Personal data – Any information relating to an identified or identifiable person (data subject), such as name, identification number, location data, e-mail address etc.
Processing – Any operation or set of operations which is performed on personal data, either by automated means or performed by an individual, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Data Subjects (or Individual) – person whose personal data is being processed.
Third parties – Any organisation or individual external to EOA with whom EOA has signed a contract which includes reference to data protection and privacy
The “Website” includes, without limitation, the EOA website (www.EOA.org) and any specific versions and any other online platforms used by EOA which could require your personal data.
EOA respects your privacy and is committed to protecting the confidentiality of your personal information. This policy explains how EOA collects and uses Member, EOA organised meeting or event, customer and site visitor information, and how it protects your privacy. It also explains how you can manage your own personal information held by EOA in the ‘myEOA’ area on the EOA Website.
EOA is committed to the following standards, on a commercially reasonable basis:
- To collect and use only the minimal amount of information necessary for us to deliver high quality service to users, to administer our business, and to inform you of EOA products and services
- To protect the information you share with us, maintaining strong standards of security and confidentiality
- To require any other organisation that we retain or engage to provide support services to us to conform General Data Protection Regulations (GDPR) privacy standards, and
- To aim to keep data complete, up to date, and accurate
The Website may require you to register as a user and to receive our authorisation before you can use particular features. Whether you are an individual or a corporation, partner, or other form of commercial enterprise, in order for you obtain our authorisation to use those features and to be considered a registered user, you may be required to provide us with certain information about yourself or your business and, if a business, information about any or all individuals you designate to represent that business in connection with your use of the Website (e.g. names, addresses, e-mail addresses, telephone numbers, and other Personally Identifiable Information of each individual who uses the Website). Once EOA has authorised you as a registered user, EOA will assign a customer identification number. Your username will be your email address and you will be requested to create your own password.
You will be able to change your password and update any personal data you have provided. Please note that submitting information is not a guarantee or assurance that EOA will authorise you, or anyone you designate, to use any or all of the services of the Website. If for any reason you are not granted authorisation EOA will retain the information you submit only in order to communicate with you regarding your application. EOA may, however, request additional or follow-up information for audit purposes or as may be required by law or regulation.
If you are a third party submitting personal information on behalf of others (for registration purposes or otherwise) you represent; this action implies that you have their permission, agreement and full authorisation to provide this information to us. EOA reserves the right (a) to ask you to provide evidence of your authority at any time during, or even after, the submission process and (b) to contact those individuals to confirm your authority at any time. If EOA determines that your authority has not been properly obtained, EOA may immediately (and without notification) discontinue your access to those features of the Website.
Who is responsible for data processing?
MEDFLIX S.R.L. and Endoscopy on Air (EOA), Via Giovanni Boccaccio 7, 20123 Milan, incorporated under the laws of Italy, is responsible as data controller for the processing of your personal data on the EOA website (www.EOA.org) and any other online platforms used by EOA which could require your personal data.
How EOA collects personal information
EOA is a professional Company involved in a wide range of activities in the field of medical oncology, including
- Provision of Membership Services
- Collection and dissemination of education and scientific information
- Provision of Products and Services
The sources of personal information received by EOA are:
- The individuals themselves
- Third parties acting on behalf of individuals (e.g. an agent or secretary arranging registration for an EOA organised meeting or event; abstract submission, etc.)
- EOA may collect personal information in particular in the following ways:
- Account creation: when you enter personal details when creating or updating a ‘myEOA’ account on the EOA Website
- EOA Membership application: When you enter personal details online or on paper
- EOA organised meeting or event registration: When you, or an agent on your behalf, enter personal details online or on paper requesting access to an EOA product or service such as registering for the EOA organised meeting or event, registering for the EOA Examination or applying for an EOA Fellowship
- Abstract submission: When you, or someone on your behalf, submits proposals or content in connection with scientific sessions at an EOA organised meeting or event
- Subscribe to EOA Newsletters: When you subscribe to an EOA Newsletter, Digital Magazine or other electronic communication
- When you participate in a survey, questionnaire or competition
What personal information is collected by EOA?
