Privacy Policy
1.1. The International Non-Profit Society European Society of Pathology (ESP)(hereinafter, « ESP ») respects the privacy of its users (hereinafter, the “Users“).
1.2. ESP processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation“).
1.3. Access to the website https://www.esp-pathology.org/ (hereinafter, the “Website”) implies the User’s full and unreserved acceptance of this Privacy Policy (hereinafter the “Policy”), as well as its general terms of use (hereinafter the “Terms”) and the cookie policy (hereinafter, the “Cookie Policy”).
1.4. The User acknowledges having read the information below and authorizes ESP to process, in accordance with the provisions of the Policy, the personal data that he/she communicates on the Website.
1.5. The Policy is valid for all pages hosted on the Website and for the registrations of this Website. It is not valid for the pages hosted by third parties to which ESP may refer and whose privacy policies may differ. ESP cannot therefore be held responsible for any data processed on these websites or by them.
2.1. Simply visiting the Website shall take place without having to provide any personal data, such as first name, surname, postal address, e-mail address, etc.
2.2. As part of the Service, the User may be required to provide certain personal data. In this case, the data controller is:
INTERNATIONAL NON-PROFIT SOCIETY – EUROPEAN SOCIETY OF PATHOLOGY (ESP)
European Society of Pathology (ESP)
Square de Meeûs 18
1000 Brussels, Belgium
Phone : +32 25208036
E-mail : admin@esp-pathology.org
Website: www.esp-pathology.org
Belgian VAT number: BE0871.010.114
2.3. Any question regarding the processing of this data may be sent to the following address: admin@esp-pathology.org
3.1. By completing the order form on the Website and using the Service, the User allows ESP to record and store, for the purposes mentioned in point 4, the following information:
- identifying data, such as the first name and surname, e-mail address, date of birth and delivery address;
- the banking information necessary for the Service, such as bank account numbers, IBAN and BIC/SWIFT;
- invoicing information;
- communications between the User and ESP;
3.2. The User also authorizes ESP to record and store the following data for the purposes mentioned in point 4:
- information voluntarily provided by the User for a purpose specified in the Policy, the general terms and conditions of sale (hereinafter the “GTC”), the Terms, the Cookie Policy, on the Website or on any other medium of communication used by ESP;
- additional information requested by ESP to the User in order to identify him or to prevent him from violating any of the provisions of the Policy;
3.3. In order to facilitate browsing the Website as well as to optimize technical management, the Website may use “cookies”. These “cookies” record, in particular:
- the User’s browsing preferences;
- the date and time of access to the Website and other data related to traffic;
- the pages visited;
All information relating to “cookies” is included in ESP’s Cookie Policy.
3.4. When the User accesses the Website, the servers consulted automatically record certain data, such as:
- the type of domain with which the User connects to the Internet;
- the IP address assigned to the User (when connected);
- the date and time of access to the Website and other data related to traffic;
- location data or other data relating to the communication;
- the pages visited;
- the type of browser used;
- the platform and/or operating system used;
- the search engine as well as the keywords used to find the Website;
3.5. No nominative data identifying the User is collected through the cookies and servers consulted. This information is kept for statistical purposes only and to improve the Website.
4.1. We process your data for various purposes. For each purpose, only the data relevant to the pursuit of the purpose in question are processed. The processing consists of any operation (manual or automated) on a personal data. ESP collects, stores and uses its Users’ data for the following purposes, in particular:
- to establish, carry out and conduct the contractual relationship with the User;
- to analyse, adapt and improve the content of the Website;
- to provide the Service;
- to allow the User to receive messages;
- to facilitate the availability and use of the Website;
- to personalize the User’s experience on the Website;
- to respond to requests for information;
- for any marketing activities and promotions proposed by ESP to Users who have given their consent;
- to inform them about any changes on the Website and its features;
- for any other purpose to which the User has expressly consented;
4.2. The legal basis of the processing of your personal data is based on:
- your consent;
- the execution of any request from you;
We do need to collect some of your data to answer any request from you. If you choose not to share this data with us, it may render the performance of the contract impossible.
