Data protection information
Information on the processing of data according to Art 12 to 14 GDPR
Controller
The Controller responsible for the processing of the personal data according to Art 4 No 7 GDPR is the society.
Europäische Gesellschaft für Radiologie – European Society of Radiology (ESR)
ZVR 083757049
Am Gestade 1
1010 Vienna
AUSTRIA
Phone: +43 1 53340640
Email: [email protected]
Personal Data
ESR processes the following categories of personal data
- of society members
- membership number
- full name
- organisation the member is active for
- salutation/gender
- date of birth
- addresses
- telephone and fax numbers
- email addresses
- profession
- type of membership (full member/corresponding member/honorary member, etc.)
- date of beginning and end of membership
- fees, areas
- awards and honours
- areas of interest and expertise notified by member
- activities within the society, in particular participation in events, membership in
- committees, working groups, publications for the society, lectures, participation in
- conciliation proceedings
- details on consumption of services of the society
- details on initiation, content and execution of contracts
- payments or other services rendered by the society to the member
- content of correspondence
- bank account
- of members of institutional members
- membership number
- full name
- organisation the member is active for
- salutation/gender
- date of birth
- addresses
- telephone and fax numbers
- email addresses
- profession
- type of membership (full member/corresponding member/honorary member, etc)
- date of beginning and end of membership
- fees, areas
- awards and honours
- areas of interest and expertise notified by member
- activities within the society, in particular participation in events, membership in
- committees, working groups, publications for the society, lectures, participation in conciliation proceedings
- details on consumption of services of the society
- details on initiation, content and execution of contracts
- payments or other services rendered by the society to the member
- content of correspondence
- bank account
- of officers of the society
- full name
- salutation/gender
- date of birth
- addresses for services in the function of officer
- telephone and fax numbers
- email addresses
- photos
- office with the society
- beginning and end of office term
- payment obligations of the officer to the society
- payments and other services of the society to the officer
- awards and honours
- content of correspondence
- of officers of institutional members
- full name
- salutation/gender
- date of birth
- addresses for services in the function of officer
- telephone and fax numbers
- email addresses
- photos
- office with the society
- beginning and end of office
- payment obligations of the officer to the society
- payments and other services of the society to the officer
- awards and honours
- content of correspondence
- of third parties, consuming services of the society
- full name
- name of organisation the third party is active for
- salutation/gender
- date of birth (if required for identification)
- addresses
- telephone and fax numbers
- email addresses
- profession
- areas of interest and expertise provided by data subject
- participation in activities of the society
- consumption of services of the society
- details on initiation, content and execution of contracts
- content of correspondence
- bank accounts
- of third parties providing services to the society
- full name
- organisation the third party is active for
- salutation/gender
- date of birth (as far as required for identification)
- addresses
- telephone and fax numbers
- email addresses
- VAT registration number
- social insurance number
- tax number
- profession or industrial sector (according to information of the data subject)
- areas of interest and expertise notified by data subject
- activities within the society
- details on services rendered for the society
- details on initiation, content and execution of contracts
- evaluation of deliveries and services rendered
- payments from the society to the third party
- content of correspondence
- bank account
- of employees
- the information is rendered separately within the employment relationship
Purpose
ESR processes personal data for the following purposes
- membership administration
- membership register
- record of membership fees
- correspondence with members or sponsors of the society, in particular by automatically
- generated and stored text documents on society issues
- advertising, organisation and realization of and participation in analogue and digital web
- based scientific events (congresses, symposia, seminars, lectures)
- advertising, organisation and realization of and participation in analogue and digital web-based training sessions
- advertising, organisation and operation of as well as access to scientific data bases
- advertising, creation, production and distribution of analogue and digital scientific
- publications including newsletters
- advertising, public offer, grant and administration of scholarships, grants, prizes and awards
- processing and transfer of data within the business relationship with customers and contractors including, but not limited to automatically generated and stored text documents (e.g. correspondence) in these matters
- processing and transfer of data for calculation of salaries, wages and compensations and compliance with recording, information and notification obligations as far as these obligations are based on laws, trade agreements or labour contracts including, but not limited to automatically generated and stored text documents (e.g. correspondence) in these matters
- use of personal data of job applicants if such data were provided by the data subject
Legal Basis
The legal basis for the data processing are:
ESR primarily processes data on the basis of the legal relationship resulting from the membership with the society or for steps prior to the acceptance as member of the society upon request of the data subject in accordance with Art 6 No 1 lit b) GDPR. If and in as far as the disclosure and transfer of personal data to third parties is not based on the performance of contractual obligations or for steps prior to entering into a contract it is based on the data subject’s consent in accordance with Art 6 No 1 lit a) GDPR. The processing of personal data for the recruitment of society members as well as the advertising of society events and other services offered by the society to third parties not member of the society is based on the legitimate interest of the controller in accordance with Art 6 No 1 lit f) GDPR. The legitimate interest of the controller in these cases is the increase of the number of society members as well as the promotion of the purpose of the society by extending the circle of addressees for the services offered by the controller in pursuit of the society’s purpose. The notification of personal data of officers of the society to the relevant authorities governing associations is based on the legal obligations to be met by the society in accordance with Art 6 No 1 lit c) GDPR.
