A note in advance: For reasons of better readability, the simultaneous use of masculine and feminine forms of language has been dispensed with. All references to persons apply equally to both genders.

General Regulations acc. Art 12-14 EU-GDPR

The Wiener Medizinische Akademie GmbH reserves the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.

We are pleased to provide you with the following information describing the nature, purpose and scope of the processing activities of your personal data.

1.1 Provider of the Website and Controller

Wiener Medizinische Akademie, Alser Str. 4, 1090 Vienna

T: +43 1 405 1383 0

E-mail:

Management of the person responsible: Romana König, Jerome del Picchia

Data Protection Coordinator: Therese Popp

The data is collected within the framework of the meeting of the Central European Diabetes Association in 2022..

1.2 Scope of application

This privacy policy informs users about the nature, scope and purpose of the collection and use of personal data by the responsible provider of this website.

We take the protection of your data very seriously and process your data exclusively on the basis of the legal provisions (EU-DSGVO, DSG, TKG 2003).

1.3 Data processor

Wiener Medizinische Akademie GmbH, Alser Str. 4, 1090 Vienna

T: +43 1 405 1383 0

E-mail:

Management of the person responsible: Romana King, Jerome del Picchia

Data Protection Coordinator: Therese Popp

The data is collected within the framework of the CEDA meeting 2022.

2 Personal data processed, purpose of processing and legal basis

We are processing your data

  • for the protection of the legitimate interests (Art 6 para 1 lit f GDPR), namely, to ensure the operation, security and optimization of our website (see section 2.1)
  • for processing, because of any requests that you send us via e-mail or contact form (Art 6 para 1 lit a GDPR) (2.2)
  • for the purposes of event management: if you register for the advertised event, when submitting an abstract, when making additional bookings & when booking a hotel (consent pursuant to Art 6 para 1 lit a GDPR) (2.3)
  • for advertising/marketing, further development, publication of the program, accreditation & compliance regulations (2.4)

2.1 Processing of personal data of visitors to our website and interested parties

We are processing your personal Data when you are visiting our website, for the protection of the legitimate interest (Art 6 Abs 1 lit f GDPR), namely ensuring the operation, security and optimization of our website.

Access data / Server-Logfiles

We are processing personal data when visiting our website in so-called „Server-Log-Files“, to ensure the operation of the website and its security, and to optimize the website for you.

While visiting the website, our web server temporarily stores each access in a log file. The following data is collected and stored until automated deleted:

  • IP-address of the requesting computer
  • Date and time of access
  • Name and URL of the retrieved data
  • Transmitted data volume
  • Message whether the retrieval was successful
  • Recognition data of the browser and operating system used
  • Website from which the access is made
  • Name of your Internet access provider

This data is processed for the purpose of enabling the use of the website (connection establishment), system security, technical administration of the network infrastructure and optimisation of the internet offer (legitimate interest according to Art 6 para 1 lit f GDPR).

As a rule, server log files are stored for 2 weeks and then deleted. The website provider reserves the right to carry out a subsequent check in the event of suspicion of illegal use – in this case, the respective data are excluded from deletion until the respective incident has been finally clarified.

The web host/provider has undertaken to ensure that appropriate measures are taken in accordance with the GDPR and that the protection of personal data is guaranteed.

Integration of third-party services and content

Third-party content may be integrated as e.g. videos from YouTube, maps from mapping sercives etc. These services are only activated if you give your active consent.

Cookies

Our website uses so-called cookies. These are small text files that are stored on your end device with the help of the browser and enable a web server to recognise a user and save settings. They do not cause any harm.

Some cookies must be set for technical reasons essential to the functioning of the website. They are used exclusively by this website and are deleted again as soon as you close your browser window (“session cookies”).

You can set your browser to inform you about the setting of cookies and only allow those in individual cases. You can also delete all or individual cookies at any time via your browser settings.

If you deactivate cookies, the functionality of our website may be limited.

Data Recipients in a Third Country

The third country service providers mentioned below (mostly from the USA or the UK) are used on some of our websites.

Services from providers who are not based within the EU are only used with your active consent. This is ensured by using the so-called “2-click” or “Shariff” solutions, which only load the corresponding service with your active consent.

When cookies are used, they are only activated if you give your active consent when entering our website.

Details on the individual service providers can be found in the following sections, if applicable.

2.2 If contacting us by email or contact form

When contacting us either via email or by a contact form within our website, the data provided by you will be stored by us for the purpose of processing the enquiry and in the event of follow-up questions and in accordance with the statutory storage obligations.

When sending your data by form, the data transmitted using SSL encryption (https) and cannot be read by third parties. You can recognise an encrypted connection by the fact that the address line of the browser changes from “http://” to “https://” and by the lock symbol in your browser line.

2.3 Processing of personal data for registration, abstract submission, additional bookings, hotel bookings etc.

Personal Data

Your voluntarily transmitted personal details (through submission in the online forms respectively sent by your group coordinator) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018).