Mandatory Personal Information collected from members
As a general rule, to maintain the integrity of the Society and ensure the appropriate membership category is assigned, to enable EOA to correctly identify you, to provide you with the products and services you have requested and to communicate with you, the following minimal information must be provided:
Information collected from non-members
- First Name
- Last Name
- Date of Birth
- Email address
- Place of work with full postal address
- Areas and Topics of Interest
- First Name
- Last Name
- Email address
- Place of work with full postal address
- Areas and Topics of Interest
In principle, information from non-members is processed in particiular for registering for meetings, sending newsletters and specific informaiton as requested by the recipients
. In such cases the following information is processed:
Optional Personal Information
Other optional personal information to the extent necessary for the particular purpose may be requested to help identification during events, to ensure eligibility for membership and for internal statistical profiling and demographic analysis of members, event attendees and users of EOA products and services. Profiling reports for internal use could include information about: gender, academic degree, profession, nationality, areas and topics of interest).
Credit Card Information
Credit Card information, along with other information related to specific transactions, is collected at the time of your order, request or application, and is used only for that particular transaction. Credit card information is encrypted and stored in our system only if you have explicitly expressed that you wish to have automatic renewal of the annual membership fee.
The financial record of the transaction is kept for 10 years for legal and audit reasons.
EOA takes every precaution to ensure that this information is stored in a safe location and that it cannot be accessed by unauthorised parties. For further information about security, please refer to our Data Security Policy.
Your email address is mandatory when you use EOA electronic services on the EOA Website.
Electronic communication is for most purposes EOA’s preferred method of communication because it is fast, environmentally friendly and efficient.
You are required to supply your email address when you create your ‘myEOA’ account on the EOA Website. This enables you to access a variety of services online.
Unique Email Address
For your security, EOA does not permit two different individuals to have the same email address in the system. You are strongly recommended to use an email address which is personal to you and that is not shared with others. This is to ensure that communications which are sent to you personally are not read by others, and that others do not gain access to the information in your ‘myEOA’ account. Furthermore, EOA may use your email address to communicate with you about value added products linked either to your membership or your congress attendance.
Your unique email permits the automated retrieval of your login details, which are sent to your personal email address.
Data from surveys and questionnaires
EOA conducts a number of surveys or questionnaires whereby we collect data from volunteer respondents about topics that are of interest to the Society or to the practice of oncology. The respondent data remains completely anonymous, unless the respondents specifically choose to share their contact data. Upon completion of the survey or questionnaire, the data is stored on EOA’s internal server. To ensure the complete anonymity of all respondents, all data collected is kept confidential and no individual respondent’s answers will be disclosed at any time by EOA.
How EOA uses personal information
Personal information is needed by EOA to fulfil a contractual membership agreement, event registration contract and enable EOA to fulfil its role in providing a wide range of services to its members, contributors and customers.
EOA collects personal data for the following internal purposes:
- Accounting and billing
- Membership management
- Account management for members and non-members who:
- Register for an EOA organised meeting or event (e.g. Congress, Examination, Fellowship, etc.)
- Submit an abstract for an EOA organised meeting or event
- Subscribe to EOA digital communications
- Statistical reporting
- Event logistics
The personal information which you supply may be specifically used to:
- Enable EOA to provide you with the products or services you request
- Enable EOA to communicate with you about specific matters regarding your transaction, e.g. Registration for an EOA organised meeting or event, abstract submission, membership, application to participate in Society activities etc.
- Enable EOA to send you information about specific EOA activities which it believes may interest you according to the information provided in the account creation process.
EOA shares or provides access to minimal personal data with third parties and in some cases third parties outside of the EU (i.e. Registration for EOA) for the following purposes:
Badge scanners used by third parties (exhibiting societies and Satellite Symposia)
- Group registration for Group Leaders or agencies inside and outside the EU
- Mailing lists and communications initiated by third parties
- Companies and Societies who scan badges at their stand in the Exhibition and collect this information for marketing purposes following the event
- Member with partner organizations (i.e. Reciprocal Membership agreements, EOA organised meeting or event partners)
- Local Authorities or organisations for operational or administrative needs when organising meetings and events, membership verification, etc.
If you are attending an EOA organised meeting or event you may be requested to have your badge scanned by third parties who wish to track their interaction with individuals. Should you agree to have your badge scanned, the following information is transferred: title, first name, last name, institute, department, profession, city, country, email address. Processing of personal data must be in line with the GDPR and other applicable data protection laws, and third parties are responsible for and must be able to demonstrate compliance with the principles relating to the processing of personal data (which includes having a legal basis for processing).
On what legal basis do we process your personal data?
Data Transfer and Storage
- For fulfilment of contractual obligations
- When you create an account with EOA to become a member, submit an abstract, register for an EOA organised meeting or event or sign up for a newsletter, EOA collects personal information to fulfil our contractual obligation with you (with members and event participants) and to improve delivery of products and services.
