Privacy statement

Privacy Statement European Hematology Association


Personal Data is processed in the context of the services provided by European Hematology Association (hereinafter also; “EHA”). The concept of “personal data” includes all information about an identified or identifiable natural person. EHA is subject to the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and the Dutch GDPR Implementation Act.

You will find EHA’s contact details below:

European Hematology Association
Koninginnegracht 12b
2514 AA The Hague, The Netherlands
info@ehaweb.org / +31703020099

This Privacy Statement starts with a general section (Part I.) and then provides specific, additional information about the processing of your personal data by EHA in the context of EHA Events (Part II.) and EHA Thematic Platforms (Part III.).

I. GENERAL EHA PRIVACY STATEMENT

Who we are?

EHA is a non-profit membership organization (association) for individuals with an active interest in the field of hematology. Our Executive Office is located in the Hague, the Netherlands.

Which personal data does EHA process?

Depending on the type of services you use from or provide to us, EHA collects the following personal data.

EHA Members

EHA processes the following (categories of) personal data of members and their contact persons:

  • Name and address details (prefix, name, first names, initials, titles, gender, address, postal code, residence), as provided by the member;
  • Other contact details (telephone number, e-mail address and similar data required for communication), as provided by the member;
  • Data relating to the membership, as provided by the member;
  • Data for the purpose of calculating and recording membership fees and expenses, including the bank account number provided by the member;
  • Data for the purpose of delivering online services and products, including the bank account number provided by the member;
  • Other data obtained from public sources (such as a Medical Register) or data provided to us by third parties in the context of the membership.

EHA processes the following (categories of) personal data of participants of an EHA Grant Program (‘Grantees’);

  • Name and address details (prefix, name, first names, initials, titles, gender, address, postal code, residence), as provided by the Grantee;
  • Other contact details (telephone number, e-mail address and similar data required for communication), as provided by the Grantee;
  • Data relating to the Grant Program, as provided by the Grantee;
  • Name and address details of the Grant Institute, as provided by the Grantee or the Grant Institute;
  • Data for the purpose of calculating and recording Grant Program and expenses, including the bank account number of the Grant Institute, as provided by the Grantee;
  • Other data obtained from public sources (such as a Medical Register or the Chamber of Commerce) or data provided to us by third parties in the context of the Grant Program.

Suppliers

EHA processes the following (categories of) personal data of persons from whom EHA purchases products or services or who work for these suppliers:

  • Name and address details (prefix, name, first names, initials, titles, address, postal code, residence), as provided by the supplier;
  • Other contact details (telephone number, e-mail address and similar data required for communication), as provided by the supplier;
  • Data for the purpose of placing orders or purchasing services; calculating and recording fees and expenses and making payments, including the bank account number as provided by the supplier;
  • Other data of suppliers of which the processing is required by or necessary to comply with applicable laws or regulations.

Third parties

EHA processes (categories of) personal data of third parties (such as persons who are not members and of whom personal data can be found in our records, e.g. guest members, speakers in an EHA campus course, members of scientific working groups, reviewers):

  • Name and address details (prefix, name, first names, initials, titles, gender, address, postal code, residence), as far as known to EHA;
  • Other contact details (telephone number, e-mail address and similar data necessary for communication), as far as known to EHA;
  • Data relating to electronic messages originating from or intended for third parties and data required to maintain contact with these third parties;
  • Data for the purpose of delivering online services and products, including the bank account number of the third party, as provided by the third party;
  • Other data from third parties obtained from public sources or provided to EHA by clients, counterparties or third parties in connection with the handling of a case or the settlement of a dispute.

Job applicants

In dealing with your job application, we process the following personal data, if provided to us:

  • Name and address (prefix, first names, surname, initials, titles, gender, street address, house number, postal code, country), as provided by the job applicant;
  • Other contact details (telephone number, e-mail address and similar data necessary for communication), as provided by the job applicant;
  • Bank account number and travel expenses (for any agreed expense allowance), as provided by the job applicant;
  • Nationality, date of birth, place of birth, as provided by the job applicant;
  • Data relating to the employment (such as availability, CV and employment history, training history (copies of diplomas, certificates, testimonials), motivation letter, references), as provided by the job applicant or by a referent;
  • Data of the position applied for (review scores, assessment results, notes of job interviews), as provided by the job applicant;
  • Other data from the job applicant (such as written communication with the applicant).

