Privacy policy
Last updated: 2026-07-12
Draft for review. This document is a working template prepared for EurAV European Audio Visual CLG and should be reviewed by a qualified legal adviser / DPO before being relied upon.
1. Who is responsible for your data
The data controller is EurAV European Audio Visual CLG (Ireland), operating the EANE platform at eane.eu. Contact: hello@eane.eu.
2. What we collect
- Account data: your name (as you wish it to appear on certificates) and email address, plus a securely hashed password.
- Learning records: modules read, assessment attempts and scores, credits, certificates issued (including serial numbers), course enrolments and progress.
- Feedback: ratings and optional comments you leave after completing modules or courses.
- Technical essentials: session and security cookies and language preference — see the Cookie policy. We do not run advertising or third-party analytics trackers.
3. Why we process it (legal bases)
- Performance of our agreement with you (Art. 6(1)(b) GDPR): running your account, grading assessments, issuing and verifying credentials.
- Legitimate interests (Art. 6(1)(f)): keeping the platform secure, preventing assessment fraud, improving content using aggregated feedback and completion statistics.
- Consent (Art. 6(1)(a)): optional transactional emails beyond essential account messages, where offered.
4. Who we share it with
We do not sell personal data. We use a small number of processors to run the service: our hosting infrastructure provider; Brevo for transactional email delivery (receives your email address and name); and content delivery networks for serving images and video (these serve public content and do not receive your account data). Certificate verification pages show the credential's serial, subject, dates and the holder's name as printed — that is the point of verification — but are only reachable by someone who has the serial.
5. How long we keep it
Account and learning records are kept while your account is active. Because certificates are long-lived documents that third parties may verify years later, the minimal record behind an issued certificate (serial, holder name, subject, dates, validity state) is retained even after account deletion, as our legitimate interest in maintaining the integrity of issued credentials. Everything else is deleted or anonymised when you delete your account.
6. Your rights
Under the GDPR you have the right of access, rectification, erasure, restriction, portability and objection. You can exercise most of these directly: your dashboard includes tools to export your data and to delete your account. For anything else, email hello@eane.eu. You also have the right to lodge a complaint with your supervisory authority; our lead authority is the Irish Data Protection Commission (dataprotection.ie).
7. International transfers
We aim to keep processing within the EU/EEA. Where a processor operates outside the EEA, transfers rely on an adequacy decision or Standard Contractual Clauses.
8. Children
The platform is intended for users aged 16 and over. If you believe a younger child has created an account, contact us and we will remove it.
9. Changes
We will update this policy as the platform evolves; the date above reflects the current version and material changes will be announced on the platform.
