Data Processing Commitment
This commitment explains how Digital CoC handles operational information in support of eCoC processes, including customer data ownership, confidentiality, processing boundaries and responsibility allocation.
This page is a public data processing commitment for Digital CoC. It does not replace signed data processing agreements, service agreements, order forms or customer-specific security documentation.
1. Introduction
Digital CoC processes information only to support agreed manufacturer eCoC programs, platform access, customer support, security, service delivery and related business administration. This commitment explains the general processing position for operational data handled inside the platform.
2. Scope of Data Processing
The platform may process information needed to operate eCoC preparation and process coordination environments. The exact scope depends on the customer configuration, integrations and agreed operational use case.
- Account information and user information
- Vehicle information and approval references
- eCoC-related information, XML files and VECTO files
- Operational process data and uploaded documents
- Integration-related information from ERP systems, API connections or other customer-approved sources
3. Processing Principles
Digital CoC applies commercially reasonable processing practices based on lawfulness, fairness, transparency, purpose limitation, data minimization, integrity and confidentiality. Processing is intended to remain limited to the purposes required to provide and protect the platform and related services.
4. Customer Ownership of Data
Customer operational data remains owned and controlled by the customer or the party legally responsible for that information. Digital CoC does not claim ownership of customer operational data and receives only the limited rights necessary to provide, secure, maintain and support the services.
5. Confidentiality Commitment
Vehicle-related information, approval information, technical information, certificate process information and uploaded documents are treated as confidential customer information. Access is intended to follow need-to-know principles and role-based process controls.
6. Security Measures
Digital CoC applies high-level security and operational safeguards appropriate to the platform context. These measures may include access controls, role-based permissions, monitoring, secure operational practices and controlled change procedures. This page does not describe infrastructure architecture in detail.
7. Third-Party Services
Customer processes may involve third-party systems or providers such as EUCARIS, NAP environments, eIDAS providers, ERP systems, API integrations, infrastructure providers or other customer-selected tools. Digital CoC is responsible only for its own services and agreed processing activities, not for independent third-party systems or decisions.
8. International Transfers
International transfer requirements, if applicable, should be defined in the relevant data processing agreement, order form or customer-specific documentation. Where required, appropriate transfer mechanisms or contractual safeguards should be documented before production processing begins.
9. Retention Principles
Operational data is retained only for as long as reasonably required for the agreed service, legal obligations, security, auditability, support, continuity or customer instructions. Specific retention periods should be defined in signed agreements or operational instructions where required.
10. Customer Responsibilities
Customers remain responsible for uploaded information, information accuracy, lawful processing rights, regulatory obligations and internal authorization of users. Digital CoC does not independently verify regulatory correctness, approval validity, XML correctness, imported VECTO correctness or uploaded document accuracy.
11. Regulatory Cooperation
Where legally required and commercially reasonable, Digital CoC may support customer cooperation requests related to data processing, security or operational records. The scope, timing and format of cooperation may depend on the applicable agreement, legal basis, request type and technical feasibility.
12. Incident Handling
Potential security or data incidents are assessed according to their nature, scope and impact. Digital CoC aims to use commercially reasonable procedures for detection, assessment, containment, remediation and communication where appropriate. This commitment does not create guaranteed response times unless separately agreed in writing.
13. Limitation of Commitments
No platform can provide an absolute security guarantee or guarantee prevention of all cyber incidents, third-party failures or unauthorized activity. Digital CoC commitments are based on commercially reasonable efforts and are subject to the limits, exclusions and responsibilities defined in applicable agreements.
14. Contact Information
Data processing questions may be sent to info@digitalcoc.eu. Contractual notices, data protection requests and customer-specific processing instructions may require additional formal channels defined in the applicable agreement.
Questions about data processing?
Contact Digital CoC for data processing, confidentiality or operational data-handling questions related to your organization.
Digital CoC