Privacy Policy
1. General information on data privacy
1.1. The International Non-Profit Society European Society of Pathology (ESP)(hereinafter, « ESP ») respects the privacy of its users (hereinafter, the “Users“). In this privacy policy we are using the following terms according to their definition in Article 4 of the General Data Protection Regulation (GDPR): personal data, data subject, processing, restriction of processing, profiling, pseudonymisation, filing system, controller, processor, recipient, third party, consent, supervisory authority.
1.2. ESP processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation“).
1.3. Access to the website https://www.espcongress.org/ (hereinafter, the “Website”) implies the User’s full and unreserved acceptance of this Privacy Policy (hereinafter the “Policy”), as well as its general terms of use (hereinafter the “Terms”) and the cookie policy (hereinafter, the “Cookie Policy”).
1.4. The User acknowledges having read the information below and authorizes ESP to process, in accordance with the provisions of the Policy, the personal data that he/she communicates on the Website.
1.5. The Policy is valid for all pages hosted on the Website and for the registrations of this Website. It is not valid for the pages hosted by third parties to which ESP may refer and whose privacy policies may differ. ESP cannot therefore be held responsible for any data processed on these websites or by them.
2. Data Controller
2.1. As part of the Service, the User may be required to provide certain personal data. In this case, the data controller is:
European Society of Pathology (ESP)
Square De Meeûs 18
1000 Brussels
Belgium
Tel.: +32 25208036
E-Mail: admin@esp-pathology.org
Website: https://www.esp-pathology.org
2.2. Any question regarding the processing of this data may be sent to the following address: admin@esp-pathology.org.
3. Recording of general data and information
3.1. Upon visiting our website our servers are recording a set of general data and information.
This set of general data and information is stored in server log files.
The following information may be recorded:
- the Internet browser and browser version used,
- the operating system of the computer system used,
- the website that referred to our website (referrer),
- the subpages that are accessed on our website,
- time and date of the access to our website,
- an internet protocol address (IP address),
- the internet service provider of the accessing system and
- or any other similar data and information, which may be used to protect our information technology system against danger in the case of a cyber-attack.
3.2. When using this general data and information we are not drawing any conclusion on the directly affected data subject.
Furthermore, this information is necessary to
- deliver the contents of our website correctly,
- optimise the contents of our website and the respective advertising without individualisation,
- guarantee the long-term operational liability of our information technology systems and our website as well as
- provide necessary information for prosecution to law enforcement authorities in the case of a cyber-attack.
3.3. The collected data and information are analysed statistically and utilized to enhance data protection and security within our organization, ensuring an optimal level of protection for all processed personal data. This improvement constitutes a legitimate interest under Article 6(1)(f) GDPR. The data is stored separately from other personal information provided by the data subject and is deleted 14 days after their access to our website.
4. Registration for the attendance at an event
4.1. Our website allows the data subject to register for the European Congress of Pathology. Which personal data is gathered and processed for these purposes results from the respective form that is used for the registration process. These forms vary depending on the type of registration.The registration of the data subject, providing the mandatory personal data, serves the controller to enable the data subject to attend an event or submit scientific contributions.
4.2. When registering for the attendance at an event a contractual relationship will be established. The data subject will be informed about this, along with the terms and conditions, during the registration process. Mandatory data for the contractual relationship are labelled as such in the registration process. The processing of the data is legally based on Article 6(1)(b) GDPR.
4.3. Personal data that is gathered from data subjects to serve for the attendance at an event, such as congresses, conferences and training courses, and the submission of scientific contributions will be transferred to processors by using their IT systems.
- The IT systems for gathering and processing ESP membership data on our website are provided by the processor Glue Up, 1600 Tysons Blvd, Suite 400, McLean VA 22102, USA. Further information about the privacy policy of this processor can be found at https://www.glueup.com/legal/privacy-policy.
- The IT systems for gathering and processing the account data on our website are provided by the processor Glue Up, 1600 Tysons Blvd, Suite 400, McLean VA 22102, USA. Further information about the privacy policy of this processor can be found at https://www.glueup.com/legal/privacy-policy.
- The IT systems for the processing of personal data which is subject to congress registration are provided by the processor Mondial Congress & Events Vienna, Operngasse 20B, 1040 Vienna, Austria. Further information about the privacy policy of this processor can be found at https://mondial-congress.com/en/data-protection/.
4.4. All personal data that is not subject to a legal retention period will be deleted automatically 24 months (grace period to be able to issue invoices and certificates of attendance) after the liquidation or termination of a contractual relationship.
