Data Protection Policy acc. EU-GPDR
The WMA GmbH and the ITOC Association are joint controllers for the personal data processed under this Agreement, on the basis that the parties jointly decide the purpose of the processing of the personal data and what means are to be used, cf. Article 26 of the GDPR. The parties shall comply with all requirements of applicable privacy legislation with respect to the processing of personal data.
1. General Regulations
The Medizinische Akademie GmbH and the ITOC Association reserve the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.
​
1.1. Personal Data:
Your voluntarily transmitted personal details (through submission in the online forms respectively sent by your group coordinator) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018).
​
By registering for the conference, you further agree to the use of your data (name, home address, email address, telephone number) to meet the Covid-19-safety measures and to forward the information to the Covid-19 representative. In case of a suspected or confirmed case, the organizer / society / meeting office as well as the Covid-19 representative are obliged to forward this information to the legal authorities. Therefore, please indicate within the registration process the email address, which you actually check regularly on a basis of 24-48 hrs, as well as you telephone number where you can be reached at any time.
​
Registration, abstract submission, additional bookings & hotel booking:
A registration and/or abstract submission to ITOC conference is not possible without collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the event. Your data will only be passed on to third parties, who are directly involved in running the event and when the organisational process makes it necessary – in accordance with your bookings (organising society, hotel, transport companies, travel insurance, etc.).
​
1.2. Photos/Films:
By registering to attend the ITOC conferences, you grant permission to the WMA GmbH as well as the ITOC Association to use photos/films taken from you respectively your company presence by our official photographer(team) onsite during the meeting for marketing purposes (event reporting, promotion of follow-up events & self-marketing) for an indefinite period of time. If you do not want to have any photos/films taken of you published, you may contact us at any time: dataprotection@medacad.org.
​
1.3. Links to other websites:
Our online forms may contain links to other websites. The WMA GmbH and the ITOC Association are not responsible for the data you provide on other websites. Our partner companies are also bound to act according to EU-GDPR, the implementation however rests with each company individually. Our data protection guidelines are solely applicable to data controlled by us (WMA GmbH and ITOC Association).
​
2. Information Obligation acc. Art 12-14 EU-GDPR (EU-DSGVO)
We would be pleased to provide you with the following information describing the type, purpose and scope of the processing of your personal data.
​
2.1. Controller & Processor
Wiener Medizinische Akademie GmbH, Alser Str. 4, 1090 Vienna, Austria
ITOC Association c/o WMA GmbH, Alser Strasse 4, 1090 Vienna, Austria
T: +43 1 405 1383 0
E-mail: dataprotection@medacad.org
Management of the person responsible: Mirjam Uebelhör, Jerome del Picchia
The data is collected within the framework of the ITOC Conferences.
Processing Purpose
Participant Management
(Registration, Virtual Conference platform, Additional Bookings)
Contact Tracing in the context of the COVID-19 pandemic
Hotel Management
Scientific Management & Coordination
Grants und Awards
Industry Management
(Exhibition & Sponsoring)
General Organisation /
Accreditation & Compliance
General Organisation /Accounting
Marketing & Development
Data Categories
name
contact data
address data/invoice data
registration data
additional bookings
travel data (if necessary)
passport data (if necessary)
special requirements (sensitive data)
special dietary requirements (sensitive data)
name
contact data
address data
vaccination/testing status (sensitive data)
NOTE: data is only stored for 28 days and then deleted
name
contact data
address data/invoice data
hotel booking data
travel data (if necessary)
credit card guarantees (if necessary)
name
contact data
date of birth (if necessary)
date of graduation (if necessary)
lecture data (speaker, topic, title)
name
contact data
company data
name & city/country
institution/organisation (if necessary)
specialisation (if necessary)
lecture data (speaker, topic, title)
name
contact data
registration data
additional bookings
bank data (if necessary)
credit card data (if necessary)
name
contact data
photos/films
statistical data (ONLY anonymised)
2.3. Legal Basis for the data processing purposes:
Processing Purpose
Participant Management
(Registration, Additional Bookings)
Contact Tracing in the context of the COVID-19 pandemic
Hotel Management
Legal Basis
Binding completion of the registration for the participation of the selected event
Written confirmation of the group coordinator that participant data may be used
Binding booking of ticket(s) to one or more social events of the selected event
Binding booking of a travel insurance of the data subject – Wiener Medizinische Akademie GmbH acts as intermediate only
Consent of the data subject (sensitive data)
Fulfilment of legal obligations
Binding conclusion of a hotel booking by the person concerned or his group coordinator
Written confirmation from the group coordinator that participant data may be used
Scientific Management &
Coordination Grants and Awards
Industry Management
(Exhibition & Sponsoring)
General Organisation
(Accreditation & Compliance, Accounting)
Marketing & Development
Binding completion of the abstract submission for the selected event
Acceptance of active participation in the selected event
Binding contract conclusion of the data subject and the company represented by him/her to take part at the selected event
Fulfillment of contract and law
Legitimate interest of the controller (see point 4.4.)
