1. General
1.1. We the United European Gastroenterology GmbH (hereinafter “UEG GmbH”, “We”, “us” or “UEG”) operate websites using solely or in connection with other pre-fixes the domain name ueg.eu. This Privacy Policy is intended for your information and describes how we process your data in connection with these websites and what rights you have as data subject.
1.2. The protection of individuals with regard to the processing of personal data is a fundamental right which we take very seriously. All data processing is carried out in accordance with the General Data Protection Regulation (EU Regulation 2016/679) and the relevant laws of the Republic of Austria.
1.3. Your data will generally be transferred to UEG in encoded form to exclude access by unauthorized third parties. Your data will be stored and processed on secured servers in respect of this Privacy Policy.
2. Definitions
2.1. “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter “Personal Data”).
2.2. “Non-Personal Data” is data which will be logged for internal system-related and statistical purposes, which cannot be tracked back to you (name of the file accessed, date and time of access, data volume transferred, notification of successful access and transfer, web browser and requesting domain). Data disclosing your identity will not be publicly used by UEG. UEG may, however, use any data collected in anonymized form, in particular for purposes of statistical analyses.
2.3. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.5. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
2.6. “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the laws of the European Union or any of its Member States shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
2.7. “Third party” means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.
2.8. “Consent” of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.9. “Joint Controller” means two or more controllers who jointly determine the purposes and means of processing.
3. Processed Data
3.1. In the course of your visit to our website, UEG will collect the following information:
- The date and time of accessing a page on our website,
- Your internet protocol address (ip address),
- Brand name and version of your web browser, as well as your chosen language setting,
- Your operating system,
- Your Internet service provider,
- The website (URL) from which you were referred to our website,
- Certain cookies (see section 8 below),
- Date / time (hereinafter “Traffic Data” and
- Any information that you enter in our registration form according to paragraph 3.2.
3.2. UEG may collect, store and use your Personal Data when you register on our website via “myUEG” (hereinafter “myUEG”) as a user (hereinafter “myUEG User”) or on other online platforms of UEG, as well as when you fill out an offline form or provide data to us in any other form of interaction.
3.3. Depending on your user status, UEG collects, saves and processes different kinds of Personal Data. Users can register as Basic Users, myUEG Associates or my UEG Young GI Associates.
3.4. When you register with our online platform myUEG as a myUEG User, the following Personal Data will be collected, saved and processed by UEG :
-
Mandatory for all myUEG Users:
- First and last name;
- Email-address(es);
- Country
- Gender
- year of birth
- Occupation
- Expertise
- Fields of interests
- Society memberships
-
In addition, for all myUEG Users on a voluntary basis:
- CV
-
Mandatory during an application/registration process for including but not limited to an onsite or online event, My Connect, grant, award, position or for an invoice process:
- Salutation
- Academic title
- Address(es);
- Workplace: Company/Institution/Organisation, institute type, department;
- Current position;
- CV;
- Health care professional status (prescriber/non-prescriber);
- List of publications;
- Payment information;
- Copy of Passport;
- Conflict of interest declaration data;
- Main carer - child care responsibilities & confirmation
- Live location for ‘My Connect’ platform
- Uploaded application documents (for a grant, award or position within UEG)
- Voluntary during an application/registration process for including but not limited to an onsite or online event, My Connect, grant, award, position or for an invoice process:
- Phone number;
- Biography;
- Profile image;
- Social media profiles (e.g. Facebook, LinkedIn, Twitter);
- Research Gate/Google Scholar/LinkedIn profile link;
- personal website;
3.5. If you sign up to one of our events or preparatory webinars, we will use your Personal Data to manage your registration and the Event. Please note that we may be taking pictures and record audio and video footage of our events and preparatory webinars (hereinafter “Event Data”). We have no intention to photograph you directly without your explicit consent but we cannot exclude the possibility that you will be pictured in these photos. By participating in our events or preparatory webinars, you acknowledge that we have the right to use the Event Data for marketing purposes for free.
3.6. Before you disclose to UEG Personal Data of another person, you have to obtain that person's consent to both the disclosure and the processing of that person’s Personal Data in accordance with this Privacy Policy.
