ECFS PRIVACY POLICY
The European Cystic Fibrosis Society (ECFS) is an international community of scientific and clinical professionals committed to improving survival and quality of life for people with CF by promoting high quality research, education and care.
With international partnerships - the ECFS is:
- Continuing to create a network of European and International CF specialists including Allied Health Professionals to promote and stimulate the exchange of information about CF.
- Holding annual conferences where specialists can meet and discuss all issues linked with CF. These conferences encourage the submission of research in the field to be presented in both oral and poster format.
- Promoting young researchers.
- Developing standardised European documentation for CF care.
- Promoting the establishment of specialist Working Groups and Special Interest Groups.
- Publishing a Journal of CF (JCF) with six issues a year with supplements.
INTRODUCTION
The General Data Protection Regulation (Regulation 2016/679/EU), came into force on May, 25th 2018. The GDPR focuses on accountability, transparency, protection and reliability. The Regulation aims to reduce the collection of data from consumers without their knowledge and without transparency.
The European Cystic Fibrosis Society, ECFS, is committed to the protection of your privacy and personal data. The ECFS is committed to comply with the Regulation and to ensure that any third party -or processor of data we are working with- is also compliant.
Our central office is located in Denmark, Kastanieparken 7, 7470 Karup. Our Supervisory Authority is the national authority on data privacy, Datatilsynet, www.datatilsynet.dk.
The ECFS or third parties working with the ECFS as an entity processing the data, are legally or contractually obliged to confidentiality and compliance with the GDPR. The use of the data will be for a specific and predefined purpose.
By law, we are obliged to inform you about how we treat and disclose personal information. The European Cystic Fibrosis Society (hereinafter called "ECFS ") collects and processes a number of personal data when you, as a member of the ECFS or as anonymous user visit the ECFS Website and possibly create a Login, take an ECFS membership, register for an ECFS event or submit other information to us from time to time.
Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.
Links to third party sites may appear on our platforms. Those third-party sites are not our responsibility, although we use our best efforts to choose them with care. You should read and satisfy yourself with those third parties' privacy policies before using such linked sites.
1. What personal data is collected by ECFS:
1.1 Information you give us. This is information about you that you may give us by:
- filling in forms on any of our platforms;
- as part of using our services;
- by corresponding with us by phone, e-mail or otherwise;
- downloading an app and/or registering on one of our platforms;
- Interacting with our platforms (for example, subscribing to any services, making a purchase);
- Sharing information on social media from our platforms; or
- Reporting a problem or concern with one of our platforms.
1.2. Information we collect about you. With regard to each of your visits to our site and/or the app we may automatically collect the following information:
A. For all anonymous users without a membership and/or login:
- We collect and process the following personal information when you visit the ECFS Website:
- What type of device used to access the given Web page (for example, smart device, tablet pc, etc.)
- Browser type, browser language setting on the device ID and
- Which website or app that referred you to the given Web page
- IP-address
- Which articles and pages you visit, time, and number of visits
- Possibly editorial input from you. Editorial input is not subject to the legislation on data protection and therefore not referred to further in this document.
B. For all users giving consent to further communication with the ECFS:
In addition to the above data, we collect and process the following:
- Name
- Address
- Email address
- Telephone number
If you have a Login to the ECFS website, we also collect and process these personal data:
- Username and encrypted password
C. For sponsors and contributors:
In addition to the above data, we collect and process the following:
- Means of payment, transaction ID and amount paid. We do not store credit card details for online transactions.
D. All members of the Society:
In addition to the above data, we collect and process the following:
- Subscription type
- Information about participation in activities (travel, courses and events)
E. Employees and ECFS officials:
In addition to the above data, curriculum vitae is collected from applicants to ECFS Official positions or applicants for ECFS job openings. Other personal information might be collected in connection with personnel administration, including recruitment, termination and payment of wages.
