English
ENGLISH
Register
English

 

LIVE.CEESTAHC.ORG

PRIVACY AND COOKIE POLICY

This document describes the way in which personal data of Users using the Web Portal available at: https://live.ceestahc.org/ (hereinafter: “the Web Portal”) are processed. The owner of the Web Portal and the controller of the Users’ personal data is Central And Eastern European Society Of Technology Assessment In Health Care Association with its registered office in Cracow, address: Starowiślna 17/3 St., 31-038 Cracow, Poland, entered into the Register of societies, other community and professional organizations, foundations and public health care facilities held by the District Court for Kraków- Śródmieście in Kraków, 11th Commercial Division of the National Court Register under number KRS 0000170838, NIP (Tax Identification Number): 6762246760 (hereinafter: ‘The Controller’).

 The personal data of the Users of the Web Portal are processed in accordance with the applicable provisions of the law, including the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: ‘the General Data Processing Regulation’ – GDPR) and the Polish Act on electronic provision of services of 18th July 2002 (Journal of Laws of 2017 item 1219 as amended).

The definitions included in Article 1 of the Terms and Conditions of the 16th International EBHC Symposium and the Web Portal (hereinafter: ‘T&C’)  shall apply as appropriate.

Personal data of the User

The Controller may process information about the User (including personal data), such as:

a. Identification details submitted by the User:

  • if the User fills in the registration form in order to register for the Symposium and opens the User Account, the User submits the following data: name, surname, e-mail address, telephone number, alternatively also: name of the company, institution or organization;
  • the use of the Newsletter E-service requires providing the e-mail address;
  • if the Users uses the Contact Form, the Controller requires to submit the following data: name and surname or the company’s, institution’s or organization’s name, e-mail address, telephone number.

b. Network server logs: The Controller automatically stores network server logs if the User visits the Web Portal by means of a computer on which the Web Portal is installed (referred to as a ‘web server’). The web server automatically recognizes certain information, such as the IP address, the date and place the User visited the Web Portal, the website from which the User came to the Web Portal, the type of web browser used, the type of operating system used, and the domain name and address of your website operator.

c. IP addresses: The Controller may store information about the User’s IP. IP addresses are used as part of the information contained in the network server logs described above and for technical purposes.

The purpose of data processing

The Users’ personal data is processed for the following purposes:

a. when creating and using an User Account – for the purpose of providing the User Account E-service and for the purpose of concluding the symposium participation agreement (including redress and defend against claims arising from this agreement);
b. when using the Chat available on the Platform – for the purpose of contacting the User, including answering the User’s questions sent via Chat;
c. when using the Contact Form – for the purpose of answering the User’s inquiry submitted through the Contact Form;
d. when subscribing for the Newsletter – for the purpose of providing the Newsletter E-service (receiving commercial information about the Controller’s products, services and promotional activities);
e. for technical purposes, so the Web Portal and the Platform display correctly;
f. in order to inform about the Controller’s planned events, including informing about the next editions of the Symposium.

In the event that the Controller receives information that the User uses the Web Portal in an unlawful manner, inconsistent with the T&C or this Privacy Policy, the Controller may process the User’s personal data for the purpose and to the extent necessary to determine the User’s liability and to protect the Controller’s rights and claims.

Legal grounds for data processing

The Users’ personal data is processed based on applicable regulations. The legal basis for processing of the Users’ personal data by the Controller is the prerequisite of necessity to perform the agreement on the provision of services described in T&C, including performance of the Symposium participation agreement and the agreement for the provision of E-services – according to Article 6, Paragraph 1, letter b) of GDPR.

With respect to the Newsletter E-service, the data is processed based on the consent for processing personal data in order to receive commercial information, according to Article 6, Paragraph 1, letter a) of GDPR).

The Controller may also take some actions for direct marketing of the Controller’s products and services purposes, informing about planned events of the Controller, including informing about next editions of the Symposium, in pursuance of the Controller’s legitimate interest, according to Article 6, Paragraph 1, letter f) of GDPR. The legitimate interest of the Controller is the marketing of the Controller’s own products and services. To the extend the Controller uses for this purpose the User’s e-mail address and phone number, data is processed based on the consent for processing personal data in order to receive commercial information, according to Article 6, Paragraph 1, letter a) of GDPR

The Users’ personal data may also be processed when it is necessary for the fulfilment of a legal obligation incumbent on the Controller, for example when a competent state authority requests an access to personal data.

Obligation to provide data

Providing personal data by Users is voluntary, however a failure to provide data may prevent the Controller from performing services for the User, in particular from the conclusion and performance of an Symposium participation agreement, provision of the User Account service, responding to inquiries sent via the Contact Form, or sending commercial information by means of the Newsletter.

The time and form of data processing

The Users’ personal data will be processed in relation to the conclusion and execution of the Symposium participation agreement during the time of execution of this agreement. Data may be stored after the completion of the agreement, if it is justified by applicable law (e.g. for tax or accounting purposes, or until the expiry of any claims related to the concluded agreement) and to the extent necessary, the data may be processed until expiration of any possible claims that could arise from the agreement.

The Users’ personal data that is being processed in relation to the use of the Contact Form, shall be processed until an answer to the inquiry sent via the Contact Form is given. The Users’ personal data processed in relation to the use of the User Account Electronic Service will be processed until the account is deleted by the User. The data processed based on the Users’ consent (for example Newsletter) will be processed until the consent is withdrawn.

