Intermediate Archiving: refers to isolation by a logical separation (management of access rights and limited access to a specific service) and/or physical separation of Personal Data that the ESRA still has an administrative interest in.
Direct Customer: means a natural person who has subscribed to a Product or service directly from the ESRA.
CNIL: means the Commission Nationale de l’Informatique et des Libertés.
Personal Data: refers to any information that directly or indirectly relates to a natural person.
Sensitive Data: means any Personal Data that discloses either the racial or ethnic origin of the natural person, their political opinions, religious or philosophical beliefs, trade union membership, state of health, sexual orientation, or things about their sex life.
Distributor: means the stakeholder promoting the Product and the service to the Indirect Customer.
DPO: data protection officer.
Data Importer: means the stakeholder established in a country outside the European Union that receives Personal Data from the ESRA that is to be processed after it is transferred.
Data Subject: means the natural person whose Personal Data is processed.
Product: any product or service developed by the ESRA.
Healthcare Professional: means any doctor, nurse, manager of a medical establishment (medical office, clinic, ...) or any other profession belonging to the fourth part of the French Public Health Code is an ESRA member.
Social Media: refers to the ESRA’s social networking pages.
Regulations: refers to Law no. 78-17 of January 6, 1978 as amended relating to Information Technology, Files and Civil Liberties, Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data by the individual Member States, and repealing Directive 95/46/EC (hereinafter referred to as "GDPR") and any applicable Personal Data protection regulations.
Device: refers to the hardware (computer, tablet, smartphone, phone, etc.) that you use to visit or view the Site.
Processing: means collecting, saving, organising, structuring, storing, adapting, modifying, extracting, viewing, using or any other form of making available, reconciling or interconnecting, limiting, deleting, and destroying.
User: refers to the person browsing the ESRA congress website (esra.e-congres.com).
These definitions are capitalised and shall apply to both the singular and plural forms.
- Healthcare Professionals who use the ESRA's services
- Direct Customers
3. Data Protection Contacts at the ESRA
The Personal Data controller is:
- For the Personal Data of Direct Customers, Patients and Distributors: ESRA whose registered address is Rue Daubin 7 - 1203 Geneva, Switzerland.
For any and all questions concerning the protection of your Personal Data please contact the ESRA by sending an email to the following address: firstname.lastname@example.org or by mail at the following address: ESRA Rue Daubin 7 - 1203 Geneva, Switzerland.
4. Nature of the Personal Data processed by the ESRA
The ESRA takes into account the principles of data minimisation, data protection from the design stage, and data protection by default. As a result, relevant Personal Data is collected which is adequate and limited to what is necessary for the purposes for which it is processed.
This Personal Data is collected in particular when you order a Product, when you create or modify your customer account, when you download or use the Application, when you browse the ESRA congress website (esra.e-congres.com), when you contact the ESRA, when you participate in an event, or when filling out forms.
When you fill out the fields on a form, the mandatory nature of a response is indicated by the use of an asterisk(*) at the end of the question. If you do not answer a question marked with an asterisk, your request cannot be processed.
When you choose to spontaneously send your Personal Data to the ESRA without the latter having asked you, you agree to assume full responsibility for the Personal Data transmitted. The ESRA recommends that you do not send or disclose any Sensitive Data to the ESRA congress website (esra.e-congres.com) or through it.
4.1 Direct Customer
The ESRA may collect and process a Direct Customer’s first and last names, title, delivery address, telephone number, email, date of birth, customer account passwords created by the Direct Customer, information concerning their order or possible complaints as well as information concerning the payment of invoices.
4.2 Direct Customer
The ESRA may be required to process an Direct Customer’s Personal Data, especially when they file a complaint or request additional information.
When transferring Personal Data from the Indirect Customer to the ESRA, the Distributor agrees to ensure that the transfer of this Personal Data is appropriate and complies with the Regulations and agrees to provide the Indirect Customer with the necessary information beforehand in accordance with the Regulations. The ESRA declines all liability in this regard.
4.3 Healthcare Professional
The ESRA may be required to process a Healthcare Professional’s Personal Data, particularly their first and last names, specialisation, RPPS (Collective Database of Healthcare Professionals) number and physician number, ESRA membership number, email, and phone number.
Cookies ("Cookies") are small computer files stored on the hard drive of your Device that record certain information in order to make your browsing experience easier. They are placed on your Device when you browse the ESRA congress website (esra.e-congres.com).
Depending on your Device's settings, the ESRA uses the following cookies:
- Browsing Cookies: These are Cookies that are necessary for browsing the Site. These Cookies enable the ESRA to ensure the Site works properly.
- Feature Cookies: These are Cookies that store your chosen preferences and settings in order to ensure a smooth user experience. For example, they allow you to directly access your personal areas on the Site without having to enter your connection settings several times or allow you to store purchases in your shopping basket.