- Identification data – Title, First Name(s), Family Name(s): Your nominative details are needed to properly identify you, to communicate with you, to provide you with the products and services you have requested and to ensure that items are properly labelled as yours (e.g. Membership card, conference badges and scientific contributions, such as abstracts and presentations, Award applications).
- Full Postal Address: The Postal Address is collected from all registering for an ECFS event or creating an account. It is needed when items will be sent to you by post (e.g. paper journals) or to produce participants lists for events.
- Date of Birth: Your date of birth is collected with regard to specific conditions of eligibility, e.g. ECFS Awards/ discounted registration fees for the conferences.
- Email address: Your email address is needed because it is necessary to communicate with you about the services you have requested. Additionally, because we only permit a particular email to be used once in our system, it reduces the possibility of duplicates. Finally, it permits “Forgot Password” to be handled in an automated and secure way.
- Emailing Preference: We ask you to advise us whether or not you wish to receive emails from the ECFS. This is so that we can respect your privacy regarding electronic communications, as required by European law.
- Profile Information: We ask you for information about your Professional Activity, Place of Work, and Fields of Interest and Areas of Expertise to enable us to provide you with more relevant information and to better understand the preferences of our audience so that we can give a better service generally.
- Banking information: these details are collected when a reimbursement is needed or an award / fund granted.
- Videos and images: these are used for the promotion of our activities (e.g.: conference, interviews). These data are not used for profit and the (data) subject consents beforehand.
- Website analytics: Data captured by our website through Google analytics are saved and stored by these entities. These systems capture – by default mode – your geographical location, IP address, browser, device and “behaviour”.
ECFS is the controller. Our processors are mentioned in Section 5.
2. How ECFS processes / uses personal data:
The acquisition, handling (which includes saving data, changes, transmission, blocking and erasing) and utilization of all personal data is executed by the ECFS within the guidelines of the effective General data protection regulations.
The main reason we use your personal data is to provide you with professional information and services (whether available via the website or offline). We will only use your information, as listed above, to execute our mutual engagement and fulfil our legal obligation.
2.1. We use information held about you in the following ways:
- communicate with you in response to a specific action performed by you on our platforms, e.g. when you take membership, register for an ECFS event, submit an application etc;
- to provide you with support in using our platforms, and to provide you with the information, products and services that you request from us;
- to provide you with information about one of our many events, for example our conferences;
- to provide you with information about other services we offer that are similar to those that you have already enquired about, for example newsletters, competitions and offers;
- to provide you with information about ECFS activities or services we feel may interest you. If we permit selected third parties to use your data, we (or they) will contact you by electronic means only if you have consented to this. If you do not want us to use your data in this way, or to pass your details on to third parties for marketing purposes, please ensure the relevant box situated on your profile preference settings is unticked;
- to send you news items which are relevant to your interests;
- to notify you about changes to our services;
- to ensure that content from our platforms is presented in the most effective manner for you and for your computer and/or your mobile device;
- to administer our platforms for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to improve our platforms to ensure that content is presented in the most effective manner for you and for your computer and/or your mobile device;
- to help us improve and personalise our services;
- as part of our efforts to keep our platforms safe and secure.
3. Our Legal Basis for processing data:
3.1 Organisations that collect and use personal data must have a lawful basis for doing so under data protection law and we are required to let you know the lawful basis on which we rely to process your personal data. We rely upon the following lawful bases:
- Your consent to use your data for a particular purpose (for example to send you direct marketing by e-mail or to collect sensitive personal data);
- Where the use of the data is in our “legitimate interests” (see below for more information);
- Where we need to process your data in order to perform our obligations under a contract that we have entered into with you (for example to enrol you in an event or provide you with access to resources); and
- To process data where we are under a legal obligation to do so.
3.2 Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and does not adversely impact the rights of the individual concerned. When we use your personal information, we will always consider if it is fair and balanced to do so and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal information in ways that are not unduly intrusive or unfair. Our legitimate interests include:
- Promotion of our purposes, including to develop new offers and services to promote Cystic Fibrosis research, care and education;
- Administration and operational management, including responding to solicited enquires, providing information that you have requested, research, events management, the administration of our resources and tools.
