THE EUROPEAN ASSOCIATION OF CARDIOTHORACIC ANAESTHESIOLOGY
The European Association of Cardiothoracic Anesthesiology (“EACTA”) and AIM Italy S.r.l. (“AIM”) (collectively referred to as “us”, “we” and “our”) are“joint data controllers” in respect of your personal data pursuant to the General Data Protection Regulation ((EU) 2016/679) (“GDPR”) and the Data Protection Act 2018. This means that the EACTA and AIM are responsible for deciding how they hold and use personal information about you. The purpose of this privacy notice is to make you aware of how and why the EACTA and AIM process your personal data and how long your personal data will usually be retained for. The EACTA and AIM are required to provide this information to you under the GDPR and the Data Protection Act 2018.
The EACTA and AIM respect your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.
- Who we are
The EACTA and AIM are joint data controllers and are responsible for your personal data.
Our full details are:
Full name of legal entity:
1) The European Association of Cardiothoracic Anaesthesiology
2) AIM Italy S.r.l.
The European Association of Cardiothoracic Anaesthesiology
C/O AIM Italy Srl – Rome Office
Via Flaminia 1068
- Data protection principles
We will comply with data protection law and principles, which means that your personal data will be:
- Used lawfully, fairly and in a transparent way;
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
- Relevant to the purposes we have told you about and limited only to those purposes;
- So far as possible, accurate and kept up to date;
- Kept only as long as necessary for the purposes we have told you about; and
- Kept securely.
- Ways and purposes of use
- The data we collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together follows:
- Identity Data includes first name, maiden name, last name and in the membership area, we may collect your date of birth, place of work and Hospital function
- Contact Data includes email address and telephone numbers.
- Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Usage Data includes information about how you use our website, products and services.
- Marketing and Communications Data includes your preferences in receiving marketing from us and our third parties and your communication preferences.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature, such as the e-learning platforms. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy notice.
We do not collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). Nor do we collect any information about criminal convictions and offences.
If you fail to provide personal data
Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with event information and tickets). In this case, we may have to cancel your event booking you have with us but we will notify you if this is the case at the time.
- How is your personal data collected?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity and Contact Data by corresponding with us by post, phone, email, through our website or otherwise. This includes personal data you provide when you send a query about our membership information and/or events.
The Data Subject’s personal data is processed in the context of the activities carried out by the EACTA and AIM, for the following purposes:
- Creation and subsequent management of the membership relationship;
- Fiscal, administrative and accounting duties strictly connected to the membership relationship;
- Specific duties as foreseen by law, regulations or EU rules;
- Distribution of scientific reviews and other editorial products by the EACTA;
- Mailing of the EACTA’s newsletter to update the Data Subject on all projects, initiatives and events promoted by the EACTA in the context of its activities for members;
- Mailing of information relating to initiatives and activities deemed to be of interest to the Member by Italian and international scientific associations and entities similar to that of EACTA, by means both of automated tools (such as newsletters, e-mails, SMS’s, MMS’s, automated calls, etc.) and of traditional tools (hardcopy mail and/or operator calls).
The processing of the personal data is executed, under authority of the Joint Data Controllers, by staff specifically commissioned, authorized and instructed to process personal data pursuant to GDPR and the Data Protection Act 2018
Generally we do not rely on consent as a legal basis for processing your personal data other than in relation to sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.
The personal data will be stored for the entire duration of the membership relationship.
- Data sharing
We will only share your personal data with the following third parties:
- Third party service providers: We may share your personal data with third party service provides that perform services and functions at our direction and on our behalf such as our accountants, IT service providers, printers, lawyers, event organisers and providers of security and administration services. Specifically, your personal data will be provided to third party service providers for the following reasons;
- to financial institutions in order to complete payments related to the membership fee and/or membership events/conferences;
- to the entities and/or external companies that EACTA uses for the purpose of executing connected activities, as a consequence of your membership (such as for mailing congress programs, for training initiatives, for scientific projects, for the mailing of subscriptions and the amiling of scientific reviews, etc.);
- to external consultants (e.g. for management of fiscal duties) if not designated Processors in writing;
- provided specific consent is given, to Italian and international scientific associations and entities similar to that of EACTA, for mailing of information relating to initiatives and activities deemed to be of interest to the Member by means of both automated and traditional tools of communication
- All third party service providers are required to take appropriate security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
- An Gardai, Revenue Commissioners, Government Bodies or officials: We may share your personal information with an Gardai or other government bodies or agencies where required to do so by law.
- Transfer of your personal data outside of the European Economic Area
We will only transfer personal data outside the European Economic Area if one of the following applies:
- The European Commission has issued a decision confirming that the country to which we transfer the personal data ensures an adequate level of protection for the data subjects’ rights and freedoms.