Subject to your agreement, the ESRA may place the following Cookies:
- Audience Measurement Cookies: These are Cookies used to track your browsing to get statistics of views and monitor the performance of the Site and each of its pages. These Cookies enable the ESRA to improve its services so as to provide a better user experience.
- Targeting/Advertising Cookies: These are Cookies for offering content and advertising tailored to your needs, taking into account your preferences and your latest purchases.
The ESRA collects and processes the content created by the User on the Site such as: texts, comments, answers.
5. Purposes and Legal Basis of Processing
5.1 Purposes of Processing:
The ESRA always processes your Personal Data for specific purposes and only processes it to achieve these purposes. In particular, the ESRA processes your Personal Data for the following purposes:
- Responding to your requests for information, questions, comments, fulfilling your requests, and providing you with effective help.
- Managing your customer account.
- Establishing, maintaining, and managing the customer relationship and ensuring follow-up.
- Processing and delivering your orders.
- Doing the accounting.
- Managing billing and payments.
- Managing payment incidents or non-payments and debt collection.
- Registration, evaluation, reporting and treatment of adverse events and claims relating to products and services.
- Giving you access to the ESRA congress' online content.
- Managing your requests to access, rectify, limit processing, erase, object to the processing of your personal data or its portability.
- Providing you with adequate, up-to-date information on the ESRA’s products and services.
- Improving the quality of interactions and the quality of the ESRA’s products and services.
- Sending you satisfaction surveys or conducting internal analyses.
- Inviting you to events.
- Managing subscriptions to the ESRA’s newsletters and webinars.
- Conducting analytical studies and commercial statistics.
- Establishing, exercising, or defending a right in court, whether in a legal, administrative, or extrajudicial proceeding of any kind.
- Managing the archives.
- Sending commercial or promotional offers for products or services similar to those provided. You may object to your Personal Data being used for commercial marketing purposes at any time, free of charge, without having to give a reason for this request by sending an email to the ESRA at the following address: email@example.com. the ESRA would like to draw your attention to the fact that exercising your right to object does not prevent the ESRA from continuing to contact you for other purposes.
- Improving the relevance of the information sent.
- Ensuring that the ESRA complies with its activities.
- All other purposes required by law and the authorities.
5.2 Legal Basis:
the ESRA collects and processes Personal Data only if:
- It has obtained your consent beforehand.
- Processing is necessary for the performance of a contract.
- Processing is necessary to comply with the ESRA's legal or regulatory obligations.
- Processing is necessary for the ESRA's legitimate interests and does not unduly affect your interests or fundamental rights and freedoms.
6. How long Personal Data is kept
the ESRA keeps your Personal Data for the time that is necessary to fulfill the purposes to be achieved, subject to the legal archiving options, obligations to keep certain Personal Data and/or anonymisation obligations.
The Personal Data of Direct Customers and Healthcare Professionals relating to a specific contract are kept for the duration of the contract.
At the end of the aforementioned periods, Personal Data are subject to an Intermediate Archiving for the legal or regulatory statute of limitations.
7. Recipients of your Personal Data
The ESRA may transmit your Personal Data to third parties who may use it for their own purposes, especially for commercial purposes and/or direct advertising.
The ESRA may share your Personal Data, only to the extent necessary, with:
- Its employees authorised to process your Personal Data who are all bound by a confidentiality obligation.
- Its suppliers, service providers and subcontractors for performing the tasks related to the purposes described above.
- Organisations responsible for conducting polls or surveys.
- Partner and/or pharmaceutical companies.
- National and European public authorities: the ESRA may have to communicate your Personal Data in response to a specific request made by a competent administrative or judicial authority, as well as more generally in all situations where the law, regulations, or an administrative or judicial decision so requires.
- Other third parties: subject to your express consent, the ESRA gives your Personal Data to carefully selected third parties, including partners for marketing services that may be of interest to you, or to third parties you have subscribed to or accepted a service from.
8. Personal Data Security
In the course of its activities and in accordance with the Regulations, the ESRA agrees to ensure the protection, confidentiality, and security of Personal Data.
The ESRA takes the necessary precautions in light of the state of knowledge, the costs of implementation and the nature, scope, context and purposes of the Processing and the likelihood of each risk in order to maintain the security and confidentiality of the Personal Data that you communicate to it and in particular to prevent them from being distorted, damaged or communicated to third parties (unless you have consented).
the ESRA therefore implements all technical, logical, physical and organisational measures to ensure a level of security that is in line with the risk and to prevent any loss, alteration, disclosure of Personal Data or access by unauthorised third parties.
However, given the intrinsic characteristics of the Internet, no transmission of information over the Internet is completely secure. The Personal Data transmitted to the ESRA is subject to measures that cannot protect against all risks of hijacking and/or hacking. The transmission of your Personal Data is therefore at your own risk.
In case of violation of Personal Data and in accordance with the Regulations, the ESRA agrees to notify the CNIL.
You may at any time express and modify your choices regarding Cookies by the means described below.
