PRIVACY CHARTER

Protecting your personal data is a priority for the Federation of European Academies of Medicine (hereinafter “FEAM” or “we”). Consequently, we commit to treating the personal data of academics, doctors, researchers, policy-makers, members of European associations and online users (hereinafter “you”) with the greatest care and to provide the best possible protection for such data in accordance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regards to thedat processing of personal data, and on the free movement of such data (hereinafter “GDPR”) and the national law applicable in this field.This charter provides information about:

  • the personal data that we collect about you and why we do so;
  • the terms of use of your personal data;
  • your rights concerning your personal data and the ways in which you can exercise these rights.

Explanatory glossary of the main legal terms used in this Charter:

Terms that are often used in this Charter Definitions provided by the GDPR (General Data Protection Regulation) Explanation of the terms in standard language
Data of a personal nature (hereinafter ‘personal data’) Any information relating to an identified or identifiable natural person (hereinafter ‘the data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. All sorts of information relating to a natural person, that is an individual, who can be identified as a person, directly or indirectlywho can be distinguished from other people.Examples: a name, a photo, a fingerprint, an e-mail address, a telephone number, a social security number, an IP address, a voice mail, your browsing data on a website, data relating to an online purchase, etc.
Processing  An operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Any use of personal data, regardless of the procedure involved (recording, organisation, storage, adaptation, alignment with other data, transmission, etc. of personal data).Example: the use of your data to manage an order, a delivery, send a newsletter, etc.
Controller The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.  The person, public authority, company or body which manages your data and determines how they are used. He/She decides whether to start or discontinue processing and determines why your data will be processed and to whom they will be transferred. He/she is the main party responsible for ensuring the protection of your data.
 Processor The natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller. Any natural or legal person that performs processing tasks following the instructions and under the responsibility of the controller.

Explanatory glossary of the other terms used in this Charter:

Partner Any natural or legal persons who may intervene in the organisation of events and activities

1. Who is responsible for the use of your data in the context of your relationship with our services?

The Controller responsible for the processing of your personal data is FEAM, the head office of which is at Rue d’Egmont, 13, 1000 Brussels,  registered under VAT number BE0455.764.396. Any question or request concerning the processing of your data can be sent to the following e-mail address: info@feam.eu.

2. Why do we collect your personal data and on what bases?

We collect personal data about you for different reasons.

We can only collect and use your personal data if this use is based on one of the legal grounds defined by the GDPR (e.g. your consent or the performance of a contract entered into with you).

The table below identifies the exact purposes for the use of your personal data by FEAM and the corresponding legal grounds.

Purposes for which your personal data are collected Legal basis for the processing of your personal data
(1) The sending of newsletters, publications, updates about FEAM activities, events and studies FEAM has a legitimate interest in processing the personal data of academics, doctors, researchers, policy-makers and contact persons of other European associations to inform them about future events and activities that it organizes, publications, updates and studies (Article 6.1).f) of the GDPR).
 
(2) The registering for FEAM activities and events The performance of a contract concluded with you (Article 6.1.b) of the GDPR), in this case, a contract for participation in an event.
(3) The management of concerns, inquiries or requests received about our events and activities The legitimate interest of FEAM to process the personal data of people in order to respond to their demand and their expectations (Article 6.1).f). of the GDPR).
(4) The carrying out of surveys FEAM has a legitimate interest in processing the personal data in order to collect people’s feedback about events it organizes and/or in order to get more information about policy priorities people would like FEAM covers in future activities (Article 6.1).f) of the GDPR).

 3. What data do we collect about you?

Please be aware that the personal data that we collect about you depend on the nature and number of relationships that you have with FEAM, whether they are of a legal nature (e.g. entering into of a contract, legal obligation, legitimate interest) or not (e.g. visit to our website).

Provided below are the details of the personal data that we collect, the reason we collect them, and the way in which they are collected (directly or indirectly).

