Privacy Policy

In this privacy policy we describe how the European Society of Clinical Pharmacy (ESCP), further referenced to as ‘the Society’, is registering, processing and saving data. This policy covers all on-line and off-line systems where personal data is registered and it applies to all parts, functions, committees and taskforces and working groups that are part of the Society.

Definitions

The data protection declaration of the ESCP is based on the terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our data protection declaration should be legible and understandable for the general public, as well as our customers and business partners. To ensure this, we would like to first explain the terminology used.

In this data protection declaration, we use, inter alia, the following terms:

  • Consent

Consent of the data subject is any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

  • Personal data

For the purpose of this policy, personal data is any data or the combination of data in any form, relating directly or indirectly to an identified or identifiable natural person. This includes for example a name, an identification number, location data, , contact information and online identifiers such as IP addresses.

  • Data subject

Data subject is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

  • Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

  • Third party

Third party is a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Name, address and contact details of the Society

European Society of Clinical Pharmacy

Theda Mansholtstraat 5B

ZH 2331-JE Leiden

Netherlands

Phone: +31 715 766 157

Email: escp@planet.nl

Websites: www.escpweb.org, www.escpweb.nl 

Links to other websites

Our websites (www.escpweb.org, www.escpweb.nl, further referenced to as ‘the website’) may contain links or references to other websites to which this Privacy Statement does not apply. We encourage you to read the privacy policy of every website you visit.

Data Protection Officer

The Society is not obliged to appoint a Data Protection Officer, because the Society is not following individuals on a large scale basis and is not processing sensitive data.

The following personal data is considered ‘sensitive’ and is subject to specific processing conditions:

  • personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs;
  • trade-union membership;
  • genetic data, biometric data processed solely to identify a human being;
  • health-related data;
  • data concerning a person’s sex life or sexual orientation.

We collect information from members and event participants both by asking specific questions and by asking permission to communicate directly with us via e-mail, forums, event registrations, abstract submissions, newsletters and/or feedback forms. Some of the information that you submit may be personal data.

 

The Society will only process data after permission of the member or participant of an event organized by the Society. This permission can also be obtained implicitly, unless the data will be used for special purposes. Please note that the Society is run by volunteers and one professional office employee.

We collect personal data at the following locations: congresses, online registration systems and various newsletters. The information collected may include name, hospital, department address, city, postal code, country, phone, e-mail. We may use customer contact information from the forms to send newsletters, our journal (IJCP) and event information.

By registering on the Society’s website, the IP address—assigned by the Internet service provider (ISP) and used by the data subject—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate committed offenses. Insofar, the storage of this data is necessary to secure the Society. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution.

The registration of the data subject, with the voluntary indication of personal data, is intended to enable the Society to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the Society.

The Society shall, at any time, provide information upon request to each data subject as to what personal data are stored about the data subject. In addition, the Society shall correct or erase personal data at the request or indication of the data subject, insofar as there are no statutory storage obligations.

We also use collected information, to communicate information to you, for our research purposes, and for any other purpose specified during the collection of the information. We will never contact you for any other topic than topics related to pharmacy and public health.

If you provide personal data to this site, we may combine such information with other actively collected information unless we specify otherwise at the point of collection.

In addition, we may make full use of all information acquired through this site that is not in a personally identifiable form.

The Society has the task to accurately administrate the data of the members and protect this data against breach and abuse.

It is the responsibility of the Society to protect the data and report data leaks that might harm an individual either in a material or immaterial way to the Dutch Data Protection Authority, the Autoriteit Persoonsgegevens, Bezuidenhoutseweg 30, NL- 2594 AV Den Haag.

You should keep in mind that no Internet transmission is ever completely secure or error-free. In particular, e-mail sent to or from this site or the International Office may not be secure, and you should therefore take special care in deciding what information you send to us via e-mail. Moreover, where you use passwords, ID numbers, or other special access features on this site, it is your responsibility to safeguard them.

The Society is aware of the fact that it is not allowed to process certain sensitive data as mentioned above.

The Society is processing data in systems that are being hosted on Third Party servers. The Third Party is responsible and takes care that their systems/servers are adequately protected. The applications of the Society are being used by individual members at all levels in the Society. The members have access to the members section and their own personal data by using a username and password. The password is not accessible by any Board or Committee member of the Society or by the International Office.

Personal data is stored behind password protection.

 

The website at www.escpweb.org is the portal with information and news of the Society. The purpose of this site is informing members and those that are interested about the activities of the Society. This information is public. By using the personal username and password a member can retrieve personalized information or register for an event.

When registering for an event providing medical data by a member can be desirable, e.g. to improve access to the venue or dietary preferences. This medical data will only be saved for the period that it is necessary.

