Menu Search
Log in/register

Privacy Policy

The European Lung Foundation (ELF) is committed to protecting your online privacy. This policy governs the European Patient Ambassador Programme (EPAP) which is hosted on the EPAP website by ELF. 

The EPAP service is provided by Nimble Elearning Ltd (Nimble). Nimble processes data for and on behalf of ELF. As a Data Processor, both ELF and Nimble are committed to protecting and respecting the security and integrity of your personal data in line with GDPR (General Data Protection Regulation) and ISO 27001. The information we collect is used solely for the purposes of running your account on the EPAP programme. 

This policy (together with ELF’s Terms of Use) sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. 

1. Information we may collect from you

We may collect and process the following data about you:

2. IP Addresses and Cookies


ELF websites use cookies in order to provide you with a more personalized web experience. A cookie is a text-only string of information that is created and stored on your computer by your browser. It contains information about your visit that your browser uses to personalize certain pages or elements. For statistical analysis purposes, a cookie may also be used to pass a randomly generated and anonymous unique number to our servers. Cookies cannot be used by themselves to identify you. A cookie will typically contain the name of the domain from which the cookie has come, as well as the lifetime and expiration of the cookie, and a value, usually a text value or a randomly generated unique number.

If you do not wish to receive cookies, you can easily modify your browser to reject all cookies or to notify you whenever one is about to be placed on your computer. However, if cookies are not accepted you may not be able to experience all the interactive features of the ELF websites. You are therefore encouraged to allow cookies in order to fully enjoy the ELF websites features.


Most web servers, including ELF ones, use log files, which record information such as service provider IP addresses, browser brand and version, referring websites, search terms used, average number of requested pages, average visit duration, total visitor traffic and information gathered for aggregate use.

3. Where we store your personal data

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with the GDPR.

Your personal data is stored within the EU and, unless explicitly agreed with ELF, will not be transferred outside the EU. Your data is kept securely on a password-protected database and will not be used for any purpose other than the delivery of online learning through your Nimble account.

Where you have been given (or where you have chosen) a password which enables you to access certain parts of the Site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

4. Uses made from the information

We will use personal information only to provide you with services relating to the Site. Personal information will not be passed to third parties.

We use information held about you in the following ways:

5. Retention of your information

The personal data that we collect shall be kept for no longer than is necessary for the purposes for which it is being processed. Should your Nimble account remain unused for a period of two years, or you request removal of your personal data without Nimble having legal grounds to object, then your personal information will be scheduled for deletion.

Data scheduled for deletion will be moved to a secure, encrypted ‘vault’ for no more than three years, before being permanently removed from all Nimble servers and backups.

6. Disclosure of your information

We may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use and other agreements; or to protect the rights, property, or safety of Nimble, ELF, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction. 

7. Your rights

You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us at You have a right to withdraw consent for Nimble and ELF to use your personal data by contacting us. Should you feel that the personal information we hold about you is incorrect or inaccurate, you have the right to request that we rectify this. In both cases, please contact

You have a right to lodge a complaint with Nimble or ELF,

The Site may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

8. Access to information

The GDPR gives you the right to access information held about you, to know why we have it, and how it will be used. Your right of access can be exercised in accordance with the GDPR and will be free of charge. However, we may charge a ‘reasonable fee’ when a request is manifestly unfounded or excessive, particularly if it is repetitive.

9. Children

Children aged 16 or under wishing to provide personal details to us should get their parent/guardian's permission to do so.

10. Changes to your privacy policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, sent to you by email.

11. Contact us

Questions, comments and requests regarding this privacy policy are welcomed and should be addressed to