Controller according to the General Data Protection Regulation EU (2016/679) (“GDPR”) and other data privacy rules is:
EDF, European Dermatology Forum
University Hospital Zurich Dermatology Gloriastrasse 31 CH-8091 Zurich, Switzerland
Phone: +41 44 255 19 48 Fax: +41 44 255 99 85
Prof Véronique del Marmol
EDF Membership Committee
3. Processing of personal data
According to Article 4 lit 1 GDPR personal data is information relating to an identified or identifiable natural person, e.g. name, email address, IP address.
We only process personal data of our users if this is necessary to provide a functional website as well as our contents and services.
a. Website visit
Our webserver processes data that your browser automatically transfers to our webserver each time you visit it. These data are the IP address relating to your device, date and time of request, time zone, the specific page or file. The http-Status code and the amount of data. Moreover, the website from which your request originates, the browser you are using,
your endpoint operating system, the selected language (logfiles). The webserver uses this data to display the contents of this website in the best possible way on your device.
b. Contact via email
When you are contacting us via Email we collects and saves the following data:
- Email address
- data which you transmit voluntarily
c. Newsletter and Information about the EDF Annual Meeting, EDF activities
In order to provide you with information regarding our association via email, you can receive our Newsletter and Information about the EDF Annual Meeting and EDF activities. With your registration for the Newsletter, we are processing the personal data that you have provided us:
- Email address
4. Purpose and Legal basis
a. Website visit
The purpose of the data processing is the online presentation of our firm and its services as well as the interaction with communication partners.
The legal basis for the processing during the use of the website is Article 6 para 1 lit f GDPR (legitimate interest, specifically operation of a website).
b. Contact via email
The legal basis for processing of data that are transmitted in the course of sending an email to EDF is Art. 6 para 1 lit f GDPR (legitimate interest, specifically user interaction). If the e-mail contact aims at the conclusion of a contract, then additional legal basis for the processing is Art. 6 para 1 lit. b DSGVO.
c. Google Analytics
The legal basis for processing data in the context of the use of Google Analytics is Article 6 para 1 lit f GDPR. We need statistical information
about the use of our online offer in order to make it more user-friendly, to make range measurements and to conduct market research.
d. Newsletter and Information about EDF Annual Meeting, EDF activities
The legal basis for sending you the newsletter is Art. 6 para 1 a GDPR, your prior consent. We use a double-opt-in process for the registration for the Newsletter. This means that we will send you an Email in which we ask you to confirm registration for the newsletter. In order to proof that the registration process complies with legal requirements, the registration is recorded. Therefore, we store the registration, confirmation and IP address.
5. Recipients, categories of recipients
Within EDF only those persons have access to your data that are in charge of the maintenance of the website or that are in charge of the query that you have addressed. Log and communications data are not passed on to third parties except under special circumstances. In the event of the suspicion of a crime or in investigative proceedings, data may be transmitted to the police and the public prosecutor’s office.
The data will be transferred to Switzerland. The European Commission has recognised Switzerland as providing adequate protection according to Art. 45 GDPR.
7. Retention period
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected, unless there is a longer legal retention period. In the case of the collection of data for the provision of the website, the purpose ends when the respective session has ended. For email conversations this is the case when the conversation with the user is terminated. The conversation is terminated when it can be inferred from the circumstances that the facts in question have been finally clarified. For receiving the newsletter your e-mail address will be stored for as long as the subscription to the newsletter is active.
8. Google Analytics
We use Google Analytics, a web analytics service of Google Inc. ("Google"). Google Analytics uses small text files (“cookies”) on your device to enable us to analyse your visitor behaviour with a pseudonym. Information your visitor
behaviour stored in such cookies will be transferred to web servers of Google in the USA and will be stored there. For this website the function anonymize IP has been activated, therefore Google will anonymize your IP address on Google servers within the EU or the EEC prior to the transfer of data to the USA. In rare cases full IP addresses may be transferred to the USA and will then be anonymized there.
Google will use the information transferred as a Processor (Article 28 GDPR) to analyse your visitor behaviour, to provide reports about web activities and to provide further services in relation to website use and internet use to the Controller. Your IP address will not be combined with other data of Google.
You may prevent the storage of cookies (including your IP address) by using appropriate settings in your browser or object to further processing by downloading and installing a browser plugin [http://tools.google.com/dlpage/gaoptout?hl=en].
The legal basis for the processing of personal data using cookies is Art. 6 para. 1 lit. f GDPR.
10.Rights of the data subject
As a data subject you, have several rights. For assertion of rights, you can contact us:
European Dermatology Forum (EDF)
University Hospital Zurich
CH-8091 Zurich, Switzerland
Phone: +41 44 255 19 48
Fax: +41 44 255 99 85
a. Access, rectification, erasure
In accordance with Art. 15 GDPR, you may at any time obtain from the controller confirmation as to whether or not personal data concerning you
are being processed, and where that is the case, access to personal data. Information is provided free of charge.
If your personal data is incorrect or incomplete, you have the right to correct and amend it (Art. 16 GDPR).
You can request the erasure of your personal data at any time, unless we are legally obliged or entitled to further processing of your data (Art. 17 GDPR).
If the legal requirements are met, you can demand a restriction on the processing of your personal data.
b. Right to object
You can object to data processing in accordance with Art. 21 GDPR. We will then stop processing your data. This is not the case if we can prove compelling reasons worthy of protection, which outweigh your rights. This is especially the case when storing the data in logfiles, because these are absolutely necessary for the operation of the website.
c. Right to data portability
Upon request, we will provide you with your personal data transmitted by you in a standard machine-readable data format (Art. 20 GDPR).
d. Right to withdraw consent
If you have given us your consent to process personal data (e.g. to receive the Newsletter), you can withdraw it at any time without affecting the legality of the processing carried out on the basis of the consent until revocation. This also applies to the revocation of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018. e. Right to lodge a complaint
You have the right under Article 77 GDPR to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.
11.Automated decision making
In principle, we do not use automated decision making for the establishment, execution and termination of business relationships. If we use automated decision making, we will inform you separately.