The European, Middle Eastern & African Society for Biopreservation and Biobanking (ESBB) respects your privacy and is committed to protecting it through our compliance with this Privacy Notice. This Privacy Notice describes the categories of Personal Data we may collect and process from residents of the European Union (“EU”) and any other countries outside the EU online and offline, and Personal Data (defined below) we receive about residents of the EU and any other countries outside the EU from third parties.
Please read this Privacy Notice carefully to understand our policies and practices regarding how we will treat your Personal Data. If our policies and practices regarding your Personal Data change, we will update this Privacy Notice.
1. WHAT PERSONAL DATA WE COLLECT ABOUT YOU
The categories of Personal Data we may collect about you may include:
- Identity including first name, last name, username or similar identifier, title, date of birth and gender.
- Contact including organization, address, email addresses and telephone numbers.
- Financial including bank account, payment card details, tax ID number and related tax forms.
- Transaction including details about payments to and from you and other details of products and services you purchase from us.
- Technical including internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
- Profile including your username and password on our website, your current or past purchases or orders, volunteer and committee history, demographics your professional interests, communication and other preferences, professional background, feedback and survey responses.
- Travel including destinations, transportation and hotel schedules, travel and accommodation preferences and reservation details, passport and visa details.
- Usage including information about how you use our website, products and services.
- including your preferences in receiving marketing information from us and third parties with whom we partner.
- Photographs and Recordings including photographs, video and audio recordings in which you are identifiable.
- Health limited to information related to a request for a dietary or accessibility accommodation.
- Criminal information regarding criminal convictions.
We also process aggregated data, which is data derived from your Personal Data for statistical purposes. Aggregated data is not considered Personal Data because it does not directly or indirectly reveal your identity. We are not required to maintain, acquire, or possess information to identify you in all circumstances. This Privacy Notice does not restrict our collection and processing of aggregated data. However, if we combine or connect aggregated data with your Personal Data in such a way that it can directly or indirectly identify you, we treat the combined data as Personal Data, which will only be processed in accordance with this Privacy Notice.
Data We Do Not Collect. Except as identified below, and then, only with your consent, we do not collect any Special Categories of Personal Data (as defined by the GDPR) about you (i.e., details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
If you request an accommodation because of your health or a disability at an ESBB-sponsored event, we may need some information regarding your health to assess your request and possible accommodations. Whether you provide this information is your choice and we will only collect this information with your consent. We do not knowingly collect information about your health from anyone other than you.
Neither our website, nor any of the products or services we provide, are intended for anyone under the age of 16. We do not knowingly collect or process Personal Data from children under age 16. If you are under age 16, do not provide any information about yourself to us. If we learn we possess Personal Data from a child under age 16 without verification of parental consent, we will delete that data. If you believe we possess Personal Data of anyone under age 16, please contact us as set forth in Section 11 below.
2. HOW WE COLLECT YOUR PERSONAL DATA
Data You Provide Us. You may give us your Personal Data both online and offline by submitting forms to us, or by corresponding with us, through our websites, email, phone, or other means. Examples of when you may provide us Personal Data, include when you:
- register for membership;
- register for our events;
- register and use our mobile application(s);
- purchase our products or services;
- create an account or member profile on our websites;
- subscribe to our publications;
- request marketing materials from us;
- enter search queries on our websites;
- enter a competition or promotion provided by us;
- apply for an award, grant or scholarship;
- register for networking opportunities;
- provide it to us at an event or meeting;
- provide us with formal or informal feedback;
- submit abstracts or manuscripts for review;
- present a podium presentation or poster at an event;
- provide information in connection with a journal article to be published by ESBB;
- request travel arrangements through ESBB including hotel and airline reservations;
- contract to provide us products or services;
- contract for exhibition space or sponsorship and related services; or
- contact us.
You may also provide information to be published or displayed (collectively “post” or “posted”) on various areas of our websites or transmitted to other users of our websites or third parties (collectively “User Contributions”). All areas of the websites in which User Contributions are posted should be considered public and not confidential, even if those areas are limited to a particular audience. Once you post a User Contribution, you should assume everyone in the world can see it and will have access to it and you will be unable to delete or revise it. In addition, we have no control over what other users of the websites may do with your User Contributions. Accordingly, you should not post anything you wish to keep confidential or are required by law or otherwise to keep confidential. YOU ARE SOLELY RESPONSIBLE FOR WHAT YOU POST AND FOR THE CONSEQUENCES OF YOUR USER CONTRIBUTIONS POSTED ON OUR WEBSITES.
You may choose to download our Mobile Application(s) to your mobile device (e.g., cell phone, tablet). To use our Mobile Application, you must create a user profile containing Identity, Contact and Profile Data (“User Profile”). In the Mobile Application(s) setup and in the Mobile Application(s) settings, you can choose to make your User Profile public and allow other parties who download the Mobile Application(s) to view: (i) your User Profile, and (ii) your event “check-ins” using the Mobile Application(s), and (iii) your participation in games within the Mobile Application.
Data We Collect Through Automatic Data Collection Technology. As you navigate through and interact with our websites, we may use automatic data collection technology to collect certain information about you, your equipment, and your browsing actions and patterns, including: (i) whether you are a new or existing user; (ii) content viewed; (iii) frequency, duration, and date of content viewed; (iv) your searches; (v) your IP address; (vi) your operating system; (vii) your device type; (viii) your network; (ix) your browser type; and (x) your server connection speed.
We may also use this technology to collect information about your online activities over time.