Recipients of newsletters and invitations

When you subscribe to our EHA Updates, other EHA newsletters or a newsletter on one of the EHA Thematic Platforms (see also Part III. on EHA Thematic Platforms below) or if you receive an invite for one of our events (see also Part II. on EHA Events below), EHA may process the following personal data about you:

  • Name and address details (prefix, name, first names, initials, titles, year of birth, country of residence), as provided by the recipient;
  • Other contact details (e-mail address and similar data required for communication), as provided by the recipient;
  • Whether or not the recipient opened the newsletter or invitation (open ratio);
  • Whether the newsletter or invitation was opened on a desktop or a mobile device.

On the basis of which legal processing grounds and for which purposes does EHA process your personal data?

EHA processes your personal data on the basis of one or more of the following legal processing grounds of the GDPR:

  1. If this is necessary for the performance of an agreement to which you are a party or to perform precontractual acts at your request;
  2. If this is necessary to comply with statutory obligations (e.g. in relation with tax authorities);
  3. If this is necessary to justify our legitimate interests or the interests of a third party;
  4. Your consent.

If EHA processes your personal data on the basis of your consent, EHA will ask you for it separately. You may withdraw your consent at any time. EHA draws your attention to the fact that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.

EHA uses the above personal data for the purposes stated below, in respect of which we have indicated for each purpose on the basis of which of the abovementioned legal processing grounds (a through d) EHA does so. If the processing is based on the principle of ‘legitimate interest’, we briefly explain this interest. If you have any specific questions in this respect, please do not hesitate to contact us.

Purposes with corresponding processing grounds:

  • to provide the (requested) (membership) services, including organizing events, meetings and the Annual Congress, providing (online) education and research to hematologists (a, b and c: being able to offer and improve our services);
  • to provide online paid services and products, including online courses, webinars, exams, to hematologists (a, b and c: being able to offer and improve our services and products);
  • for the administration of EHA, including the calculation or recording of fees or benefits and payments for online services and products provided by EHA, income and expenses, the payment and collection of claims (including the use of collection agencies or bailiffs) (a, b and c: the importance of keeping proper records);
  • to maintain contact and communicate with our members, such as by sending EHA Newsletters and updates; (a, b, c: the interest in bringing EHA’s services to the attention of members);
  • to maintain contact and communicate with our non-members purchasing EHA’s online services and products (a, b and c: being able to offer and improve our services and products);
  • for promotional purposes in order to promote EHA as well as to obtain new members, sponsors and/or in order to be able to conclude new partnerships (b, c: the interest to promote EHA, d);
  • for placing orders or purchasing services (a, b and c: our interest in being able to keep proper records);
  • for conducting audits and other internal controls (a, b and c: our interest in being able to keep proper records);
  • for job applications: recruitment and selection; assessment of suitability for a position with EHA; handling any agreed expenses incurred; internal checks; improving our job application procedure; dealing with questions, comments and complaints; analyzing and reporting on questions, comments and complaints; regulatory compliance and compliance with court orders; with your consent: to contact you about future job opportunities (a, b and c: being able to offer and improve our services, d).

To whom does EHA provide your personal data?

EHA does not provide your personal data to third parties (‘recipients’ within the meaning of the applicable European privacy legislation), unless this is necessary for the proper performance of the purposes set out in this Privacy Statement, if the law requires us to do so or if you have provided your consent to this end. The third parties to whom the personal data are made available are obliged to handle your personal data confidentially. If these parties qualify as a ‘data processor’ within the meaning of the applicable privacy legislation, EHA will ensure that a data processing agreement is concluded with these parties, which complies with the requirements included in the GDPR.

EHA can share personal data of EHA members, suppliers, third parties, job applicants and recipients of newsletters and invitations, on a need-to-know basis, with:

  • Employees of EHA;
  • Suppliers (for example software suppliers, courier services, medical educational companies, membership handling, travel agencies, etc);
  • Other national or international (hematology) associations;
  • Other parties, such as supervisory authorities, where required by law or with your consent.

In order to provide our services, EHA might need to transfer your personal data to a recipient in a country outside the European Economic Area with a lower degree of protection of personal data than the European law offers. In that case, EHA will ensure that such a transfer of personal data is in accordance with the applicable laws and regulations, for example by concluding a model contract prepared and approved for that purpose by the European Commission.