Purpose of the collection Personal data collected
(1) The sending of newsletters, publications, updates about FEAM activities, events and studies ·         Personal identification data (such as surname, first name, postal address, e-mail address, telephone number)·         Electronic identification data (such as IP address, cookies, connection log)·         Business or employment related information (such as title, affiliation, position, organisation)
(2) The registering for FEAM activities and events ·         Personal identification data (such as surname, first name, postal address, e-mail address, telephone number)·         Business or employment related information (such as title, affiliation, position, organisation)
(3) The management of concerns, inquiries or requests received about our events and activities ·         Personal identification data (such as surname, first name, postal address, e-mail address, telephone number)·         Business or employment related information (such as title, affiliation, position, organisation)
(4) The carrying out of surveys ·         Personal identification data (such as surname, first name, postal address, e-mail address, telephone number)·         Business or employment related information (such as title, affiliation, position, organisation)·         Feedback about events·         Policy priorities

 4. Who do we share your personal data with?

We may share your personal data as part of our activities. Of course, we always do so in a way that will ensure optimal protection of your personal data.

  • With certain sub-contractors such as suppliers of certain IT applications (such as, for example, hosting services) or marketing or communication bureau to allow our business relationships to be managed in the best possible way.
  • With our suppliers, such as auditors, lawyers, etc. for the requirements of the contractual relationship with them or for the management of disputes, if applicable, etc.
  • With public authorities, in response to legal requests, including to meet national security requirements or for the application of the law (such as, for example, the tax authorities, etc.).
  • As part of a transaction, such as a merger, acquisition, consolidation or sale of assets, we may be required to share your personal data with the buyers or sellers.

 How long do we keep your personal data?

FEAM has set out precise rules regarding the storage period for your personal data. This period varies depending on the different purposes and has to take account of any legal obligations to keep some of your data.

Purpose of the collection Storage period
(1) The sending of newsletters, publications, updates about FEAM activities, events and studies The data is kept until the moment of becoming aware of the termination of the professional activity
(2) The registering for FEAM activities and events

 

10 years from the end of the contractual relationship
(3) The management of concerns, inquiries or requests received about our events and activities 2 years
(4) The carrying out of surveys 2 years

 6. What rights do you have regarding your personal data ?

We would like to inform you as clearly as possibly of your rights with regard to your personal data. The way to exercise your rights is explained in point 7.

Please find below a summary of your rights

1. Right of access

You can ask us to grant you access to all the following information regarding:

  • the categories of personal data concerned;
  • the purposes of the processing;
  • the categories of people with whom we share or will share your personal data and in particular those who are located outside Europe;
  • the duration for which your personal data will be kept in our systems;
  • your right to ask us to correct or delete your personal data or to limit the use that we make of your personal data and your right to oppose to this use;
  • your right to lodge a complaint with a European data protection authority;
  • where the personal data are not collected from you, any available information as to their source;
  • the way in which your personal data are protected when they are transferred to countries outside Europe.

 2. Right to rectification

You can ask FEAM to correct and/or update your personal data.

3. Right to erasure (“right to be forgotten”)

You can contact us at any time to ask us to delete the personal data that we process about you, if one of the following situations applies to you:

  • Your personal data are no longer necessary for the reasons for which they were collected or processed;
  • You have withdrawn your consent, which is the ground for FEAM to process your personal data;
  • Because you believe, for a specific reason, that further processing would adversely affect your privacy and could cause excessive damage;
  • You do not wish to receive commercial proposals from us;
  • Your personal data are not processed in accordance with the GDPR and the applicable national regulations;
  • Your personal data have to be deleted to fulfil a legal obligation laid down in the law of the European Union or the national law to which FEAM is subject;

However, we may be unable to respond to your request to exercise your right to be forgotten. It is important to remember that this right is not absolute. We have to ensure that this right is balanced against other important rights and values, such as freedom of expression, compliance with a legal requirement to which we are subject or important reasons of public interest.

 4. Right to object

The applicable legislation gives you the right to object, at any time for a reason particular to you, to the processing of your personal data. Indeed, if you believe that such processing is infringing on your privacy and/or causing you excessive damage, you may use this right.

You can, in particular, object to the use of your personal data for mailing purposes. Note that any e-mails or information letters that may be sent to you will include a link which you can click so that you no longer receive any promotional information from us.

However, under no circumstances may you prevent us from processing your data:

  • if the processing is necessary for the entering into or performance of your contract;
  • if the processing is required by law or a regulation;
  • if the processing is required to record, exercise or defend the rights in court.

5. Right to data portability

Data portability gives you a chance to control your personal data yourself more easily and more precisely to :

  • Recover your personal data, which are being processed by us, for your personal use and to store them on a device or in a private cloud storage, for example
  • Transfer your personal data from us to another company, either by you or directly by us, provided that a direct transfer is “technically possible”.

