Privacy Policy

We Respect your Privacy (updated Aug. 29th, 2025)

EFOA Privacy Notice

1. Purpose and Scope

The European Federation of Ocularists and Anaplastologists (“EFOA”, “we”, “us”, “our”) is committed to protecting your personal data and respecting your privacy.

This Privacy Notice explains how we collect, use, store, share, and safeguard your personal data when you interact with us, including when you become a member, enrol in training, participate in certification, attend events, use our website, or otherwise engage with us or our services.

EFOA determines the purposes and means of processing personal data and therefore acts as a Data Controller under the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”).

2. What Personal Data We Collect

Depending on your relationship with us, we may collect the following categories of personal data:

  • Identity Data – name, title, date of birth, nationality, gender.
  • Contact Data – postal address, email address, telephone number.
  • Professional Data – CV, qualifications, certifications, employment details, references.
  • Membership Data – membership application forms, professional status, committee participation, events attended.
  • Financial Data – payment details (processed securely through third-party payment providers), invoices, bank details.
  • Transaction Data – records of your payments, purchases, enrolments in courses, and certification activities.
  • Technical Data – IP address, login data, browser type and version, operating system, device information, website usage analytics.
  • Communications Data – your preferences regarding receiving newsletters, updates, or other communications.
  • Compliance Data – documentation required to comply with legal obligations (e.g., anti-fraud, tax compliance).
  • Recruitment Data – where you apply for a role, we may collect education history, employment history, references, and related data.
  • Special Categories of Data (Sensitive Data) – in limited cases, we may process data relating to health (e.g., accessibility needs at events), or data revealed in CVs. We will only process such data where strictly necessary and in compliance with GDPR Article 9.
  • Children’s Data – our services are not directed at children. However, where minors are involved (e.g., as patients or in events), we require explicit parental or guardian consent.

3. How We Collect Your Data

We may collect personal data in the following ways but not limited to:

  • When you apply for membership, certification, or training.
  • When you pay membership fees or enrol in courses.
  • When you communicate with us by email, phone, or online forms.
  • When you attend our events, workshops, or meetings.
  • When you visit our website (technical/usage data).
  • When you provide professional references or documentation.
  • From publicly available professional registers or references (where relevant).
  • From third-party service providers (e.g., payment processors, IT systems).

4. Why We Use Your Data (Purposes of Processing)

We process your personal data for the following purposes:

  • Membership Management – processing applications, renewals, member records.
  • Certification and Training – evaluating eligibility, managing enrolments, recording results.
  • Event Administration – registration, participation, communications.
  • Communication – sending newsletters, updates, surveys, announcements, and member communications.
  • Finance – processing payments, issuing invoices, complying with tax obligations.
  • Legal & Compliance – complying with EU/national laws, regulatory requirements, anti-fraud checks.
  • Improvement of Services – analysing feedback, surveys, website usage.
  • Recruitment – evaluating applications, maintaining a pool of candidates.
  • Security – ensuring the integrity of IT systems, preventing misuse of services.
  • Marketing – sending relevant updates or information (always with opt-out options).
5. Legal Grounds for Processing

We rely on the following legal bases under GDPR:

  • Contractual necessity – to deliver membership, certification, or training services.
  • Legal obligation – to comply with tax, accounting, or regulatory requirements.
  • Legitimate interests – to manage operations, prevent fraud, improve services, protect security.
  • Consent – for optional activities (e.g., newsletters, surveys, marketing). When interacting with EFOA and where applicable, you will be given the option to opt in to receive marketing communications; if you do so, you may at any point withdraw this consent and opt out at any time by updating your preferences or contacting us.
  • Vital interests/public interest – only if required to protect health, safety, or comply with public authority requests.

6. Sharing Your Data

We may share your personal data with:

  • Service providers – IT, website hosting, payment processors, communication tools.
  • Professional committees/partners – where necessary for certification, training, or joint projects.
  • Regulatory or governmental authorities – where legally required.
  • Advisors and auditors – for compliance and governance.
  • Event organisers – when co-hosting events or workshops.
  • Affiliated institutions – e.g., universities partnering for accredited training.

If we transfer your data outside the EU/EEA, we ensure safeguards such as EU Standard Contractual Clauses, adequacy decisions, or explicit consent.

7. Data Retention

We retain personal data only as long as necessary for the purposes described:

  • Membership and certification records: up to 7 years after expiry.
  • Financial/transaction data: 7 years (tax and accounting laws).
  • Recruitment data: 2 years, unless consent to keep longer.
  • Event participation data: 3 years.
  • Communications/consent logs: until you withdraw consent.

We may retain data longer if required for legal claims or regulatory obligations.

8. Data Security

We apply technical and organisational measures to protect your personal data, including:

  • Encryption and secure servers.
  • Role-based access control.
  • Confidentiality obligations for staff and contractors.
  • Procedures to detect and respond to data breaches.

In the event of a data breach, we will notify you and the relevant supervisory authority as required by law.

9. Your Rights

Under GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate or incomplete data.
  • Request erasure (“right to be forgotten”).
  • Restrict or object to processing.
  • Data portability (receive data in machine-readable format).
  • Withdraw consent (for consent-based processing).

We may require proof of identity before fulfilling requests. In cases of excessive or unfounded requests, we reserve the right to charge a reasonable administrative fee.

10. Third-Party Links

Our website may contain links to external websites. We are not responsible for their privacy practices and encourage you to review their privacy notices.

11. Updates to This Privacy Notice

This Privacy Notice may be updated from time to time to reflect legal, technical, or organisational changes. The latest version will always be available on our website.

12. Contact Us

If you have questions, requests, or complaints regarding your data, please contact us at:

Data Protection Officer
European Federation of Ocularists and Anaplastologists (EFOA)
Email: info@efoa-eu.org

In relation to complaints, we will promptly respond to your requests and complaints.

In the event that you are unhappy with our response, you may submit a complaint to the relevant privacy regulator. We can provide details of the relevant privacy regulator upon request.

Ready to Begin Your Journey?

Get in touch and register your interest.
We will notify you as soon as course details, certification tracks, and enrollments open.

REGISTER HERE