You can configure your Device's browser so that Cookies are saved on your Device or rejected, either automatically or depending on the issuer. You can also configure your browser to ask you if you’d like to accept or reject Cookies before they are placed on any of your Devices.
9.2.1 Accepting Cookies
You do not expose yourself to any risk by accepting the use of this system. Cookies do not damage your computer.
You can express and modify your choices in your Device's browser at any time, free of charge.
If you have agreed for Cookies to be placed on your Device in your browser, the Cookies embedded in the content and pages that you have viewed may be temporarily stored in a dedicated area on your Device for no more than thirteen (13) months. They will only be readable by their issuer.
9.2.2 Rejecting Cookies
If you reject Cookies being placed on your Device or if you delete them from it, you will not be able to benefit from a certain number of features which are nevertheless necessary to be able to browse certain areas of our Site. (if you try to access the ESRA content or services that require you to log in)
Where applicable, the ESRA accepts no liability for the consequences of our services functioning poorly due to the fact that it is impossible for us to place Cookies on your Device or consult them when they are necessary for those services to operate and you have rejected or deleted them.
For Mozilla Firefox:
- Click on the Tools menu then select Internet Options.
- Click on the Privacy icon.
- Click on the Show Cookies menu and select the desired options.
For Microsoft Internet Explorer:
- Click on the Tools menu then select Internet Options.
- Click on the Privacy tab.
- Select the desired options using the cursor.
10. Transfers of Personal Data to a country outside the European Union
To date, the ESRA only transfers outside the European Union Personal Data from Data Subjects located outside the European Union pursuant to the terms and conditions set out in the Regulations.
In the event that the ESRA has to transfer Personal Data concerning Data Subjects located within the European Union, the ESRA agrees, from this day forward, to make sure that appropriate guarantees in line with the Regulations will be put in place by the Data Importer and that you have enforceable rights and effective remedies in order to ensure that your Personal Data has an adequate level of protection.
Personal Data may be transferred for the aforementioned purposes to a country within the European Union, to a country outside the European Union that has been subject to a European Commission adequacy decision, as well as to countries outside the European Union that have not been subject to a European Commission adequacy decision, provided that there are appropriate GDPR safeguards.
11. Your Rights
Pursuant to the terms and conditions provided for in the Regulations, the ESRA hereby informs you that you have:
- A right of access: a right to question the ESRA to find out if it has your Personal Data and ask to know what data it is.
- A right to rectification: a right to ask the ESRA to rectify information about you in case of errors or inaccuracies.
- A right to object: when Processing is based on the ESRA’s legitimate interests, you have a right to object to Personal Data Processing for legitimate reasons, except for commercial marketing where no reason is required.
- A right to restriction of processing: a right to ask the ESRA not to keep some of your Personal Data during future processing when:
- You dispute the accuracy of your Personal Data.
- You consider and can prove that the Processing of Personal Data is unlawful and you oppose the erasure of the Personal Data and request the restriction of their Processing instead.
- The ESRA does not need your Personal Data any more, but it is still necessary for you to establish, exercise, or defend your legal claims.
- You object to the Processing that is based on the ESRA's legitimate interest pending the verification whether the ESRA's legitimate grounds override those of the data subject.
- A right to erasure: subject to the exceptions provided for by the Regulations, the right to obtain from the ESRA the erasure of your Personal Data when one of the following grounds applies:
- Your Personal Data is no longer necessary in relation to the purposes for which it was collected or otherwise processed.
- You wish to withdraw your consent on which the Processing of your Personal Data was based and there is no other legal ground for this processing.
- You object to the Processing and there are no overriding legitimate grounds for the Processing or you object to commercial offers being sent to you.
- You consider and can prove that your Personal Data has been subject to unlawful Processing.
- Your Personal Data has to be erased for compliance with a legal obligation.
- A right to data portability: when the Processing is based on your consent or a contract, the right to receive your Personal Data from the ESRA in a structured, commonly used format, and to transmit this Personal Data to another data controller without hindrance from the ESRA.
You may request that this Personal Data be directly transmitted by the ESRA to another data controller, where technically feasible.
- A right to withdraw consent: When the Processing is based on your consent, you have the right to withdraw your consent at any time, without this withdrawal affecting the lawfulness of the ESRA's Processing prior to it.
- A right to decide the fate of your Personal Data upon your death: Finally, you have the right to organise the fate of your Personal Data after your death by adopting general or specific instructions. the ESRA is committed to following these instructions. If there are no instructions, the ESRA grants the heirs the possibility of exercising certain rights, particularly the right to access, if it is necessary for settling the estate of the deceased; and the right to object to close the deceased’s user accounts and oppose to the processing of their data.
You can exercise your rights by sending an email to the ESRA at the following address: firstname.lastname@example.org along with a copy of your ID.
If, despite the ESRA's efforts to preserve the confidentiality of your Personal Data, you consider your Personal Data has been breached under the Regulations, you may file a complaint with the CNIL.