This right concerns your data that have been actively and knowingly declared, and the information collected by FEAM.

Conversely, the personal data that are derived, calculated or inferred from the data that you have provided, are excluded from the right to data portability if they were created by FEAM.

However, you should know that FEAM has the right to refuse your request to data portability. This right only applies to personal data that were collected on the basis of your consent or the performance of a contract concluded with you. Moreover, this right may infringe the rights and freedoms of third parties, whose data may form part of the data which would be transferred further to the request for transferability.

6. Right to restriction of processing

You have the right to ask us to restrict the processing, which involves the tagging (for example, temporarily moving your data to another processing system or locking your data, making them inaccessible) of your personal data, in order to restrict their further processing. You may exercise this right when :

  • the accuracy of the data in question is disputed;
  • your personal data is not processed in accordance with the GDPR and national law;
  • the data is no longer needed for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims;
  • the decision regarding your objection to the processing is pending.

Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.

In case of restriction of processing of some of your personal data, we will keep you informed before the restriction of processing is lifted.

7. How can you exercise your rights?

If you want to exercise your rights, simply send an email to info@feam.eu indicating in the subject field the right you want to exercise. Please attach a copy of your ID card. Please be aware that it is important to indicate the reasons behind your request.

You can also exercise your rights by writing to us at the following address Rue d’Egmont, 13, 1000 Brussels (Belgium). Your written request must be signed and accompanied by a photocopy of your ID card. The request must specify the address to which the response should be sent.

A response will then be sent to you within one (1) month following receipt of the request or two (2) more months if the request necessitates further research or if FEAM receives a very high number of requests.  If your request is not clear or does not contain everything to allow us to proceed with the operations requested, we will ask you, within this period, to provide us more information.

8. Are your personal data transferred outside Europe?

Data transfer outside Europe

You should be aware that the protection of privacy and the rules allowing authorities to access your personal data in these countries are not necessarily equivalent to those in Europe.

In order to ensure a high standard of data protection and privacy, we only use or assign service providers, partners and subcontractors with sufficient technical and legal guarantees.

We transfer and/or grant access to your personal data to service providers, partners and/or subcontractors located in a non-EEA country only if (1) it is located in a country which ensures an adequate level of protection under an adequacy decision taken by the European Commission (2) appropriate safeguards have been implemented in accordance with the GDPR (3) the transfer is necessary for the performance of a contract concluded with You or the implementation of pre-contractual measures taken at Your request or (4) You have explicitly consented to this.

To obtain more information and/or a copy of the guarantees taken, simply send us an email to info@feam.eu with your surname, first name and in the subject “transfers outside the EU: personal data”. Also remember to specify in the body of your e-mail the exact information you wish to obtain.

9. Would you like to contact us about this Charter on the protection of your personal data and/or would you like to lodge a complaint with a data protection authority?

Do you have a question or a suggestion about this Charter on the protection of your personal data?

If so, do not hesitate to contact us by sending an email to YourData@feam.eu or sending a letter to: 1000 Brussels (Belgium), Rue d’Egmont, 13.

We will be pleased to read your message or letter and reply as soon as possible.

Do you think we do not protect your personal data sufficiently?

If you believe that FEAM is not processing your personal data in accordance with the GDPR and national law, please let us know by contacting us here, or by post at 1000 Brussels (Belgium), Rue d’Egmont, 13.

If you are not satisfied with our answer, you have the right to lodge a complaint with:

  • the data protection authority of the European country in which you are normally a resident; or
  • the data protection authority of the European country in which you work; or
  • the data protection authority of the European country in which the infringement of the GDPR was committed.

Lodging a complaint with the Belgian Data Protection Authority

  • By post: Belgian Data Protection Authority
    Rue de la Presse 35, 1000 Brussels, Belgium
  • By e-mail: contact@apd-gba.be

Lodging a complaint with another European data protection authority

Please consult the list here to lodge a complaint with another data protection authority.

10. How can you find out whether this Charter on the protection of your personal data has been modified?

This Charter on the protection of your personal data may be modified at any time, in particular, to take account of any legal or statutory changes and the development of our services.

Please enter your email address below to unsubscribe from our newsletter.


Subscribe to our newsletter