- Liaising with third parties, including working with partner organisations to develop new programmes and resources which further our purposes.
3.3 If you would like more information on our uses of legitimate interests or to change our use of your personal data in this manner, please get in touch with us using the details in the section 8 below.
4. How ECFS stores personal data:
In order to protect and safeguard the personal data provided to the ECFS, appropriate business systems and procedures have been implemented and are in full operation.
Furthermore, security procedures and technical and physical restrictions for accessing and using personal information have been implemented and are in full operation. Only authorised employees are permitted to access personal information for performing their duties in respect of the requested services.
The servers and network of ECFS are protected by firewalls against unauthorised access.
To protect your information, the ECFS uses an industry standard security protocol called Transport Layer Security (TLS) to encrypt the transmission of sensitive information between you and our Websites. To know if transmissions are encrypted, look for the lock on your web browser or check that the URL starts with https://.
Unfortunately, no company or service can guarantee complete security. Your account is protected by a password for your privacy and security. We strongly suggest you prevent unauthorized access to your account by selecting and protecting an appropriate password and limiting the access to your computer and devices.
The data are stored as long as there is a need for specific activities (Award applications, courses, diplomas, archives or promotion), or as long as the data subject is a member of the Society. For all individuals who have attended an ECFS event or registered as user or member, a minimal data set is kept for statistical purpose.
All data are stored in Europe and on a GDPR compliant platform.
5. Disclosure of data:
Your complete contact details will only be forwarded if:
- your explicit consent is given, or
- a third party has proven to the ECFS that you have violated the rights of this third party and has thus demanded the disclosure of your data, or
- the ECFS is obliged to give out your data due to, for example, a court order or an official order.
We might disclose your data with GDPR compliant processors:
- Elsevier: If you have an ECFS Membership subscription associated with a Journal of Cystic Fibrosis (JCF) subscription, the following information is provided to Elsevier in order to process your subscription: identification (title, first name(s), last name(s)), address (postal address and email).
- Event Management company: When registering for an ECFS conference or event where ECFS has outsourced a company to handle the event partially or in full, your data will be sent to this third party. These include identification data about you, such as title, first name(s), last name(s)), address (postal address and email), telephone, fax, specific diet requirements when applicable. Only appropriate personal information necessary for the booking is transferred to the company handling the ECFS event.
- ECFS officials assessing applications: An application to become an ECFS Board Member, a Member of given ECFS projects (e.g. Clinical Trials Network) requires the submission of identification data as well as a CV, publication list and, sometimes, other elements to support the application. This information, together with identification information concerning the applicant, is assessed by a leading ECFS official or committee of CF professionals, prior to acceptance or refusal of the application.
- ECFS officials assessing applications for ECFS Awards, Training Fellowships or other funding: An application for an ECFS Award or other award requires the submission of appropriate career details and other information to support the application. This information is made available to the committee responsible for assessing the applications and giving the awards.
- IT partners: The IT company that assists us with the operation and maintenance of the ECFS website and CRM may access the personal data we collect. Also, we have contracts with third parties to process payments, host our servers, provide security, and provide production, reporting, and software maintenance and development services. Those third parties will be given access to your information only as is reasonably necessary to provide the services for which they are contracted.
- Payment collection: Payment collection is made securely through our payment gateway, Worldpay, a Payment Card Industry Data Security Standard (PCI-DSS) compliant organization. PCI-DSS is an information security standard that has been created by the major credit card companies (American Express, Discover, JCB, MasterCard and Visa) to improve controls around credit card data handling and to reduce fraud.
We use Stripe for payment, analytics, and other business services. Stripe collects and processes personal data, including identifying information about the devices that connect to its services. Stripe uses this information to operate and improve the services it provides to us, including for fraud detection and prevention. You can learn more about Stripe and its processing activities via privacy policy at https://stripe.com/privacy.
