Intermediate Archiving: refers to isolation by a logical separation (management of access rights and limited access to a specific service) and/or physical separation of Personal Data that the ESRA still has an administrative interest in.
Direct Customer: means a natural person who has subscribed to a Product or service directly from the ESRA.
CNIL: means the Commission Nationale de l’Informatique et des Libertés.
Personal Data: refers to any information that directly or indirectly relates to a natural person.
Sensitive Data: means any Personal Data that discloses either the racial or ethnic origin of the natural person, their political opinions, religious or philosophical beliefs, trade union membership, state of health, sexual orientation, or things about their sex life.
Distributor: means the stakeholder promoting the Product and the service to the Indirect Customer.
DPO: data protection officer.
Data Importer: means the stakeholder established in a country outside the European Union that receives Personal Data from the ESRA that is to be processed after it is transferred.
Data Subject: means the natural person whose Personal Data is processed.
Product: any product or service developed by the ESRA.
Healthcare Professional: means any doctor, nurse, manager of a medical establishment (medical office, clinic, ...) or any other profession belonging to the fourth part of the French Public Health Code is an ESRA member.
Social Media: refers to the ESRA’s social networking pages.
Regulations: refers to Law no. 78-17 of January 6, 1978 as amended relating to Information Technology, Files and Civil Liberties, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data by the individual Member States, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR") and any applicable Personal Data protection regulations.
Device: refers to the hardware (computer, tablet, smartphone, phone, etc.) that you use to visit or view the Site.
Processing: means collecting, saving, organising, structuring, storing, adapting, modifying, extracting, viewing, using or any other form of making available, reconciling or interconnecting, limiting, deleting, and destroying.
User: refers to the person browsing the ESRA congress website (esra.e-congres.com).
These definitions are capitalised and shall apply to both the singular and plural forms.
The Personal Data controller is:
For any and all questions concerning the protection of your Personal Data please contact the ESRA by sending an email to the following address: email@example.com or by mail at the following address: ESRA Rue Daubin 7 - 1203 Geneva, Switzerland.
The ESRA takes into account the principles of data minimisation, data protection from the design stage, and data protection by default. As a result, relevant Personal Data is collected which is adequate and limited to what is necessary for the purposes for which it is processed.
This Personal Data is collected in particular when you order a Product, when you create or modify your customer account, when you download or use the Application, when you browse the ESRA congress website (esra.e-congres.com), when you contact the ESRA, when you participate in an event, or when filling out forms.
When you fill out the fields on a form, the mandatory nature of a response is indicated by the use of an asterisk(*) at the end of the question. If you do not answer a question marked with an asterisk, your request cannot be processed.
When you choose to spontaneously send your Personal Data to the ESRA without the latter having asked you, you agree to assume full responsibility for the Personal Data transmitted. The ESRA recommends that you do not send or disclose any Sensitive Data to the ESRA congress website (esra.e-congres.com) or through it.
The ESRA may collect and process a Direct Customer’s first and last names, title, delivery address, telephone number, email, date of birth, customer account passwords created by the Direct Customer, information concerning their order or possible complaints as well as information concerning the payment of invoices.
The ESRA may be required to process an Direct Customer’s Personal Data, especially when they file a complaint or request additional information.
When transferring Personal Data from the Indirect Customer to the ESRA, the Distributor agrees to ensure that the transfer of this Personal Data is appropriate and complies with the Regulations and agrees to provide the Indirect Customer with the necessary information beforehand in accordance with the Regulations. The ESRA declines all liability in this regard.
The ESRA may be required to process a Healthcare Professional’s Personal Data, particularly their first and last names, specialisation, RPPS (Collective Database of Healthcare Professionals) number and physician number, ESRA membership number, email, and phone number.
Cookies ("Cookies") are small computer files stored on the hard drive of your Device that record certain information in order to make your browsing experience easier. They are placed on your Device when you browse the ESRA congress website (esra.e-congres.com).
Depending on your Device's settings, the ESRA uses the following cookies:
Subject to your agreement, the ESRA may place the following Cookies:
The ESRA collects and processes the content created by the User on the Site such as: texts, comments, answers.
