How we collect, use, and protect your personal data under the GDPR.
We are very delighted that you have shown interest in the GCCS Standard website (“Website”). Data protection is of a particularly high priority for the management of GCCS Standard (“Controller”, “we”, “us”, “our”). The use of the Website is generally possible without providing personal data; however, if a data subject wants to use special services via our Website (e.g., contact forms or booking a call), processing of personal data could become necessary. If the processing of personal data is necessary and there is no statutory basis for such processing, we generally obtain consent from the data subject.
The processing of personal data, such as the name, email address, organisation details, or other information provided by a data subject, shall always be in line with the General Data Protection Regulation (GDPR) and in accordance with applicable data protection laws. By means of this data protection declaration, GCCS Standard would like to inform the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data subjects are informed, by means of this data protection declaration, of the rights to which they are entitled.
As the controller, GCCS Standard has implemented appropriate technical and organisational measures to ensure the most complete protection of personal data processed through this Website. However, Internet-based data transmissions may in principle have security gaps, so absolute protection may not be guaranteed. For this reason, every data subject is free to transfer personal data to us via alternative means (e.g., by email).
This data protection declaration is based on the terms used by the European legislator for the adoption of the GDPR. To ensure clarity, we explain the key terms below:
Controller for the purposes of the GDPR and other applicable data protection laws is:
The Website collects a series of general data and information when a data subject or automated system calls up the Website. This general data and information are stored in server log files. Collected may be: (1) browser types and versions used, (2) operating system used, (3) referrer URL, (4) pages/subpages accessed, (5) date and time of access, (6) IP address, (7) Internet service provider, and (8) other similar data and information used to protect our information technology systems.
When using these general data and information, GCCS Standard does not draw direct conclusions about the data subject. Rather, this information is needed to deliver content correctly, ensure system security and stability, and support incident investigation in the event of attacks.
If a data subject contacts the Controller by email or via a contact form, the personal data transmitted by the data subject are automatically stored. Such data may include name, email address, organisation name, country/region, message content, and any additional information voluntarily provided. This data is processed for the purpose of handling the request and contacting the data subject. Personal data provided via the contact form is not sold and is not shared with third parties except where necessary to provide the requested service, to comply with legal obligations, or to protect the Controller’s rights and security.
Where the Website provides an option to request a call or meeting, the data subject may provide details such as organisation name, scope of interest, examination delivery model, and other message content. This information is processed solely to handle the request, prepare the discussion, and maintain the necessary correspondence.
To protect forms on this Website from spam and abuse, the Controller uses Google reCAPTCHA (service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland; Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, may be involved as an affiliate). reCAPTCHA analyses user behaviour (e.g., mouse movements, time spent on the page, IP address, browser and device information) to determine whether a form interaction is performed by a human or an automated system.
The use of reCAPTCHA serves the purpose of ensuring the security and availability of the Website and preventing automated abuse of forms. The legal basis is Art. 6(1)(f) GDPR (legitimate interests in protecting the Website and preventing fraud/spam). Where required by applicable law, the use of reCAPTCHA may be based on consent.
Further information is available in Google’s Privacy Policy and Terms of Service.
The Controller uses Google Search Console to monitor and improve the technical performance and visibility of the Website in Google Search (e.g., indexing status, search queries in aggregate, and technical issues). Google Search Console provides the Controller with aggregated and diagnostic information about the Website; it is not used by the Controller to identify individual visitors.
The use of Google Search Console serves the purpose of maintaining and improving the Website’s quality and visibility. The legal basis is Art. 6(1)(f) GDPR (legitimate interest in operating and optimising the Website).
The Controller shall process and store personal data only for the period necessary to achieve the purpose of storage or as required by applicable laws. If the storage purpose no longer applies, or if a prescribed storage period expires, personal data are routinely deleted or restricted in accordance with legal requirements.
Under the GDPR, each data subject has the following rights (subject to legal conditions and limitations):
To exercise these rights, data subjects may contact us at contact@standardgccs.com.
Processing operations are carried out based on one or more of the following legal bases, depending on the context:
Where processing is based on Art. 6(1)(f) GDPR, our legitimate interests include operating a secure and reliable Website, preventing abuse, ensuring service integrity, and responding effectively to inquiries.
The storage period depends on the purpose of processing. As a general rule: inquiry and booking request data is retained for as long as necessary to respond and maintain an auditable record of communication; technical logs are retained for security and operational purposes for a limited period; where legal retention obligations apply, data may be kept for the required period.
The provision of personal data is generally voluntary. However, where a data subject wishes to use certain Website features (e.g., contact form, booking a call), the provision of some personal data (such as an email address) is necessary to process the request. Failure to provide required data may result in our inability to provide the requested service.
As a responsible organisation, GCCS Standard does not use automated decision-making or profiling that produces legal effects concerning the data subject or similarly significantly affects the data subject.
Without prejudice to any other administrative or judicial remedy, data subjects have the right to lodge a complaint with a supervisory authority, in particular in the Member State of their habitual residence, place of work, or place of the alleged infringement, if they consider that the processing of personal data relating to them infringes the GDPR.