The processing of personal data of employees and of job applicants is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit a) GDPR. The transfer of personal data of employees to the relevant authorities and social insurance institutions is based on legal obligations in accordance with Art 6 No 1 lit e) GDPR.
The processing of personal data of customers and contractors not being society members rendering services to or receiving services from the controller is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit b) GDPR.
Categories of Recipients
ESR only discloses personal data if such disclosure is based on legal obligations or if the disclosure is required for the performance of a contract or for steps to be taken prior to entering into a contract or if the data subject has given the consent or in the event that the disclosure is necessary for the purpose of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests of the data subject. The disclosure has to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are disclosed (“data minimisation”).
The data processed by the controller may be disclosed to the following categories of recipients:
- other members of the society
- officers of the society
- co-operation partners of ESR, being legal persons whose purpose or scope of business are connected with the promotion of medical imaging
- are connected with the promotion of medical imaging
- participants of society events
- supporters and sponsors of the association and society events
- exhibitors at society events
- contractors and customers of the society
- banks and insurance companies
- payment service and credit card providers
- processors of the society, including
- travel agencies
- publishers
- office service providers
- event managers
- delivery services
- email service providers
- IT service providers
- translation agencies and interpreters
- marketing, advertising and public relations agencies
- tax consultants and auditors
- attorneys and notary publics
- courts, authorities, regional authorities, social insurance agencies and professional associations of physicians and other health care professionals
universities - hospital operators
Storage Period
ESR shall not store personal data longer than required for the respective purpose of processing. ESR shall store personal data for the duration of contractual relations, in particular for the time of membership with the society. Furthermore, personal data may or have to remain stored depending on the legal basis and the respective purpose. Reasons justifying a storage of personal data beyond the duration of a contractual relationship are storage obligations subject to tax law (generally seven years from the end of the year the data processing relates to) or the registration for the pursuit or defence of legal claims that may amount to up to 30 years in accordance with Austrian regulations on the statute of limitation. In the event the storage of personal data is based exclusively on the data subject’s consent, such consent can be withdrawn at any time. Unless there is no other legal basis for the storage, the deletion of the data may be requested.
Sources of Personal Data
ESR primarily processes data provided by the data subject upon entering into a legal relationship (membership with the society, participation in event, opening a user account for a data basis operated by ESR, consumption of services offered by ESR). Personal data, however, can also be disclosed to ESR by third parties, for example upon making a recommendation as presenter, lecturer at society events or as author in publications of the society.
In addition, ESR may process personal data from public sources such as the world wide web in general and publications or websites of the data subject or of universities, hospitals, research institutions, doctors’ platforms, or physicians’ portals.
Third Countries and International Organisations
ESR does not transfer data to third countries.
Personal data may be transferred to international health organisations. For such transfer, the following shall apply:
Personal data shall only be transferred on the basis of a legal obligation or if the transfer is required for the performance of a contract or for steps taken prior to the performance of a contract or on the basis of the data subject’s consent or if the processing is necessary for the purpose of the legitimate interest pursued by the controller or by a third party except when such interests are overridden by the interest of the data subject.
Automated Decision-making
ESR does not use personal data for automated decision-making.