- a legal obligation imposed on the controller;
We do need to collect and store some of your data to meet various legal requirements, including tax and accounting.
- the protection of vital interests;
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
- our legitimate interest, provided that it is in accordance with your interests, freedoms and fundamental rights.
We have a legitimate interest in providing you with this information and interacting with you, especially to respond to your requests or improve our services, prevent abuse and fraud, control the regularity of our operations, exercise, defend and preserve our rights, for example in litigation, as well as evidence of a possible violation of our rights, manage and improve our relations with you, continually improve our website and our products/services, unless such interests are supplanted by your interests or your fundamental rights and freedoms requiring the protection of your personal data. We take care in any case to maintain a proportionate balance between our legitimate interest and respect for your privacy.
If the legal basis of our treatment is your consent, you have the right to withdraw it at any time without prejudice to the lawfulness of the processing performed prior to withdrawal.
In the context of direct marketing, this means that you can unsubscribe at any time from newsletters and other commercial communications from us. You will be put in “opt-out”. You can unsubscribe by sending us an email at the following address: admin@esp-pathology.org or by clicking on the unsubscribe link at the bottom of each email.
5.1. According to the regulations on the processing of personal data, the User has the following rights:
- Right to be informed about the purposes of the processing (see above) and the identity of the data controller.
- Right of access: the User may at any time have access to the data that ESP has on him or check if it is included in the database of ESP.
- Right to rectification: we take all reasonable steps to ensure that the data we hold is up to date. We encourage you from time to time to access your account (if applicable) or to consult us to check that your data is up to date. If you find that your data is inaccurate or incomplete, you have the right to ask us to correct it.
- Right to object: the User may, at any time, object to the use of his data by ESP and by its active partners.
- Right to erasure: the user may, at any time request the deletion of his personal data, except those which ESP has a legal obligation to keep on record.
- Right of limitation of processing: the User may, in particular, obtain a limitation of processing when he has objected to the processing, when he disputes the accuracy of the data, or when he considers that the processing is illegal.
- Right of portability: The User has the right to receive the personal data that he has communicated to ESP and may also ask said company to send this data to another data controller.
5.2. In order to exercise his rights, the User sends a written request, accompanied by a copy of his identity card or his passport, to the data controller:
- by e-mail: admin@esp-pathology.org
- by mail: European Society of Pathology, Square de Meeûs 18, 1000 Brussels, Belgium
5.3. ESP will then take the necessary steps to satisfy this request as soon as possible and in any case within one month of receipt of the application. If necessary, this period can be extended by two months, given the complexity and the number of requests.
6.1. ESP will keep the personal data of its Users for the duration necessary to achieve the objectives pursued (see point 4).
6.2. ESP may also continue to keep personal data concerning the de-registered User, including all correspondence or request for assistance sent to ESP in order to be in a position to reply to all questions or complaints that may be sent to it, and in order to comply with all applicable laws, namely in tax matters or as part of other legal requirements.
The User is informed that he has the right to lodge a complaint with the Data Protection Authority:
Data Protection Authority
Rue de la Presse, 35, 1000
Brussels
Telephone: +32 (0)2 274 48 00
8.1. In addition, ESP has taken the appropriate organizational and technical measures to ensure a level of security adapted to the risk and that, to the extent possible, the servers hosting the personal data processed prevent:
- unauthorized access to or modification of this data;
- improper use or disclosure of such data;
- unlawful destruction or accidental loss of such data.
8.2. In this respect, employees of ESP who have access to this data are subject to a strict confidentiality obligation. Nevertheless, ESP may in no way be held liable in the event that this data is stolen or hijacked by a third party despite the security measures adopted.
8.3. Users undertake not to commit acts that may be contrary to this Policy, the Terms, , the Cookie Policy or, in general, the law. Violations of confidentiality, integrity and availability of information systems and data which are stored, processed or transmitted by these systems, or the attempt to commit one of these violations, shall be punishable by imprisonment of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or one of these penalties only.
