Data Processing Commitment
This commitment explains how Electronic COC handles operational information in support of eCoC workflows, including customer data ownership, confidentiality, processing boundaries and responsibility allocation.
This page is a public data processing commitment for Electronic COC. It does not replace signed data processing agreements, service agreements, order forms or customer-specific security documentation.
1. Introduction
Electronic COC processes information only to support agreed operational eCoC workflows, platform access, customer support, security, service delivery and related business administration. This commitment explains the general processing position for operational data handled inside the platform.
2. Scope of Data Processing
The platform may process information needed to operate eCoC preparation and workflow coordination environments. The exact scope depends on the customer configuration, integrations and agreed operational use case.
- Account information and user information
- Vehicle information and approval references
- eCoC-related information, XML files and VECTO files
- Operational workflow data and uploaded documents
- Integration-related information from ERP systems, API connections or other customer-approved sources
3. Processing Principles
Electronic COC applies commercially reasonable processing practices based on lawfulness, fairness, transparency, purpose limitation, data minimization, integrity and confidentiality. Processing is intended to remain limited to the purposes required to provide and protect the platform and related services.
4. Customer Ownership of Data
Customer operational data remains owned and controlled by the customer or the party legally responsible for that information. Electronic COC does not claim ownership of customer operational data and receives only the limited rights necessary to provide, secure, maintain and support the services.
5. Confidentiality Commitment
Vehicle-related information, approval information, technical information, operational workflow information and uploaded documents are treated as confidential customer information. Access is intended to follow need-to-know principles and role-based operational controls.
6. Security Measures
Electronic COC applies high-level security and operational safeguards appropriate to the platform context. These measures may include access controls, role-based permissions, monitoring, secure operational practices and controlled change procedures. This page does not describe infrastructure architecture in detail.
7. Third-Party Services
Customer workflows may involve third-party systems or providers such as EUCARIS, NAP environments, eIDAS providers, ERP systems, API integrations, infrastructure providers or other customer-selected tools. Electronic COC is responsible only for its own services and agreed processing activities, not for independent third-party systems or decisions.
8. International Transfers
International transfer requirements, if applicable, should be defined in the relevant data processing agreement, order form or customer-specific documentation. Where required, appropriate transfer mechanisms or contractual safeguards should be documented before production processing begins.
9. Retention Principles
Operational data is retained only for as long as reasonably required for the agreed service, legal obligations, security, auditability, support, continuity or customer instructions. Specific retention periods should be defined in signed agreements or operational instructions where required.
10. Customer Responsibilities
Customers remain responsible for uploaded information, information accuracy, lawful processing rights, regulatory obligations and internal authorization of users. Electronic COC does not independently verify regulatory correctness, approval validity, XML correctness, imported VECTO correctness or uploaded document accuracy.
11. Regulatory Cooperation
Where legally required and commercially reasonable, Electronic COC may support customer cooperation requests related to data processing, security or operational records. The scope, timing and format of cooperation may depend on the applicable agreement, legal basis, request type and technical feasibility.
12. Incident Handling
Potential security or data incidents are assessed according to their nature, scope and impact. Electronic COC aims to use commercially reasonable procedures for detection, assessment, containment, remediation and communication where appropriate. This commitment does not create guaranteed response times unless separately agreed in writing.
13. Limitation of Commitments
No platform can provide an absolute security guarantee or guarantee prevention of all cyber incidents, third-party failures or unauthorized activity. Electronic COC commitments are based on commercially reasonable efforts and are subject to the limits, exclusions and responsibilities defined in applicable agreements.
14. Contact Information
Data processing questions may be sent to info@electroniccoc.eu. Contractual notices, data protection requests and customer-specific processing instructions may require additional formal channels defined in the applicable agreement.
Questions about data processing?
Contact Electronic COC for data processing, confidentiality or operational data-handling questions related to your organization.
Electronic COC