5. Submission and processing of scientific contributions
5.1. Our website facilitates the submission of scientific contributions for the 37th European Congress of Pathology. The collection of this data is based on our legitimate interest in accordance with Article 6(1)(f) GDPR. Selected portions of the submitted data will be published in the printed event program, the online program on this website, and the mobile event application.
The published data includes
- name of persons,
- (b) name, city and country of the clinic or institute of all persons who are named during the submission of the contribution, such as Chairs, Co-Chairs, Speakers and further participants where applicable, like Discussants or Moderators in sessions or contributions. Beyond that, the data of Authors and Co-Authors of submitted abstracts will be published.
5.2. Furthermore, this data will be transferred to processors for the purposes of scientific reviewing, as well as the gathering of additional data for on-site services, like the submission of presentations or handouts.
- The processing of personal data for video recordings of sessions and individual talks is carried out by meta-fusion GmbH, Kunst- und Gewerbehof, Haus B, Deutz-Mülheimer Str. 119, 51063 Cologne, Germany. Further information about the privacy policy of this processor can be found at https://events.meta-fusion.com/privay_policy.
- The processing of personal data to publish the scientific programme online and on-site, as well as to collect handouts is carried out by Documedias GmbH, Charlottenstr. 42, 30449 Hannover, Germany. Further information about the privacy policy of this processor can be found at https://documedias.com/privacy_en/.
- The processing of personal data purposes of scientific evaluation of contributions (reviewing) is carried out by Documedias GmbH, Charlottenstr. 42, 30449 Hannover, Germany. Further information about the privacy policy of this processor can be found at https://documedias.com/privacy_en/.
- The processing of personal data to publish the scientific program in the mobile app is carried out by Entegy Pty Ltd., 1b/19 Musgrave Street, West End QLD 4101 Australia. Further information about the privacy policy of this processor can be found at https://www.entegy.events/privacy-policy.
5.3. The scientific evaluation of contributions (reviewing) is carried out by a scientific review committee commissioned by the European Society of Pathology.
6. Contacting us via our website
6.1. Due to statutory obligations our websites provide contact information to electronically contact our organisation rapidly and allow a direct communication with us. This also includes the provision of a public e-mail address. If a data subject contacts us via e-mail or a provided contact form, the transmitted personal data will be saved automatically. This personal data is transmitted to us on a voluntary basis and is processed by us for contacting reasons only and will not be distributed to third parties.
7. Newsletter registration
7.1. Our website provides visitors with the option to subscribe to newsletters featuring information about our services, including membership, congresses, and educational programmes. The specific personal data transmitted to the controller for each newsletter depends on the details requested in the respective registration forms. These newsletters are used to periodically update our customers and business partners on our offerings and services.
7.2. Our newsletters can generally be received by a data subject if
- the data subject provides a valid e-mail address and
- The data subject independently registers for the newsletter. As part of a double opt-in process, a confirmation email is sent to the email address provided during registration for legal compliance purposes. This email serves to verify that the owner of the provided email address has given their consent to subscribe to the newsletter as the data subject.
7.3. During the newsletter registration process, we collect and process the IP address assigned by the Internet Service Provider (ISP) to the device used for registration, along with the date and time of registration. This data processing is essential to detect and address any potential misuse of the data subject’s email address and to ensure legal protection.
7.4. All personal data processed during newsletter registration is exclusively used for distributing newsletters to the registered recipients. Personal data provided for a specific newsletter subscription will be strictly used for delivering that particular newsletter and will not be applied to any additional subscriptions.
7.5. Newsletter subscribers may also receive notifications via email regarding operational updates, registration requirements, or technical changes necessary for maintaining the newsletter service. The personal data provided will not be shared with third parties, except with service providers responsible for managing newsletter distribution.
7.6. Subscribers can unsubscribe from the newsletter at any time, and consent to the processing of personal data can be revoked at any time as well. To unsubscribe or revoke consent, use the unsubscribe link included in every newsletter Additionally, subscribers may withdraw their consent by submitting a written notice to us.
7.7. The data required for sending newsletters is processed by authorized service providers.We have contracted the following processors for the newsletter sending:
- The IT infrastructure for the newsletter creation, maintenance of recipient lists, data storage and the newsletter sending is provided by Glue Up, 1600 Tysons Blvd, Suite 400, McLean VA 22102, USA. Further information about the privacy policy of this processor can be found at https://www.glueup.com/legal/privacy-policy.
- As an additional processor for the newsletter creation, we contracted Brevo/ SENDINBLUE, 7 Rue de Madrid, 75008 Paris, France. Further information about the privacy policy of this processor can be found at https://www.brevo.com/legal/privacypolicy/.