3.7. UEG offers its own app in the Appstore and the Google Play Store. Before you enter the App you can chose to accept or object to the use of Google Analytics for Firebase app tracking. If you accept the use, your personal data will be collected, stored and processed in order to improve the App. If you object, the App will not collect any personal information from the user's device. The app will only send anonymized events and logs to the Google Firebase tracking service for statistical analysis of app usage. Users who object to the use of Google Analytics for Firebase app tracking can still use the App without any limitation.
4. Purposes for which we process your data
We will process your Personal Data for the following purposes:
- Administer the Website and its business (e.g. Your personal myUEG profile)
- Personalise the Website for you
- Enable your use of the services available on the Website
- Send to you non-marketing commercial communications; to be able to respond to your inquiries; to send you statements, invoices and payment reminders to you, and collect payments from you
- Send to you email notifications that you have specifically requested
- Send to you our email newsletters respectively in case you have accepted such service, (you can inform us at any time if you want to unsubscribe from the newsletters)
- Deal with enquiries and complaints made by or about you relating to the Website
- Keep the Website secure and prevent fraud and to detect, prevent and investigate attacks on our website
- Verify compliance with the terms and conditions governing the use of the Website
- To improve and develop the Website
- To be able to compile usage statistics
- Preparation of reports on our events
- Providing information about our events on our intranet and the internet, including an event gallery
- Manage our event attendees
- Supply to you services purchased through the Website
- Contact you with regard to the event you have registered for
- Run statistics with regard to our event attendees
- Improve our future events
- To forward the data to third parties for the third parties´ advertising purposes
- To process any applications for a grant, award or position within UEG
- To grant exclusive access to selected UEG services as indicated on the website for selected myUEG Users
- To connect myUEG Associates & myUEG Young Associates with other Associates in case of an opt-in to joining the My Connect platform
5. Legal basis of the processing
5.1. We process your data in the course of our fulfilment of a contract with you (Art. 6 para. 1 lit b GDPR) and also based on our overriding legitimate interest (Art. 6 para. 1 lit f GDPR), which lies in achieving the purposes set forth in clause 4 lit 1) to lit 20).
5.2. In case you visit a virtual exhibition booth stand or attend an Industry Symposium you may be asked to give your consent – by scanning your badge or by giving your consent on the virtual congress platform – that your personal data (to the extent provided), comprising full name, country, affiliation (institute/company, department, address) and email address is being passed on to the respective (scanning) UEG sponsor/exhibitor (also listed on the website www.ueg.eu) for the purpose of providing marketing and information material relating to the field of digestive health as well as information on scientific events from the respective sponsor/exhibitor. We transmit your data to third parties in accordance with clause 4 lit 19) only if you have given your express consent to do so. In this case of you giving your consent the procession is legally permissible according to Art. 6 para. 1 lit a GDPR.
5.3. If you participate in one of our events, we process your data in the course of our fulfilment of the contract with you (purchase of an event registration). In such case, the procession is legally permissible according to Art. 6 para. 1 lit b GDPR.
6. Transfer of your Personal Data
6.1. If you submit Personal Data for publication on the Website, UEG will publish and otherwise use that information in accordance with the rights granted to UEG under this Privacy Policy. By registering as myUEG User, you acknowledge that your personal data (or the personal data of other persons, which you have provided to UEG) may be disclosed on to other users of the website (and other persons, who have transmitted their personal data offline to UEG). Furthermore, we are entitled to create an anonymous data record from the data we collect in order to pass on this anonymous data record to third parties, e.g. for statistical or scientific purposes. Due to the anonymization, it is not possible to trace back to the individual data subject concerned.
6.2. To achieve the purposes set out above, we will transfer your personal data to the following categories of recipients:
- IT service providers that we use (such as but not limited to our CRM provider Login Software GmbH, our website provider ABSS GmbH, our IT provider Timewarp – IT Consulting GmbH , or Google Inc. for analytics);
- Distributors and postal service providers that we use;
- Payment service providers; and
- Subcontractors we retain for the organization of our events.
6.3. When you register as myUEG User, we will save your Personal Data in our Customer Relationship Management System (hereinafter “CRM”). We cooperate with the non-profit organisation United European Gastroenterology (ZVR: 570340662) (hereinafter “UEG NPO”). As a result, thereof the CRM is also used for UEG NPO purposes. For this reason, we have concluded a "Joint Controller" contract with the UEG NPO. The purpose of this contract is to record which of the two processors assumes which legal obligation. However, Data Subjects can assert their rights mentioned below against each Controller.