How long does EHA retain your personal data?

EHA does not retain your personal data in an identifiable form for longer than is necessary to achieve the purposes included in this Privacy Statement. EHA stores your personal data as long as we deem necessary for the proper fulfillment of our services, unless your personal data must be kept longer under a statutory regulation.

More specifically, EHA applies the following retention periods:

  • Personal data that must be kept on the basis of Article 52 of the Dutch State Taxes Act will be kept for 7 years (from the end of the year in which the data in question have lost their current value for the (tax-) related business operations) in connection with the tax retention obligation incumbent on EHA pursuant to Article 52(4) of the Dutch State Taxes Act.
  • The personal data that you provide to EHA for your job application will be kept for up to four weeks after the end of the application procedure. With your consent, we will keep your personal data on file for one year after the end of the application procedure. This gives us the opportunity to contact you for any future vacancies at EHA. When you join EHA, your personal data will become part of your personnel file.

Please refer to our Cookie Policy for the retention periods of the information obtained via cookies on our general website and/or specific cookie policies on the EHA Thematic Platforms.

The abovementioned specific retention periods can be extended if statutory retention obligations apply or will become applicable. EHA may also retain personal data for a longer period of time if this is necessary for the handling of incidents and/or legal disputes.

Security

EHA has taken appropriate (state of the art methods recommended by reputable IT Security agencies) technical and organizational measures to secure your personal data against unauthorized or unlawful processing and against loss, destruction, damage, modification or publication. If you have any questions about the security of your personal data, or if you suspect or see signs of misuse, please contact EHA via info@ehaweb.org.

Your privacy rights

You have certain rights in order to be assured of the protection and privacy of your personal data. These rights are:

  • Right of access: You can ask us which personal data we are processing about you and to obtain access to these personal data. We will provide an overview of your personal data and will also provide you with specific information about the processing of your personal data, including but not limited to information re. the purposes of the processing of your personal data, to which recipients or categories of recipients your personal data have been or will be disclosed, the envisaged retention periods that apply to your personal data and if the personal data are not collected from you, any available information as regard to their source.
  • Right to rectification: You can request us to modify your personal data in case you believe that your personal data are not up to date, complete or accurate.
  • Right to erasure (‘right to be forgotten’): Under certain circumstances, you may ask for erasure of your personal data.
  • Right to restriction: Under certain circumstances, you have the right to restrict the processing of (certain) personal data.
  • Right to data portability: Under certain circumstances, you can ask us to transmit the personal data that you have provided to us and we still hold about you to you in a structured, commonly used and machine-readable format, e.g. to be able to send it to a third party.
  • Right to object: Under certain circumstances, you have the right to object to any processing of personal data that EHA justifies on the legitimate interests legal processing ground. When you object to the processing of your personal data for direct marketing purposes, we will always respect this request.
  • Right to withdraw your consent: If the processing of your personal data is based on your consent, you have the right to withdraw your consent at any time. Please note that the withdrawal of your consent does not affect the lawfulness of the processing of your personal data prior to the withdrawal of your consent.

In order to exercise your rights you can contact us via info@ehaweb.org or by post via:

European Hematology Association
Koninginnegracht 12b
2514 AA The Hague
The Netherlands

In doing so, please indicate which processing activities or which personal data your request relates to. In order to prevent that we disclose information to the wrong person, we can ask you for additional information to verify your identity. In principle, we will inform you of whether we can comply with your request, within one month after receipt. In specific cases, for example when it concerns a complex request, this term may be extended by two months. We will inform you of such an extension within one month after receiving your request. On the basis of the applicable privacy legislation, we can refuse your request under certain circumstances. If this is the case, we will explain to you why. You can find more information about your privacy rights on the website of the Dutch Data Protection Authority.

You can always contact us via info@ehaweb.org if you have any other questions and/or comments about the processing of your personal data by EHA.

Complaints

If you have a complaint about the processing of your personal data by EHA, we will do our utmost best to resolve it with you. If this does not lead to the desired result, you have the right to lodge a complaint with the competent supervisory authority. In the Netherlands, this is the Dutch Data Protection Authority. If you live or work in another country of the European Union, you can file a complaint with the supervisory authority in that country.

Amendments

This Privacy Statement was last amended on the 18th of November, 2020. EHA reserves the right to amend this Privacy Statement. The most recent version of this Privacy Statement will always be posted on the website https://ehaweb.org/.