Legitimate interest of the controller (see point 4.1.-4.2.)
2.4. Third Party Data Recipients – Categories:
The recipients only receive the data they require, not your full data record. Your data will only be forwarded when the organisational process makes it necessary – in accordance with your bookings – and when a legal basis exists.
Processing Purpose
Participant Management
(Registration, Virtual Conference Platform, Additional Bookings)
Contact Tracing in the context of the COVID-19 pandemic
Participant Management
(Registration, Additional Bookings)
Hotel Management
Scientific management & coordination of grants and awards
Industry Management
(Exhibition & Sponsoring)
General Organisation/ Accounting
Marketing
Development
Data Categories
name
contact data
address data/invoice data
registration data
additional bookings
travel data (only if necessary)
passport data (only if necessary)
special dietary requirements (sensitive data)
name
contact data
address data
vaccination/testing status (sensitive data)
Participant Management
(Registration, Additional Bookings)
​
namecontact data
address data/invoice data
hotel booking data
travel data (if necessary)
credit card guarantees (if necessary)
namecontact datadate of birth (if necessary)
date of graduation (if necessary)
Lecture data (speaker, topic, title)
name
contact data
company data
name & city/country
institution/organisation (if necessary)
specialisation (if necessary)
lecture data (speaker, topic, title)
namecontact data
registration data
additional bookings
bank data (if necessary)
credit card data (if necessary)
name
contact data
statistical data (ONLY anonymised)
Recipient Categories
organising society, service providers (fulfilment agents)
​
​
​
​
​
​​​​​Caterer
competent health authorities (district authorities/municipal departments)
​
​
​
Participant Management
(Registration, Additional Bookings)
DMC, travel agency, hotels
Oasis – abstract management software – USA
A standard clause agreement with the provider of the abstract processing software Oasis regarding data protection according to the DSGVO is in place.
organising society, service providers (fulfilment agents)
organising society, relevant accreditation authorities, service providers (fulfilment agents)
organising society, responsible authorities, bank, fiscal office, tax consultant, service providers (fulfilment agents)
online mailing provider
organising society
2.5. Transfer to Third Country:
Processing Purpose
​Scientific management & coordination of grants and awards
Marketing
Data Categories
namecontact datadate of birth (if necessary)
date of graduation (if necessary)
Lecture data (speaker, topic, title)
name
contact data
Recipient Categories
Oasis – abstract management software – USA
A standard clause agreement with the provider of the abstract processing software Oasis regarding data protection according to the DSGVO is in place.
Mailchimp – USA / Online Mailing Provider / A standard clause agreement with the provider of the mailing software Mailchimp regarding data protection according to the GDPR is in place.
2.6. Data Storage Period:
Sensitive data (special dietary requirements), which are collected with consent of the data subjects, as well as passport data and information submitted for statistical data collection are irrecoverably deleted with the end of the event wrap-up.