By registering for the conference, you further agree to the use of your data (name, home address, email address, telephone number) to meet the Covid-19-safety measures and to forward the information to the Covid-19 representative. In case of a suspected or confirmed case, the organizer / society / meeting office as well as the Covi-19 representative are obliged to forward this information to the legal authorities. Therefore, please indicated within the registration process the email address, which you actually check regularly on a basis of 24-48 hrs, as well as you telephone number where you can be reached at any time.

Registration, abstract submission, additional bookings & hotel booking

A registration and/or abstract submission to CEDA meeting 2022 is not possible without collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the event. Your data will only be passed on to third parties, who are directly involved in running the event and when the organisational process makes it necessary – in accordance with your bookings (organising society, hotel, transport companies, travel insurance, etc.).

Photos/Films

By registering to attend CEDA meeting 2022, you grant permission to the Wiener Medizinische Akademie GmbH as well as the organising society to use photos/films taken from you respectively your company presence by our official photographer(team) onsite during the meetingfor marketing purposes (event reporting, promotion of follow-up events & self-marketing) for an indefinite period of time. If you do not want to have any photos/films taken of you published, you may contact us at any time: .

Links to other websites

Our online forms may contain links to other websites. The Wiener Medizinische Akademie GmbH is not responsible for the data you provide on other websites. Our partner companies are also bound to act according to EU-GDPR, the implementation however rests with each company individually. Our data protection guidelines are solely applicable to data controlled by us (Wiener Medizinische Akademie GmbH).

Purposes of Processing

Depending on the participant status and the bookings of the data subject (see Booking Overview E-Mail), the data are processed for one or more of the purposes listed below.

Processing Purpose

Data Categories

Participant Management

(Registration, Additional Bookings)

name

contact data

address data/invoice data

registration data

additional bookings

travel data (if necessary)

passport data (if necessary)

special requirements (sensitive data)

special dietary requirements (sensitive data)

Hotel Management

name
contact data
address data/invoice data
hotel booking data
travel data (if necessary)

credit card guarantees (if necessary) )

Scientific Management &Coordination Grants und Awards

name
contact data
date of birth (if necessary)
lecture data (speaker, topic, title)

Industry Management

(Exhibition & Sponsoring)

name

contact data

company data

General Organisation /

Accreditation & Compliance

name & city/country

institution/organisation (if necessary)

specialisation (if necessary)

lecture data (speaker, topic, title)

General Organisation / Accounting

name

contact data

registration data

additional bookings

bank data (if necessary)

credit card data (if necessary)

Marketing & Development

name

contact data

photos/films

statistical data (ONLY anonymised)

Legal Basis for the data processing purposes

Processing Purpose

Legal Basis

Participant Management

(Registration, Additional Bookings)

Binding completion of the registration for the participation of the selected event

Written confirmation of the group coordinator that participant data may be used

Binding booking of ticket(s) to one or more social events of the selected event

Binding booking of a travel insurance of the data subject – Mondial Congress & Events acts as intermediate only

Consent of the data subject (sensitive data)

Hotel Management

Binding conclusion of a hotel booking by the person concerned or his group coordinator
Written confirmation from the group coordinator that participant data may be used

Scientific Management &Coordination Grants und Awards

Binding completion of the abstract submission for the selected event

Acceptance of active participation in the selected event

Industry Management

(Exhibition & Sponsoring)

Binding contract conclusion of the data subject and the company represented by him/her to take part at the selected event

General Organisation

(Accreditation & Compliance, Accounting)

Fulfillment of contract and law

Legitimate interest of the controller (see point 4.4.)

Marketing & Development

Legitimate interest of the controller (see point 4.1.-4.2.)

Third Party Data Recipients – Categories

The recipients only receive the data they require, not your full data record. Your data will only be forwarded when the organisational process makes it necessary – in accordance with your bookings – and when a legal basis exists.

Processing Purpose

Data Categories

Recipient Categories

Participant Management

(Registration, Additional Bookings)

name

contact data

address data/invoice data

registration data

additional bookings

travel data (only if necessary)

passport data (only if necessary)

organising society, service providers (fulfilment agents)

special dietary requirements (sensitive data)

Caterer

Hotel Management

name
contact data
address data/invoice data
hotel booking data
travel data (if necessary)

credit card guarantees (if necessary) )

DMC, travel agency, hotels

Scientific management & coordination of grants and awards

name

contact data

date of birth (if necessary)

date of graduation (if necessary)
Lecture data (speaker, topic, title)

Oasis – abstract management software – USA

A standard clause agreement with the provider of the abstract processing software Oasis regarding data protection according to the DSGVO is in place.

