You are here

Legal notice

The information on this site is subject to a disclaimer, a copyright notice and rules related to personal data protection.

Disclaimer

Cedefop (the European Centre for the Development of Vocational Training) maintains this website to enhance public access to information about its initiatives and European Union policies in general. Our goal is to keep this information timely and accurate. If errors are brought to our attention, we will try to correct them.

However Cedefop accepts no responsibility or liability whatsoever with regard to the information on this site.

This information is:

  • Of a general nature only and is not intended to address the specific circumstances of any particular individual or entity;
  • Not necessarily comprehensive, complete, accurate or up to date;
  • Sometimes linked to external sites over which Cedefop have no control and for which Cedefop assumes no responsibility;
  • Not professional or legal advice (if you need specific advice, you should always consult a suitably qualified professional).

Please note that it cannot be guaranteed that a document available on-line exactly reproduces an officially adopted text. Only European Union legislation published in paper editions of the Official Journal of the European Union is deemed authentic.

It is our goal to minimise disruption caused by technical errors. However some data or information on our site may have been created or structured in files or formats that are not error-free and we cannot guarantee that our service will not be interrupted or otherwise affected by such problems. Cedefop accepts no responsibility with regard to such problems incurred as a result of using this site or any linked external sites.

This disclaimer is not intended to limit the liability of Cedefop in contravention of any requirements laid down in applicable national law nor to exclude its liability for matters which may not be excluded under that law.

© European Union, 2002-2018

Reproduction is authorised, provided the source (© European Union) and web address (https://europass.cedefop.europa.eu) is acknowledged, save where otherwise stated.

NB: The Council of Europe and the European Union hold joint copyright on the Europass Language Passport. Reproduction is authorised under the same conditions, provided the sources (© European Union and Council of Europe) and website address (https://europass.cedefop.europa.eu and https://www.coe.int/en/web/portfolio) are indicated as well.

Where prior permission must be obtained for the reproduction or use of textual and multimedia information (sound, images, software, etc.), such permission shall cancel the above-mentioned general permission and shall clearly indicate any restrictions on use.

Personal Data Protection

The European Union is committed to user privacy.

All personal data collected by the European Centre for the Development of Vocational Training (Cedefop) are processed in accordance with the provisions of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

This general policy covers the European Union's family of institutional Web Sites, within the europa.eu domain.

Although you can browse through most of these Web Sites without giving any information about yourself, in some cases, personal information is required in order to provide the e-services you request.

Web Sites that require such information treat it according to the policy described in the Regulation mentioned above and provide information about the use of your data in their specific privacy policy statements.

In this respect:

  • For each specific e-service, a controller determines the purposes and means of the processing of personal data and ensures conformity of the specific e-service with the privacy policy
  • Within each Institution, a Data Protection Officer ensures that the provisions of the Regulation are applied and advises controllers on fulfilling their obligations (see art. 24 of the Regulation)
  • For all the Institutions, the European Data Protection Supervisor will act as an independent supervisory authority (see art. 41 to 45 of the Regulation)

The European Union's family of institutional Web Sites, within the europa.eu domain, provides links to third party sites. Since we do not control them, we encourage you to review their privacy policies.

What is an e-service?

An e-service on Europass is a service or resource made available on the Internet in order to improve the communication between citizens and businesses on the one hand and the European Institutions on the other hand.

Three types of e-services are or will be offered by Europass:

  1. Information services that provide citizens, media, business, administrations and other decision makers with easy and effective access to information, thus increasing transparency and understanding of the policies and activities of the EU
  2. Interactive communication services that allow better contacts with citizens, business, civil society and public actors thus facilitating policy consultations, and feedback mechanisms, in order to contribute to the shaping of policies, the activities and the services of the EU
  3. Transaction services that allow access to all basic forms of transactions with the EU, e.g. procurement, financial operations, recruitment, event enrolment, acquisition or purchase of documents, etc.