9.1. ESP treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the Policy, such as to achieve the objectives set out and defined in point 4, or under the conditions in which the law requires it to do so.
9.2. ESP may communicate its Users’ personal information to third parties to the extent that such information is necessary for the performance of a contract with its Users. In such case, these third parties will not communicate this information to other third parties, except in one of the two following situations:
- the communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
- where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.
9.3. The communication of this information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.
ESP transfers data to a country outside the European Economic Area only when that country ensures an adequate level of protection within the meaning of the legislation in force and, in particular, within the meaning of the General Data Protection Regulation (for more information on the countries offering an adequate level of protection, see: Definition by the EU Commission), or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.
Our website allows the data subject to apply for a membership. Which personal data is gathered and processed for these purposes results from the respective form that is used for the application process. These forms vary depending on the type of membership.
11.1. The application of the data subject, providing the mandatory personal data, serves the controller to enable the data subject to establish a membership and offer exclusive services for members. When applying for the membership a contractual relationship will be established. The data subject will be informed about this, along with the terms and conditions, during the application process. Mandatory data for the contractual relationship are labelled as such in the application process. The processing of the data is legally based on Article 6(1)(b) GDPR.
11.2. As part of the membership, we also offer services provided by external suppliers. On use of these exclusive members services, personal data will be transferred to the following processors:
The ESP Educational Portal is provided by Smart In Media AG, Gleueler Straße 245-249, 50935 Cologne, Germany; further information about their privacy policy can be accessed under https://www.smartinmedia.com/privacy/.
The Microscopy Slides in the Educational Portal are provided by Smart In Media AG, Gleueler Straße 245-249, 50935 Cologne, Germany; further information about their privacy policy can be accessed under https://www.smartinmedia.com/privacy/.
The Virchows Archiv Journal and the Journal of Hematopathology are published and distributed by Springer-Verlag GmbH, Tiergartenstraße 17, 69121 Heidelberg, Germany; further information about their privacy policy can be accessed via the following link: https://www.springer.com/gp/privacy-policy.
11.3. Personal data that is gathered from data subjects to serve for the establishment of the membership, will be transferred to processors by using their IT systems.
The IT systems to handle the personal data of ESP Members by our staff are provided by Glue Up, 1600 Tysons Blvd, Suite 400, McLean VA 22102, USA; further information about their privacy policy can be accessed under https://www.glueup.com/legal/privacy-policy.
11.4. All personal data that is not subject to a legal retention period will be deleted automatically 24 months after the liquidation or termination of a contractual relationship.
12.1. The payment service integrated into the Website is provided by Stripe Payments Europe Ltd. (Stripe) https://stripe.com/
12.2. The relationship between the User and Stripe is governed by the Privacy Policy available at the following address: https://stripe.com/privacy which also includes provisions relating to the processing of personal data sent to Stripe as part of its service, and for which Stripe is the data controller.
12.3. When making a payment through ESP the User declares that he/she has read, understood and accepted the Stripe privacy policy.
13.1. The personal data will not be used for direct marketing purposes for articles or services that would not be identical or similar to those to which the User has already subscribed, unless the User has previously explicitly consented to such use by ticking the boxes provided for this purpose (“opt-in”).
13.2. When the User has given his consent to the use of this information for direct marketing purposes, the latter retains the right to object to such use at any time, upon request and free of charge. The User may simply communicate his request by writing to the following address: admin@esp-pathology.org.
ESP has integrated the component of Google Analytics (with the anonymizer function) on this website.
14.1. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
14.2. The operator of the Google Analytics component is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
14.3. During the first visit of our websites we invite the data subject to consent the usage of Google Analytics. The data subject’s activities on our websites are not recorded as long as the respective consent has not been given.