6. In case of a security breach:
ECFS takes all adequate technical and organisational measures to prevent any unauthorised access to your personal data.
ECFS has taken adequate technical and organisational measures to be able to notify you – in the case of a security breach affecting your personal data within 72 hours – as well as the Supervisory Authority, as specified in the Regulation.
ECFS is engaged to implement measures to avoid any breach of security and prevent the risk, in the event of a security breach.
7. How long do we keep your data for?
7.1 We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. The minimum retention period required for accounting purposes is currently set at ongoing calendar year and 5 years (7 years for US data). To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
7.2 In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you. Once you no longer have a relationship with us, we will retain and securely destroy your personal information in accordance with applicable laws and regulations.
7.3 If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to avoid sending you unwanted materials in the future.
8. Procedure to access your personal data and exercise your rights:
You can contact privacy@ecfs.eu for any further information.
If you need to retrieve, modify or access all or a specific set of information/data we could have about you, or if you would like to know how they are processed, you can contact privacy@ecfs.eu.
The GDPR gives you to right to be erased and forgotten from our database. If you would like us to remove all of your data, or a specific set of data, you can contact privacy@ecfs.eu.
If you receive mailings about ECFS and its activities, you can always opt-out by unsubscribing directly, or contacting privacy@ecfs.eu.
If you exercise your right to be erased and forgotten, the ECFS will implement all the necessary measures within 30 days.
Cookies
Our platforms use cookies to distinguish you from other users of our platforms. A cookie is a small file of letters and numbers that we store on your browser or your hardware (your computer or mobile device). Cookies contain information that is transferred to your computer or mobile device and helps the websites function effectively and also improves our website visitors’ experience when they browse our websites.
Cookies help us to provide you with a good experience when you use our platforms and also allow us to improve our platforms. By continuing to use and browse our platforms, you are agreeing to our use of cookies.
We use the following cookie types:
- Strictly Necessary Cookies. These are cookies that are required for the operation of our platforms. They include, for example, cookies that enable you to log into secure areas of our platforms.
- Performance Cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our platforms when they are using them. This helps us to improve the way our websites work, for example, by ensuring that users are finding what they are looking for easily.
- Functional Cookies. These are used to remember preferences or to recognise you when you return to our platforms. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).
- Third Party cookies. These are cookies that may be set through your use of our websites but which are set by third parties due to our use of their technology. We have attempted to limit this type of cookie to instances where the user experience is enhanced by the use of the third-party service.
You can find more information about the individual cookies we use and the purposes for which we use them in the tables below.
Blocking Cookies
You do not have to accept all of the cookies used by our websites. If you reject certain cookies, however, you may not be able to use some of the features of our websites. Your browser may be configured to allow you to refuse or delete cookies or to be notified when a cookie is stored on your device. To change your web browser settings for cookies, you can follow the instructions in the help section of your web browser or visit links below that will provide help in changing your cookie settings:
Cookie settings for Internet Explorer - https://support.microsoft.com/en-us/help/17442/windows-internet-explorer-delete-manage-cookies
Cookie settings for Firefox - https://support.mozilla.org/en-US/kb/cookies-information-websites-store-on-your-computer
Cookie settings for Chrome - https://support.google.com/chrome/answer/95647?hl=en
Cookie settings for Safari - https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac
You may also find information about how to disable specific cookies using the links provided in the tables below.
