Data Protection Transparency and Privacy Notice
EuroRec processes personal data on its website to fulfil its purposes as a not for profit association for promoting innovations in health care. EuroRec regards the protection of its clients and interested parties with the highest priority and applies all possible effort to comply in full with the European Union General Data Protection Regulation (GDPR) and all other applicable laws.
As a not-for-profit member association, EuroRec is both a data controller and data processor to fulfil its purposes, which are described in detail throughout this notice. To manage the services EuroRec offers, Vimexx hosts our website server ; RAMIT vzw handles the corporate systems for email and customer relationship management.
If you have any queries about EuroRec’s personal data processing activities or about the exercising of your rights under GDPR please contact Geert Thienpont at firstname.lastname@example.org.
When does EuroRec process personal data?
There are five core activities where your personal data is processed on this website which we describe in this notice:
- visiting our website;
- registering to receive any newsletter, event invitations and updates to our services and activities;
- registering to attend our events and the subsequent management of the events that you attend;
- sharing updates about our events, including speaker details, videos of presentations, photographs and interviews;
- in handling any queries that you may have about EuroRec, its work or any other matters you may wish to discuss with us.
EuroRec does not share your personal data between our clients, or any attendee of our events or visitors to our website beyond what we have specified in this notice.
In each case, we retain the data for as long as we need to fulfil the above purposes of its processing and any legal obligations where we are required to handle and retain the data.
Visiting our Website
EuroRec uses Google Analytics to help us improve our website by informing us which countries visitors are viewing the website from and which pages are of most interest to them. Google Analytics processes a visitor’s IP Address to provide EuroRec with this information.
Where you have registered to use the features of the website, the personal data that is processed by the cookies includes your login details if you decide to accept cookies and to remain logged in, where you have been granted access to register on the site.
Registering to receive newsletters, event invitations and updates to our services
When registering for our newsletter, event invitations and updates to our services via our website or directly with our offices, we ask for your first and last names, your function in your company or institution, email address, the company or institution you belong to and the country you are based in. We ask you to select which of our core stakeholder groups you belong to. We also ask you for your title, but this is optional. We do not ask for any other details, personal or otherwise.
Consent under Article 6(1)(a) is the legal basis under which EuroRec processes your data to register you for these updates. If you wish to stop receiving communications from EuroRec, you are always able to unsubscribe by email: email@example.com. In that event, we will delete you from our contact list and you will not be contacted again.
EuroRec does not retain your contact details unless you have otherwise shared your details with us for the other purposes we outline in this notice or where a legal obligation must be met under Article 6(1)(c) of GDPR. You may always re-register to receive newsletters should you change your mind and wish to hear from us again.
Registering to attend a EuroRec event and subsequent management of that event
When registering to attend a EuroRec event via our website or directly with our offices, we ask for your title, first and last names, your function in your company or institution, email address, the company or institution you belong to, your role and the country you are based in. We ask you to select which of our core stakeholder groups you belong to. Furthermore, we ask you to provide us with your dietary preferences and any specific needs to cater for your attendance at our events. We do not ask for any other details, personal or otherwise.
When registering, EuroRec processes your personal data to manage your attendance at our event with your explicit consent as a legal basis under Article 6(1)(a) of GDPR.
Once you have registered, we do not add you to a published attendance list unless we have obtained your explicit consent to do so under Article 6(1)(a) of GDPR.
EuroRec retains your personal data to fulfil the purpose of managing your attendance at our event and for audit purposes after the event under Article 6(1)(c) of GDPR for legal obligation.
EuroRec will add you to our contact list if you are not already on it to keep you informed of newsletters, further events and updates to EuroRec’s services. You are able to unsubscribe from this list at any point at your convenience by asking that we remove you by contacting our offices as detailed in the first section.