14.4. In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link http://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
If Google does not provide this Internet browser plugin for the Internet browser or IT system used for your visit, you can deactivate Google Analytics by using this Link: Deactivate Google Analytics. This deactivation only takes effect for the currently used IT system and for the currently used Internet browser
14.5. For the web analytics through Google Analytics we use the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
14.6. The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. This purpose is considered a legitimate interest according to Article 6(1)(f) GDPR.
14.7. Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
14.8. Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Linkhttps://www.google.com/analytics/.
14.9. Alphabet Inc. and its subsidiaries (e.g. Google LLC) comply the requirements of the EU-U.S. Privacy Shield Framework, as well as the Suisse-US Privacy Shield Framework. Further information about these treaties may be retrieved under https://www.privacyshield.gov/.
Persons under the age of 18 and persons who do not have full legal capacity are not allowed to use the Website. ESP asks them not to provide their personal data. Any infringement found in this provision must be reported without delay to the following address: admin@esp-pathology.org.
19.1. Failure by ESP to invoke – at any given time – a provision of this Policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.
19.2. The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of all the Policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. ESP undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.
20.1. The validity, interpretation and/or implementation of the Policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.
20.2. In the event of a dispute relating to the validity, interpretation or implementation of the Policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.
20.3. Before taking any step towards the judicial resolution of a dispute, the User and ESP undertake to attempt to resolve it amicably. To this end, they shall first contact each other before resorting, where appropriate, to mediation, arbitration, or any other alternative method of dispute resolution.
- GENERAL WARNING
1.1. The International Non-Profit Society European Society of Pathology (ESP)(hereinafter, « ESP ») respects the privacy of its users (hereinafter, the “Users“).
1.2. ESP processes the personal data transmitted to it in accordance with the legislation in force, and, in particular, Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data, applicable from 25 May 2018 (hereinafter the “General Data Protection Regulation“).
1.3. Access to the website https://www.esp-pathology.org/ (hereinafter, the “Website”) implies the User’s full and unreserved acceptance of this Privacy Policy (hereinafter the “Policy”), as well as its general terms of use (hereinafter the “Terms”) and the cookie policy (hereinafter, the “Cookie Policy”).
1.4. The User acknowledges having read the information below and authorizes ESP to process, in accordance with the provisions of the Policy, the personal data that he/she communicates on the Website.
1.5. The Policy is valid for all pages hosted on the Website and for the registrations of this Website. It is not valid for the pages hosted by third parties to which ESP may refer and whose privacy policies may differ. ESP cannot therefore be held responsible for any data processed on these websites or by them.
- DATA CONTROLLER
2.1. Simply visiting the Website shall take place without having to provide any personal data, such as first name, surname, postal address, e-mail address, etc.
2.2. As part of the Service, the User may be required to provide certain personal data. In this case, the data controller is:
INTERNATIONAL NON-PROFIT SOCIETY – EUROPEAN SOCIETY OF PATHOLOGY (ESP)
European Society of Pathology (ESP)
Square de Meeûs 18
1000 Brussels, Belgium
Phone : +32 25208036
E-mail : admin@esp-pathology.org
Website: www.esp-pathology.orgBelgian VAT number: BE0871.010.114
2.3. Any question regarding the processing of this data may be sent to the following address: admin@esp-pathology.org
- DATA COLLECTED
3.1. By completing the order form on the Website and using the Service, the User allows ESP to record and store, for the purposes mentioned in point 4, the following information:
- identifying data, such as the first name and surname, e-mail address, date of birth and delivery address;
- the banking information necessary for the Service, such as bank account numbers, IBAN and BIC/SWIFT;
- invoicing information;
- communications between the User and ESP;
3.2.
The User also authorizes ESP to record and store the following data for the purposes mentioned in point 4:
- information voluntarily provided by the User for a purpose specified in the Policy, the general terms and conditions of sale (hereinafter the “GTC”), the Terms, the Cookie Policy, on the Website or on any other medium of communication used by ESP;
- additional information requested by ESP to the User in order to identify him or to prevent him from violating any of the provisions of the Policy;
3.3. In order to facilitate browsing the Website as well as to optimize technical management, the Website may use “cookies”. These “cookies” record, in particular:
- the User’s browsing preferences;
- the date and time of access to the Website and other data related to traffic;
- the pages visited;
All information relating to “cookies” is included in ESP’s Cookie Policy.
