a cookie being loaded, by adjusting your browser’s settings. Consult each individual browser’s "help" feature for more information.

Find out how to manage cookies on popular browsers:

Google Chrome

(https://support.google.com/accounts/answer/61416?co=GENIE.Platform%3DDesktop&hl=en)

Microsoft Edge (https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy)

Mozilla Firefox (https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences)

Microsoft Internet Explorer (https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies)

Opera (https://www.opera.com/help/tutorials/security/privacy/)

Apple Safari (https://support.apple.com/kb/ph21411?locale=en_US)

To opt out of being tracked by Google Analytics across all websites, visit http://tools.google.com/dlpage/gaoptout.

We are planning to enhance our cookie tool to allow users to more easily change their cookie settings after their initial choice.

Embedded Scripts

An embedded script is a programming code that is designed to collect information about your interactions with our website, such as information about the links on which you click. The code is temporarily downloaded onto your device from our web server or a third-party service provider. The code is active only while you are connected to our website, and is deactivated or deleted once you disconnect from the website.

IX. Rights

We inform you that you have the rights set out below.

You may exercise these rights by contacting us at the email address indicated in this Policy. We will respond to any rights that you exercise within a month of receiving your request, unless the request is particularly complex, in which case we will respond within three months.

Please be aware that there are exceptions and exemptions that apply to some of the rights which we will apply in accordance with Data Protection Laws.

1 Right to object to processing of your personal data

You may object to us processing your personal data where we rely on a legitimate interest as our legal grounds for processing. If you object to us processing your personal data we must demonstrate compelling grounds for continuing to do so.

In particular, you can ask us to stop contacting you for direct marketing purposes. If you would like to do this, please:

  • email, call or write to us (at Commmunications@accreditation.ca). You can also click on the ‘unsubscribe’ button at the bottom of the email newsletter. It may take up to 14 business days for this to take place.
  • provide proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
  • provide us with details of your preferred method of contact (for example, you may be happy for us to contact you by email but not by telephone).

2 Right to access personal data relating to you

You may ask to see what personal data we hold about you and be provided with:

  • a copy of the personal data;
  • details of the purpose for which the personal data is being or is to be processed;
  • details of the recipients or classes of recipients to whom the personal data is or may be disclosed, including if they are outside the EEA and what protections are used for those transfers;
  • the period for which the personal data is held (or the criteria we use to determine how long it is held); and
  • any information available about the source of that data.

To help us find the information easily, please provide us as much information as possible about the type of information you would like to see.

3 Right to correct any mistakes in your information

As indicated above, you can require us to correct any mistakes in your information which we hold. If you would like to do this, please let us know what information is incorrect and what it should be replaced with.

4 Right to restrict processing of personal data

You may request that we stop processing your personal data temporarily if:

  • you do not think that your data is accurate (we will start processing again once we have checked whether or not it is accurate);
  • the processing is unlawful but you do not want us to erase your data;
  • we no longer need the personal data for our processing, but you need the data to establish, exercise or defend legal claims; or
  • you have objected to processing because you believe that your interests should override our legitimate interests.

5 Right to data portability

You may ask for an electronic copy of your personal data which we hold electronically and which we process on the basis of a contract with you or with your consent.

6 Right to withdraw consent

You may withdraw any consent that you have given us to process your personal data at any time. This means that we will not be able to carry out any processing which required of that personal data.

7 Right to erasure

You can ask us to erase your personal data:

  • should we not need your data anymore in order to process it for the purposes set out herein;
  • if you had given us consent to process your data, you withdraw that consent and we cannot otherwise legally process your data;
  • if you object to our processing and we do not have any legitimate interests that mean we can continue to process your data; or
  • if your data has been processed unlawfully or have not been erased when it should have been.

8 Rights in relation to automated decision making

You have the right to have any decision that has been made by automated means and which produces legal effects or has a similar significant effect on you reviewed by a member of staff, it being noted that our processing activities do not fall in that category.

9 France only – directives for handling personal data after death

If you are in France, we inform you that you may write directives about the handling of your personal information after your death.

10 Complaints to a European supervisory authority

It is important that you ensure you have read this Privacy Policy and, if you do not think that we have processed your data in accordance therewith, you should let us know as soon as possible. You may also complain to any European competent supervisory authority.

X. Retention of Personal Information

1 As regards customers, surveyors and other persons with whom we have a contractual relationship as well as their individual representatives, we will hold all personal information for so long as we are in a contractual relationship. We may then (i) archive the data up to one year after the applicable limitation period has expired or final settlement of any dispute whichever is last and (ii) keep contact details for the purposes of direct marketing for a period of up to 3 years after termination of the contract or last contact made by the relevant individual.

2 As regards prospects, we keep their contact details for the purposes of direct marketing for a period of up to 3 years after time of collection or last contact made by the relevant individual.

3 As regards website/app/email users who do not provide us with their contact details, we maintain a log during 18 months before anonymising the data; as regards expiration of cookies, please see above.

XI. Links to Other Websites

Accreditation Europe may provide links to, or automatically produce search results for, third-party websites or resources or third-party information referencing or linking to third-party websites or resources. Accreditation Europe has no control over such third-party websites and resources, and website users acknowledge and agree that Accreditation Europe is not responsible for the content or information contained therein. When website users follow such a link, they are no longer protected by our Privacy Policy, and we encourage you to read the privacy statements or other disclaimers of such other parties. Accreditation Europe is not responsible for the privacy or security practices or the content of others’ websites, services or products.

Accreditation Europe cannot and does not guarantee, represent or warrant that the content or information contained in such third-party websites and resources is accurate, legal, non-infringing or inoffensive. Accreditation Europe does not endorse the content or information of any third-party website or resource we cite and, further, Accreditation Europe does not warrant that such websites or resources will not contain viruses or other malicious code or will not otherwise affect your computer. By using any of Accreditation Europe’s systems or websites to search for or link to a third-party website, you agree and understand that Accreditation Europe shall not be responsible or liable, directly or indirectly, for any damages or losses caused or alleged to be caused by or in connection with the use of, or reliance on, the website of Accreditation Europe to obtain search results or to link to a third-party website.

XII. Resolving Your Privacy Concerns

In the event of questions about: (i) access to Personal Information; (ii) our collection, use, disclosure or storage of Personal Information; or (iii) this Policy; please contact Accreditation Europe’s Privacy Officer by sending an e-mail to Stuart Richmond, Privacy Officer @ stuart.richmond@healthstandards.org.

Accreditation Europe will investigate all complaints and if a complaint is justified, we will take all reasonable steps to resolve the issue.

XIII. Changes to This Policy

Accreditation Europe may update this Policy from time to time if our privacy practices change or if the law requires changes to it. We will post any Policy changes on this page, and, if the changes are significant, we will provide a more prominent notice and a summary of the relevant changes at the top of the page. You should review this Privacy Policy regularly for changes, and can easily see if changes have been made by checking the Effective Date below.

If you do not agree to the terms of this Policy, you should exit the website, Client Portal, Partner Portal or Surveyor Portal, and cease use of all Organization services immediately, or contact Accreditation Europe to withdraw your consent where applicable.

XIV. Language

This Policy is drafted in English however we have provided translations of the Policy into other languages. To the extent of any conflict between the Policy in English and any version in another language, the English version shall prevail.

Effective Date: This Policy was last updated on May 25, 2018.