Cookies used by the ECFS Website (https://www.ecfs.eu):
Domain | Cookie Name | Description | Expiration | Opt-out | Type |
---|---|---|---|---|---|
.ecfs.eu | has_js | Contains info if user has js support or not, used for correct handling of users with/without js. | With session | Strictly Necessary Cookies | |
.ecfs.eu | DRUPAL_UID | Assists with logged in user account to identify user. | 24 days | Strictly Necessary Cookies | |
.ecfs.eu | SSESSID... | Cookie that stores session identification. A random ID is stored within a cookie on the visitor's device. | 24 days | Strictly Necessary Cookies | |
.ecfs.eu | cookie-agreed | Cookie that stores whether the user has accepted to use cookies on the website. | 100 days | Functionality Cookies | |
.ecfs.eu | _ga | Google Analytics. | 2 years 4 hours 28 hours | Opt-out Opt-out Opt-out | Performance Cookies |
.imgur.com | various | The social media feed present on our home page generates a number of third party cookies. | various | More info | Third Party Cookies |
The Social Media Feed on our home page generates a number of cookies which may change over time and are out of the control of the ECFS. These are covered by the privacy policy of Juicer IO which can be found here: https://www.juicer.io/privacy
Cookies used by the ECFS Education Website (https://lms.ecfs.eu):
Domain | Cookie Name | Description | Expiration | Opt-out | Type |
---|---|---|---|---|---|
lms.ecfs.eu | .ASPXAUTH | Assists with user authentication. | 4 hours | Strictly Necessary Cookies | |
lms.ecfs.eu | __ControllerTempData | Assists with site operation. | 24 days | Strictly Necessary Cookies | |
lms.ecfs.eu | __RequestVerificationToken | Assists with site operation. | 24 days | Strictly Necessary Cookies | |
lms.ecfs.eu | _ga | Google Analytics. | 2 years 4 hours 28 hours | Opt-out Opt-out Opt-out | Performance Cookies |
The ECFS education website https://lms.ecfs.eu makes use of the Absorb LMS platform. The provider of that platform, Absorb Software Inc., provide their privacy policy here: https://www.absorblms.com/about/privacy-policy
Cookies used by the ECFS Events Website (https://events.ecfs.eu):
Domain | Cookie Name | Description | Expiration | Opt-out | Type |
---|---|---|---|---|---|
events.ecfs.eu | .ASPXAUTH | Assists with user authentication and site operation. | With session | Strictly Necessary Cookies | |
.ecfs.eu | DRUPAL_UID | Assists with logged in user account to identify user. | 24 days | Strictly Necessary Cookies | |
.ecfs.eu | SSESSID... | Cookie that stores session identification. A random ID is stored within a cookie on the visitor's device. | 24 days | Strictly Necessary Cookies | |
.ecfs.eu | _ga | Google Analytics. | 2 years 4 hours 28 hours | Opt-out Opt-out Opt-out | Performance Cookies |
Cookies used by the ECFS Learning Website (https://learning.ecfs.eu):
Domain | Cookie Name | Description | Expiration | Opt-out | Type |
---|---|---|---|---|---|
learning.ecfs.eu | .ASPXAUTH | Assists with user authentication and site operation. | With session | Strictly Necessary Cookies | |
.ecfs.eu | DRUPAL_UID | Assists with logged in user account to identify user. | 24 days | Strictly Necessary Cookies | |
.ecfs.eu | SSESSID... | Cookie that stores session identification. A random ID is stored within a cookie on the visitor's device. | 24 days | Strictly Necessary Cookies | |
.ecfs.eu | _ga | Google Analytics. | 2 years 4 hours 28 hours | Opt-out Opt-out Opt-out | Performance Cookies |
Google Analytics
Google Analytics are used widely by websites and mobile applications to collect information about how visitors use a site and/or the App. We may use Google Analytics cookies to collect information about how users use our platforms and to improve our platforms.
Google Analytics collect information in an anonymous form and will not allow us to identify you or collect any personal information about you.
Google Analytics do not track your internet activity after leaving our platforms.
Social media cookies
Our platforms may contain buttons and content from social media sites such as Facebook, Twitter and YouTube to enable you to share content from our platforms with your social media networks. If you use these features, these social media sites may use their own cookies. Information on how these are used can be found on their respective websites.
Third parties’ cookies
Please note that third parties (such as the social media feed on the ECFS Website home page) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.