3.4. When the User accesses the Website, the servers consulted automatically record certain data, such as:
- the type of domain with which the User connects to the Internet;
- the IP address assigned to the User (when connected);
- the date and time of access to the Website and other data related to traffic;
- location data or other data relating to the communication;
- the pages visited;
- the type of browser used;
- the platform and/or operating system used;
- the search engine as well as the keywords used to find the Website;
3.5. No nominative data identifying the User is collected through the cookies and servers consulted. This information is kept for statistical purposes only and to improve the Website.
- PURPOSES OF PROCESSING THE DATA
4.1. We process your data for various purposes. For each purpose, only the data relevant to the pursuit of the purpose in question are processed. The processing consists of any operation (manual or automated) on a personal data. ESP collects, stores and uses its Users’ data for the following purposes, in particular:
- to establish, carry out and conduct the contractual relationship with the User;
- to analyse, adapt and improve the content of the Website;
- to provide the Service;
- to allow the User to receive messages;
- to facilitate the availability and use of the Website;
- to personalize the User’s experience on the Website;
- to respond to requests for information;
- for any marketing activities and promotions proposed by ESP to Users who have given their consent;
- to inform them about any changes on the Website and its features;
- for any other purpose to which the User has expressly consented;
4.2. The legal basis of the processing of your personal data is based on:
- your consent;
- the execution of any request from you;
We do need to collect some of your data to answer any request from you. If you choose not to share this data with us, it may render the performance of the contract impossible.
- a legal obligation imposed on the controller;
We do need to collect and store some of your data to meet various legal requirements, including tax and accounting.
- the protection of vital interests;
- for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, or
- our legitimate interest, provided that it is in accordance with your interests, freedoms and fundamental rights.
We have a legitimate interest in providing you with this information and interacting with you, especially to respond to your requests or improve our services, prevent abuse and fraud, control the regularity of our operations, exercise, defend and preserve our rights, for example in litigation, as well as evidence of a possible violation of our rights, manage and improve our relations with you, continually improve our website and our products/services, unless such interests are supplanted by your interests or your fundamental rights and freedoms requiring the protection of your personal data. We take care in any case to maintain a proportionate balance between our legitimate interest and respect for your privacy.
If the legal basis of our treatment is your consent, you have the right to withdraw it at any time without prejudice to the lawfulness of the processing performed prior to withdrawal.
In the context of direct marketing, this means that you can unsubscribe at any time from newsletters and other commercial communications from us. You will be put in “opt-out”. You can unsubscribe by sending us an email at the following address: admin@esp-pathology.org or by clicking on the unsubscribe link at the bottom of each email.
- RIGHTS OF THE DATA SUBJECT
5.1. According to the regulations on the processing of personal data, the User has the following rights:
- Right to be informed about the purposes of the processing (see above) and the identity of the data controller.
- Right of access: the User may at any time have access to the data that ESP has on him or check if it is included in the database of ESP.
- Right to rectification: we take all reasonable steps to ensure that the data we hold is up to date. We encourage you from time to time to access your account (if applicable) or to consult us to check that your data is up to date. If you find that your data is inaccurate or incomplete, you have the right to ask us to correct it.
- Right to object: the User may, at any time, object to the use of his data by ESP and by its active partners.
- Right to erasure: the user may, at any time request the deletion of his personal data, except those which ESP has a legal obligation to keep on record.
- Right of limitation of processing: the User may, in particular, obtain a limitation of processing when he has objected to the processing, when he disputes the accuracy of the data, or when he considers that the processing is illegal.
- Right of portability: The User has the right to receive the personal data that he has communicated to ESP and may also ask said company to send this data to another data controller.
