DATA PROTECTION REGULATIONS acc. EU-GDPR

1. General Regulations

The Confederation of European Otorhinolaryngology-Head and Neck Surgery (CEORL-HNS) reserves the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.

1.1. Personal Data:

Your voluntarily transmitted personal details (through submission in our official online forms i.e. membership, newsletter, fellowship, etc.) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018). 

Membership (multidisciplinary organisations, national societies):
A membership in the CEORL-HNS is not possible without collecting, saving and processing your personal data. This is solely for the purpose of administrating and organising included services of your membership. Your data will only be passed on to third parties, who are directly involved in management practices and when the organisational process makes it necessary – in accordance with your membership category (mailing provider, etc.).

CEORL-HNS Fellowship:
A participation/application for the CEORL-HNS Fellowship is not possible without collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the fellowship. Your data will only be passed on to third parties, who are directly involved in management practices and when the organisational process makes it necessary (i.e. fellowship committee, hosting hospitals, etc.).

Industry Partnership:< br/> An industry partnership with the CEORL-HNS is not possible without collecting, saving and processing your personal and company data. This is solely for the purpose of managing and organising agreed services of your partnership. Your data will only be passed on to third parties, who are directly involved in management practices and when the organisational process makes it necessary – in accordance with your agreement.

1.2. Photos/Films:

With your membership or partnership you grant permission to the CEORL-HNS to use photos/films taken from you respectively your company presence by our official photographer(team) for marketing purposes (reporting, promotion of confederation events & self-marketing) for an indefinite period of time. If you do not want to have any photos/films taken of you published, you may contact us at any time: gloria.casanova (at) ceorl-hns.org

1.3. Links to other websites:

Our website and online forms may contain links to other websites. The CEORL-HNS is not responsible for the data you provide on other websites. Out partner organisations are also bound to act according to EU-GDPR, the implementation however rests with each organisation individually. Our data protection guidelines are solely applicable to data controlled by us (CEORL-HNS).

2. Information Obligation acc. Art 12-14 EU-GDPR (EU-DSGVO)

We are pleased to provide you with all information on the type, purpose and scope of the processing activities of your personal data.

2.1. Controller:

Confederation of European Otorhinolaryngology-Head and Neck Surgery (CEORL-HNS)
c/o Mondial Congress & Events
Operngasse 20B, 1040 Wien
T: +43 1 58804 - 0 | F: +43 1 58804 - 185
E-Mail: gloria.casanova (at) ceorl-hns.org & dataprotection (at) mondial-congress.com 
Secreteriat: Gloria Casanova
Data Protection Coordinators Mondial Congress & Events: Kemal Velic & Barbara Obritzhauser

2.2. Purposes of Processing: 

Depending on the activity (see point 1.1.) of the data subject, the data are processed for one or more of the purposes listed below.

Processing Purpose Data Categories
Membership Management / Administration & Organisation of Included Services name
contact data
address data
membership data
bank account data (if necessary)
Membership Management / Presidential Council name
contact data
institution/organisation
date of birth (if necessary)
photo
CEORL-HNS Fellowship name
address data
contact data
institution/organisation
academic information
application data/documents
date of birth
languages fellowship hearing result
EBEORL-HNS exam result
Industry Partnership name
contact data
company data
General Organisation / Accounting name
contact data
address data/invoice data
cost statements (if necessary)
bank account data (if necessary)
credit card data (if necessary)
Marketing name
contact data
photos/films


2.3. Legal Basis for the data processing purposes:

Processing Purpose Legal Basis
Membership Management / Administration & Organisation of Included Services - Binding application for membership respectively active/paid membership in the named confederation
Membership Management / Presidential Council - Active/Paid membership in the named confederation
- Legitimate interest of the controller (see point 4.3.)
CEORL-HNS Fellowship - Binding application oft he data subject for the given fellowship
- Legitimate interest oft he controller (see point 4.3. – publication)
Industry Partnership - Binding contract conclusion of the data subject and the company represented by him/her to support the named confederation and take part at relevant events of the named confederation
General Organisation / Accounting - Fulfillment of contract and law
Marketing & Development - Legitimate interest of the controller (see point 4.1.-4.2.)

 

2.4. Third Party Data Recipients – Categories: 

The recipients only receive the data they require, not your full data record. Your data will only be forwarded when the organisational process makes it necessary – in accordance with your bookings – and when a legal basis exists.

Processing Purpose Data Categories Recipient Categories
Membership Management / Administration & Organisation of Included Services ; Presidential Council name
contact data
address data
membership data
bank account data (if necessary)
institution/organisation
date of birth (if necessary)
photo
service providers (fulfilment agents)
CEORL-HNS Fellowship name
address data
contact data
institution/organisation
academic information
application data/documents
date of birth
languages
fellowship hearing result
EBEORL-HNS exam result
service providers (fulfilment agents)
Industry Partnership name
contact data
company data
service providers (fulfilment agents)
General Organisation / Accounting name
contact data
address data/invoice data
cost statements (if necessary)
bank account data (if necessary)
credit card data (if necessary)
responsible authorities, bank, fiscal office, tax consultant, service providers (fulfilment agents)
Marketing (Mailings) name
contact data
online mailing provider


2.5. Übermittlung in Drittland:

The following third party organisations are not active in the EU:
Mailchimp – USA / Online Mailing Provider / adequacy decision of EU = Privacy Shield framework, Mailchimp participates in and has certified its compliance to the privacy shield framework.

2.6. Speicherdauer der Daten:

All data are stored until the end of membership/partnership + 7 years, to meet the retention period according to the Austrian VAT Act 1994 (Umsatzsteuergesetz 1994) and to permit membership administration that meets the standards and requirements of the confederation and its members.

3. Data Subject Rights

We are pleased to inform you about your rights according to EU-GDPR:

3.1. Data Subject Rights acc. Art 15-21 EU-GDPR:

  • Right of access by the data subject 
  • Right to rectification 
  • Right to erasure/”Right to be forgotten”
  • Right to restriction of processing
  • Right to data portability
  • Right to object (at legitimate interest of the controller)

Detailed descriptions can be found here:
eur-lex.europa.eu/legal-content/EN/TXT/HTML/
© European Union, http://eur-lex.europa.eu/, 1998-2018'

3.2. Right to withdraw consent acc. Art. 7 EU-GDPR:

Depending on your participant status, we kindly ask you for different declarations of consent. These are queried within the online forms or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU GDPR.
Each data subject has the right to withdraw his/her given consent(s) at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the declaration of consent until the withdrawal.
Declarations of consent can be retracted at any time by sending a written message to CEORL-HNS, c/o Mondial Congress & Events, Operngasse 20B, 1040 Wien or to dataprotection (at) mondial-congress.com

3.3. Right to lodge a complaint with a supervisory authority acc. Art 77 EU-DSGVO

Every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes to the EU-GDPR.

4. Description of other Purposes
Legitimate Interests of the Controller acc. Art 6 (1) f) EU-GDPR

4.1. Advertising/Marketing/Information Transfer:

Processing personal data of the data subject to inform him/her about activities of the confederation (i.e. fellowships, etc.), as well as current and future events staged by the confederation. 

4.2. Development/Evaluation:

Processing personal data of the data subject to develop the programme, the realisation and the implementation of confederation activities.

4.3. Publication of the presidential council, fellowship recipients, etc.

Processing personal data of the data subject to inform the public and members about the confederation, respectively to represent the confederation accordingly. Data are published via various communication channels (including website and print media).