EDF Privacy Policy

This privacy policy gives you information about the processing of your personal data when you are visiting the website www.euroderm.org.

1. Controller

Controller according to the General Data Protection Regulation EU (2016/679) (“GDPR”) and other data privacy rules is:

EDF, European Dermatology Forum University Hospital Zurich Dermatology
Gloriastrasse 31

CH-8091 Zurich, Switzerland Phone: +41 44 255 19 48
Fax: +41 44 255 99 85
E-mail: patrick.schaffter@usz.ch

2. Representative

Prof Véronique del Marmol EDF Membership Committee Brussels

3. Processing of personal data

According to Article 4 lit 1 GDPR personal data is information relating to an identified or identifiable natural person, e.g. name, email address, IP address. We only process the personal data of our users as is necessary to provide a functional website, content, and services.

  1.  Website visit
    Our webserver processes data that your browser automatically transfers each time you visit. This data includes the IP address of your device, date and the time of request, time zone, the specific page or file, the http-Status code and the amount of data, the website from which your request originates, the browser you are using, your endpoint operating system, the selected language (logfiles). The webserver uses this data to display the contents of this website in the best possible way on your device.

    Contact via email When you are contacting us via Email we collect and save the following data:
    - email address
    -  data which you transmit voluntarily

     
  2. Newsletter and Information about the EDF Annual Meeting, EDF activities
    In order to provide you with information regarding our association via email, you can receive our Newsletter and Information about the EDF Annual Meeting and EDF activities. With your registration for the Newsletter, we processing the personal data that you have provided us:
    -  email address
    -  name

4. Purpose and Legal basis

  1. Website visit
    The purpose of the data processing is the online presentation of our firm and its services as well as the interaction with communication partners. The legal basis for the processing during the use of the website is Article 6 para 1 lit f GDPR (legitimate interest, specifically operation of a website).

     
  2. Contact via email
    The legal basis for processing of data that are transmitted in the course of sending an email to EDF is Art. 6 para 1 lit f GDPR (legitimate interest, specifically user interaction). If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para 1 lit. b DSGVO.

     
  3. Google Analytics
    The legal basis for processing data in the context of the use of Google Analytics is Article 6 para 1 lit f GDPR. We need statistical information about the use of our online offer in order to make it more user-friendly, to make range measurements and to conduct market research.

     
  4. Newsletter and Information about EDF Annual Meeting, EDF activities
    The legal basis for sending you the newsletter is Art. 6 para 1 a GDPR, your prior consent. We use a double-opt-in process for registration for the Newsletter. This means that we will send you an email in which we ask you to confirm registration for the newsletter. In order to proof that the registration process complies with legal requirements, the registration is recorded. Therefore, we store the registration, confirmation and IP address.

5. Recipients, categories of recipients

Within EDF only those persons have access to your data that are in charge of the maintenance of the website or that are in charge of the query that you have addressed. Log and communications data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office.

6. Transfer

The data will be transferred to Switzerland. The European Commission has recognised Switzerland as providing adequate protection according to Art. 45 GDPR.

7. Retention period

The data will be deleted as soon as it is no longer necessary to achieve the purpose for which it was collected, unless there is a longer legal retention period. In the case of the collection of data for the provision of the website, the purpose ends when the respective session has ended. For email conversations this is the case when the conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. For receiving the newsletter your e-mail address will be stored for as long as the subscription to the newsletter is active.

8. Google Analytics

We use Google Analytics, a web analytics service of Google Inc. ("Google"). Google Analytics uses small text files (“cookies”) on your device to enable us to analyse your visitor behaviour with a pseudonym. Information your visitor behaviour stored in such cookies will be transferred to web servers of Google in the USA and will be stored there. For this website the function anonymize IP has been activated, therefore Google will anonymize your IP address on Google servers within the EU or the EEC prior to the transfer of data to the USA. In rare cases full IP addresses may be transferred to the USA and will then be anonymized there.

Google will use the information transferred as a Processor (Article 28 GDPR) to analyse your visitor behaviour, to provide reports about web activities and to provide further services in relation to website use and internet use to the Controller. Your IP address will not be combined with other data of Google. You may prevent the storage of cookies (including your IP address) by using appropriate settings in your browser or object to further processing by downloading and installing a browser plugin [http://tools.google.com/dlpage/gaoptout?hl=en].

9. Cookies

We use cookies. Cookies are small text files that are stored on your computer when you visit our website. This allows us to design our website more individually for the user. The data that a cookie uses, such as an access password, is stored on your computer and you have full control over the use of cookies. If you do not wish cookies to be used, please change the settings for cookie management in your Internet browser. Cookies that have already been saved can be deleted at any time. This can also be done automatically. Please note that by deactivating cookies, it may no longer be possible to use all functions of the website. The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.

10. Rights of the data subject

As a data subject you, have several rights. For assertion of rights, you can contact us:

European Dermatology Forum (EDF) University Hospital Zurich Dermatology
Gloriastrasse 31

CH-8091 Zurich, Switzerland Phone: +41 44 255 19 48
Fax: +41 44 255 99 85
E-mail: patrick.schaffter@usz.ch

  1. Access, rectification, erasure
    In accordance with Art. 15 GDPR, you may at any time obtain from the controller confirmation as to whether or not personal data concerning you is being processed, and where that is the case, access to personal data. Information is provided free of charge. If your personal data is incorrect or incomplete, you have the right to correct and amend it (Art. 16 GDPR).

    You can request the erasure of your personal data at any time, unless we are legally obliged or entitled to further processing of your data (Art. 17 GDPR). If the legal requirements are met, you can demand a restriction on the processing of your personal data.

     
  2. Right to object
    You can object to data processing in accordance with Art. 21 GDPR. We will then stop processing your data. This is not the case if we can prove compelling reasons worthy of protection, which outweigh your rights. This is especially the case when storing the data in log files, because these are absolutely necessary for the operation of the website.

     
  3. Right to data portability
    Upon request, we will provide you with your personal data transmitted by you in a standard machine-readable data format (Art. 20 GDPR).

     
  4. Right to withdraw consent
    If you have given us your consent to process personal data (e.g. to receive the Newsletter), you can withdraw it at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. This also applies to the revocation of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018.

     
  5. Right to lodge a complaint
    You have the right under Article 77 GDPR to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.

     

11. Automated decision making

In principle, we do not use automated decision making for the establishment, execution and termination of business relationships. If we use automated decision making, we will inform you separately.

May 2018