2020 Patient Safety Policy Summit
1. Who are we?
The European Society of Anaesthesiology (hereafter “ESA”, “we”, “us”) is a not-for-profit (AISBL) organisation that brings together European national medical associations committed to promoting the professional role of anaesthesiologists, to improve perioperative patient outcomes by focusing on the quality of care and patient safety. ESA has its address at 24 Rue des Comédiens, 1000 Brussels, Belgium and it is registered in Belgium under the number 0447.289.368.
2. Whose personal data do we collect?
In the context of the Summit, we process personal data of the speakers and participants to the event (patients, carers, healthcare professionals, industry representatives, journalists, and of any other person involved in the event). We collect your personal data in various ways:
✔ directly from you when you provide us with your personal by registering to the Summit; and
✔ directly from you when you provide us certain additional information during your attendance of the Summit (including photographs or videos taken during the event).
3. What personal data do we collect and for which purposes?
We may collect the following personal data about you insofar as this information is relevant for the purposes for which we need it, as explained below. Anytime certain information is mandatory and other information is optional, the mandatory information shall be clearly indicated with an asterisk “*”, so that you can choose whether or not to provide such information to us.
Identification and contact information
Personal identification data: name, telephone/mobile number, email address, identity document type and number
Personal characteristics: gender, nationality
Profession and employment
Profession and employment information (individual or company)
Photos and videos that may be taken during the event
We use these personal data for the following purposes:
✔ to be able to register you as participant to the Summit and to keep track of the number of attendees;
✔ to provide you with relevant information, for example:
✔ to contact you with respect to the practical organisation of the Summit, or
✔ to answer a question,
✔ for the handling of inquiries and complaints,
✔ to send you newsletters and updates (if you have subscribed hereto),
✔ for security and access control during the Summit, and
✔ to report on the event afterwards, including via social media and by posting photos and videos.
For your perfect information, you can find hereinafter the legal grounds applicable to these processing activities:
✔ for the processing of your personal data in the context of registering you as an attendee of the Summit, we rely upon the necessity for the performance of a contract,
✔ for the processing of your personal data for accounting purposes, we rely upon the necessity for compliance with our legal obligations as an international non-profit association,
✔ in all other cases, the processing of your personal data is based on our legitimate interests as an international non-profit association (e.g. to promote our events, to ensure the required security level at our events, or to make statistics).
4. With whom do we share your personal data?
✔ With our service providers (‘processors’): In the context of our activities as described above, we may share your personal data with third parties, in particular with service providers (IT/cloud service providers, PR/marketing agencies or creative agencies) that act as our ‘processors’.
✔ With our external law firms: Further, we may share your personal data with legal advisors in case of (threatened) litigation.
✔ With government authorities: We may share your personal data with the government, police authorities or the judiciary in case we have a legal obligation to do so (e.g. providing access to camera recordings by government authorities and to the police upon request).
✔ With the event venue (the European Parliament): For reasons of security and access control, we will share your identification information with the European Parliament, where the Summit will be hosted. If participants already have their own badge to enter the European Parliament, they will only have to provide their name, work place, position and email address. All other persons will need to provide with additional information, such as their nationality, date of birth, ID type and ID number. More information can be found on: https://www.europarl.europa.eu/at-your-service/files/stay-informed/security-and-access/notice-for-visitors-on-data-protection-EN19.pdf
We will implement appropriate safeguards when transferring your personal data to third parties. If necessary, we will for example conclude a data transfer or a processing agreement specifying the limitations to the use of your personal data and the obligations with respect to the security of your personal data. Your personal data will not be transferred to countries outside the European Economic Area. Your personal data and your profile will not be lent or sold to third parties for marketing purposes without your prior express consent.
5. How long do we store your personal data?
Your personal data will not be stored for longer than is necessary in relation to the purposes for which we process them (as listed above). Afterwards it is still possible that they can be found in our back-ups or archives, but they will no longer be actively processed in a file.
More specifically, the following retention guidelines are applied by us:
✔ personal data included in accounting, financial or other official documents will be retained for as long as such documents legally need to be kept,
✔ personal data obtained in the context of complaint handling will be deleted (or anonymised) as soon as the complaint is closed,
✔ any other personal data that is collected from attendees of our event is archived and not used as soon as the event has passed, unless you have indicated that you wish to be informed by us of future events or activities. As soon as we note that your contact details are no longer accurate or active, or whenever you decide to use your unsubscribe right, we will no longer keep your personal data for these purposes.
Only where we are legally obliged to, or where this is necessary for defending our interests in the context of judicial proceedings (e.g. in case of a dispute), we will store the personal data for longer periods.
6. How do we protect your personal data?
We will implement the necessary administrative, technical and organisational measures for ensuring a level of security appropriate to the specific risks that we have identified. We protect your personal data against destruction, loss, alteration, unauthorised disclosure of or access to personal data transmitted, stored or otherwise processed. Further, we seek to ensure that we keep your personal data accurate and up to date. In view thereof, we kindly request you to inform us of any changes to your personal data (such as a change in your contact details).
7. What are your rights and how can you exercise them?
Within the limits defined by articles 15-22 of the GDPR, you have the statutory right to:
✔ receive information about and access your personal data;
✔ rectify your personal data;
✔ erasure of your personal data (‘right to be forgotten’);
✔ request restriction of processing of your personal data;
✔ object to the processing of your personal data;
✔ receive your personal data in a structured, commonly used and machine readable format and to (have) transmit(ted) your personal data to another organisation.
Finally, you have the right to lodge a complaint relating to the processing of your personal data by us with the data protection authority in your country. Please find a list of supervisory authorities here: https://edpb.europa.eu/about-edpb/board/members_en.
In principle you may exercise these rights free of charge. Only where requests are manifestly unfounded or excessive we may charge a reasonable fee. Further information and advice about your rights can also be obtained from the data protection authority in your country. We might request a proof of identity in advance in order to double-check your request.