Certificate details

Certification Scheme

Europrivacy

Certified object

Methodology of accessing various data, including personal data, for statistical or research purposes in secure environments

Certification ID

00A6:A057:A01E:0011

Target of Evaluation

Methodology of accessing various data, including personal data, for statistical or research purposes in secure environments

Target of Evaluation description

Delivering secure services (also known as "Secure Bubbles”) comprising infrastructure storing primary data, including personal data, notably via biometric access control measures and end-to-end encrypted connections through specific physical devices (known as SD-Box) from locations identified by their network address and managed by a dedicated contract signed with CASD. The secure services include the way and method the accredited users may access the stored data, the operation of the secure environment and the process that starts with contracting with co-controllers (data producers) and accredited users and covers the storing of data (shared by co-controllers) by CASD on his own servers and access control (excluding the authorization process to extract any anonymised outcome from the Secure Bubbles).

Geographic Scope

Category

Process

Applicant role

Data Controller

Initial certification date

15 May 2025

Expiration date

14 May 2028

Status

APPROVED

Scheme version

v.77

DP ID URL (if available)

https://dp-id.com

Evaluation methods and tests

KTH-E02-F03-1e GDPR PPS - Evaluation methodology (On-site assessment, Remote assessment, Interviews and questionnaires, Documentation overview, Data flow mapping, Data minimisationchecks, Access control, Securitisation procedures, Risk Analysis, Privacy incident handling ... etc.)

Summary of Evaluation results

TAM CERT Hungary Inspection and Certification Ltd. certifies that the Target of Evaluation is complying with the applicable requirements of the Certification Scheme (EP-CS.1 Europrivacy™/® GDPR Certification Scheme - General Specification and Requirements (v77), KTH-E02/F03 GDPR – Products, Processes & Services (PPS)Certification (v4), NAIH - Requirement under Article 43 (1) letter b) of the General Data Protection Regulation to accredit a certification body under Article 43 of the GDPR (data protection certification body) as a complement to ISO/IEC 17065

Reasons for granting or revoking the certification

The Certificate was issued after the accredited Certification Body fully conducted the conformity assessment procedure according to the Europrivacy GDPR Scheme with regard to the Target of Evaluation, and as a result of the procedure made a positive certification decision on the basis of compliance with the relevant criteria

QR Code of Certificate
Use the following URL:
https://repository.europrivacy.org/en/certifications/edit/f66d7218-60d2-4e2a-a316-36287d6a4a71
Public comment (including Scope Modification)

In accordance with the relevant regulatory requirements, the accredited Certification Body has fulfilled its obligation to publish a "Summary for the Public of Europrivacy GDPR certification process" on its website

Applicant

CASD – Centre d’accès sécurisé aux données
Address:
76 avenue Pierre Brossolette
92240, Malakoff
FR
Code: A057:A01E
682de6e6b63b6334625649.png

Certification body

TAM CERT Hungary Inspection and Certification Ltd.
HU
Code: 00A6
66855c72b2258151621543.jpg