Data Protection Regulations acc. EU-GDPR

1. General regulations

The Wiener Medizinische Akademie GmbH reserves the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.

1.1. Personal data

Your voluntarily transmitted personal details (through submission in the online forms and/or sent by your group coordinator) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018).

Registration, abstract submission, additional bookings & hotel booking

Registration for and/or abstract submission to the 20th International Postgraduate Course of the International Association of Endocrine Surgeons is not possible without collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the event. Your data will only be passed on to third parties who are directly involved in running the event and when the organisational process makes it necessary – in accordance with your bookings (organising society, hotel, transport companies, travel insurance, etc.).

1.2. Photos/films

By registering to attend the 20th International Postgraduate Course of the International Association of Endocrine Surgeons, you grant permission to the Wiener Medizinische Akademie GmbH as well as the organising society to use photos/films taken of you and/or your company presence by our official photographer(s) onsite during the meeting for marketing purposes (event reporting, promotion of follow-up events and self-marketing) for an indefinite period of time. If you do not want to have any photos/films taken of you published, you may contact us at any time: dataprotection@medacad.org.

1.3. Links to other websites

Our online forms may contain links to other websites. The Wiener Medizinische Akademie GmbH is not responsible for the data you provide on other websites. Our partner companies are also bound to act according to EU-GDPR, the implementation, however, rests with each company individually. Our data protection guidelines are solely applicable to data we control (Wiener Medizinische Akademie GmbH).

2. Information Obligation acc. Art. 12-14 EU-GDPR

We would like to provide you with the following information describing the type, purpose and scope of the processing of your personal data.

2.1. Controller

Wiener Medizinische Akademie GmbH

Alser Straße 4, Vienna, A-1090, Austria

T: +43 1 405 1383 0

E-mail: dataprotection@medacad.org

Management of the person responsible (???): Romana König, Jerome del Picchia

Data Protection Coordinator: Therese Popp

The data are collected in the framework of the 20th International Postgraduate Course of the International Association of Endocrine Surgeons.

2.2. Purposes of processing

Depending on the participant status and the bookings of the data subject (see Booking Overview E-Mail), the data are processed for one or more of the purposes listed below.

Processing PurposeData Categories
Participant Management
(Registration, Additional Bookings)
name
contact data
address data/invoice data
registration data
additional bookings
travel data (if necessary)
passport data (if necessary)
special requirements (sensitive data)
special dietary requirements (sensitive data)
Hotel Managementname
contact data
address data/invoice data
hotel booking data
travel data (if necessary)
credit card guarantees (if necessary)
Scientific Management & Coordination Grants & Awards name
contact data
date of birth (if necessary)
lecture data (speaker, topic, title)
Industry Management
(Exhibition & Sponsoring)
name
contact data
company data
General Organisation /
Accreditation & Compliance
name & city/country
institution/organisation (if necessary)
specialisation (if necessary)
lecture data (speaker, topic, title)
General Organisation / Accountingname
contact data
registration data
additional bookings
bank data (if necessary)
credit card data (if necessary)
Marketing & Developmentname
contact data
photos/films
statistical data (ONLY anonymised)

2.3. Legal basis for the data processing purposes

Processing PurposeLegal Basis
Participant Management (Registration, Additional Bookings)Mandatory completion of registration for participation in the selected event
Written confirmation of the group coordinator that participant data may be used
Mandatory booking of ticket(s) to one or more social events of the selected event
Mandatory booking of a travel insurance for the data subject - Mondial Congress & Events acts as intermediate only
Consent of the data subject (sensitive data)
Hotel Management Mandatory conclusion of a hotel booking by the person concerned or his group coordinator
Written confirmation from the group coordinator that participant data may be used
Scientific Management & Coordination Grants & Awards Mandatory completion of abstract submission for the selected event
Acceptance of active participation in the selected event
Industry Management (Exhibition & Sponsoring)Mandatory contract conclusion of the data subject and the company represented by him/her to take part in the selected event
General Organisation (Accreditation & Compliance, Accounting)Fulfilment of contract and law
Legitimate interest of the controller (see item 4.4.)
Marketing & DevelopmentLegitimate interest of the controller (see items 4.1.-4.2.)

2.4. Third-party data recipients – Categories

The recipients will only receive the data they require, not your full data record. Your data will only be forwarded when the organisational process makes it necessary – in accordance with your bookings – and when a legal basis exists.

