1.2. The protection of individuals with regard to the processing of personal data is a fundamental right which we take very seriously. All data processing is carried out in accordance with the EU General Data Protection Regulation (2016/679) and the relevant laws of the Republic of Austria.
2.1. “Personal Data” means any information relating to an identified or identifiable natural person (hereinafter “Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person (hereinafter “Personal Data”).
2.2. “Non-Personal Data” is data which will be logged for internal system-related and statistical purposes, which cannot be tracked back to you (name of the file accessed, date and time of access, data volume transferred, notification of successful access and transfer, web browser and requesting domain). Data disclosing your identity will not be publicly used by UEG. UEG may, however, use any data collected in anonymized form, in particular for purposes of statistical analyses.
2.3. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
2.4. “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
2.5. “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
2.6. “Recipient” means a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with the laws of the European Union or any of its Member States shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
2.7. “Third party” means a natural or legal person, public authority, agency or body other than the Data Subject, Controller, processor and persons who, under the direct authority of the Controller or processor, are authorised to process personal data.
2.8. “Consent” of the Data Subject means any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
2.9. “Joint Controller” means two or more controllers who jointly determine the purposes and means of processing.
3. Processed Data
3.1. In the course of your visit to our website, UEG will collect the following information:
- The date and time of accessing a page on our website,
- Your internet protocol address (ip address),
- Brand name and version of your web browser, as well as your chosen language setting,
- Your operating system,
- Your Internet service provider,
- The website (URL) from which you were referred to our website,
- Certain cookies (see section 8 below),
- Date / time (hereinafter “Traffic Data” and
- Any information that you voluntarily enter in our registration form according to paragraph 3.2.
3.2. UEG may collect, store and use your Personal Data when you register on our website via “myUEG” (hereinafter “myUEG”) or on other online platforms of UEG, as well as when you fill out an offline form or provide data to us in any other form of interaction. When you register with our online platform myUEG, the following Personal Data will be collected, saved and processed by UEG when you register to myUEG (hereinafter “myUEG-Data”):
- Full name
- Title, salutation
- Range of age;
- Date and place of birth
- Society memberships
- Expertise / interests
- Workplace / institution
- Years of training
- Training certificates
- Health care professional status (prescriber/non-prescriber)
- Motivation for using services
- Credit card details
- Passport details for congress invitation letters
- Declaration of interests
- Affiliation information (to an organisation) is required for all persons wishing to submit an abstract
- Uploaded application documents (for a grant, award or position within UEG) .
3.3. If you sign up to one of our events or preparatory webinars, we will use your myUEG-Data to manage your registration and the event. Please note that we may be taking pictures and record audio and record video footage of our events and preparatory webinars (hereinafter “Event Data”). We have no intention to photograph you directly without your explicit consent but we cannot exclude the possibility that you will be pictured in these photos. By participating in our events or preparatory webinars, you acknowledge that we have the right to use the Event Data for marketing purposes for free.
3.5. UEG offers its own app in the Appstore and the Google Play Store. This App is not fetching any personal information from the user's device. This app will only send anonymized events and logs to the Google Firebase tracking service for statistical analysis of app usage.
4. Purposes for which we process your data
We will process your Personal Data for the following purposes:
- Administer the Website and its business (e.g. Your personal myUEG profile);
- Personalise the Website for you;
- Enable your use of the services available on the Website;
- Send to you non-marketing commercial communications; to be able to respond to your inquiries; to send you statements, invoices and payment reminders to you, and collect payments from you;
- Send to you email notifications that you have specifically requested;
- Send to you our email newsletters respectively in case you have accepted such service, (you can inform us at any time if you want to unsubscribe from the newsletters);
- Deal with enquiries and complaints made by or about you relating to the Website;
- Keep the Website secure and prevent fraud and to detect, prevent and investigate attacks on our website;
- Verify compliance with the terms and conditions governing the use of the Website.
- To improve and develop the Website;
- To be able to compile usage statistics;
- Preparation of reports on our events,
- Providing information about our events on our intranet and the internet, including an event gallery
- Manage our event attendees;
- Supply to you services purchased through the Website;
- Contact you with regard to the event you have registered for;
- Run statistics with regard to our event attendees;
- Improve our future events;
- To forward the data to third parties for the third parties´ advertising purposes
- To process any applications for a grant, award or position within UEG .