- Appropriate safeguards are in place such as binding corporate rules, standard contractual clauses approved by the European Commission, an approved code of conduct or a certification mechanism such as the EU-US Privacy Shield.
- You have provided explicit consent to the proposed transfer after being informed of any potential risks.
- The transfer is necessary for one of the other reasons set out in the GDPR including the performance of a contract between us, reasons of public interest, to establish, exercise or defend legal claims or to protect your vital interests where you are physically or legally incapable of giving consent and, in some limited cases, for our legitimate interest.
Provided specific consent is given, the data of the Data Subject may be published on the website of the EACTA or on its reviews and/or scientific publications, as well as on the occasion of other initiatives – on hard-copy or soft-copy – strictly related with the participation to the membership activities. In case of training sessions filmed and/or recorded during events, an ad hoc consent form will be provided and a specific consent will be requested.
- Juridical basis for processing, nature of the transfer and consequences of denial, consent by the Data Subject.
2.1) Purposes listed at preceding section 3(b)1- 5
With reference to the purposes listed at preceding paragraph 3(b)1-5, the transfer of personal data is mandatory and represents a necessary condition for the creation and subsequent management of the membership relationship; indeed, the denial of transfer determines the impossibility to subscribe the Data Subject to the EACTA and to involve him/her in any initiative of the EACTA and, thus, the juridical basis of the related processing is the appropriate creation and management of the contract of membership.
2.2) Purpose listed at preceding section 3(b)6
With reference to the purpose at preceding section 3(b)6, the transfer is optional and the denial of the related consent determines only the impossibility to receive information relating to initiatives and activities deemed to be of interest to the Member by Italian and international scientific associations and entities similar to that of EACTA. Thus, the juridical basis of this processing is the explicit consent of the Data Subject.
- Entities and categories of entities to which the personal data may be communicated and context of communication.
With regards to the purposes of the processing as indicated above, and within the strict boundaries of pertinence to these purposes, the personal data of the Data Subject will be communicated in Ireland and Italy, or in any case within the European Union, to the following entities, for the purpose of realization of the membership relationship:
(i) to fiscal Authorities and other public Authorities, where mandatory by law or upon their request; (ii) to financial institutions for the execution of payments related to the membership fee;
(iii) to the structures and/or external companies that the EACTA and AIM use for the purpose of executing connected activities, instrumental or consequent to the creation and subsequent prosecution of the membership (such as for mailing congress programs, for training initiatives, for scientific project, for the mailing in subscription of scientific reviews, etc.);
(iv) to external consultants (e.g. for management of fiscal duties) if not designated Processors in writing;
(vi) provided specific consent is given, to Italian and international scientific associations and entities in contexts and with purposes similar to the ones of EACTA, for mailing of information relating to initiatives and activities deemed to be of interest to the Member by means of both automated and traditional tools of communication.
Above entities, to whom the personal data of the Data Subject will be or may be communicated (insofar as not being designated as Processors), will treat the personal data as Controllers as per the Privacy Law, GDPR and the Data Protection Act 2018, in full autonomy, being completely separated from the original processing executed.
Without the consent to communication of the personal data and to related processing, in those cases where it is foreseen by the Privacy Law, GDPR and the Data Protection Act 2018, the operations which require communication might not be executed, with consequences known to the Data Subject.
A detailed and constantly updated list of these entities, including their respective offices, is always available at EACTA’s and AIM’s respective legal offices.
Provided specific consent is given, the data of the Data Subject may be published on the website of the EACTA or on its reviews and/or scientific publications, as well as on the occasion of other initiatives – on hard-copy or soft-copy – strictly related with the participation to the membership activities. In case of training sessions filmed and/or recorded during events, an ad hoc Information Sheet will be provided and a specific consent will be requested.
8. Rights of the Data Subject.
Section 7 of the Privacy Law and sections 15 and following of the Data Protection Regulation grant the Data Subject the right to obtain:
- confirmation or denial of existence of personal data related to the Data Subject, even if not yet registered and their communication in an understandable form;
- indication of the origin of the personal data, of their purposes and of their ways of processing, of the logic applied in case of processing by means of electronic tools and of the identifying details of the Joint Data Controllers;
- update, rectification, integration, cancellation, transformation into anonymous data or blocking of data treated in violation of the law – including data for which conservation is not necessary for the purposes for which they were collected and subsequently processed. Documentation of these operations, also pertaining to their content, is brought to the attention of the Data Subjects whose data have been communicated or published, except for the case in which this duty is impossible to perform or requires the use of tools which are obviously disproportionate in relationship to the granted right.