Europass e-service privacy statement

1. What e-services are offered by the Europass website?

The Europass CV and Language Passport 'Online creation' pages offer a facility for visitors to enter their data and, in return, receive a file containing this information in the Europass format.

Europass servers do not keep record of CVs, Language Passports or European Skills Passports generated through the online editor. However, files contained in European skills passports are stored for seven days for backup purposes (for example in case of connection problem) and are then permanently and irrecoverably deleted.

If a visitor selects the 'Save' option, a disk file is created (e.g. CV-2559.doc) in a temporary folder on the Europass server. As soon as this file is forwarded to the visitor via the current HTTP connection or is sent to an e-mail address that the visitor specifies, this file is permanently and irrecoverably deleted from the server.

If a visitor already has an account with a cloud-storage provider (currently supported are: Google drive and OneDrive), s/he can sign-in to that provider and enable the possibility to access their CV(s) from any computer. Practically, the CVs are stored and read on a folder called “Europass” of the corresponding cloud drive.

Additionally, a visitor can choose to publish his/her CV directly to online CV and job portal services including Xing, Monster, EURES and CV Library. When doing this s/he is informed about the terms and conditions of the chosen service.

All processing carried out by the Europass e-service meets the requirements of Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

2. What personal information do we collect, for what purpose and through which technical means?

It is not necessary for visitors to enter any kind of personal data to access the Europass site. Visitors have the option, only if they wish to do so, of entering personal and non personal information in the related forms of the 'On-line creation' pages. At the end of data entry, visitors have the option of receiving a file in the Europass format. The purpose of entering any personal data or information is merely to enable visitors to generate and download and/or send by e-mail documents having the specific Europass format.

Information such as age, gender, language skills, years of work experience, nationality and country of residence are collected and kept for statistical purposes, ensuring anonymity. Such statistical use complies with Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the protection of natural persons with regard to the processing of personal data by the Union institutions, bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC.

Visitors’ logs, containing the IP address of connecting visitors are kept for a period of 13 months, for IT security reasons, to enable us to track down malicious attacks, security breaches and intrusion attempts. The logs are also analysed by AWSTATS for producing web statistics (visits by country).

An anonymised version of the IP address is also kept by Google Analytics, see also below. Google Analytics uses an IP anonymisation mechanism that automatically masks a portion of each visitor’s IP, effectively making it impossible to identify a particular visitor.

A unique hash of the e-mail address entered by visitors is kept, for statistical reasons, to count unique visitors over a period of time. The hash is an irreversible coding of the e-mail and it is mathematically impossible to decipher the actual e-mail address from the hash. The hashes are kept for a period of 13 months.

3. Who has access to your information?

When you use the Europass online editor, your data are processed for a short period of time by the Europass web servers without being viewed or processed by any physical person. Once processed, these data are immediately deleted. Access to the Europass servers is restricted to authorised technical operators who manage and maintain the operating system and the Europass software and services. The contracts of Europass technical staff have specific binding confidentiality and non-disclosure statements.

4. How do we protect and safeguard your information?

Data exchanged during the Europass 'Online creation'session are protected from unauthorised, illegal access that may be made be in transit, by the application of SSL (HTTPS) encryption (11/2005).

NB: It is technically difficult to apply encryption to the e-mails sent with attached completed CV and Language Passport documents. E-mails are thus sent without an encryption applied.

The standard security measures exist for the site hosting the Europass servers, i.e. most recently patched and updated operating system and software, antivirus protection, firewall, regular security auditing and network security scans, applied IT security policy, vulnerability testing and an intrusion detection system.

5. How can you verify, modify or delete your personal data?

As specified above, no personal data are stored in any permanent way on Europass servers. Visitors may upload completed Europass CVs or Language Passports from their computers onto the Europass server, and then proceed with verification, modification or deletion of any of the information contained in the Europass document. However this procedure is also temporary and abides by the same rules of protection described above (see also item 1).