II. SPECIFIC PRIVACY STATEMENT EHA EVENTS

In addition to all information above, we would like to provide you with specific additional information regarding the processing of your personal data if you attend an EHA meeting or the EHA Annual Congress (hereinafter: “EHA Event”). You can of course also exercise your privacy rights in line with the general information provided above in respect of the processing of your personal data for this specific section.

Presenters

When you are presenting at an EHA Event, EHA will process the following personal data about you:

  • Name and address details (prefix, name, first names, initials, titles, gender, address, postal code, residence, EHA Membership Number (MNR)), as provided by the presenter;
  • Other contact details (telephone number, e-mail address, secondary/secretary e-mail address, and similar data required for communication), as provided by the presenter;
  • Photo and bio sketch of the presenter;
  • User ID and password of the presenter;
  • Data relating to the presentation or the EHA Event, as provided by the presenter;
  • Data for the purpose of calculating and recording fees and expenses, including the bank account number provided by the presenter;
  • Other data obtained at the EHA Event (such as video and audio footage or input in chat functions) or data provided to us by third parties in the context of the EHA Event.

Exhibitors/Sponsors

EHA will process the following personal data about you:

  • Name and address details (prefix, name, first names, initials, titles, gender, address, postal code, residence, EHA Membership Number (MNR)) as provided by the exhibitor/sponsor;
  • Other contact details (telephone number, e-mail address, and similar data required for communication) as provided by the exhibitor/sponsor;
  • Data relating to the exhibition at an EHA Event, as provided by the exhibitor/sponsor;
  • Other data provided to us by third parties in the context of the EHA Event.

Delegates

When you are participating in an EHA Event, EHA will process the following personal data about you:

  • Name and address details (prefix, name, first names, initials, titles, gender, address, postal code, residence, Name of institute or company, Age group, Profession, EHA Membership Number) as provided by the delegate;
  • Other contact details (telephone number, e-mail address, and similar data required for communication), as provided by the delegate;
  • Prescriber / non-prescriber information, as provided by the delegate;
  • User ID and password, or access code for the EHA Event;
  • The number of EBAH credits earned due to your participation in EHA Event;
  • Fields of interests of the delegate;
  • Your activities during the EHA Event (which sessions you have participated in), including your input in chat sessions;
  • Data for the purpose of calculating and recording registration fees, including the bank account number provided by the delegate;
  • Other data obtained at the EHA Event (such as video and audio footage or input in chat functions) or data provided to us by third parties in the context of the EHA Event.

Purposes for processing and related legal processing ground

EHA uses the above personal data for the purposes stated below for which we have indicated the legal processing grounds under the GDPR. If the processing is based on the ‘legitimate interest’ processing ground, this interest is briefly explained. If you have any specific questions in this respect, please do not hesitate to contact us.

  • To enable you to present, support, exhibit or participate in EHA Event; (necessary for the performance of the agreement with you);
  • To enable you to connect with other participants, presenters and sponsors. When you use the chat functionality, your name and the name of the institute or company that you are working for/represent will be visible in the chat to all participants in the respective chat session; (necessary for the performance of the agreement with you, the legitimate interests of EHA and all persons participating in an EHA Event to connect with each other);
  • To personalize your experience based upon the interests provided by you when you registered for an EHA Event (the legitimate interests of EHA to offer you an optimized EHA Event experience);
  • In order to be able to assign the European Board for Accreditation in Hematology (EBAH) CME credits (necessary for the performance of the agreement with you, the legitimate interests of EHA to offer you the possibility to earn credits);
  • For statistical/analytical purposes: collecting personal data for statistical purposes allows EHA to get insights in presenters and delegates’ interests and enables EHA to optimize our services for future activities. Furthermore, your activity on an EHA Event Platform, (sponsored) sessions that you viewed/visited and the time spend on the EHA Event Platform can be processed for analytical purposes. EHA may share anonymized analytical data with our sponsors or third parties which enables them amongst other things to assess the popularity of their (virtual) Sponsor Item(s) (the legitimate interests of EHA and its sponsors to get insights about EHA Event and more specifically, the use of the Congress Center or the EHA Event Platform).
  • EHA may use your personal data for EHA’s direct marketing purposes (consent and/or the legitimate interest of EHA to promote EHA and EHA’s services to you). EHA may use your e-mail address to send you third party mailings (promo mailings) if you provide EHA with your consent to do so. These mailings inform you about sessions or activities of EHA or our sponsors and/or provide you with information about the respective company. Your e-mail addresses are not shared with the sponsors. You can withdraw your consent to receive such e-mails easily via the unsubscribe-link in every promo mailing or by contacting EHA.
  • In order to secure an EHA Event (the legitimate interest of EHA to offer a secure EHA Event experience and the legal obligation of EHA to ensure that all personal data processed for EHA Event are adequately secured).
  • To comply with our legal and statutory obligations (legal obligation).