Data collected for the purpose of contact tracing in the context of the COVID-19 pandemic: 28 days
All other data are stored for 7 years, to meet the retention period according to the Austrian VAT Act 1994 (Umsatzsteuergesetz 1994) and to permit post-event support and service (i.e. belated participation confirmations and presentation certificates).
In the case of (e.g. annually) recurring congresses, the data are stored for at least 7 years after the end of the entire event series.
Upon revocation of the person concerned, their data will be deleted immediately.
​
3. Data Subject Rights
We are pleased to inform you about your rights according to EU-GDPR:
​
3.1. Data Subject Rights acc. Art 15-21 EU-GDPR:
-
Right of access by the data subject
-
Right to rectification
-
Right to erasure/”Right to be forgotten”
-
Right to restriction of processing
-
Right to data portability
-
Right to object (at legitimate interest of the controller)
Detailed descriptions can be found here:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
© European Union, http://eur-lex.europa.eu/, 1998-2018′
​
3.2. Right to withdraw consent acc. Art. 7 EU-GDPR
Depending on your participant status, we kindly ask you for different declarations of consent. These are queried within the online forms or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU GDPR.
Each data subject has the right to withdraw his/her given consent(s) at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the declaration of consent until the withdrawal.
Processing of your data by ITOC conference
Your personal data (comprising name, contact data, address data, organization/institute & registration category), collected by the WMA GmbH, may be passed on to ITOC Association. The named society has permission to process your personal data and to contact you directly for own purposes incl. society newsletters, promotion of topic-related events, information about activities of the society (eg: membership, competitions, travel grants, etc.) and the evaluation and further development of the current event, as well as its future editions.
-> this declaration of consent is queried within the online registration
Transfer of your data to exhibitors and sponsors
​​
Badge scanning in the exhibition area & at sponsor sessions
Please note: If you have your badge scanned by an exhibitor/sponsor at the ITOC Conference, you thereby agree that your personal data (consisting of name, contact data, address data & organization/institute), collected by the Vienna Medical Academy GmbH and the ITOC Association, may be forwarded (via a contracted service provider) to the exhibitor/sponsor by whom you have your badge scanned, and the respective company may contact you directly for its own purposes.
Please note: If we have your consent to sharing your data with a sponsor at OR by registering to the ITOC Conference, you thereby agree that your personal data (consisting of name, last name, academic title, city, country, email, and institution), collected by the WMA GmbH and the ITOC Association, may be forwarded (via a contracted service provider) to the sponsor you visited through the sponsor page and/or corporate satellite in the virtual platform, and the respective company may contact you directly for its own purposes.
3.3. Right to lodge a complaint with a supervisory authority acc. Art 77 EU-DSGVO
Every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes to the EU-GDPR.
​
3.3. Right to lodge a complaint with a supervisory authority acc. Art 77 EU-DSGVO
If in your opinion the data proceeding would be contrary to the data processing law or to your data protection high demands, you may complain to the Austrian data protection authority.
​
4. Description of other Purposes
Legitimate Interests of the Controller acc. Art 6 (1) f) EU-GDPR
​
4.1. Advertising/Marketing:
Processing data of the data subject to inform him/her about the above-mentioned event, as well as future and topic-related events.
​
4.2. Development:
Processing data of the data subject to develop the programme as well as the organisation and implementation of the above-mentioned event, future and topic-related events.
​
4.3. Publication of the programme:
Processing data of the data subject for the promotion and publication of the event programme via various communication channels (including website and print media).
Concerns the following data subject categories: speaker & chairs, abstract presenters, industry
​
4.4. Accreditation & Adherence to national and international compliance regulations: DFP, CME, EFPIA, MedTech, etc.
Processing data of the data subject in order to organise the accreditation of the scientific programme and to adhere to national and international compliance regulations in the field of medical events.
Concerns the following data subject categories: organising society, speaker & chairs, abstract presenters, industry.