Last updated 2 October 2025
1. Introduction & Controller
Through this website, personal data of users is not collected without their knowledge.
Welcome to EFFAS and EFFAS Academy (“EFFAS”, “we”, “our”, “us”). We respect your privacy and are committed to protecting your personal data. This Privacy & Cookie Policy explains what information we collect, why we collect it, how we use it, and your rights.
Controller:
European Federation of Financial Analysts Societies (EFFAS)
Hamburger Allee 45, Gebäude A, 1. Stock
60486 Frankfurt am Main, Germany
Email: office@effas.com | Phone: +49 69 98959519
2. Definitions
- Personal data: any information that relates to an identified or identifiable person.
- Processing: any action performed on personal data (collection, storage, use, etc.).
- Controller: the organisation that decides how and why your personal data is processed.
- Processor: a third party that processes personal data on behalf of the controller.
- Data subject / “you”: the individual whose personal data is being processed.
- Cookies: small text files placed on your device when you visit a website.
3. What personal data we collect
- Directly from you: contact details, professional details, login credentials, payment info, communications, photographs.
- Automatically: IP address, browser type, device identifiers, site usage, cookies.
- Certification exams: live proctoring, video/audio recording, screen monitoring, behaviour analysis.
- Third parties: partner organisations, payment processors, mailing platforms.
4. Why we process your personal data (purposes, legal basis & retention
| Purpose | Examples | Legal Basis | Retention |
|---|---|---|---|
| Provide services & manage accounts | Registration, user login, learning access | Contract | While account is active; deleted within 12 months after closure |
| Certification exam integrity & security | Proctoring, recordings, behaviour monitoring | Contract / Legitimate interests | 12 months after exam |
| Communication with you | Respond to enquiries, notifications | Contract / Legitimate interests | 2 years |
| Marketing & newsletters | News, events, promotions | Consent | Until you unsubscribe |
| Analytics & website improvement | Google Analytics, performance analysis | Legitimate interests (essential) / Consent (non-essential) | Analytics anonymised after ~14 months |
| Legal & regulatory compliance | Tax, audit, reporting | Legal obligation | 7–10 years |
| Recruitment & HR | Applications, CVs | Contract / Legitimate interests | 12 months if unsuccessful |
| Employment records | Staff files, payroll | Contract / Legal obligation | Duration of employment + 7 years |
| Security & fraud prevention | Access controls, monitoring | Legitimate interests | Varies depending on logs (typically <12 months) |
5. Cookies & similar technologies
What are cookies? Cookies are files created in the user’s browser to record their activity on the Website and send this information to the owner of the Website or to third parties.
These are the types of non-technical cookies that are installed through this Website:
Analytics: Google Analytics cookies are installed to find out what content different users are most interested in. More information: Google cookie notice.
Advertising: Google AdSense cookies are installed to be able to show more adjusted advertising to the tastes of users. More information: Google cookie notice.
Additionally, our own technical cookies are installed through the Website, mainly for cybersecurity and blocking attacks.
How to delete cookies. To use this Website, it is not necessary to install cookies. The user may not accept them or configure their browser to block them and, where appropriate, delete them.
We use cookies for essential functions, analytics, marketing, and exam proctoring. Non-essential cookies are only set with your consent via our cookie banner. You can change your preferences anytime. This website installs own cookies, session techniques cookies, and third-party cookies. This webpage and your data are securely hosted, and the page has an SSL certificate.
Cookies
This website installs own cookies, session techniques cookies, and
third-party cookies.
Own cookies are those that are sent to the user’s terminal equipment from a computer or domain managed by the editor itself and from which the service requested by the user is provided.
Being a session technique cookie implies that they are designed to collect and store data while the user accesses a web page. They are usually used to store information that is only of interest to keep for the provision of the service requested by the user on a single occasion.
Technical cookies are those that allow the user to navigate through a web page, platform or application and use the different options or services that exist there, such as, for example, control traffic and data communication, identify the session, access restricted access parts, remember the elements that make up an order, make the purchase process of an order, make the request for registration or participation in an event, use security elements during navigation, store content for dissemination of videos or sound or share content through social networks.
6 Who we share your data with
We do not sell your personal data. We may share with:
- Service providers (Microsoft 365, Dropbox, Mailchimp, Brevo, proctoring providers, payment processors, analytics).
- Member societies and affiliates.
- Regulators, courts, or law enforcement if required.
Some providers are outside the EEA. We use safeguards such as Standard Contractual Clauses or adequacy decisions (e.g. EU–US Data Privacy Framework).
7. Your rights under data protection law
You may exercise these rights: access, rectification, erasure, restriction, objection, portability, withdraw consent, lodge a complaint.
Requests can be sent to office@effas.com or our postal address. Proof of identity may be required. We will respond within one month (extendable by two months for complex cases).
8. How we protect your data
We use safeguards including encryption, secure servers, access controls, staff training, monitoring, and retention limits. In case of a high-risk breach, we will notify you and the supervisory authority.
9. Changes to this policy
We may update this policy. Significant changes will be reflected in the “Last updated” date and may also be communicated by email or website notice.
10. Contact and complaints
If you have questions or wish to exercise your rights, please contact:
EFFAS, Hamburger Allee 45, Gebäude A, 1. Stock, 60486 Frankfurt am Main, Germany
Email: office@effas.com | Phone: +49 69 98959519
Supervisory authority:
Der Hessische Beauftragte für Datenschutz und Informationsfreiheit (HBDI)
Gustav-Stresemann-Ring 1, 65189 Wiesbaden, Germany
Website: www.datenschutz.hessen.de