6.4. Other than that, your Personal Data will only be processed and/or disclosed or otherwise transferred to third parties if the disclosure or transfer
- is based on the consent of the Data Subject to the processing of his or her personal data for one or more specific purposes; or
- is necessary for the performance of the contract you have signed with us; or
- is necessary for compliance with a legal obligation to which the Controller is subject (e.g. tax obligations); or
- is necessary in order to protect the vital interests of the Data Subject or of another natural person; or
- is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller
6.5. When registering to the My Connect platform, your personal data will be transferred to KIT UNITED SAS, which is an IT service provider, having its registered office at 5 rue des italiens, 75009 Paris, France. A data processing agreement between UEG and KIT UNITED SAS has been concluded. The registration to My Connect is voluntary and the data processing in regards to the My Connect platform is based on your consent. When registering to the My Connect platform your full name, your place of residence (e.g. the city you live in) and further information such as email-address, occupation, institute, expertise, fields of interests and memberships will be transmitted to KIT UNITED SAS. You can withdraw your consent at any time, your My Connect profile and your personal data will then be deleted within a maximum of 90 days.
7. Links to other websites
The Website contains links to other websites. UEG is not responsible for data privacy policies and/or practices on other websites and UEG has no influence as to whether the operators of other websites act in compliance with data protection provisions. UEG’s Privacy Policy is solely applicable to data collected by UEG itself.
8. Use of cookies
8.1. We use “cookies” to improve the functionality of our website. Cookies are small text files that may be installed on your computer when you visit a website. Cookies are generally used to provide site visitors with additional functionality within the site. Cookies cannot access, read or modify any other data on your computer.
8.2. We use cookies that
- will be deleted again when you close your browser (session cookies);
- remain stored on your end user device even after you close your browser (permanent cookies);
- originate from us (first party cookies) or from third parties.
8.3. Through our cookies, we process data on the following legal bases and for the following purposes:
- We use cookies that are absolutely necessary for the operation of our website. The use of these cookies is lawful due to our overriding legitimate interest (Art. 6 para. 1 lit f GDPR).
- We use all other cookies (e.g. Tracking Cookies) on the basis of your consent. You give us your consent via our cookie banner.
8.4. In order to withdraw your consent or to restrict it to certain cookies, you have inter alia the following options:
- Use the settings of your browser. Details can be found in the help function of your browser (usually accessible via the F1 key on your keyboard).
- At http://www.youronlinechoices.com/uk/your-ad-choices you can have the system analyse which cookies are used by you and deactivate them individually or in their entirety. This is an offer from the European Interactive Digital Advertising Alliance.
8.5. Withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal. Please note that the functionality of our websites may be impaired if you withdraw or restrict your consent.
Get further details about the cookies we use
9. Google Analytics
9.1. This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This service provider stores statistical data about your use of this website.
9.2. Google Analytics uses cookies to allow an analysis of your use of the website. The information generated by the cookie about your use of this website (including your IP address and the URLs of the web pages accessed) is transmitted to Google's servers in the USA and stored there. We do not store any of your data collected in connection with Google Analytics.
9.3. Since a transfer of personal data to the U.S. takes place, appropriate safeguards are required to ensure the level of data protection under the GDPR. To guarantee this, we have concluded standard contractual clauses with the provider in accordance with Art. 46 Para. 2 lit. c GDPR. These oblige the recipient of the data in the U.S. to process the data according to the level of protection in Europe. In cases in which this cannot be guaranteed even by this contractual extension, we endeavour to obtain additional regulations and commitments from the recipient in the U.S.
9.4. This website uses the possibility of IP anonymization provided by Google Analytics. Your IP address will therefore be shortened / anonymized by Google as soon as Google receives your IP address. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The IP address sent by your browser as part of Google Analytics will not be merged with other data on Google.
9.5. You can prevent the storage of cookies by a corresponding setting of your browser software. We point out, however, that in this case you may not be able to use all the functions of this website to the full extent.
9.6. For more information about Google's Terms of Use and Google's Privacy Policy, please visit http://www.google.com/analytics/terms/de.html or https://www.google.at/intl/at/policies/.