The technology we use for this automatic data collection may include:
- Pages of our websites and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags and single-pixel gifs) that permit us, for example, to count users who have visited those pages, or opened an email, and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
3. HOW WE PROCESS YOUR PERSONAL DATA
After collecting your Personal Data, we process it in one or more ways. Processing includes operations performed on Personal Data, including collecting, recording, organizing, structuring, storing, altering, retrieving, consulting, using, disclosing, restricting, erasing or destroying the same.
We will only process your Personal Data when we have a lawful basis to do so. Most commonly, we will process your Personal Data in the following circumstances:
- Where processing is necessary for the performance of a contract we have with you, or in order to take steps at your request prior to entering into a contract with you;
- Where processing is necessary for the purpose of our legitimate interests, except where our interests are overridden by your interests or fundamental rights and freedoms;
- Where processing is necessary for our compliance with a legal obligation; or
- Where you provide consent to the processing for specific purposes.
Purposes for Which We Will Process Your Personal Data. The following table depicts how we may process your Personal Data, and the lawful bases upon which we rely. As noted below, we may rely on different lawful bases to process your Personal Data.
4. TO WHOM YOUR PERSONAL DATA IS DISCLOSED
We may provide your Personal Data to the following third parties:
- Our employees
- Our third-party service providers who provide services to us, including:
- Membership registration;
- Event registration;
- Abstract, award or manuscript submission and review processing;
- Author and speaker acceptance;
- Data analysis
- Surveys and focus groups;
- Mobile applications;
- Volunteer communications;
- Connecting members or conference participants electronically;
- Payment processing;
- Tax form filing;
- Distribution of postal or email communications;
- Photography, video and audio recording;
- Hotel or transportation reservations;
- Personalized advertising;
- Exhibitor services.
- A successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other transfer of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceedings;
- Third parties to market their products or services to you, only if you consent;
- Government authorities and other persons, to the extent required by applicable law
5. HOW WE SECURE YOUR PERSONAL DATA
Taking into account the state of the art, costs of implementation, nature, scope, context and purpose(s) of processing, as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, we implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk. Unfortunately, the transmission of information via the internet is not completely secure, but we do our best to protect your Personal Data.
6. HOW LONG WE STORE YOUR PERSONAL DATA
We will retain your Personal Data for as long as necessary to fulfil the purposes for which we collected it; including to satisfy any legal, accounting, or reporting requirements. To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of unauthorized use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some instances, you may ask us to delete your Personal Data. For more information, see Request Erasure of your Personal Data below for further information.
In some instances, we may anonymize your Personal Data (so it can no longer be associated with you) for research or statistical purposes; in which case, we may use this information indefinitely without further notice to you.
You have certain rights with respect to your Personal Data under the General Data Protection Regulation (GDPR):
· Request access to your Personal Data
· Request correction of your Personal Data
· Request erasure of your Personal Data
· Object to processing of your Personal Data
· Request restrictions on the processing of your Personal Data
· Request the transfer of your Personal Data
· Withdraw consent to process your Personal Data
How to exercise your rights:
· You can always Contact Us to exercise your legal rights.
· In connection with certain communications from us, we may provide you with a mechanism to opt- out of receiving similar communications from us in the future.
· In some instances, we may provide you with an online portal through which you can make certain choices about how we process your Personal Data.
· As discussed above, with respect to, you may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting, you may be unable to access certain parts of our websites.
· You have the right to lodge a complaint with an appropriate supervisory authority if you believe our processing of your Personal Data is inconsistent with the requirements of applicable law.
Usually, There Is No Fee Required to Exercise Your Personal Data Rights. You will not have to pay a fee to excise your rights, nor is the purchase of products or services a condition for you to exercise your rights. You are also entitled to receive a copy of your Personal Data undergoing processing. However, if in exercising your rights, your request is unfounded, repetitive or excessive, we may charge reasonable fees taking into account the administrative costs of providing the information or taking the requested action. We may also refuse to act on the request. If you request more than one copy of your Personal Data, we may also charge you reasonable fees based on our administrative costs to provide you copies.
What We May Need from You. When we have reasonable doubts concerning the identity of an individual making a request to exercise his/her rights, we may request additional information necessary for us to confirm the requestor’s identity.
Our Response. Within one month of receiving a request to exercise your rights, we will perform the requested action and/or acknowledge your request. If, based on the complexity and number of your requests or if we require additional time to verify the accuracy of your Personal Data, we require more than one month to perform the requested action, we will inform you that we require additional time and provide the reasons additional time is necessary. If your request to us is by electronic means, we will respond by electronic means, unless you request that we respond in a different manner.
If we refuse to perform any requested action because doing so would be inconsistent with applicable law, this Privacy Notice, or for any other reason, we will provide you an explanation for our refusal.
7. WHAT PRIVACY PRACTICES APPLY TO THIRD-PARTY LINKS ON OUR WEBSITES
Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control third-party websites and are not responsible for their privacy practices. If you would like to know about a particular website’s practice, we encourage you to read their privacy notice.
8. HOW TO CONTACT US
We are the controller and are responsible for your Personal Data that we process. If you have any questions about this Privacy Notice, including any requests to exercise Your Legal Rights, please contact us at:
European, Middle Eastern & African Society for Biopreservation and Biobanking (ESBB)
Contact name: Murat Dogru
Address: MCI Benelux, 280 Boulevard du Souverain, 1160 Brussels-Belgium
Email address: Murat.firstname.lastname@example.org
Provided we can confirm your identity, we will also provide information regarding your rights over the phone if you contact us at Phone Number: +32 2 320 2483