The ESRA always processes your Personal Data for specific purposes and only processes it to achieve these purposes. In particular, the ESRA processes your Personal Data for the following purposes:
the ESRA collects and processes Personal Data only if:
the ESRA keeps your Personal Data for the time that is necessary to fulfill the purposes to be achieved, subject to the legal archiving options, obligations to keep certain Personal Data and/or anonymisation obligations.
The Personal Data of Direct Customers and Healthcare Professionals relating to a specific contract are kept for the duration of the contract.
At the end of the aforementioned periods, Personal Data are subject to an Intermediate Archiving for the legal or regulatory statute of limitations.
The ESRA may transmit your Personal Data to third parties who may use it for their own purposes, especially for commercial purposes and/or direct advertising.
The ESRA may share your Personal Data, only to the extent necessary, with:
In the course of its activities and in accordance with the Regulations, the ESRA agrees to ensure the protection, confidentiality, and security of Personal Data.
The ESRA takes the necessary precautions in light of the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the Processing and the likelihood of each risk in order to maintain the security and confidentiality of the Personal Data that you communicate to it and in particular to prevent them from being distorted, damaged or communicated to third parties (unless you have consented).
the ESRA therefore implements all technical, logical, physical and organisational measures to ensure a level of security that is in line with the risk and to prevent any loss, alteration, disclosure of Personal Data or access by unauthorised third parties.
However, given the intrinsic characteristics of the Internet, no transmission of information over the Internet is completely secure. The Personal Data transmitted to the ESRA is subject to measures that cannot protect against all risks of hijacking and/or hacking. The transmission of your Personal Data is therefore at your own risk.
In case of violation of Personal Data and in accordance with the Regulations, the ESRA agrees to notify the CNIL.
You may at any time express and modify your choices regarding Cookies by the means described below.
You can configure your Device's browser so that Cookies are saved on your Device or rejected, either automatically or depending on the issuer. You can also configure your browser to ask you if you’d like to accept or reject Cookies before they are placed on any of your Devices.
You do not expose yourself to any risk by accepting the use of this system. Cookies do not damage your computer.
You can express and modify your choices in your Device's browser at any time, free of charge.
If you have agreed for Cookies to be placed on your Device in your browser, the Cookies embedded in the content and pages that you have viewed may be temporarily stored in a dedicated area on your Device for no more than thirteen (13) months. They will only be readable by their issuer.
If you reject Cookies being placed on your Device or if you delete them from it, you will not be able to benefit from a certain number of features which are nevertheless necessary to be able to browse certain areas of our Site. (if you try to access the ESRA content or services that require you to log in)
Where applicable, the ESRA accepts no liability for the consequences of our services functioning poorly due to the fact that it is impossible for us to place Cookies on your Device or consult them when they are necessary for those services to operate and you have rejected or deleted them.
For Mozilla Firefox:
For Microsoft Internet Explorer:
To date, the ESRA only transfers outside the European Union Personal Data from Data Subjects located outside the European Union pursuant to the terms and conditions set out in the Regulations.
In the event that the ESRA has to transfer Personal Data concerning Data Subjects located within the European Union, the ESRA agrees, from this day forward, to make sure that appropriate guarantees in line with the Regulations will be put in place by the Data Importer and that you have enforceable rights and effective remedies in order to ensure that your Personal Data has an adequate level of protection.
Personal Data may be transferred for the aforementioned purposes to a country within the European Union, to a country outside the European Union that has been subject to a European Commission adequacy decision, as well as to countries outside the European Union that have not been subject to a European Commission adequacy decision, provided that there are appropriate GDPR safeguards.
Pursuant to the terms and conditions provided for in the Regulations, the ESRA hereby informs you that you have:
You may request that this Personal Data be directly transmitted by the ESRA to another data controller, where technically feasible.
You can exercise your rights by sending an email to the ESRA at the following address: firstname.lastname@example.org along with a copy of your ID.
If, despite the ESRA's efforts to preserve the confidentiality of your Personal Data, you consider your Personal Data has been breached under the Regulations, you may file a complaint with the CNIL.