5.2. In order to exercise his rights, the User sends a written request, accompanied by a copy of his identity card or his passport, to the data controller:
- by e-mail: admin@esp-pathology.org
- by mail: European Society of Pathology, Square de Meeûs 18, 1000 Brussels, Belgium
5.3. ESP will then take the necessary steps to satisfy this request as soon as possible and in any case within one month of receipt of the application. If necessary, this period can be extended by two months, given the complexity and the number of requests.
- PERIOD OF STORAGE
6.1. ESP will keep the personal data of its Users for the duration necessary to achieve the objectives pursued (see point 4).
6.2. ESP may also continue to keep personal data concerning the de-registered User, including all correspondence or request for assistance sent to ESP in order to be in a position to reply to all questions or complaints that may be sent to it, and in order to comply with all applicable laws, namely in tax matters or as part of other legal requirements.
- COMPLAINT WITH THE SUPERVISORY AUTHORITY
The User is informed that he has the right to lodge a complaint with the Data Protection Authority:
Data Protection Authority
Rue de la Presse, 35, 1000 Brussels
Telephone: +32 (0)2 274 48 00
commission@privacycommission.be
- SECURITY
8.1. In addition, ESP has taken the appropriate organizational and technical measures to ensure a level of security adapted to the risk and that, to the extent possible, the servers hosting the personal data processed prevent:
- unauthorized access to or modification of this data;
- improper use or disclosure of such data;
- unlawful destruction or accidental loss of such data.
8.3. In this respect, employees of ESP who have access to this data are subject to a strict confidentiality obligation. Nevertheless, ESP may in no way be held liable in the event that this data is stolen or hijacked by a third party despite the security measures adopted.
8.4. Users undertake not to commit acts that may be contrary to this Policy, the Terms, , the Cookie Policy or, in general, the law. Violations of confidentiality, integrity and availability of information systems and data which are stored, processed or transmitted by these systems, or the attempt to commit one of these violations, shall be punishable by imprisonment of between three months and five years and a fine of between twenty-six euros and two hundred thousand euros, or one of these penalties only.
- COMMUNICATION TO THIRD PARTIES
9.1. ESP treats personal data as confidential information. It will not communicate them to third parties under any condition other than those specified in the Policy, such as to achieve the objectives set out and defined in point 4, or under the conditions in which the law requires it to do so.
9.2. ESP may communicate its Users’ personal information to third parties to the extent that such information is necessary for the performance of a contract with its Users. In such case, these third parties will not communicate this information to other third parties, except in one of the two following situations:
- the communication of this information by such third parties to their suppliers or subcontractors to the extent necessary for the performance of the contract;
- where such third parties are obliged by the regulations in force to communicate certain information or documents to the competent authorities in the field of combating money laundering, as well as, in general, to any competent public authority.
9.3. The communication of this information to the aforementioned persons shall, in all circumstances, be limited to what is strictly necessary or required by the applicable regulations.
- TRANSFER TO A COUNTRY OUTSIDE OF THE EUROPEAN ECONOMIC AREA
ESP transfers data to a country outside the European Economic Area only when that country ensures an adequate level of protection within the meaning of the legislation in force and, in particular, within the meaning of the General Data Protection Regulation (for more information on the countries offering an adequate level of protection, see: Definition by the EU Commission), or within the limits permitted by the legislation in force, for example by ensuring the protection of data by appropriate contractual provisions.
- MEMBERSHIP
Our website allows the data subject to apply for a membership. Which personal data is gathered and processed for these purposes results from the respective form that is used for the application process. These forms vary depending on the type of membership.
11.1. The application of the data subject, providing the mandatory personal data, serves the controller to enable the data subject to establish a membership and offer exclusive services for members. When applying for the membership a contractual relationship will be established. The data subject will be informed about this, along with the terms and conditions, during the application process. Mandatory data for the contractual relationship are labelled as such in the application process. The processing of the data is legally based on Article 6(1)(b) GDPR.
11.2. As part of the membership, we also offer services provided by external suppliers. On use of these exclusive members services, personal data will be transferred to the following processors:
The ESP Educational Portal is provided by Smart In Media AG, Gleueler Straße 245-249, 50935 Cologne, Germany; further information about their privacy policy can be accessed under https://www.smartinmedia.com/privacy/.
