Your continued use of csi-congress.org means you agree to the following terms, please take a few minutes to read and understand them.
GDPR Compliance Statement
Thank you for visiting csi-congress.org website. We respect your privacy and consider it an important element of our business.
The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and brought with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
At csi-congress.org we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the German Bundesdatenschutzgesetz – BDSG.
csi-congress.org is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
csi-congress.org already has a consistent level of data protection and security, our preparation includes:
- Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures - Implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
- Legal Basis for Processing – we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
- Obtaining Consent - we are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via email of an individual’s right to access any personal information that csi-congress.org processes about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organizational Measures
csi-congress.org takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:
- Access controls
- Password policy
csi-congress.org understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans. If you have any questions about our preparation for the GDPR, please contact us at firstname.lastname@example.org.
Automatically stored information
If you visit our website we gather and store certain information about your visit automatically. This information cannot and does not identify you personally. The kind of information that is gathered automatically includes the type of browser you are using, the type of operating system you are using, the date and time of your visit and the pages you visit. We sometimes use this non-personally identifiable information to improve our website(s) design, content and primarily to give you a better browsing experience.
Collection and use of personal information
We will collect personal information from you only if you provide it voluntarily. Such data may include for example your name, e-mail address, postal address, date of birth, email address, telephone number or photograph. The data collected is for specific purposes only, for example in order to register you as a member or as a congress participant or a user of other services or in order to be able to send you information tailored to your interests. You agree that the data you provide us with is being stored and used by us. This also applies for the use of the data for future events organised by csi-congress.org. You declare yourself to be in particular agreement with us sending your data to other companies entrusted with the processing of your registration. You declare your consent to your data being released to other participants of congresses and you also declare your consent to us forwarding your data for consulting, advertising, market or opinion research purposes to industry partners whose stand you visited during the event and whom you permitted to scan the QR code of your name badge. You may revoke your consent to this at any time by sending a corresponding email to email@example.com.
Third-party sites and services – links to other sites
Cookies and other technologies
Your right to change and delete your data we have stored about you
You may at any time change your data or revoke your consent to process and use your personal data. If you would like to do so, please contact firstname.lastname@example.org.
2. Authorisations of reproduction Photography and film:
Images and films taken by the official photographer and the CSI-congress team during congresses may be used by CSI-congress in printed and online publicity, on social media, in newspapers and magazines, or in any other ways that further the aims of csi-congress.org.
3. Photography and film consent
Images and films taken by the official photographer and the CSI team during the congress may be used by csi-congress.org and cme4u in printed and online publicity, on social media, in newspapers and magazines, or in any other ways that further the aims of csi-congress.org. By participating in the congress, you agree to such use of images and films. If you have questions or concerns, please contact the congress organisation at email@example.com.
4. Advertising and sponsorship policy
csi-congress.org website is a free service, and third-party advertising helps us offset the significant costs of maintaining that free service. However, we also focus specifically on advertising solutions which we believe can add genuine value to the experience of visitors to this site or recipients of our newsletters. Naturally, not every advertisement will be of interest to every visitor, but we make an effort to ensure that, on balance, the presence of advertisements enhances rather than detracts from our site and services.
All advertisements are subject to an approval process to ensure that they remain contextual to the interest of our highly targeted audience. Advertisements may not be published by third parties anywhere on the website. All advertisements are clearly marked as such by a visible label. We do not accept advertisements that make false claims about potential health benefits, contain comparative advertising or unfavourable references to other companies.
5. Copyright – Intellectual Property
csi-congress.org is owned by cme4u.org. Copyright under German and International law applies to all content owned by cme4u.org. All rights on content on csi-congress.org (including without limitation all articles, statements, texts, images, logos, videos, slides and design) are owned by or licensed to csi-congress.org. All rights reserved.
If you have any questions regarding the ownership or use of content on the website, please contact us at firstname.lastname@example.org. Any unapproved use may result in action being taken by csi-congress.org to require removal of material concerned from display / distribution and possible legal action.
6. Priority of legal obligations
7. Health-related content disclaimer
Health related topics found on csi-congress.org website, should not be used for diagnosing purposes or be substituted for medical advice. It is your responsibility to research the accuracy, completeness, and usefulness of all opinions, services, and other information found on the site. csi-congress.org assumes no responsibility or liability for any consequence resulting directly or indirectly for any action or inaction you take based on or made in reliance on the information, services, or material on or linked to this site.
Since medical developments occur daily, this site may contain outdated material. While csi-congress.org makes every reasonable effort to present current and accurate information, no guarantee of any kind is made. csi-congress.org is not liable for any damage or loss related to the accuracy, completeness or timeliness of any information contained on this site.
You should complete this form if you want us to supply you with a copy of any personal data we hold about you. You are currently entitled to receive this information under the Data Protection Act 1998 (DPA) and will continue to be under the EU General Data Protection Regulation (GDPR), which came into effect on 25 May 2018. We will also provide you with information about any processing of your personal data that is being carried out, the retention periods which apply to your personal data, and any rights to rectification, erasure, or restriction of processing that may exist.
We will endeavour to respond promptly and in any event within one month of the latest of the following:
- Our receipt of your written request; or
- Our receipt of any further information we may ask you to provide to enable us to comply with your request.
The information you supply in this form will only be used for the purposes of identifying the personal data you are requesting and responding to your request. You are not obliged to complete this form to make a request, but doing so will make it easier for us to process your request quickly.