European IPF Patient Summit 2020
Who are we?
The European Idiopathic Pulmonary Fibrosis and Related Disorders Federation (hereafter “EU-IPFF”, “we”, “us”) is a not-for-profit (AISBL) organisation that brings together European national patient associations committed to defending their vision of equal access to treatment and care for all patients living with Idiopathic Pulmonary Fibrosis (IPF), regardless of geography, socio-economic status or age. EU-IPFF has its address at Jules de Cocklaan 95, 9050 Gentbrugge, Belgium and it is registered in Belgium under the number 0662.459.817.
Whose personal data do we collect?
In the context of the IPF Summit, we process personal data of the speakers, abstract submitters and participants to the event (patients, carers, healthcare professionals, journalists, and of any other person involved in the event). We collect your personal data in various ways:
- directly from you when you provide us with your personal by registering to the IPF Summit; and
- directly from you when you provide us certain additional information during your attendance of the IPF Summit (including photographs taken during the event).
What personal data do we collect and for which purposes?
We may collect the following personal data about you insofar as this information is relevant for the purposes for which we need it, as explained below. Anytime certain information is mandatory and other information is optional, this shall be clearly indicated with an asterisk “*”, so that you can choose whether or not to provide such information to us.
|Identification and contact information||Personal identification data: name, address, telephone/mobile number, email address|
|Financial information||Identification data and bank account number, financial transactions (amounts that you have to pay and have paid, overview of the payments, etc.)|
|Personal characteristics||Personal characteristics: gender, nationality, language preference|
|Profession and employment||Profession and employment information (individual or company, where appropriate VAT number)|
|Image recordings||Photos and videos that may be taken during the event|
We use these personal data for the following purposes:
- to be able to register you as participant to the IPF Summit and to keep track of the number of attendees;
- to book your accommodation at the IPF Summit venue – if needed;
- to provide you with relevant information, for example:
- to contact you with respect to the practical organisation of the IPF Summit, or
- to answer a question,
- for the management of invoicing, payments and claims and to comply with legal obligations (e.g. accounting requirements)
- for the handling of inquiries and complaints,
- to send you newsletters and updates (if you have subscribed hereto),
- for security and access control during the IPF Summit, and
- to report on the event afterwards, including via social media and by posting photos and videos.
For your perfect information, you can find hereinafter the legal grounds applicable to these processing activities:
- for the processing of your personal data in the context of the organization of the IPF Summit, we rely upon the necessity for the performance of a contract,
- for the processing of your personal data for accounting purposes, we rely upon the necessity for compliance with our legal obligations as an international non-profit association,
- in all other cases, the processing of your personal data is based on our legitimate interests as an international non-profit association.
With whom do we share your personal data?
- With our service providers (‘processors’): In the context of our activities as described above, we may share your personal data with third parties, in particular with service providers (IT/cloud service providers, PR/marketing agencies or creative agencies) that act as our ‘processors’.
- With our external law firms: Further, we may share your personal data with legal advisors in case of (threatened) litigation.
- With government authorities: Finally, we may share your personal data with the government, police authorities or the judiciary in case we have a legal obligation to do so (e.g. providing access to camera recordings by government authorities and to the police upon request).
We will implement appropriate safeguards when transferring your personal data to third parties. If necessary, we will for example conclude a data transfer or a processing agreement specifying the limitations to the use of your personal data and the obligations with respect to the security of your personal data. Your personal data will not be transferred to countries outside the European Economic Area. Your personal data and your profile will not be lent or sold to third parties for marketing purposes without your prior express consent.
How long do we store your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (as listed above). Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.
More specifically, the following retention guidelines are applied by us:
- personal data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept,
- personal data obtained in the context of complaint handling will be deleted (or anonymised) as soon as the complaint is closed,
- any other personal data that is collected from attendees of our event is archived and not used as soon as the event has passed, unless you have indicated that you wish to be informed by us of future events or activities. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your unsubscribe right, we will no longer keep your personal data for these purposes.
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
How do we protect your personal data?
We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
What are your rights and how can you exercise them?
Within the limits defined by articles 15-22 of the GDPR, you have the statutory right to:
- receive information about and access your personal data;
- rectify your personal data;
- erasure of your personal data (‘right to be forgotten’);
- request restriction of processing of your personal data;
- object to the processing of your personal data;
- receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organisation.
Finally, you have the right to lodge a complaint relating to the processing of your personal data by us with the data protection authority in your country. Please find a list of supervisory authorities here: https://edpb.europa.eu/about-edpb/board/members_en.
In principle you may exercise these rights free of charge. Only where requests are manifestly unfounded or excessive we may charge a reasonable fee. Further information and advice about your rights can also be obtained from the data protection authority in your country. We might request a proof of identity in advance in order to double-check your request.