Rights of the Data Subject
Every data subject is entitled to the rights to information, rectification, erasure, restriction of processing, portability and objection. In order to exercise these rights, data subjects should contact the controller. In the event the data subject is of the opinion that the processing of the data subject’s personal data infringes data protection law or the data subject’s right to privacy, the data subject may file a complaint with the relevant authority being the Data Protection Authority (Datenschutzbehörde) in Austria.
In the event a data subject has given their consent for the processing of their data for a specific purpose and such data were also processed subject to another legal basis, for example for the performance of a contract or for the pursuit or defence of legal claims, the data subject’s withdrawal of the consent to process such data has no relevance on the processing of such data subject to another legal basis.
Information on the processing of data according to Art 12 to 14 GDPR
Controller
The Controller responsible for the processing of the personal data according to Art 4 No 7 GDPR is the company.
Education Congress Research GmbH
Am Gestade
1010 Vienna
AUSTRIA
Phone: +43 1 53340640
Email: [email protected]
UID: ATU57224417
FN 237 886 h HG Wien
Personal Data
ECR GmbH processes the following categories of personal data
of congress attendees (onsite and/or online)
membership number
full name
organisation the member is active for
salutation/gender
date of birth
addresses
telephone and fax numbers
email addresses
profession
type of membership (full member/corresponding member/honorary member, etc.)
date of beginning and end of membership
fees, areas
awards and honours
areas of interest and expertise notified by member
activities within the society, in particular participation in events, membership in
committees, working groups, publications for the society, lectures, participation in
conciliation proceedings
details on consumption of services of the society
details on initiation, content and execution of contracts
payments or other services rendered by the society to the congress attendee
content of correspondence
bank account
Covid-19 vaccination certificate (company, vaccine, date of vaccinations)
of third parties, consuming services of ECR GmbH
full name
name of organisation the third party is active for
salutation/gender
date of birth (if required for identification)
addresses
telephone and fax numbers
email addresses
profession
areas of interest and expertise provided by data subject
participation in activities of the company
consumption of services of the company
details on initiation, content and execution of contracts
content of correspondence
bank accounts
of third parties providing services to ECR GmbH
full name
organisation the third party is active for
salutation/gender
date of birth (as far as required for identification)
addresses
telephone and fax numbers
email addresses
VAT registration number
social insurance number
tax number
profession or industrial sector (according to information of the data subject)
areas of interest and expertise notified by data subject
activities within the society
details on services rendered for the company
details on initiation, content and execution of contracts
evaluation of deliveries and services rendered
payments from the society to the third party
content of correspondence
bank account
of employees
the information is rendered separately within the employment relationship
Purpose
ECR GmbH processes personal data for the following purposes
registration administration
registration register
record of registration fees
correspondence with registered persons or sponsors of the company, in particular by automatically
generated and stored text documents on company issues
advertising, organisation and realization of and participation in analogue and digital web
based scientific events (congresses, symposia, seminars, lectures)
advertising, organisation and realization of and participation in analogue and digital web-based training sessions
advertising, organisation and operation of as well as access to scientific data bases
advertising, creation, production and distribution of analogue and digital scientific
publications including newsletters
advertising, public offer, grant and administration of scholarships, grants, prizes and awards
processing and transfer of data within the business relationship with customers and contractors including, but not limited to automatically generated and stored text documents (e.g. correspondence) in these matters
processing and transfer of data for calculation of salaries, wages and compensations and compliance with recording, information and notification obligations as far as these obligations are based on laws, trade agreements or labour contracts including, but not limited to automatically generated and stored text documents (e.g. correspondence) in these matters
use of personal data of job applicants if such data were provided by the data subject
Legal Basis
The legal basis for the data processing are:
ECR GmbH primarily processes data on the basis of the legal relationship resulting from the registration or for steps prior to the registration upon request of the data subject in accordance with Art 6 No 1 lit b) GDPR. If and in as far as the disclosure and transfer of personal data to third parties is not based on the performance of contractual obligations or for steps prior to entering into a contract it is based on the data subject’s consent in accordance with Art 6 No 1 lit a) GDPR. The processing of personal data for the recruitment of congress attendees as well as the advertising of events and other services offered by the company to third parties not member of the society is based on the legitimate interest of the controller in accordance with Art 6 No 1 lit f) GDPR. The legitimate interest of the controller in these cases is the increase of the number of congress attendees as well as the promotion of the purpose of the company by extending the circle of addressees for the services offered by the controller in pursuit of the company’s purpose. The notification of personal data of officers of the company to the relevant authorities governing associations is based on the legal obligations to be met by the company in accordance with Art 6 No 1 lit c) GDPR.