Processing PurposeData CategoriesRecipient Categories
Participant Management
(Registration, Additional Bookings)
 
 
 
 
 
 
name
contact data
address data/invoice data
registration data
additional bookings
travel data (only if necessary)
passport data (only if necessary)
Organising society, service providers (fulfilment agents)
special dietary requirements (sensitive data)Caterer
Hotel Management name
contact data
address data/invoice data
hotel booking data
travel data (if necessary)
credit card guarantees (if necessary) )
DMC, travel agency, hotels
Scientific Management & Coordination of Grants and Awards name
contact data
date of birth (if necessary)
date of graduation (if necessary)
Lecture data (speaker, topic, title)
Oasis – abstract management software – USA A standard clause agreement is in place with the provider of the abstract-processing software Oasis regarding data protection in accordance with the GDPR
Industry Management
(Exhibition & Sponsoring)
 
name
contact data
company data
Organising society, service providers (fulfilment agents)
General Organisation /
Accreditation & Compliance
 
 
name & city/country
institution/organisation (if necessary)
specialisation (if necessary)
lecture data (speaker, topic, title)
Organising society, relevant accreditation authorities, service providers (fulfilment agents)
General Organisation / Accountingname
contact data
registration data
additional bookings
bank data (if necessary)
credit card data (if necessary)
Organising society, responsible authorities, banks, fiscal offices, tax consultants, service providers (fulfilment agents)
Marketingname
contact data
Online mailing provider
Developmentstatistical data (ONLY anonymised)Organising society

2.5. Transfer to third country

Processing PurposeData CategoriesRecipient Categories
Scientific Management & Coordination of Grants and Awards name
contact data
date of birth (if necessary)
date of graduation (if necessary)
Lecture data (speaker, topic, title)
Oasis – abstract management software – USA
A standard clause agreement with the provider of the abstract processing software Oasis regarding data protection according to the GDPR is in place.
Marketing name contact data Mailchimp – USA / Online Mailing Provider / adequacy decision of EU = Privacy Shield framework, Mailchimp participates in and has certified its compliance with the EU-U.S. privacy shield framework.

2.6. Data storage period

Sensitive data (special dietary requirements), which are collected with consent of the data subjects, as well as passport data and information submitted for statistical data collection will be irrecoverably deleted with the end of the event wrap-up.

All other data are stored for 7 years to meet the retention period according to the Austrian VAT Act of 1994 (Umsatzsteuergesetz 1994) and to permit post-event support and service (i.e. belated participation confirmations and presentation certificates).

In the case of (e.g., annually) recurring congresses, the data are stored for at least 7 years after the end of the entire event series.

Upon revocation of the persons concerned, their data will be deleted immediately.

3. Data subject rights

We would like to inform you about your rights according to EU-GDPR:

3.1. Data subject rights acc. Art 15-21 EU-GDPR

  • Right of access by the data subject
  • Right to rectification
  • Right to erasure/”Right to be forgotten”
  • Right to restriction of processing
  • Right to data portability
  • Right to object (at the legitimate interest of the controller)

Detailed descriptions can be found here:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
© European Union, http://eur-lex.europa.eu, 1998-2018′

3.2. Right to withdraw consent acc. Art. 7 EU-GDPR

  • Depending on your participant status, we kindly ask you for various declarations of consent. These are queried within the online forms or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU-GDPR.

  • Each data subject has the right to withdraw his/her given consent(s) at any time. Withdrawal of consent does not affect the legality of processing carried out based on the declaration of consent until the withdrawal.

Processing of your data by the Wiener Medizinische Akademie GmbH

Your personal data (comprising name, contact data, address data, organisation/institute & registration category) collected by the Wiener Medizinische Akademie GmbH may be passed on to the International Association of Endocrine Surgeons. Said society has the permission to process your personal data and to contact you directly for its own purposes, incl. society newsletters, promotion of topic-related events, information about society activities (e.g., membership, competitions, travel grants, etc.) and the evaluation and further development of the current event, as well as its future editions.

This declaration of consent is queried within the online registration.

Transfer of your data to exhibitors and sponsors

Badge scanning in the exhibition area & at sponsor sessions

Please note: If you have your badge scanned by an exhibitor/sponsor at the 20th International Postgraduate Course of the International Association of Endocrine Surgeons, you thereby agree that your personal data (consisting of name, contact data, address data & organisation/institute), collected by the Wiener Medizinische Akademie GmbH may be forwarded (via a contracted service provider) to the exhibitor/sponsor by whom you have your badge scanned, and the respective company may contact you directly for its own purposes.

3.3. Right to lodge a complaint with a supervisory authority acc. Art. 77 EU-GDPR

Every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes the EU-GDPR.

If, in your opinion, data proceeding would be contrary to the data processing law or to your data protection demands, you may complain to the Austrian data protection authority.

4. Description of other purposes

Legitimate interests of the controller acc. Art. 6 (1) f) EU-GDPR

4.1. Advertising/marketing

Processing data of the data subject to inform him/her about the above-mentioned event, as well as future and topic-related events.

4.2. Development

Processing data of the data subject to develop the programme as well as the organisation and implementation of the above-mentioned event, future and topic-related events.

4.3. Publication of the programme

Processing data of the data subject to promote and publish the event programme via various communication channels (including website and print media).
Concerns the following data subject categories: speaker & chairs, abstract presenters, industry

4.4. Accreditation and adherence to national and international compliance regulations: DFP, CME, EFPIA, MedTech, etc.

Processing data of the data subject in order to organise the accreditation of the scientific programme and to adhere to national and international compliance regulations in the field of medical events.

Concerns the following data subject categories: organising society, speaker & chairs, abstract presenters, industry