Last Updated 2019
Website GDPR Data Protection Notice for Website Users, ISHAS Members, Conference Participants, and Conference Presenters
The International Society for Hyaluronan Sciences (“ISHAS,” “we,” or “us”) is committed to protecting personal data. We want to be sure you understand our privacy practices so you are well informed about what happens to the personal data you provide to us or that we receive from third parties.
This Notice is intended to address our obligations concerning GDPR-related items and explains the types of personal data we collect, why we collect it, how we use it, and the rights of data subjects associated with their personal data.
We may update this Notice from time to time. When we change this Notice in a material way, we will highlight the changes on our website, post the updated Notice, and send the new Notice to you, if required.
1. Who Is Responsible for Data Processing and How Can I Contact Them?
ISHAS is the data controller. If you have any questions about our processing activities, please contact us at https://ishas.org/contact
2. What are the Types of Personal Data We Use and Why Do We Use It?
We process personal data that we obtain from our members, conference participants, and presenters in the context of our organizational and contractual relationships, and from others who use our website. We also process, insofar as necessary to fulfill business and legal obligations, personal data that third parties provide to us.
Personal Data of Website Users
If you choose to create an ISHAS account or sign up for one of our conferences or request our newsletter or other information, we will process only the information you provide to us, namely your login email address, password, and other contact information, such as home or work address or telephone number. We process this personal data to communicate directly with you, as necessary, and to fulfill any requests you have made. If you are a member of ISHAS, we will further process your personal data as described below under “Personal Data of Members.” If you are a conference participant or conference presenter, we will further process your personal data as described below under “Personal Data of Conference Participants or Presenters.”
We use Google Analytics and other means of analyzing your Internet browsing activity within our website to help improve our website and your website experience. We do not share user data with any third parties for purposes of tracking your Internet browsing activity across websites.
Personal Data of Members
If you are a member of ISHAS, we collect and process certain personal data to communicate with you directly and manage your membership. The data may include contact name, address, email address, phone number and other contact details, educational and work background, and curriculum vitae. We also process these personal data to send you marketing information concerning the services we provide that you may be interested in. We will ask for your consent before sending you marketing communications. The marketing communication will also provide a means for opting out of future marketing communications.
Personal Data of Conference Participants and Presenters
If you register for, or request to be or are approved as a speaker for, an ISHAS conference or other events, we process your personal data to facilitate your registration, participation or presentation, including payment of associated fees. The personal data we process include names, e-mail and street address, phone number and other contact information; order and payment information, including conference abstracts and related materials; curriculum vitae, and work experience.
3. On What Legal Basis Do We Process Personal Data?
We process personal data in accordance with the laws applicable to us and our processing activities.
Lawful Basis for Processing Personal Data of Website Users
We process the personal data of our website users as described in this Notice based on our legitimate interests in performing the essential functions of our website and to communicate with you in response to any inquiry or request you make of us.
Lawful Basis for Processing Personal Data of Members, Conference Participants and Conference Presenters
We process personal data of our members, conference participants and conference presenters for the legitimate interests of addressing our organizational obligations to, or satisfying the terms of our contract with, them. Our processing of personal data allows us to provide services to our members and to honor conference and other event registration requests, and to process speaker applications and facilitate conference presentations.
Other Legitimate Interests
Where required, we process your personal data beyond the actual fulfillment of the relevant contract or purposes noted immediately above for the purposes of other legitimate interests pursued by us or a third party. Such legitimate interests include the following:
- Asserting legal claims and defenses in legal disputes; and
- Further development of ISHAS’s services.
Right to Object
You have the right to object to our processing of your personal data (as described above) by submitting your request by using our contact form at https://ishas.org/contact
4. Who Receives My Data?
Within ISHAS, individuals who require your personal data to fulfill our business, contractual or legal obligations will have access to it. Service providers and agents appointed by us may also have access to data for these purposes.
With regard to transferring data to recipients outside ISHAS, we will share your personal data only if necessary in the context of the applicable lawful bases set forth in this Notice, or if legal provisions demand it. Recipients of personal data may be, for example:
- Public entities and institutions, upon providing a legal or official obligation;
- Third parties in order to support our processing activities or relationship with you, including for purposes of providing member support, or to address legal or other official obligations.
5. Will Data Be Transferred to a Third Country or an International Organization?
Your personal data may be transferred to and stored on servers located in the United States or to other countries that may not have the same level of protection as the European Union or the USA. Transfer to these “third countries” will be based on your explicit consent.
6. For How Long Will My Data Be Stored?
We will process and store your personal data for seven (7) years following the completion of our business or organizational relationship with you. If required by law or by a legal order, we may process and store your personal data for a longer period consistent with the law or legal order or our contractual rights. For example, we may need to keep your personal data longer if necessary because of a legal prohibition against removing or deleting the data.
7. What Data Privacy Rights Do I Have?
Subject to some exceptions, you have several rights, including:
- The right to access, which allows you to obtain a copy of your data, on request;
- The right to rectification, which requires us to change incorrect or incomplete data about you;
- The right to restrict and object to processing, which requires us to limit or stop processing your data;
- The right to erasure, which requires us to erase your data; and
- If applicable, the right to data portability, which allows you to transfer your personal data from ISHAS to another individual or entity.
You may exercise any of these rights by sending an email indicating your request at https://ishas.org/contact. Furthermore, if you believe your rights under the GDPR are being infringed, you have the right to lodge a complaint with a data privacy regulatory authority located in the member state in which you live, where you work, or where any alleged infringement has occurred.
If we process your personal data based on your consent, you can withdraw consent at any time.
Please note that the withdrawal of consent applies only to future actions. Processing that was carried out before the withdrawal of consent is not affected.
8. Am I Obligated to Provide Data?
In the context of establishing an organizational, business or contractual relationship with us, you must provide all personal data that is required for accepting and carrying out the relationship and fulfilling the accompanying obligations. Without the data, we are not able to fulfill the relevant obligation or request for you.
9. To What Extent Is There Automated Decision-Making?
In the general course of establishing and carrying out a relationship with us, we do not use any automated decision-making. If we do so in connection with an individual transaction, we will inform you of the automated decision-making in connection with that transaction.
10. Will ISHAS Use My Personal Data for Marketing?
If you are a website user and set up an account, request information, or if you are an ISHAS member, we process some of your personal data with the goal of assessing certain personal aspects of your preferences. For example, we process your data to notify you and advise you regarding available services, which allows for communications and marketing to be tailored to you. We will ask for your consent before sending you marketing communications. Each marketing communication will also include a means for opting out of future marketing communications.