5. Legal basis of the processing
5.1. We process your data based on our overriding legitimate interest (Art. 6 para. 1 lit f GDPR), which lies in achieving the above-mentioned purposes set forth in clause 4 lit 1) to lit 20).
5.2. In case you attend an Industry Symposium or visit a virtual exhibition booth stand, you may be asked to give your consent that your personal data, comprising full name, address, (institute/company, department, address) and email address is being passed on to the respective UEG sponsor/exhibitor (also listed on the website www.ueg.eu) for the purpose of providing marketing and information material relating to the field of digestive health as well as information on scientific events from the respective sponsor/exhibitor. We transmit your data to third parties in accordance with clause 4 lit 19) only if you have given your express consent to do so. In this case of you giving your consent the procession is legally permissible according to Art. 6 para. 1 lit a GDPR
5.3. If you participate in one of our events, we process your data in the course of our fulfilment of the contract with you (purchase of an event registration). In such case, the procession is legally permissible according to Art. 6 para. 1 lit b GDPR.
6. Transfer of your Personal Data
6.2. To achieve the purposes set out above, we will transfer your personal data to the following categories of recipients:
- IT service providers that we use (such as but not limited to our website provider Körbler GmbH, our IT provider DATAplexx IT- und Telekommunikationslösungen GmbH, or Google Inc. for analytics);
- Distributors and postal service providers that we use;
- Payment service providers; and
- Subcontractors we retain for the organization of our events.
6.3. When you register with myUEG we will save your myUEG-Data in our Customer Relationship Management System (hereinafter “CRM”). We cooperate with the non-profit organisation United European Gastroenterology (ZVR: 570340662) (hereinafter “UEG NPO”). As a result, thereof the CRM is also used for UEG NPO purposes. For this reason, we have concluded a "Joint Controller" contract with the UEG NPO. The purpose of this contract is to record which of the two processors assumes which legal obligation. However, Data Subjects can assert their rights mentioned below against each Controller.
6.4. Other than that, your Personal Data will only be processed and/or disclosed or otherwise transferred to third parties if the disclosure or transfer
- is based on the consent of the Data Subject to the processing of his or her personal data for one or more specific purposes; or
- is necessary for the performance of the contract you have signed with us; or
- is necessary for compliance with a legal obligation to which the Controller is subject (e.g. tax obligations); or
- is necessary in order to protect the vital interests of the Data Subject or of another natural person; or
- is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.
7. Links to other websites
8.1. We use “cookies” to improve the functionality of our website. Cookies are small text files that may be installed on your computer when you visit a website. Cookies are generally used to provide site visitors with additional functionality within the site. Cookies cannot access, read or modify any other data on your computer.
- will be deleted again when you close your browser (session cookies);
- remain stored on your end user device even after you close your browser (permanent cookies);
- originate from us (first party cookies) or from third parties.
8.3. Through our cookies, we process data on the following legal bases and for the following purposes:
- We use all other cookies (e.g. Tracking Cookies) on the basis of your consent. You give us your consent via our cookie banner.
8.4. In order to withdraw your consent or to restrict it to certain cookies, you have inter alia the following options:
- Use the settings of your browser. Details can be found in the help function of your browser (usually accessible via the F1 key on your keyboard).
- At http://www.youronlinechoices.com/uk/your-ad-choices you can have the system analyse which cookies are used by you and deactivate them individually or in their entirety. This is an offer from the European Interactive Digital Advertising Alliance.
8.5. Withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal. Please note that the functionality of our websites may be impaired if you withdraw or restrict your consent.
Get further details about the cookies we use
9. Google Analytics
9.1. This website uses Google Analytics, a web analytics service provided by Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"). This service provider stores statistical data about your use of this website.
9.3. This website uses the possibility of IP anonymization provided by Google Analytics. Your IP address will therefore be shortened / anonymized by Google as soon as Google receives your IP address. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide us with other services related to website activity and internet usage. The IP address sent by your browser as part of Google Analytics will not be merged with other data on Google.
9.4. You can prevent the storage of cookies by a corresponding setting of your browser software. We point out, however, that in this case you may not be able to use all the functions of this website to the full extent.
