ESLHO
Login Create account

General Terms & Conditions

By creating an account in the ESLHO EQA Portal (https://eqa.eslho.org/) and by registering for ESLHO EQA schemes, Users of the ESLHO EQA Portal confirm that they agree with the General Terms & Conditions specified below, including new versions and updates of these General Terms & Conditions, which are issued regularly by ESLHO:

  • The present General Terms & Conditions shall be a Data Processing Agreement between ESLHO (“Processor”) and the User (“Data Controller”) of the ESLHO EQA Portal as meant in the EU General Data Protection Regulation (2016/679). The arrangements defined herein shall be valid during the period in which the Processor has access to Personal Details originating from the Data Controller.
  • Creating an account and registering for EQA schemes require the Data Controller to submit Personal Details, including institutional data, to the Processor. The Processor guarantees that it will only process Personal Details on behalf of the Data Controller if such use and processing is necessary for the performance of the requested processes (including but not limited to announcement of EQA schemes, communication about active EQA schemes, shipment of samples, and sending of invoices) by the Data Controller and, in particular, in accordance with the EQA schemes as described on the ‘All Schemes’ page of the ESLHO EQA Portal.
  • By creating an account and registering for ESLHO EQA schemes, the Data Controller grants permission for the recording and use of the provided Personal Details solely for the purpose of communication within the scope of the requested processes under the EQA schemes.
  • The Processor shall demonstrably process the Personal Details in a proper and meticulous manner, in accordance with the requirements to which it is subject under the General Data Protection Regulation (GDPR) and other laws and regulations. The Processor shall at least establish a register of acts of processing within the meaning of Article 30 of the General Data Protection Regulation and furnish the Data Controller with a copy of said register immediately upon request.
  • The Processor shall not process any Personal Details (or have such Personal Details processed by a third party) in countries outside the European Economic Area (EEA), unless it has been granted prior explicit written permission to do so by the Data Controller.
  • The Processor guarantees that its employees involved in the ESLHO EQA program have signed a non-disclosure agreement and shall allow the Data Controller to inspect said non-disclosure agreement upon request.
  • All data provided by the Data Controller will only be accessible to the processor’s personnel involved in the ESLHO EQA program and will be treated as confidential data. Such data will not be shared with any third parties unless explicit written prior permission is received from the Data Controller, with the exception of the developer of the ESLHO EQA Portal, and of other formal Service Providers of the ESLHO EQA program when sharing is required for the performance evaluation/reporting process and/or for resolving issues for/responding to questions from the Data Controller.
  • To protect any data provided by the Data Controller from loss, unauthorized inspection, damage, or any other form of unlawful processing, and to guarantee the availability of the data when due, the Processor shall demonstrably implement appropriate and effective technological and organizational measures as well as security measures, which, concerning the nature of the Personal Details to be processed, are fully in accordance with the GDPR. The Processor warrants that all such measures shall be periodically evaluated and updated where and when necessary.
  • The Processor shall actively monitor violations of the security measures and shall notify the Data Controller on the results of such monitoring. When an incident occurs, the Processor shall immediately notify the Data Controller and provide relevant information.
  • The Processor shall furnish the Data Controller with any relevant information regarding aspects of the manner in which it has processed Personal Details at the first request of the Data Controller, thus allowing the Processor to demonstrate, partly based on the information provided, that it complies with applicable privacy regulations.
  • The Processor shall refrain from outsourcing activities under the ESLHO EQA program involving Personal Details provided by the Data Controller, without the previous express permission of the Data Controller. An exception is made for the developer of the ESLHO EQA Portal, and for other formal Service Providers of the ESLHO EQA program when this is required for the performance evaluation/reporting process or for resolving issues for/responding to questions from the Data Controller.
  • Information about EQA results or performance of EQA scheme participants will only be made available to other EQA participants and used for scientific publications and presentations during scientific conferences in an anonymized format. The Data Controller accepts and agrees to such use of its EQA results and performance data.
  • The Data Controller can remove its personal account and its Personal Details from the ESLHO EQA Portal at all times via the ‘Account settings’ menu. After such removal, the Processor shall no longer be able to access or retain the Personal Details provided by the Data Controller.
  • The Data Controller and the Processor shall each be severally responsible and liable for their own acts.
  • The services, including EQA performance data, provided by the Processor during the implementation of the ESLHO EQA program are provided in good faith, without warranties of any kind. Any use of same is at the sole risk of the recipient, Processor accepts no liability for any damages as a result of the use of the EQA performance data, including loss of profits, business, goodwill, or other indirect, incidental, or consequential damages arising from the use, interpretation, or reliance on EQA performance data.