The vast majority of data is processed by the Controller in an electronic form, on servers belonging to the Controller and on servers rented from third parties, on computers, external drives and mobile devices. Part of the data might be processed in a paper form.

Sharing data with third parties

Every time the data is shared with third parties, it occurs in accordance with the applicable law, based on the concluded data processing agreement, which points out the objectives of data processing.

Entities with which the Contoller cooperates in order to perform services provided to the Users, or to perform the concluded Symposium participation agreement, are the recipients of your personal data. These may include the suppliers of external systems supporting the Controller’s activity, including the provider of IT tool that enables streaming of the Symposium: Blu Experience sp. z o.o. [Ltd.] with its’ registered seat in Cracow, address: Warszawska 15 St., 31-155 Cracow, Poland, NIP (Tax Identification Number): 9452177517, as well as the entity providing external accounting services for the Controller.

The Newsletter is being sent out via the Freshmail marketing platform, which is why the personal data of Users subscribing the Newsletter may be transferred to Freshmail sp. z o.o. [Ltd.], NIP (Tax Identification Number): 6751496393.

Profiling

The Users’ personal data is not used for automated decision-making, including profiling. The Controller does not use IT systems that would automatically make decisions concerning the Users’ personal data. The decisions and actions are taken only by the Controller’s employees.

User rights

Regardless the legal basis of data processing, the Users have the right to access the content of their personal data, correct them, limit their processing, the right to transfer data, as well as, in some cases, the right to delete them.

If the data is processed based on our legitimate interest, according to Article 6, Paragraph 1, letter f) of GDPR, the Users have the right to object to the User’s personal data being processed.

If the data is processed based on a previously given consent (Article 6, Paragraph 1, letter a) of GDPR), the Users have the right to withdraw the consent at any moment with no impact on the compliance with the law of processing, which was made based on the consent prior to the withdrawal.

If the data is processed based on a previously given consent (Article 6, Paragraph 1, letter a) of GDPR), or in accordance with the concluded agreement (Article 6, Paragraph 1, letter b) of GDPR), or if the data is processed by automatic means, the User has also the right to data portability.

If the User suspects that his or her personal data is being processed contrary to the General Data Processing Regulation, the User has the right to file a complaint with the President of the Personal Data Protection Office against unlawful processing of his / her personal information.

The data update

Each User is obliged to correct or update the entered personal data in case of change. The use of false data is prohibited. In order to update or correct the User’s personal data, the User shall send information to the Controller via e-mail. If the data is updated, the User will be informed of the data update.

Cookies

Definition:  cookies are small amount of data dent by websites to the User’s browser, which are sent back to the website by the browser when the User re-enter the website. Thanks to the use of cookies, the User does not have to re-enter data previously entered into the website, and the User’s device is recognized by this Web Portal, so that its display is automatically adjusted to the User’s individual needs and the previously selected settings.

Are cookies personal data: Generally speaking, cookies are not personal data, however, some information stored in cookies in combination with other information concerning the User may contain personal data. However, such data are not disclosed by the Controller to unauthorized persons, and their processing takes place solely for the purpose of providing certain services to the User.

Types of cookies: The Web Portal uses two types of cookies: session cookies and persistent cookies. The session cookies are temporary files, which are stored in the User’s device until the User logs out, leaves the Web Portal or turns off the internet browser. Persistent cookies are stored in the User’s device for a period of time specified by cookie settings or until removed by the User.

The use of cookies: Cookies are used to store information about the User’s session (i.e. the IP address from which the User connects to the Web Portal, connection time and other technical parameters of the connection). The information generated by cookies, including the IP address, may be transmitted by the Controller to Google and other third parties. In particular, the Web Portal uses cookies for the following purposes:

a. to adjust the content of the Web Portal to the User’s individual preferences;
b. to maintain the User’s session (after logging in to the User Account), which is why the User does not have to re-enter their login and password on each subpage;
c. to generate statistics that help to understand how Users use the Web Portal, thereby improving its structure and content. The analysis of these statistics is anonymous and enables the adjustment of the content and appearance of the Web Portal; the statistics are also used to evaluate the popularity of the Web Portal;
d. to define the User’s profile in order to display matching advertising materials to the User, in particular from the Google network. The Web Portal uses the remarketing tool and the lists of similar recipients provided by Google.

Resignation from cookies: the User can disable cookies at any time by selecting the appropriate settings in their browser. However, the Web Portal may not function properly without the cookies enabled.

Personal Data Security

The location in which the User’s personal data are stored is protected by appropriate physical, IT and organizational security measures aimed at an appropriate protection of the data made available to the Controller by the User. However, the Controller has no control over the security of the data sent from the moment they are sent by the User until they reach the Controller.

In addition, the Web Portal has been equipped with an SSL protocol, which allows for a secure and effective encryption of data sent between the User and the server. Subpages containing personal data forms are automatically switched to the https protocol.

Final Provisions

  1. The Controller declares that makes every effort to provide Users with a high level of security in the use of the Web Portal. Please report any disturbing events affecting the security of information and data transmission to the e-mail address: sekretariat@ceestahc.org.
  2. For further information regarding the processing of your personal data, please contact us at the following e-mail address: sekretariat@ceestahc.org.