Industry Management

(Exhibition & Sponsoring)

name

contact data

company data

organising society, service providers (fulfilment agents)

General Organisation /

Accreditation & Compliance

name & city/country

institution/organisation (if necessary)

specialisation (if necessary)

lecture data (speaker, topic, title)

organising society, relevant accreditation authorities, service providers (fulfilment agents)

General Organisation / Accounting

name

contact data

registration data

additional bookings

bank data (if necessary)

credit card data (if necessary)

organising society, responsible authorities, bank, fiscal office, tax consultant, service providers (fulfilment agents)

Marketing

name

contact data

online mailing provider;

Mailchimp – USA / Online Mailing Provider / A standard clause agreement with the provider of the mailing software Mailchimp regarding data protection according to the GDPR is in place.

Development

statistical data (ONLY anonymised)

organising society

Processing of your data by Wiener Medizinische Akademie GmbH/ Central European Diabetes Association

Your personal data (comprising name, contact data, address data, organization/institute & registration category), collected by the Wiener Medizinische Akademie GmbH, may be passed on to Central European Diabetes Association. The named society has permission to process your personal data and to contact you directly for own purposes incl. society newsletters, promotion of topic-related events, information about activities of the society (eg: membership, competitions, travel grants, etc.) and the evaluation and further development of the current event, as well as its future editions.

-> this declaration of consent is queried within the online registration

Transfer of your data to exhibitors and sponsors

Badge scanning in the exhibition area & at sponsor sessions

Please note: If you have your badge scanned by an exhibitor/sponsor at CEDA meeting 2022, you thereby agree that your personal data (consisting of name, contact data, address data & organization/institute), collected by the Wiener Medizinische Akademie GmbH, may be forwarded (via a contracted service provider) to the exhibitor/sponsor by whom you have your badge scanned, and the respective company may contact you directly for its own purposes.

Transfer to Third Country

Processing Purpose

Data Categories

Recipient Categories

Scientific management & coordination of grants and awards

name

contact data

date of birth (if necessary)

date of graduation (if necessary)
Lecture data (speaker, topic, title)

Oasis – abstract management software – USA

A standard clause agreement with the provider of the abstract processing software Oasis regarding data protection according to the DSGVO is in place.

Marketing

name
contact data

Mailchimp – USA / Online Mailing Provider / A standard clause agreement with the provider of the mailing software Mailchimp regarding data protection according to the GDPR is in place.

Data Storage Periode

Sensitive data (special dietary requirements), which are collected with consent of the data subjects, as well as passport data and information submitted for statistical data collection are irrecoverably deleted with the end of the event wrap-up.

All other data are stored for 7 years, to meet the retention period according to the Austrian VAT Act 1994 (Umsatzsteuergesetz 1994) and to permit post-event support and service (i.e. belated participation confirmations and presentation certificates).

In the case of (e.g. annually) recurring congresses, the data are stored for at least 7 years after the end of the entire event series.

Upon revocation of the person concerned, their data will be deleted immediately.

2.4 Other processing of personal data for the purposes of Advertising/Marketing, Development, Publication of the programme, Accreditation and Adherence to national and international compliance regulations

Description of other Purposes:

Legitimate Interests of the Controller acc. Art 6 (1) f) EU-GDPR

Advertising/Marketing

Processing data of the data subject to inform him/her about the above-mentioned event, as well as future and topic-related events.

Development

Processing data of the data subject to develop the programme as well as the organisation and implementation of the above-mentioned event, future and topic-related events.

Publication of programme

Processing data of the data subject for the promotion and publication of the event programme via various communication channels (including website and print media).

Concerns the following data subject categories: speaker & chairs, abstract presenters, industry

Accreditation & Adherence to national and international compliance regulations: DFP, CME EFPIA, MedTech etc.

Processing data of the data subject in order to organise the accreditation of the scientific programme and to adhere to national and international compliance regulations in the field of medical events.

Concerns the following data subject categories: organising society, speaker & chairs, abstract presenters, industry

3 Data Subject Rights

We are pleased to inform you about your rights according to EU-GDPR:

Data Subject Rights acc. Art 15-21 EU-GDPR:

  • Right of access by the data subject
  • Right to rectification
  • Right to erasure/”Right to be forgotten”
  • Right to restriction of processing
  • Right to data portability
  • Right to object (at legitimate interest of the controller)

Detailed descriptions can be found here:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
© European Union, http://eur-lex.europa.eu/, 1998-2018′

Right to withdraw consent acc. Art. 7 EU-GDPR

Depending on your participant status, we kindly ask you for different declarations of consent. These are queried within the online forms or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU GDPR.

Each data subject has the right to withdraw his/her given consent(s) at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the declaration of consent until the withdrawal.

Right to lodge a complaint with a supervisory authority acc. Art 77 EU-GDPR

Every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes to the EU-GDPR.

If in your opinion the data proceeding would be contrary to the data processing law or to your data protection high demands, you may complain to the Austrian data protection authority.