Third parties for EHA Event

In addition to the general section about EHA’s use of third parties, we would like to inform you as follows. In light of an EHA Event, your personal data can be shared with:

  • The provider of the virtual meeting platform which hosts the virtual exhibition;
  • The service providers providing the software and methodology for single sign on for the different platforms/sites used for an EHA Event;
  • The hosting provider of the overall virtual congress platform for the EHA Event;
  • The content hosting provider of the systems for virtual sessions/meetings during EHA Event (on-demand content, live sessions, Q&A’s etc.);
  • The provider that produces the videos for the different sessions which are placed in the virtual sessions that can be found through the virtual congress platform;
  • The system providers/suppliers for the main virtual congress platform for the congress;
  • The provider of the e-poster software and hosting portal;
  • The party which hosts the website for the education and abstract book.

Retention period

The personal data processed via the chat sessions, if chat functionality is provided in a virtual EHA event, will be retained for the period of the EHA Event. The other personal data of delegates, exhibitors and speakers will be retained for 1 year after the EHA Event in order to analyze them to improve our services and for promotional purposes of our activities. Please note that the video recordings from presenters and the live sessions might be included in the EHA Campus and/or EHA Library and can become part of historical congress content.

III. SPECIFIC PRIVACY STATEMENT EHA THEMATIC PLATFORMS

In addition to all information above, we would like to provide you with specific additional information regarding the processing of your personal data if you visit, contribute to and/or participate in the thematic platforms of EHA (hereinafter: “EHA Thematic Platforms or an EHA Thematic Platform”). You can of course also exercise your privacy rights in line with the general information provided above in respect of the processing of your personal data for this specific section.

Contributors

When you are contributing to an EHA Thematic Platform, EHA will process the following personal data about you:

  • Name and address details (prefix, name, first names, initials, titles, gender, name of institute or company ), as provided by the contributor;
  • Other contact details (telephone number, e-mail address, and similar data required for communication), as provided by the contributor;
  • The topic, content, file and/or link regarding the contributions to an EHA Thematic Platform, including the time and date when the content was uploaded on the respective EHA Thematic Platform (including time and date of last amendments);
  • Other data obtained at an EHA Thematic Platform or data provided to EHA by third parties in the context of the EHA Thematic Platform.

Community Members

When you are a community member of an EHA Thematic Platform, EHA will process the following personal data about you:

  • Name and address details (prefix, name, first names, initials, titles, gender, name of institute or company), as provided by the community member;
  • Other contact details (telephone number, e-mail address, and similar data required for communication), as provided by the community member;
  • Other data obtained at an EHA Thematic Platform or data provided to EHA by third parties in the context of an EHA Thematic Platform.

Purposes for processing and related legal processing ground

EHA uses the above personal data for the purposes stated above in this Privacy Statement and below for which we have indicated the legal processing grounds under the GDPR. If the processing is based on the ‘legitimate interest’ processing ground, this interest is briefly explained. If you have any specific questions in this respect, please do not hesitate to contact us. In addition to the grounds mentioned above:

  • To enable you to present, support, exhibit or participate in an EHA Thematic Platform; (necessary for the performance of the agreement with you);
  • To enable you to connect with other community members of an EHA Thematic Platform. When you use the contribution functionality, your name and the name of the institute or company will be visible on the respective EHA Thematic Platform; (necessary for the performance of the agreement with you, the legitimate interests of EHA and all persons participating in an EHA Thematic Platform to connect with each other);
  • For statistical/analytical purposes: collecting personal data for statistical purposes allows EHA to get insights in community members and enables EHA to optimize our services for future activities. EHA may share anonymized analytical data with our sponsors or third parties which enables them amongst other things to assess the popularity of their shared content (the legitimate interests of EHA and its sponsors to get insights about an EHA Thematic Platform).

###