10. Facebook Fan page
10.1. UEG has a Fan Page on Facebook. Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland ("Facebook”) collects information as described in Facebook's Data Policy under "What kinds of information do we collect?" (for information on how Facebook uses cookies and similar technologies, see its Cookies Policy). When you interact with our fan page, statistical data is stored in Facebook's "Page Insights". Page Insights are aggregated statistics that are created from certain events logged by Facebook servers when people interact with Pages and the content associated with them. Such events are made up of varying data points such as the following depending on the specific event:
a) An action. This includes actions like the following:
- Viewing a Page, post, video, story or other content associated with a Page
- Interacting with a story
- Following or unfollowing a Page
- Liking or unliking a Page or post
- Recommending a Page in a post or comment
- Commenting on, sharing or reacting to a Page’s post (including the type of reaction)
- Hiding a Page's post or reporting it as spam
- Hovering over a link to a Page or a Page's name or profile picture to see a preview of the Page's content
- Clicking on the website, phone number, Get Directions button or other button on a Page
- Having a Page’s event on screen, responding to an event including type of reaction, clicking on a link for event tickets
- Starting a Messenger communication with the Page
- Viewing or clicking on items in Page’s shop
b) Information about the action, the person taking the action, and the browser/app used for it such as the following:
- Date and time of action
- Country/City (estimated from IP address or imported from user profile for logged in users)
- Language code (from browser’s http header and/or language setting)
- Age/gender group (from user profile for logged in users only)
- Website previously visited (from browser’s http header)
- Whether the action was taken from a computer or mobile device (from browser’s user agent or app attributes)
- FB user ID (for logged in users only)
10.2. UEG does not have access to the personal data processed as part of events but only to the aggregated Page Insights. Events used to create Page Insights do not store IP addresses, cookie IDs or any other identifiers associated with people or their devices aside from a FB user ID for people logged in to Facebook.
10.3. The events logged by Facebook in order to create Page Insights are solely defined by Facebook and cannot be set, changed or otherwise be influenced by Page admins.
10.4. UEG and Facebook (together the “Parties”) are joint controllers in accordance with Article 26 GDPR for the processing of such personal data in events for Page Insights (“Insights Data”). The processing of Insights Data is subject to the provisions of Facebook Ireland’s Page Insights Addendum (https://www.facebook.com/legal/terms/page_controller_addendum). Facebook Ireland will ensure it has a legal basis for the processing of Insights Data which is set out in Facebook Ireland’s Data Policy (see under “What is our legal basis for processing data?”).
10.5. Facebook Ireland assumes the responsibility for compliance with the applicable obligations under the GDPR for the processing of Insights Data (including, but not limited to, Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). You can contact Facebook’s data protection at https://www.facebook.com/help/contact/540977946302970. Facebook Ireland will make the essence of this Page Insights Addendum available to data subjects (Article 26(2) GDPR). This is currently done via the Information about Page Insights data which can be accessed from all Pages.
10.6. If you exercise your rights under the GDPR with regard to the processing of Insights Data against UEG (Article 26(3) GDPR), UEG will forward all relevant information regarding such Requests to Facebook Ireland promptly but within a maximum of seven calendar days. UEG is not authorized to act or answer on Facebook Ireland's behalf.
11. Retention period
11.1. In principle, we will save your Traffic Data for a period of twenty-four months. Other personal data (e.g. email conversation) will be saved for seven years. We will only retain your Personal Data for a longer period (i) to the extent necessary to investigate attacks on our website or (ii) as long as are required under statutory retention obligations or (iii) as long as potential legal claims are not yet time-barred, where personal data is needed to raise or defend against the claim.
11.2. If you register as myUEG User we will retain your Personal Data at least for as long as your account is active.
11.3. In the event that the processing is solely based on your consent, your data will be no longer processed if you withdraw your consent.
12. Your rights regarding your personal data
12.1. You have the right to:
- obtain confirmation as to whether and what kind of personal data we store about you and to request copies of such data,
- request rectification or erasure of your personal data,
- request us to restrict the processing of your personal data,
- object to the processing of your personal data,
- withdraw any consent previously granted for the processing (withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal), and
- request data portability.
12.2. Furthermore, you have the right to lodge a complaint against our data processing with the Austrian data protection authority (“Datenschutzbehörde – www.dsb.gv.at”) or the data protection supervisory authority in another EU member state, especially at your place of residence or work.
13. Our contact details
UEG - United European Gastroenterology GmbH
House of European Gastroenterology
Wickenburggasse 1
1080 Vienna
Austria
T +43 1 997 16 39
F +43 1 997 16 39 10