Moreover, the Data Subject has the right to:
- revoke at any time the consent to data processing (without prejudice to the legitimacy of the processing prior to revocation);
- oppose, partially or completely, for legitimate reasons, to processing of his/her personal data, even if coherent with the purpose of collection;
- oppose, partially or completely, to processing of his/her personal data for the purpose of distribution of advertising materials or for direct sales or for market research or for commercial communication;
- propose a complaint to the Data Protection Authority as foreseen by the Data Protection Regulation.
Given that any consent expressed by the Data Subject related to being contacted for the purpose listed at preceding section 3(b)6 by automated means extends to traditional means as well, the Data Subject may contact the EACTA and/or AIM at the below address at any time, to exercise his/her right to oppose, also only partially, i.e. with reference to either one or the other of abovementioned methods.
In order to know the detailed and constantly updated list of the entities to whom personal data of the Data Subject may be communicated and to exercise the rights granted by section 7 of the Privacy Law and by sections 15 of the Data Protection Regulation, the Data Subject may contact the Joint Data Controller at the following addresses:
The European Association of Cardiothoracic Anaesthesiology
C/O AIM Italy Srl – Rome Office
Via Flaminia 1068
Phone: +39 0633053319
Fax: Fax +39 0633053.630
- Duration of the processing.
Without prejudice to the legal obligations, the personal data of the Data Subject will be kept for the entire duration of the membership relationship.
Effective Date: 22 May 2019
AIM Group International S.P.A. (“AIM”) and the European Association of Cardiothoracic Anaesthesiology (“EACTA”) respect your concerns about privacy (collectively referred to as “we”, “us” or “our”). AIM and the EACTA are “joint data controllers” pursuant to the General Data Protection Regulations (“GDPR”), AIM manages the website of EACTA, www.EACTA.org (the “Site”)
- What are Cookies?
A “cookie” is a text file that websites send to a visitor’s computer or other Internet-connected device to uniquely identify the visitor’s browser or to store information or settings in the browser. This technology helps us (1) remember your information so you will not have to re-enter it; (2) track and understand how you use and interact with the Site; (3) tailor the Site around your preferences; (4) measure the usability of the Site; (5) understand the effectiveness of our communications; and (6) otherwise manage and enhance the Site.
- Information obtained through Cookies
The information EACTA and AIM obtain through Cookies includes your device IP address, domain name, identifiers associated with your devices, device and operating system type and characteristics, URL, web browser characteristics, language preferences, clickstream data, your interactions with the Sites (such as the web pages you visit, links you click and features you use), the pages that led or referred you to the Sites, dates and times of access to the Sites, and other information about your use of the Sites.
- Data supplied by the User
Any communication from you to the contacts listed on this Site implies the acquisition of the e-mail address and other personal information contained in the communication, following the release of an appropriate information sheet (think of, for instance, the “contact us” form)
- Cookies used on our Sites
Cookies are used for different scopes: execution of authentications, monitoring of sessions, storage of information regarding specific configurations by users who access the server, storage of preferences, profiling, etc.
Types of cookies
Cookies may be distinguished based on their scope (such as technical cookies or profiling cookies) or on the basis of the domain of provenance (such as first-party cookies and third-party cookies).
- a) Technical cookies
Technical cookies are those being used for the exclusive scope of transmitting certain data on an electronic data network, or enabling the service supplier to provide the services explicitly requested by the subscriber or user.
- Navigation/Session Cookies
Navigation or session cookies are essential to use and navigate our Sites. Navigation or session cookies help us collect information, such as your session ID and other server information, that enables us to authenticate users. Navigation or session cookies are deleted when you end your browsing session or within a short period of time thereafter.
- Analytical Cookies
Analytical cookies collect information on how users navigate and use our Sites, such as how the users traverse our Sites, the pages they view, how long they stay on a page and whether the page is displayed correctly or whether errors occur. Such cookies help us to improve the performance of our Sites and make the Sites more user-friendly. Some of these cookies are persistent cookies which remain on your computer or other Internet-connected device for a certain period of time after you end your browsing session unless you delete them;
- Functional Cookies
Functional cookies collect information about your choices or remember your preferences so we can show you relevant content. They allow us to identify your location and remember your language during a browsing session and to customize the Sites you have accessed. These cookies are deleted when you end your browsing session
- b) Profiling cookies
Profiling cookies have the scope of creating profiles of the user and are used to be able to present the user with contents in line with his/her interests or to send targeted messages/advertisements. For the installation of this type of cookies, previous consent by the user is required.
- c) First-party cookies
First-party cookies are those set up by the Site itself which the user is visiting.
