Privacy Policy
As from May 25, 2018 onwards the new General Data Protection Regulation (GDPR) comes into effect across the European Union, the European Society of Gastrointestinal and Abdominal Radiology has worked on a privacy policy informing its members, as well as interested parties and event attendees about their personal data and how it is processed. In case of any questions, do not hesitate to contact office@esgar.org.
1. Data protection according to Art. 12 to 14 GDPR
1.1. Controller
The Controller responsible for the processing of the personal data according to Art 4 No 7 GDPR is the society.
Europäische Gesellschaft für Abdominal und Gastrointestinal Radiologie – European Society of Gastrointestinal and Abdominal Radiology (ESGAR)
ZVR 209922020
Esslinggasse 2/3
1010 Vienna
AUSTRIA
Phone: +43 1 535 89 27
Email: office@esgar.org
1.2. Personal Data
ESGAR processes the following categories of personal data
of society members
- membership number
- full name
- organisation the member is active for
- form of address/sex
- date of birth
- addresses
- telephone and fax numbers
- email addresses
- profession
- type of membership (full member/corresponding member/honorary member, etc.)
- date of beginning and end of membership
- fees, areas
- awards and honours
- areas of interest and expertise notified by member
- activities within the society, in particular participation in events, membership in committees, working groups, publications for the society, lectures, participation in conciliation proceedings
- details on consumption of services of the society
- details on initiation, content and execution of contracts
- payments or other services rendered by the society to the member
- content of correspondence
- bank account
of officers of the society
- full name
- form of address/sex
- date of birth
- addresses for services in the function of officer
- telephone and fax numbers
- email addresses
- photos
- office with the society
- beginning and end of office
- payment obligations of the officer to the society
- payments and other services of the society to the officer
- awards and honours
- content of correspondence
of third parties, consuming services of the society
- full name
- name of organisation the third party is active for
- for of address/sex
- date of birth (if required for identification)
- addresses
- telephone and fax numbers
- email addresses
- profession
- areas of interest and expertise provided by data subject
- participation in activities of the society
- consumption of services of the society
- details on initiation, content and execution of contracts
- content of correspondence
- bank accounts
of third parties providing services to the society
- full name
- organisation the third party is active for
- form of address/sex
- date of birth (as far as required for identification)
- addresses
- telephone and fax numbers
- email addresses
- VAT registration number
- profession or industrial sector (according to information of the data subject)
- activities within the society
- details on services rendered for the society
- details on initiation, content and execution of contracts
- payments from the society to the third party
- content of correspondence
- bank account
of employees
- the information is rendered separately within the employment relationship
1.3. Purpose
ESGAR processes personal data for the following purposes
- membership administration
- membership register
- record of membership fees
- correspondence with members or sponsors of the society, in particular by automatically generated and stored text documents on society issues e. g. payment reminders
- advertising, organisation and realization of and participation in analogue and digital web-based scientific events (congresses, symposia, seminars, lectures)
- advertising, organisation and realization of and participation in analogue and digital web-based training sessions
- advertising, organisation and operation of as well as access to scientific data bases e.g. the ESGAR e-education portal
- advertising, creation, production and distribution of analogue and digital scientific publications including newsletters
- advertising, public offer, grant and administration of scholarships, grants, prices and awards
- processing and transfer of data within the business relationship with customers and contractors including, but not limited to automatically generated and stored text documents (e.g. correspondence) in these matters
- processing and transfer of data for calculation of salaries, wages and compensations and compliance with recording, information and notification obligations as far as these obligations are based on laws, trade agreements or labour contracts including, but not limited to automatically generated and stored text documents (e.g. correspondence) in these matters
- use and record of personal data of job applicants if such data were provided by the data subject or by recruitment consultants
1.4. Legal Basis
The legal basis for the data processing are:
ESGAR primarily processes data on the basis of the legal relationship resulting from the membership with the society or for steps prior to the acceptance as member of the society upon request of the data subject in accordance with Art 6 No 1 lit b) GDPR. If and in as far as the disclosure and transfer of personal data to third parties is not based on the performance of contractual obligations or for steps prior to entering into a contract it is based on the data subject’s consent in accordance with Art 6 No 1 lit a) GDPR. The processing of personal data for the recruitment of society members as well as the advertising of society events and other services offered by the society to third parties not member of the society is based on the legitimate interest of the controller in accordance with Art 6 No 1 lit f) GDPR. The legitimate interest of the controller in these cases is the increase of the number of society members as well as the promotion of the purpose of the society by extending the circle of addressees for the services offered by the controller in pursuit of the society’s purpose. The notification of persona data of officers of the society to the relevant authorities governing associations is based on the legal obligations to be met by the society in accordance with Art 6 No 1 lit c) GDPR.
The processing of personal data of employees and of job applicants is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit a) GDPR. The transfer of personal data of employees to the relevant authorities and social insurance institutions is based on legal obligations in accordance with Art 6 No 1 lit c) GDPR.
The processing of personal data of customers and contractors not being society members rendering services to or receiving services from the controller is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit b) GDPR.
1.5. Categories of Recipients
ESGAR only discloses personal data if such disclosure is based in legal obligations or if the disclosure is required for the performance of a contract or for steps to be taken prior to entering into a contract or if the data subject has given the consent or in the event that the disclosure is necessary for the purpose of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests of the data subject. The disclosure has to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are disclosed (“data minimisation”).