The processing of personal data of employees and of job applicants is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit a) GDPR. The transfer of personal data of employees to the relevant authorities and social insurance institutions is based on legal obligations in accordance with Art 6 No 1 lit e) GDPR.
The processing of personal data of customers and contractors not being society members rendering services to or receiving services from the controller is based on the performance of contracts and steps taken prior to entering into a contract in accordance with Art 6 No 1 lit b) GDPR.
Categories of Recipients
ECR GmbH only discloses personal data if such disclosure is based on legal obligations or if the disclosure is required for the performance of a contract or for steps to be taken prior to entering into a contract or if the data subject has given the consent or in the event that the disclosure is necessary for the purpose of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests of the data subject. The disclosure has to be adequate, relevant and limited to what is necessary in relation to the purposes for which they are disclosed (“data minimisation”).
The data processed by the controller may be disclosed to the following categories of recipients:
other congress attendees
officers of the company
co-operation partners of ECR GmbH, being legal persons whose purpose or scope of business are connected with the promotion of medical imaging
are connected with the promotion of medical imaging
participants of events
supporters and sponsors of the association and events
exhibitors at events
contractors and customers of the company
banks and insurance companies
payment service and credit card providers
processors of the company, including
travel agencies
publishers
office service providers
event managers
delivery services
email service providers
IT service providers
translation agencies and interpreters
marketing, advertising and public relations agencies
tax consultants and auditors
attorneys and notary publics
courts, authorities, regional authorities, social insurance agencies and professional associations of physicians and other health care professionals
universitieshospital operators
Storage Period
ECR GmbH shall not store personal data longer than required for the respective purpose of processing. ECR GmbH shall store personal data for the duration of contractual relations, in particular for the time of registration and congress. Furthermore, personal data may or have to remain stored depending on the legal basis and the respective purpose. Reasons justifying a storage of personal data beyond the duration of a contractual relationship are storage obligations subject to tax law (generally seven years from the end of the year the data processing relates to) or the registration for the pursuit or defence of legal claims that may amount to up to 30 years in accordance with Austrian regulations on the statute of limitation. In the event the storage of personal data is based exclusively on the data subject’s consent, such consent can be withdrawn at any time. Unless there is no other legal basis for the storage, the deletion of the data may be requested.
Sources of Personal Data
ECR GmbH primarily processes data provided by the data subject upon entering into a legal relationship (membership with the society, participation in event, opening a user account for a data basis operated by ECR GmbH, consumption of services offered by ECR GmbH). Personal data, however, can also be disclosed to ECR GmbH by third parties, for example upon making a recommendation as presenter, lecturer at society events or as author in publications of the company.
In addition, ECR GmbH may process personal data from public sources such as the world wide web in general and publications or websites of the data subject or of universities, hospitals, research institutions, doctors’ platforms, or physicians’ portals.
Third Countries and International Organisations
ECR GmbH does not transfer data to third countries.
Personal data may be transferred to international health organisations. For such transfer, the following shall apply:
Personal data shall only be transferredon the basis of a legal obligation or if the transfer is required for the performance of a contract or for steps taken prior to the performance of a contract or on the basis of the data subject’s consent or if the processing is necessary for the purpose of the legitimate interest pursued by the controller or by a third party except when such interests are overridden by the interest of the data subject.
Automated Decision-making
ESR does not use personal data for automated decision-making.
Rights of the Data Subject
Every data subject is entitled to the rights to information, rectification, erasure, restriction of processing, portability and objection. In order to exercise these rights, data subjects should contact the controller. In the event the data subject is of the opinion that the processing of the data subject’s personal data infringes data protection law or the data subject’s right to privacy, the data subject may file a complaint with the relevant authority being the Data Protection Authority (Datenschutzbehörde) in Austria.
In the event a data subject has given their consent for the processing of their data for a specific purpose and such data were also processed subject to another legal basis, for example for the performance of a contract or for the pursuit or defence of legal claims, the data subject’s withdrawal of the consent to process such data has no relevance on the processing of such data subject to another legal basis.