Professional Congress Organizers (PCOs) sometimes perform the registration procedure for ESCP. For this activity they receive – when necessary – only the required data from the membership database. Furthermore, they are only allowed to use the obtained information for the purpose that they have received the data for. For any other use, permission has to be asked at the registration website.

The Society is processing data and wants to be clear and transparent about that. Therefore, this Privacy Policy is published on the website of the Society. Changes in the registered data can be reported to the Society via the membership page, the contact page or a designated Board member.

Board members, committee chairs and other designated persons within the Society have the possibility to use a personal email address hosted by the Society.

At the ESCP website pictures of events can be published that can be used free of rights while referencing to the source. A person that is shown on a picture can object to the publication after which the picture will be removed from the website.

The membership database also contains information about members that have terminated their membership. This information will only be used for research purposes. A member has the right to be forgotten, both during his membership or after termination of the membership.

Data retention

We will retain Personal Data in accordance with applicable legal requirements, and only for as long as necessary for the purposes described in this policy, as indicated above or as long as required by law or to defend potential legal claims.

For membership invoicing a (candidate) member has to provide his invoicing data.

For the Society’s research purposes specific data can be used by the Society or its committees. The results of that research will never be traceable to individual members.

The financial administration is processing personal data of debtors and creditors. This includes the membership administration.

Individuals that apply for a membership via the website of the Society will create a membership account with a membership number that is linked to the financial administration from which invoicing will be done. Therefore, personal data is linked to the financial administration.

Data protection provisions about the use of PayPal as a payment processor

On its website, the Society has integrated components of PayPal. PayPal is an online payment service provider. Payments are processed via so-called PayPal accounts, which represent virtual private or business accounts. PayPal is also able to process virtual payments through credit cards when a user does not have a PayPal account. A PayPal account is managed via an e-mail address, which is why there are no classic account numbers. PayPal makes it possible to trigger online payments to third parties or to receive payments. PayPal also accepts trustee functions and offers buyer protection services.

The European operating company of PayPal is PayPal (Europe) S.à.r.l. & Cie. S.C.A., 22-24 Boulevard Royal, 2449 Luxembourg, Luxembourg.

If the data subject chooses "PayPal" as the payment option in the online shop during the ordering process, we automatically transmit the data of the data subject to PayPal. By selecting this payment option, the data subject agrees to the transfer of personal data required for payment processing.

The personal data transmitted to PayPal is usually first name, last name, address, email address, IP address, telephone number, mobile phone number, or other data necessary for payment processing. The processing of the purchase contract also requires such personal data, which are in connection with the respective order.

The transmission of the data is aimed at payment processing and fraud prevention. The Society will transfer personal data to PayPal, in particular, if a legitimate interest in the transmission is given. The personal data exchanged between PayPal and the Society will be transmitted by PayPal to economic credit agencies. This transmission is intended for identity and creditworthiness checks.

PayPal will, if necessary, pass on personal data to affiliates and service providers or subcontractors to the extent that this is necessary to fulfil contractual obligations or for data to be processed in the order.

The data subject has the possibility to revoke consent for the handling of personal data at any time from PayPal. A revocation shall not have any effect on personal data which must be processed, used or transmitted in accordance with (contractual) payment processing.

The applicable data protection provisions of PayPal may be retrieved under https://www.paypal.com/us/webapps/mpp/ua/privacy-full.

Personal data provided to the Society will not be forwarded or provided to Third Parties (except for the situations mentioned above), not even for free, unless it is for the benefit of the Society and permission is given by the individual, implicitly or explicitly. The Society does not process data for other organizations.

Members that object to the use of personal data by the Society or to receive email messages from (committees or SIGs of) the Society can opt-out by sending an email to the International Office.

Objections of this kind will not be honoured if the objection is regarding sending service messages, like registration confirmation or payment confirmation.

Your Rights

Subject to restrictions under applicable law, you have the right to request from us access, rectification, erasure, restriction and deletion, and portability of your Personal Information. Such requests can be addressed to the ESCP International Office.

You have the right to withdraw your consent to the processing of your Personal Data at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

To the extent required by applicable law and subjected to restrictions under applicable law, you have the right:

·      to have access to your Personal Data;

·      to have inaccurate data corrected or removed;

·      to object to the processing of your Personal Data;

·      to restrict ESCP’s use of your Personal Data;

·      to have your Personal Data erased (right to be forgotten);

·      to receive your Personal Data in a usable electronic format and transmit it to a third party (right to "data portability"); and

·      to file a complaint with the local data protection authority (Autoriteit Persoonsgegevens)

This Privacy Policy was last updated on 17 May 2019.