- For purposes of legitimate interests
- Processing of personal data is necessary for EOA’s legitimate business interests and the legitimate interests of customers. The information collected is generally used to prevent fraud, maintain network security, allow access to products and services, direct marketing, and improvement of our websites.
- Due to legal obligations
- For billing purposes, EOA requires specific personal information to comply with tax requirements
- As a result of your consent
- EOA allows you to access, change, remove the personal information submitted to us at any time
For most processing activities your personal data will be stored in the EOA database / CRM system, and subsequently in third party systems following data download via the badge scanners. In some cases, your personal data will also be transferred to countries outside of the EU (so called third countries). Please note that some of the jurisdictions in third countries do not offer the same level of data protection as the member states of the EU. EOA applies administrative, physical, and technical data protection safeguards intended to ensure the confidentiality, integrity and availability of personal data.
Listed below are some of the security procedures that EOA uses to protect your privacy:
Data integrity and confidentiality
- A personal username and a password is required for users to access their personal data
- Use of firewalls to protect information held in our servers
- Limited number of EOA employees and third parties who have access to your data
- Back-up our systems to protect the integrity of your data
Data storage and availability
- The users can access their own data:
- Each user can access his/her reserved myEOA area using a secured password. The password does not appear while writing but is obscured by black circles.
- An automatic locking mechanism logs users out of the system after a fixed period of inactivity
- The EOA staff or its data processors can access the data
- Data transfers are done only when necessary and via HTTPS in a folder located in SharePoint. These folders require user authentication and are password protected.
- Internal System data transfer is done via an encrypted API method
- An audit trail is available to track access and modifications
- The EOA internal network environment is segregated and monitored by a firewall, each vLan is scanned by antivirus and intrusion detection system
- Outbound traffic is filtered by proxy system
- The EOA local servers have uninterruptible power supplies and are physically accessible with a badge access control system
- All information is securely kept in cloud servers, located in the European Union
- EOA protects itself against accidental or deliberate destruction or loss; data is regularly backed up and securely kept in EOA servers in Switzerland (or in vendor’s servers, in the European Union (Daily back up strategy on-site, Monthly back up strategy off-site).
- EOA internal servers are configured to provide High Availability (HA) services, the physical servers are installed to have a complete redundancy of all components. A backup power source (UPS) are available to avoid hard server shutdown in case of complete power outage
- Email privacy
EOA respects the privacy of personal email addresses and complies with the current legislation on email communication (according to General Data Protection Regulation and the Swiss Data Protection Act). If you are non-member, EOA will not send you unsolicited email messages and EOA will not contact you on behalf of third parties. Your email will not be passed on to any other individual or organisation without your explicit permission, insofar as EOA has not enered into a legally compliant data processing agreement or is being legally compelled to disclose the data to an authority, court or pubilc prosecutor’s office. In the case of meeting registration, exceptions may be made (i.e. member checks for a meeting or event organised in partnership with EOA). See Meeting Registration Terms and Conditions for full details.
If you are non-member and wish to continue receiving valuable and informative communications from EOA containing news, updates and products and services, you will need to opt-in to the types of communications you wish to receive:
How long is personal information kept?
- EOA news and announcements: Society news & notifications
- EOA organised meetings or event: Important dates, news and developments
- EOA PRO alert: Latest educational resources
- Without your affirmative action, EOA cannot send you communications.
Personal information supplied during a transaction with EOA: As a rule, personal financial information is kept for 10 years as from the moment of transacting with EOA.
This limit does not apply to informational about EOA members, including Officers, where personal information and professional roles held within the Society is kept as part of permanent, historical archive records of individuals involved with EOA’s governing bodies (Committees, Working Groups, Task Forces, etc.).
Disclosure of information and marketing
EOA complies with Swiss (Switzerland and the Swiss data protection legislation) and GDPR. EOA staff and contractors have a contractual responsibility to keep your information confidential.
Insofar as EOA has not entered into a legally compliant data processing agreement or is being legally compelled to disclose the data to an authority, court or public prosecutor’s office, EOA will not share or disclose your data to other persons or organisations without your consent
‘myEOA’ – Managing your contact with EOA
Access to personalised services
You do not need to login to access most of the EOA Website, but you do have to login to use personal services online and access certain restricted web content.