8. Newsletter tracking
8.1. Our newsletters contain so called tracking pixels. A tracking pixel is a miniature graphic, which is embedded to e-mails, that are sent in HTML format, to allow us to log and analyse newsletters. This is the basis for statistical evaluations of the success or failure of our e-mail marketing campaigns. On the basis of a tracking pixel, we can reproduce if, when and on which platform, for example PC, mobile phone or tablet, an e-mail has been opened by the data subject. Furthermore, we are able to see which links have been clicked in the e-mail by the recipient.
8.2. Personal data collected through the use of tracking pixels is processed to optimize newsletter delivery and tailor content to the recipients’ interests. This data will not be shared with third parties, except for authorized service providers managing newsletter distribution.
8.3. Recipients may revoke their consent to the use of tracking pixels, which was granted during the double opt-in newsletter registration, at any time. Upon revocation, all related data will be automatically deleted. Unsubscribing from the newsletter is considered a withdrawal of consent.
9. Routine deletion and locking of personal data
9.1. We retain and process your personal data only for as long as necessary to fulfil the purpose for which it was collected or as required by European or other applicable legislative or regulatory authorities governing data storage and processing.
9.2. Once the purpose for data retention has been achieved or the legally mandated storage period has expired, the personal data will be securely restricted from further processing or deleted in compliance with applicable legal regulations.
10. Rights of data subjects
10.1. Right to information
According to Article 15 GDPR you have the right to demand a confirmation whether we process your personal data. Should we process your personal data you have the right to be informed about this personal data and further information, which are explained in Article 15 GDPR.
10.2. Right to rectification
According to Article 16 GDPR you have the right to demand immediate rectification of incorrect personal data relating to you. Furthermore, taking into consideration the purposes of the processing you have the right to request the completion of incomplete personal data, also by means of a complementary declaration.
10.3. Right to erasure
You have the right to demand that we delete all of your stored personal data immediately. We are obligated to delete personal data immediately, provided the conditions of Article 17 GDPR are met. For further information about the details of these conditions we refer to Article 17 GDPR.
10.4. Right to restriction of processing
According to Article 18 GDPR you have the right to demand the restriction of processing of your personal data under certain circumstances.
10.5. Right to data portability
According to Article 20 GDPR you have the right to receive your provided personal data in a structured, common and machine-readable format from us. Furthermore, you have the right to transmit this data to a controller of your choice without any obstruction by us, insofar the processing is based on a consent according to the Articles 6(1)(a) or 9(2)(a) GDPR, as well as it is based on a contract according to Article 6(1)(b) GDPR and the data is processed by the means of automated procedures.
10.6. Right to object
According to Article 21 GDPR you have the right to object to the processing of your personal data that is based on the Articles 6(1)(e) or (f) GDPR. This also applies for a profiling based on these rules.
- If we process your personal data for direct marketing purposes, you are entitled to object to the processing of your personal data for these purposes. This also applies for profiling that is linked to such direct marketing activities.
- If you intend to exercise your given rights, please contact us – the controller – directly using the above stated contact information or choose one of the provided options to contact us on an alternative way to inform us. If you have any questions in this respect, please also contact us directly.
10.7. Right to lodge a complaint with a supervisory authority
According to Article 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider the processing of personal data relating to you infringes the GDPR.
11. Use and application of Google Analytics (with anonymizer function)
ESP has integrated the component of Google Analytics (with the anonymizer function) on this website.
11.1. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
11.2. The operator of the Google Analytics component is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
11.3. During the first visit of our websites we invite the data subject to consent the usage of Google Analytics. The data subject’s activities on our websites are not recorded as long as the respective consent has not been given.
11.4. In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link http://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
If Google does not provide this Internet browser plugin for the Internet browser or IT system used for your visit, you can deactivate Google Analytics by using this Link: Deactivate Google Analytics. This deactivation only takes effect for the currently used IT system and for the currently used Internet browser
11.5. For the web analytics through Google Analytics we use the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
11.6. The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. This purpose is considered a legitimate interest according to Article 6(1)(f) GDPR.
11.7. Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
11.8. Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Linkhttps://www.google.com/analytics/.
11.9. Alphabet Inc. and its subsidiaries (e.g. Google LLC) comply the requirements of the EU-U.S. Privacy Shield Framework, as well as the Suisse-US Privacy Shield Framework. Further information about these treaties may be retrieved under https://www.privacyshield.gov/.
12. Automated decision making and profiling
We process your data responsibly and neither use automated decision making nor profiling.
13. Pictures, audio and video footage
Please note that we may be taking pictures and record audio and video footage of our events. We have no intention to photograph you directly without your explicit consent, but we cannot exclude the possibility that you will be pictured in these photos. By participating in our events or preparatory webinars, you acknowledge that we have the right to use the Event Data for marketing purposes for free.
