Privacy Policy

This policy is valid for the websites that are owned and operated by CEPA Foundation. Our websites have been created predominantly to inform students, administrative staff, and parents about our services as well as our current and future programs.

The data CEPA collects online:

When you visit our website, you may provide us with two different types of information: personal information that is collected on a volunteer basis and website-use information collected on an aggregate basis.

  1. Personal information you choose to provide through forms: Contact form, application form, or other forms associated with your semester or summer program. CEPA may retain the content of all submitted forms and resulting correspondence together with your name and email address in our database to process your requests, communicate with you, and prepare for your term abroad at our European Study Centers.
  2. Photos and uploaded documents: Your picture, documents, flight information, and other pre-departure forms will be used only for the purpose of your study abroad program. Explicit information regarding the use of the documents is written at the top of each submission page. The personal documentation we process includes but is not limited to emergency contact information, passport information, flight information, roommate preferences, health information, and visa information.
  3. Website-use information: CEPA uses web server logs to collect information regarding how our website is being used. Such collected information may include, but may not be limited to, your IP address, browser type, the date and time of your visit, the pages viewed, and your total time spent on our website. This information will be used to improve our website so that we can maintain our high-quality service as well as provide general statistics related to website usage. This automatically-collected data is used only on an aggregated, anonymous basis and never in conjunction with, or linked to, any information concerning your personal identity

Sharing data with third parties:

Your personal information may be stored and processed in any country where we operate or in which we engage with service providers. These include, but may not be limited to, incoming agencies, hotels, airlines, bus companies, and insurance companies that we employ in order to fulfill your program requirements and reservations. By using CEPA services, you understand that your information will be transferred and used only in conjunction with your specific study abroad program. We only provide these companies with data that they require to perform their specific service.

Your information may also be provided to public authorities such as customs or immigration if required by them, or as required by law. Your information is shared under the jurisdiction of applicable laws and regulations. We do not sell or otherwise market your personal data to third parties.

How you can control your data:

You may request access to all information concerning your personal identity that we collect in our database by emailing us at You have the right to rectify any information that you find to be inaccurate. You may also request that we delete personal data from our database.

Occasionally, information that you request to be deleted will be retained in certain files for a period of time in the framework of our legal retention. In addition, some types of information may be stored longer or indefinitely on “back up” systems or within log files due to technical constraints, or financial or legal requirements.

How long your data will be retained:

We will retain your personal data for as long as needed or permitted with regards to the purpose(s) for which it was obtained, in consistency with applicable law, and for statutory claims limitation periods where your personal information may be relevant to any possible liability we may have to you.

We are required by law to keep certain records of the collected data for a period of at least 6 years (business letters or documents pursuant to section 257 (1) HGB) or for 10 years (tax-relevant documents in accordance with section 147 (1) AO).


We use encryption (SSL) to protect data transmitted to and from our website. Wherever CEPA collects personal data, we seek to use reasonable technical and organizational security measures to protect all information within our organization from loss, misuse, unauthorized access, disclosure, alteration, hacking attacks, destruction or any other problems which may occur. Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. We cannot accept responsibility for any unauthorized access or loss of personal data that is beyond our control.

Confidentiality of processing:

CEPA ensures that any person or entity that is authorized to process customer data will do so under an appropriate obligation of confidentiality.

Security Incident Response:

In the event of a security incident, CEPA will notify affected customers without undue delay and will provide timely information relating to the security incident as it becomes known or as is reasonably requested.

Online Payments:

At no time can CEPA access your bank account or credit card details.

Changes to Privacy Policy:

We may update this Privacy Policy from time to time without prior notice. Any changes to this policy will be posted on this page. It is your responsibility to review CEPA’s Privacy Policy each time you provide personal information to us as the policy may have changed since the last time you used our website.

Contacting CEPA:

Please feel free to contact us if you have any questions or concerns about CEPA’s Privacy Policy at If you do not agree to these policies and terms of use, you have the right to provide us with a hard copy of your information via mail delivery.

Last updated: January 2020