The details you provide EOA may be combined with information from other EOA records to:
Accessing your personal information
- provide you with online services like Abstract Submission or Registration for EOA organised meetings
- allow you to access specific web content reserved for ‘myEOA’ users
- help you keep up to date about EOA activities, scientific developments, and products and services
At any time you can update your personal information and contact details. If you are an EOA Member, or have used EOA products and services in the last three years, you will have an EOA account which you can access by logging into the myEOA area:
- Sign in by using your username and password
Please note that EOA does not allow more than one ‘myEOA’ account per person. Should you or a third party authorised by you create a second account, the accounts will be merged into one.
Managing your personal information and Data Subjects Rights
According to Art. 15 – 21 GDPR, every data subject has the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right of object, and if applicable – the right to data portability. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 GDPR).
In addition, every data subject can withdraw data processing consent at any given time. Please note that the withdrawal only applies to the future and that any pre-existing processing will not be affected.
You can access and change the personal information in your account at any time from your ‘myEOA’ homepage. Once logged in to your ‘myEOA’ account, you can view and update your personal details, email address and password. Usernames are unique and cannot be updated, you will need to contact firstname.lastname@example.org.
Additionally, you may choose whether you wish to be kept informed by email of EOA activities, products and services by using the e-News section. EOA also asks you to provide optional information about your professional activities and interests to better understand your professional needs and improve the services it offers to you and to the oncology community in general.
Should you wish to speak to EOA about your personal data, please contact us in either of the following ways:
- ‘Contact Us’ at the footer of EOA.org (please select ‘Membership’)
- Send an email to email@example.com
Via Giovanni Boccaccio 7
To protect your information, EOA uses an industry standard security protocol called Transport Layer Security (TLS) to encrypt the transmission of sensitive information between you and our website.
TLS is used, when you login or when you make a credit card payment. To verify if transmissions are encrypted, look for the lock on your web browser or check that the URL starts with https://.
The online purchase through our websites are safe encrypted connections.
Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes. They are small text files that a website can use to recognise repeat users and facilitate their ongoing access to, and use of, the site. They do not pose a threat to your system or files.
When you use our websites, services, applications, messaging and tools, EOA or authorised service providers collect information such your IP address, geographical location, referral source, length of visit and pages viewed.
The technical cookies which are used for site usage are not analysed or read by EOA by any means
We use analytics cookies and tracking in an aggregate manner to operate and improve the websites and for marketing analysis where the personal information is completely anonymised since it is summarised. More info about analytics in the paragraph below.
Use of web analytics
As a website gathers individual pieces of Information from its users, it may combine similar data from many or all the users of the website into one big “batch.” This sort of statistical information is called aggregate data because it reflects the habits and characteristics of a large group of anonymous people. Websites may use aggregate data or share it with business partners so that the information and services they provide best meet the needs of the users. Aggregate data also helps advertisers and sponsors on the Web know how effectively they are reaching and meeting the needs of their target audience.
Click Stream Information. A record of all the pages you have visited during your visit to a Website or the services you accessed from the site or from an email. Click Stream Information is associated with your browser and not with you personally. It records the archives of your browser.
(1) EOA android Apps use Google Analytics App Tracking, an analytics service provided by Google, Inc. (“Google”). Google Analytics App Tracking uses “ID’s”, which are identifier generated and saved on your device, to help us analyse how the app is being used across users. The information about your use of the app (including your IP address) which is generated by the ID will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymisation, Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA.
Google will use this information on our behalf for evaluating your use of the app, compiling reports on your activity in the app and other services relating to app activity and internet usage to us. Google will not associate your IP address with any other data held by Google.
You may refuse the logging of the information about your use of the app (including your IP Address) generated by the ID of Google Analytics App Tracking by selecting “disable Google Analytics” in the settings of the app. Henceforth, any further tracking will be stopped as you will have “opted-out“ by selecting the disable setting. However, please note that this applies only to this version of the app. In other apps tracking still might be activated.
In this app the IP anonymisation is activated.
(2) You have the possibility to create notes and bookmarks.
Android user: This data is stored on the SD card of your device and can be restored in case of app updates or reinstalling the app. If you change the location / file storage of backups manually, the app is unable to access your notes and bookmarks.
(3) You also have the possibility to send a feedback e-mail directly from the app. In the e-mail template, the software version of your device, the app version as well as the type of your device will be automatically included. This information is necessary to process your request; you do, however, have the option to delete this information from the e-mail, if you choose not to send it to us. Your data will remain with us only for the duration of time it takes to process your request.
The EOA Events app and EOA Academy app require login on a third party platform (Conference Compass and SpotMe respectively) for authorisation and platform access. These third parties confirm GDPR compliance.