- d) Third-party cookies
Third-party cookies are set up by Sites different from the one the user is visiting.
a) Navigation cookies
Are cookies needed to allow navigation of the Sites and usage of some of the products and services, for instance in order to allow the user access to reserved areas or to improve the navigation performance.
b) Cookies for storage of preferences
c) Statistical or analytical cookies
These cookies are used to monitor the Site’s performance, for instance in order to know the number of pages visited or the number of users that navigated a certain section. The analysis of these cookies generates anonymous and aggregated statistics without reference to the identity of the Site’s users. They are useful, in addition, to evaluate changes and improvements to the Site.
d) Social Network Cookies
These are cookies that allow to share the contents of the Site with other users or to express one’s opinion regarding the Site and its contents.
First-party cookies on the Sites
The Sites use the following technical first-party cookies:
exp_last_visit, exp_last_activity, exp_tracker, exp_csrf_token, cookie-banner
Type of cookie: navigation and storage / technical.
Third-party cookies on the Site
The Site uses some services that install third-party cookies on the user’s computer. These are under the direct and exclusive responsibility of the third-party management. In order to give or deny consent (where required by the applicable norms) reference needs to be made to the websites of the third parties or to the site www.youronlinechoices.com/it/ to obtain information on how to eliminate or manage cookies based on the used browser and to manage preferences with regards to third-party profiling cookies.
If the user doesn’t want to receive third-party cookies on his/her device, by means of the following links he/she can access the information and consent forms of abovementioned third parties, as well as inhibit their installation.
The Site uses the ShareThis service to allow for sharing of some sections on the main social networks.
The profiling named ShareThis is a third-party cookie, i.e. a cookie from entities different from EACTA. EACTA is not in a position to exercise specific control over those entities and related cookies. In order to obtain information on these cookies and on their features and ways of operating, as well as to express the related consent, Users may use the following link http://www.sharethis.com/privacy/#sthash.NFg314D7.dpbs or contact ShareThis directly.
Type of cookie: social / profiling
For further information:
In order to disactivate Share This, Users may use the settings of their browser (see instructions below) or the indications provided by the related third-party at the following link: http://www.sharethis.com/privacy/#sthash.NFg314D7.dpbs
b) Google Analytics
Google Analytics mainly uses proprietary cookies to generate reports on the interactions of the visitors on the website. These cookies are used to store information that doesn’t allow personal identification of the users.
The Site implements IP address masking, using only a part of the IP address in order to geolocate.
Google Analytics is to be considered a so-called analytic third-party cookie; these cookies may be considered to be similar to technical cookies, as i) the tools used for their functioning reduce the possibility of identification (for instance, by means of masking significant parts of the IP); ii) the third parties that own them committed to not associating the information they contain with other information they already dispose of.
Type of cookie: technical / analytics
For further information:
To disactivate Google Analytics, execute “Opt-out”:
Cookies and browsers
By changing the setting of the internet browser used, cookies’ way of operating and options of limiting or blocking cookies can be defined. Many internet browsers are initially set to accept cookies automatically, but the user may change these settings in order to block cookies or to be warned whenever cookies are being sent to the device. There are several ways of managing cookies, therefore reference must be made to the instructions manual or the help screen of the related browser, in order to verify how to define or change their settings. The user is allowed to change the predefined configuration and to disable cookies (i.e. to block them without time limitation), opting for the highest protection level.
Below are the links for managing cookies for the related browsers:
If the user uses various devices to visualize and access the Sites (e.g. computer, smartphone, tablet, etc.), he/she should assure that each browser on each device is set to reflect his/her preferences regarding cookies. To eliminate cookies from the Internet browser of smartphones / tablets, please refer to the device’s user manual.
You can find out how to do this for your particular browser by clicking “help” on your browser’s menu or by visiting www.allaboutcookies.org.
- Third-party web sites
Any third-party web-sites accessible by means of this Site are not covered by this Data protection policy. These sites could use different types of cookies and/or use a different data protection policy, for which this Site accepts no responsibility. Therefore, we suggest to consult the data protection information of the related sites and to follow the instructions on how to disable cookies, if desired.
- Nature of the data transfer
Without prejudice to what’s indicated on navigation data and cookies, users are free to provide their personal data, where requested by the related sections of the Site; refusal to provide this data might cause impossibility to provide the requested services.
- Ways of processing
Personal data is processed by means of automated tools, whose settings are strictly related to their scopes and who operate for the strictly minimum time necessary for reaching the scopes for which the data was collected.
Collected information is stored in a safe environment.
- Range of communication of the data
The users’ personal data will be processed by staff commissioned by EACTA and AIM. In addition, their data may be processed by third parties, external service providers who act on behalf and in name of EACTA and AIM, duly nominated Processors, who will treat the data in coherence with the scope for which they were originally collected.
- CONTACT US
The Site’s data protection policy may be updated from time to time.