6. How long do we keep your data?

As specified above, no data entered by visitors are stored in any permanent way on Europass servers.

Europass automatically deletes visitors' logs after 13 months (IP addresses).

Europass automatically deletes visitors' anonymous e-mail hashes after 13 months.

7. Contact information

As a data subject, you have specific rights. If you want to exercise your rights, or have any queries or complaints, please contact the controller of the website by accessing the 'Your opinion' page on the upper menu of the Europass website.

Your personal data is collected only to the extent necessary to reply. If the controllers of the Europass website are unable to answer your question, they will forward your e-mail to another service. You will be informed, via e-mail (if you have specified one), about which service your question has been forwarded to. If you have any questions about the processing of your e-mail and related personal data, be sure to include them in your message.

Data subjects may at any time consult Cedefop's Data Protection Officer () or have recourse to the European Data Protection Supervisor.

To make this site work properly, we sometimes place small data files called cookies on your device. Most big websites do this too.

1. What are cookies?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. It enables the website to remember your actions and preferences (such as login, language, font size and other display preferences) over a period of time, so you don't have to keep re-entering them whenever you come back to the site or browse from one page to another.

2. How do we use cookies?

A number of our pages use cookies to remember:

  • your display preferences, such as contrast colour settings or font size
  • if you have already replied to a survey pop-up that asks you if the content was helpful or not (so you won't be asked again)
  • if you have agreed (or not) to our use of cookies on this site

Enabling these cookies will provide you with a better browsing experience. You can delete or block these cookies, but if you do that, some features of this site may not work as intended.

The cookie-related information is not used to identify you personally, and the pattern data is fully under our control. These cookies are not used for any purpose other than those described here.

3. Do we use other cookies?

We use Google Analytics, a free web analytics service that collects anonymous user data (e.g. computer specifications, browser type and version, visitor’s country, etc.) for tracking and reporting website traffic. Read more about Google’s privacy policy / Google Analytics Terms of Service.

Cookies used by Google Analytics enable us to track the following information about visitors:

  • IP address (anonymised)
  • Random unique Visitor ID, Time of the first visit for the specific visitor, Time of the previous visit for the specific visitor, Number of visits for the specific visitor
  • Date and time of the request (visit to the site)
  • Location: country, region, city, approximate latitude and longitude (Geolocation)
  • Language of the visited page
  • Browser version, browser plugins (PDF, Flash, Java, etc.) operating system version, device identifier (User-Agent header)
  • Events
  • Files that were clicked and downloaded (Download)
  • Site search

When using the feature of Europass to connect to a cloud service for storing your CVs (“Cloud sign-in”), upon signing-in, the respective service (Google or Microsoft) sets their own cookies, over which we have no control. Please consult the corresponding privacy statement and terms of use of each of these services before using them.

4. How to control cookies?

You can control and/or delete cookies as you wish - for details, see aboutcookies.org. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.

5. Opt-out features

By default, website visitors are tracked using the first party persistent cookie from Google Analytics. You may choose not to be tracked (opt-out). If you change your mind, you can choose to be tracked again (opt-in).

Choosing not to be tracked does not affect your navigation experience on Europass web sites.

6. 'Do not track' preference

Do Not Track is a technology that enables visitors to opt-out from being tracked by websites for whatever purpose, including the use of analytics services, advertising networks and social platforms.

Europass website respects visitors' preference and will not track visitors that have enabled the do not track option in their web browsers. If the visitor uses a browser that has a do not track function enabled, the cookie notice will by default be configured for “opt-out” from analytics.

7. Anonymisation of visitors' IP addresses

Google Analytics uses an IP anonymisation mechanism that automatically masks a portion of each visitor's IP, effectively making it impossible to identify a particular visitor.

Language policy

The Europass portal is available in the official languages of:

  • the European Union (Member States, candidate and potential candidate countries) subject to agreement;
  • the European Free Trade Association / European Economic Area (Iceland, Liechtenstein, Norway, Switzerland).