Privacy Policy

EACC – European AI & Carbon Compliance

Last updated: 12th of october 2025

1. Introduction

EACC – European AI & Carbon Compliance (hereinafter “EACC”) places the utmost importance on the protection of personal and professional data entrusted to it.

EACC specializes in European regulatory compliance, in particular with respect to CBAM / MACF, carbon compliance, artificial intelligence system compliance (AI Act), regulatory reporting, and data governance.

As such, EACC applies high standards of confidentiality, information security, and compliance with applicable European regulations.

This Privacy Policy aims to inform users of the website www.eaccgroup.com of how their data is collected, used, stored, and protected, in accordance with Regulation (EU) 2016/679 (GDPR).

2. Data Controller

The data controller responsible for the processing of personal data is:

EACC – European AI & Carbon Compliance
Company governed by French law

Office:
12 rue des Vivienne
75002 Paris
France

Registered office:
Chatrac
46140 Luzech
France

Email address:
info@eaccgroup.com

3. Scope of Application

This Privacy Policy applies to all personal data collected in connection with:

• the use of the EACC website,

• pre-contractual communications,

• contractual relationships with clients, prospects, and partners.

4. Data Collected

EACC collects only data that is strictly necessary for the performance of its regulatory compliance activities.

4.1 Identification and contact data

• First and last name

• Professional title or position

• Company name

• Professional email address

• Professional telephone number

4.2 Professional and regulatory data

• Sector of activity

• Country of establishment

• Information relating to imports, supply chains, industrial processes, or artificial intelligence systems

• Data required for CBAM / MACF, carbon, and AI compliance analyses

Such data may include economically sensitive information but does not constitute sensitive personal data within the meaning of Article 9 of the GDPR.

4.3 Technical data

• IP address

• Browser type

• Browsing data (pages visited, duration of visits, traffic source)

5. Purposes of Processing

Personal data collected by EACC is processed exclusively for the following purposes:

• Responding to contact or information requests

• Assessing companies’ regulatory compliance needs

• Performing compliance analyses, diagnostics, and reports

• Preparing quotations, engagement letters, and contracts

• Ensuring contractual and operational follow-up

• Complying with legal and regulatory obligations

• Ensuring the security and proper functioning of the website

EACC does not use personal data for unsolicited commercial purposes.

6. Legal Basis for Processing

Data processing carried out by EACC is based on the following legal grounds:

• Performance of pre-contractual or contractual measures

• EACC’s legitimate interest in carrying out its regulatory compliance activities

• Compliance with legal and regulatory obligations

• User consent, where required

7. Recipients of the Data

Personal data is accessible only to:

• Authorized EACC personnel, subject to strict confidentiality obligations

• Technical or operational partners strictly necessary for the performance of assignments, bound by contractual confidentiality and GDPR compliance commitments

EACC does not sell, rent, or transfer personal data to unauthorized third parties.

8. Transfers Outside the European Union

In the context of certain technical or analytical assignments, personal data may be transferred outside the European Union.

Such transfers are strictly governed by GDPR-compliant legal mechanisms (in particular Standard Contractual Clauses) and are accompanied by safeguards ensuring a level of protection equivalent to that required within the European Union.

9. Data Retention Periods

Personal data is retained for a duration proportionate to the purposes pursued:

• Contact data: 3 years from the last interaction

• Contractual and compliance data: applicable legal retention period, followed by secure archiving

• Technical and browsing data: maximum of 13 months

10. Data Security and Confidentiality

EACC implements appropriate technical and organizational measures to ensure the security, integrity, and confidentiality of data, including:

• Restricted access to data

• Secure hosting

• Encryption of sensitive information

• Data minimization principles

• Internal incident management procedures

Confidentiality is a fundamental principle of EACC’s activities.

11. Data Subject Rights

In accordance with the GDPR, individuals have the following rights:

• Right of access

• Right to rectification

• Right to erasure

• Right to restriction of processing

• Right to object

• Right to data portability

These rights may be exercised at any time by contacting:
info@eaccgroup.com

EACC undertakes to respond within a maximum period of one month.

12. Complaints

If an individual considers that their rights have not been respected, they may lodge a complaint with the competent supervisory authority, in particular the CNIL (France).

13. Cookies

The EACC website uses only:

• cookies strictly necessary for its operation,

• limited audience measurement cookies.

Users may configure their browser to refuse or limit the use of cookies.

14. Amendments to the Policy

EACC reserves the right to amend this Privacy Policy at any time in order to reflect legal, regulatory, or operational developments.

The version in force is the one published on the website at the time of consultation.