Sharing Updates about our Events
Where you have agreed to be a speaker, we process your personal data on our website to publicise our events and to share updates about the event once it has finished. The data we share will be your full name, your organisation, title, function, a photograph and a short bio that you will provide us.
We process this personal data for the purposes of publicising the event and delivering it. The legal basis under GDPR is Article 6(1)(f) where in agreeing to be a speaker, EuroRec has identified that it is in its and your legitimate interests for us to process the data for these purposes. You may of course object to or restrict this processing (as described in the rights section below) and if you prefer us to remove your personal data from the website or refrain from using it in newsletters, we will honour your rights as defined in GDPR to the fullest extent.
Should you decide to withdraw as a speaker prior to the event, we will destroy the personal data and if you prefer we withhold any of the data from the website we will of course refrain from putting it there.
Our events are recorded either through the filming of speakers, panels and audience members, audio recording or photograph for the purposes of updating our members and the wider public about our event. Under GDPR Article 6(1)(a) we seek the explicit consent from any participants that we record in any way for this specific purpose.
The consent is entirely freely given and you are free to grant it or not as you see fit without any impact on your participation in the event.
You may withdraw your consent for the recording and as soon as you do, we will remove the recording from public display immediately and provided we do not have to retain it under other legal obligation, destroy it without the need for any explanation from you at all. We cannot however remove names of speakers or panellists from a past agenda or meeting report as documenting a past fact where these are provided on our websites under events.
Handling communications from you about EuroRec
When you contact us, we will process your personal data for the purposes of handling the reason for your contacting us.
Where your reason for contacting us is about your existing client relationship EuroRec will handle your personal data under Article 6(1)(b) for the performance of a contract or its preparation.
If your query is general or with regards your rights under GDPR, this will be with your explicit consent under Article 6(1)(a) of GDPR. We will retain a record of your query for one year for audit purposes. We will also add your contact details to our contact list but only if you explicitly consent to this in accordance with Article 6(1)(a) of GDPR.
What are my rights?
At all times, GDPR gives you the following rights which we will of course honour in full compliance with its provisions:
- the right to request access to any of your personal data that EuroRec processes;
- the right to data portability where you can request a digital copy of the data for your own uses;
- the right to the rectification (correction) of your personal data where it is incorrect;
- the right to request erasure of your data as outlined by GDPR;
- the right to restriction of processing by EuroRec including where you identify and raise a problem with the data processing until the problem is resolved;
- the right to object at any time to processing of your personal data including that which is based on Article 6(1) (f) of GDPR where we have identified a legitimate interest.
Where the processing of your personal data is based on your consent, you can withdraw your consent at any time and without any reason. Withdrawing your consent means that EuroRec will not make use of your data any longer for the purposes that you consented to. This does not invalidate past uses of your personal data for which you gave consent and your personal data will continue to be processed in the event of any legal obligations that EuroRec must meet.
Please send an email to Geert Thienpont at firstname.lastname@example.org to exercise any of your rights. EuroRec must confirm your identity and will review your request to ensure that it can be honoured without compromising other legal requirements and pursuant to the limitations provided by GDPR. We aim to have replied within 30 days of your request except where you have withdrawn your consent, which shall be actioned immediately.
You may also write to the following address:
The European Institute for Health Records (EuroRec)
c/o Dept. Medical Informatics & Statistics - Ghent University Hospital
Building 5K3, 5th floor - Entrance 42
C. Heymanslaan 10 - 9000 Gent - Belgium
Please note that you always have the right to lodge a complaint with the Belgian Privacy Commission at email@example.com should you be unhappy with how we have handled your requests or any of your personal data.
Updates to how we process data and this notice
If we substantially change how we process your data (for example using a new tool or service provider) we will undertake a Data Protection Impact Assessment pursuant to GDPR Article 35. This would be the case if we identify that any changes require significant additional processing of your personal data and / or risks to your rights and freedoms.
Where we identify a clear need to update this notice we will inform you immediately.
Last updated 4th June 2018