10. Facebook Fan page
a) An action. This includes actions like the following:
- Viewing a Page, post, video, story or other content associated with a Page
- Interacting with a story
- Following or unfollowing a Page
- Liking or unliking a Page or post
- Recommending a Page in a post or comment
- Commenting on, sharing or reacting to a Page’s post (including the type of reaction)
- Hiding a Page's post or reporting it as spam
- Hovering over a link to a Page or a Page's name or profile picture to see a preview of the Page's content
- Clicking on the website, phone number, Get Directions button or other button on a Page
- Having a Page’s event on screen, responding to an event including type of reaction, clicking on a link for event tickets
- Starting a Messenger communication with the Page
- Viewing or clicking on items in Page’s shop
b) Information about the action, the person taking the action, and the browser/app used for it such as the following:
- Date and time of action
- Country/City (estimated from IP address or imported from user profile for logged in users)
- Language code (from browser’s http header and/or language setting)
- Age/gender group (from user profile for logged in users only)
- Website previously visited (from browser’s http header)
- Whether the action was taken from a computer or mobile device (from browser’s user agent or app attributes)
- FB user ID (for logged in users only)
10.2. UEG does not have access to the personal data processed as part of events but only to the aggregated Page Insights. Events used to create Page Insights do not store IP addresses, cookie IDs or any other identifiers associated with people or their devices aside from a FB user ID for people logged in to Facebook.
10.3. The events logged by Facebook in order to create Page Insights are solely defined by Facebook and cannot be set, changed or otherwise be influenced by Page admins.
10.4. UEG and Facebook (together the “Parties”) are joint controllers in accordance with Article 26 GDPR for the processing of such personal data in events for Page Insights (“Insights Data”). The processing of Insights Data is subject to the provisions of Facebook Ireland’s Page Insights Addendum (https://www.facebook.com/legal/terms/page_controller_addendum). Facebook Ireland will ensure it has a legal basis for the processing of Insights Data which is set out in Facebook Ireland’s Data Policy (see under “What is our legal basis for processing data?”).
10.5. Facebook Ireland assumes the responsibility for compliance with the applicable obligations under the GDPR for the processing of Insights Data (including, but not limited to, Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). You can contact Facebook’s data protection at https://www.facebook.com/help/contact/540977946302970. Facebook Ireland will make the essence of this Page Insights Addendum available to data subjects (Article 26(2) GDPR). This is currently done via the Information about Page Insights data which can be accessed from all Pages.
10.6. If you exercise your rights under the GDPR with regard to the processing of Insights Data against UEG (Article 26(3) GDPR), UEG will forward all relevant information regarding such Requests to Facebook Ireland promptly but within a maximum of seven calendar days. UEG is not authorized to act or answer on Facebook Ireland's behalf.
11. Retention period
11.1. In principle, we will save your Traffic Data for a period of twenty-four months. Other personal data (e.g. email conversation) will be saved for seven years. We will only retain your Personal Data for a longer period (i) to the extent necessary to investigate attacks on our website or (ii) as long as are required under statutory retention obligations or (iii) as long as potential legal claims are not yet time-barred, where personal data is needed to raise or defend against the claim.
11.2. If you register on myUEG we will retain your registration data at least for as long as your account is active.
11.3. In the event that the processing is solely based on your consent, your data will be no longer processed if you withdraw your consent.
12. Your rights regarding your personal data
12.1. You have the right to:
- obtain confirmation as to whether and what kind of personal data we store about you and to request copies of such data,
- request rectification or erasure of your personal data,
- request us to restrict the processing of your personal data,
- object to the processing of your personal data,
- withdraw any consent previously granted for the processing (withdrawing your consent does not affect the lawfulness of processing based on your consent before your withdrawal), and
- request data portability.
12.2. Furthermore, you have the right to lodge a complaint against our data processing with the Austrian data protection authority (“Datenschutzbehörde – www.dsb.gv.at”) or the data protection supervisory authority in another EU member state, especially at your place of residence or work.
13. Our contact details
UEG - United European Gastroenterology GmbH
House of European Gastroenterology
T +43 1 997 16 39
F +43 1 997 16 39 10