The data processed by the controller may be disclosed to the following categories of recipients:
- other members of the society
- officers of the society
- co-operation partners of ESGAR, being legal persons whose purpose or scope of business are connected with the promotion of medical imaging
- European Society of Radiology (ESR)
- participants of society events
- supporters and sponsors of the association and society events
- exhibitors at society events
- contractors and customers of the society
- banks and insurance companies
- payment service and credit card providers
- Processors of the society, including
- travel agencies
- publishers
- office service providers
- event managers
- delivery services
- email service providers
- IT service providers
- translation agencies and interpreters
- marketing, advertising and public relations agencies
- tax consultants and auditors
- attorneys and notary publics
- courts, authorities, regional authorities, social insurance agencies and professional associations of physicians and other health care professionals
- universities
1.6. Storage Period
ESGAR shall not store personal data longer than required for respective purpose of processing. ESGAR shall store personal data for the duration of contractual relations, in particular for the time of membership with the society. Furthermore, personal data may or have to remain stored depending on the legal basis and the respective purpose. Reasons justifying a storage of personal data beyond the duration of a contractual relationship are storage obligations subject to tax law (generally seven years from the end of the year the data processing relates to) or the registration for the pursuit or defence of legal claims that may amount to up to 30 years in accordance with Austrian regulations on the statute of limitation. In the event the storage of personal data is based exclusively on the data subject’s consent, such consent can be withdrawn at any time. Unless there is no other legal basis for the storage, the deletion of the data may be requested.
1.7. Sources of Personal Data
ESGAR primarily processes data provided by the data subject upon entering into a legal relationship (membership with the society, participation in event, opening a user account for a data basis operated by ESGAR, consumption of services offered by ESGAR). Personal data, however, can also be disclosed to ESGAR by third parties, for example upon making a recommendation as presenter, lecturer at society events or as author in publications of the society.
In addition, ESGAR may process personal data from public sources such as the world wide web in general and publications or websites of the data subject or of universities, hospitals, research institutions, doctors’ platforms, or physicians’ portals.
1.8. Third Countries and International Organisations
ESGAR does not transfer data to third countries.
1.9. Automated Decision-making
ESGAR does not use personal data for automated decision-making which produces legal effect.
1.10. Rights of the Data Subject
Every data subject is entitled to the rights to information, rectification, erasure, restriction of processing, portability and objection. In order to exercise these rights, data subjects should contact the controller (office@esgar.org). In the event the data subject is of the opinion that the processing of the data subject’s personal data infringes data protection law or the data subject’s right to privacy, the data subject may complain with the relevant authority being the Data Protection Authority (Datenschutzbehörde) in Austria.
In the event a data subject has given the consent for the processing of his data for a specific purpose and such data were also processed subject to another legal basis, for example for the performance of a contract or for the pursuit or defence of legal claims, the data subject’s withdrawal of the consent to process such data has no relevance on the processing of such data subject to another legal basis.
1.11. Links to other websites
The Website contains links to other websites. ESGAR is not responsible for data privacy policies and/or practices on other websites and ESGAR has no influence as to whether the operators of other websites act in compliance with data protection provisions. ESGAR’s Privacy Policy is solely applicable to data collected by ESGAR itself.
2. Website specific information on data privacy
2.1. Use of cookies
This website uses cookies, which are small pieces of data that a website stores on your computer with the help of your browser. They allow the website to remember your actions or preferences and therefore enhance your user experience. If you want to decline cookies, you can do so in your browser’s settings.
Cookies are used on this website for the following purposes:
- To remember that you are logged in and that your session is secure.
- To remember your progress in services we provide (e.g. online course, online applications).
- Provision of services from Twitter
- UEG Education banner
2.2. Web analysis
This Website uses “Google Analytics” from Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. This service tracks the habits of website users and enables us to increase the usability of our website. In order to analyse the website users, cookies are being used to gather information. This information is sent to and stored at the provider’s server in the US. This can be prevented by deactivating cookies in your browser. The relationship to Google Inc. is based on the EU-US-Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The processing of data is done according to § 96 Abs 3 TKG as well as Art. 6 lit f (legitimate interest) of the GDPR, which is the improvement of our website.
If you would like to opt-out of Google Analytics, please click here: https://tools.google.com/dlpage/gaoptout
2.3. Hosting and Log-Files
In order to run this Website Hosting-Services such as infrastructure and platform services, computing capacity, data storage, database services, safety and maintenance services are used. We respectively our hosting service provider process the following data of our website visitors: contact data, content data, usage data, meta and communication data due to our legitimate interest in providing a satisfying and safe website. For the same reason we respectively our hosting service provider also process so called Server-Log-Files (for example called websites, file, time of visit, amount of data, browser and operating system information, referrer-website, IP- address, etc.). Due to safety reasons (clarification of misuse or fraud) these log-files are stored for a maximum of 3 months. In case of any incidents it can be stored longer if needed for proof.
2.4. Webshop
We would like to inform you that in order to facilitate the buying process as well as to fulfil the contract your IP-address as well as name, address and general payment information will be saved. The data provided by you is necessary in order to fulfil a contract as this is not possible without certain information. No data will be given to third parties except for payment providers and our accountant. If you decide to cancel the payment process, no data will be saved. In case of closing a contract the data will be saved as long as required by law. The data processing is based on the following laws: § 96 Abs. 3 TKG and Art 6 Abs. 1 lit a) (consent) and/or lit b) (necessary for the conclusion of the contract) of the GDPR.
Last update: May 25, 2018