As from May 25, 2018 onwards the new General Data Protection Regulation (GDPR) comes into effect across the European Union, the European Society of Gastrointestinal and Abdominal Radiology has worked on a privacy policy informing its members, as well as interested parties and event attendees about their personal data and how it is processed. In case of any questions, do not hesitate to contact office@esgar.org.
1.1. Controller
The Controller responsible for the processing of the personal data according to Art 4 No 7 GDPR is the society.
Europäische Gesellschaft für Abdominal und Gastrointestinal Radiologie – European Society of Gastrointestinal and Abdominal Radiology (ESGAR)
ZVR 209922020
Esslinggasse 2/3
1010 Vienna
AUSTRIA
Phone: +43 1 535 89 27
Email: office@esgar.org
1.2. Personal Data
ESGAR processes the following categories of personal data
of society members
of officers of the society
of third parties, consuming services of the society
of third parties providing services to the society
of employees
1.3. Purpose
ESGAR processes personal data for the following purposes
1.4. Legal Basis
The legal basis for the data processing are:
ESGAR primarily processes data on the basis of the legal relationship resulting from the membership with the society or for steps prior to the acceptance as member of the society upon request of the data subject in accordance with Art 6 No 1 lit b) GDPR. If and in as far as the disclosure and transfer of personal data to third parties is not based on the performance of contractual obligations or for steps prior to entering into a contract it is based on the data subject’s consent in accordance with Art 6 No 1 lit a) GDPR. The processing of personal data for the recruitment of society members as well as the advertising of society events and other services offered by the society to third parties not member of the society is based on the legitimate interest of the controller in accordance with Art 6 No 1 lit f) GDPR. The legitimate interest of the controller in these cases is the increase of the number of society members as well as the promotion of the purpose of the society by extending the circle of addressees for the services offered by the controller in pursuit of the society’s purpose. The notification of persona data of officers of the society to the relevant authorities governing associations is based on the legal obligations to be met by the society in accordance with Art 6 No 1 lit c) GDPR.
The processing of personal data of employees and of job applicants is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit a) GDPR. The transfer of personal data of employees to the relevant authorities and social insurance institutions is based on legal obligations in accordance with Art 6 No 1 lit c) GDPR.
The processing of personal data of customers and contractors not being society members rendering services to or receiving services from the controller is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit b) GDPR.
1.5. Categories of Recipients
ESGAR only discloses personal data if such disclosure is based in legal obligations or if the disclosure is required for the performance of a contract or for steps to be taken prior to entering into a contract or if the data subject has given the consent or in the event that the disclosure is necessary for the purpose of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests of the data subject. The disclosure has to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are disclosed (“data minimisation”).
The data processed by the controller may be disclosed to the following categories of recipients:
1.6. Storage Period
ESGAR shall not store personal data longer than required for respective purpose of processing. ESGAR shall store personal data for the duration of contractual relations, in particular for the time of membership with the society. Furthermore, personal data may or have to remain stored depending on the legal basis and the respective purpose. Reasons justifying a storage of personal data beyond the duration of a contractual relationship are storage obligations subject to tax law (generally seven years from the end of the year the data processing relates to) or the registration for the pursuit or defence of legal claims that may amount to up to 30 years in accordance with Austrian regulations on the statute of limitation. In the event the storage of personal data is based exclusively on the data subject’s consent, such consent can be withdrawn at any time. Unless there is no other legal basis for the storage, the deletion of the data may be requested.
1.7. Sources of Personal Data
ESGAR primarily processes data provided by the data subject upon entering into a legal relationship (membership with the society, participation in event, opening a user account for a data basis operated by ESGAR, consumption of services offered by ESGAR). Personal data, however, can also be disclosed to ESGAR by third parties, for example upon making a recommendation as presenter, lecturer at society events or as author in publications of the society.
In addition, ESGAR may process personal data from public sources such as the world wide web in general and publications or websites of the data subject or of universities, hospitals, research institutions, doctors’ platforms, or physicians’ portals.
1.8. Third Countries and International Organisations
ESGAR does not transfer data to third countries.
1.9. Automated Decision-making
ESGAR does not use personal data for automated decision-making which produces legal effect.
1.10. Rights of the Data Subject
Every data subject is entitled to the rights to information, rectification, erasure, restriction of processing, portability and objection. In order to exercise these rights, data subjects should contact the controller (office@esgar.org). In the event the data subject is of the opinion that the processing of the data subject’s personal data infringes data protection law or the data subject’s right to privacy, the data subject may complain with the relevant authority being the Data Protection Authority (Datenschutzbehörde) in Austria.
In the event a data subject has given the consent for the processing of his data for a specific purpose and such data were also processed subject to another legal basis, for example for the performance of a contract or for the pursuit or defence of legal claims, the data subject’s withdrawal of the consent to process such data has no relevance on the processing of such data subject to another legal basis.
1.11. Links to other websites
The Website contains links to other websites. ESGAR is not responsible for data privacy policies and/or practices on other websites and ESGAR has no influence as to whether the operators of other websites act in compliance with data protection provisions. ESGAR’s Privacy Policy is solely applicable to data collected by ESGAR itself.
2.1. Use of cookies
This website uses cookies, which are small pieces of data that a website stores on your computer with the help of your browser. They allow the website to remember your actions or preferences and therefore enhance your user experience. If you want to decline cookies, you can do so in your browser’s settings.
Cookies are used on this website for the following purposes:
2.2. Web analysis
This Website uses “Google Analytics” from Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA. This service tracks the habits of website users and enables us to increase the usability of our website. In order to analyse the website users, cookies are being used to gather information. This information is sent to and stored at the provider’s server in the US. This can be prevented by deactivating cookies in your browser. The relationship to Google Inc. is based on the EU-US-Privacy-Shield (https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active). The processing of data is done according to § 96 Abs 3 TKG as well as Art. 6 lit f (legitimate interest) of the GDPR, which is the improvement of our website.
If you would like to opt-out of Google Analytics, please click here: https://tools.google.com/dlpage/gaoptout
2.3. Hosting and Log-Files
In order to run this Website Hosting-Services such as infrastructure and platform services, computing capacity, data storage, database services, safety and maintenance services are used. We respectively our hosting service provider process the following data of our website visitors: contact data, content data, usage data, meta and communication data due to our legitimate interest in providing a satisfying and safe website. For the same reason we respectively our hosting service provider also process so called Server-Log-Files (for example called websites, file, time of visit, amount of data, browser and operating system information, referrer-website, IP- address, etc.). Due to safety reasons (clarification of misuse or fraud) these log-files are stored for a maximum of 3 months. In case of any incidents it can be stored longer if needed for proof.
2.4. Webshop
We would like to inform you that in order to facilitate the buying process as well as to fulfil the contract your IP-address as well as name, address and general payment information will be saved. The data provided by you is necessary in order to fulfil a contract as this is not possible without certain information. No data will be given to third parties except for payment providers and our accountant. If you decide to cancel the payment process, no data will be saved. In case of closing a contract the data will be saved as long as required by law. The data processing is based on the following laws: § 96 Abs. 3 TKG and Art 6 Abs. 1 lit a) (consent) and/or lit b) (necessary for the conclusion of the contract) of the GDPR.
Last update: May 25, 2018