The Microscopy Slides in the Educational Portal are provided by Smart In Media AG, Gleueler Straße 245-249, 50935 Cologne, Germany; further information about their privacy policy can be accessed under https://www.smartinmedia.com/privacy/.
The Virchows Archiv Journal and the Journal of Hematopathology are published and distributed by Springer-Verlag GmbH, Tiergartenstraße 17, 69121 Heidelberg, Germany; further information about their privacy policy can be accessed via the following link: https://www.springer.com/gp/privacy-policy.
11.3. Personal data that is gathered from data subjects to serve for the establishment of the membership, will be transferred to processors by using their IT systems.
The IT systems to handle the personal data of ESP Members by our staff are provided by Glue Up, 1600 Tysons Blvd, Suite 400, McLean VA 22102, USA; further information about their privacy policy can be accessed under https://www.glueup.com/legal/privacy-policy.
11.4. All personal data that is not subject to a legal retention period will be deleted automatically 24 months after the liquidation or termination of a contractual relationship.
- PAYMENT SERVICE
12.1. The payment service integrated into the Website is provided by Stripe Payments Europe Ltd. (Stripe) https://stripe.com/
12.2. The relationship between the User and Stripe is governed by the Privacy Policy available at the following address: https://stripe.com/privacy which also includes provisions relating to the processing of personal data sent to Stripe as part of its service, and for which Stripe is the data controller.
12.3. When making a payment through ESP the User declares that he/she has read, understood and accepted the Stripe privacy policy.
- DIRECT MARKETING
13.1. The personal data will not be used for direct marketing purposes for articles or services that would not be identical or similar to those to which the User has already subscribed, unless the User has previously explicitly consented to such use by ticking the boxes provided for this purpose (“opt-in”).
13.2. When the User has given his consent to the use of this information for direct marketing purposes, the latter retains the right to object to such use at any time, upon request and free of charge. The User may simply communicate his request by writing to the following address: admin@esp-pathology.org.
- USE AND APPLICATION OF GOOGLE ANALYTICS (WITH ANONYMIZER FUNCTION)
ESP has integrated the component of Google Analytics (with the anonymizer function) on this website.
14.1. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimization of a website and in order to carry out a cost-benefit analysis of Internet advertising.
14.2. The operator of the Google Analytics component is Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
14.3. During the first visit of our websites we invite the data subject to consent the usage of Google Analytics. The data subject’s activities on our websites are not recorded as long as the respective consent has not been given.
14.4. In addition, the data subject has the possibility of objecting to a collection of data that are generated by Google Analytics, which is related to the use of this website, as well as the processing of this data by Google and the chance to preclude any such. For this purpose, the data subject must download a browser add-on under the link http://tools.google.com/dlpage/gaoptout and install it. This browser add-on tells Google Analytics through a JavaScript, that any data and information about the visits of Internet pages may not be transmitted to Google Analytics. The installation of the browser add-ons is considered an objection by Google. If the information technology system of the data subject is later deleted, formatted, or newly installed, then the data subject must reinstall the browser add-ons to disable Google Analytics. If the browser add-on was uninstalled by the data subject or any other person who is attributable to their sphere of competence, or is disabled, it is possible to execute the reinstallation or reactivation of the browser add-ons.
If Google does not provide this Internet browser plugin for the Internet browser or IT system used for your visit, you can deactivate Google Analytics by using this Link: Deactivate Google Analytics. This deactivation only takes effect for the currently used IT system and for the currently used Internet browser
14.5. For the web analytics through Google Analytics we use the application “_gat. _anonymizeIp”. By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
14.6. The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. This purpose is considered a legitimate interest according to Article 6(1)(f) GDPR.
14.7. Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
14.8. Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.com/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Link https://www.google.com/analytics/.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Linkhttps://www.google.com/analytics/.
14.9. Alphabet Inc. and its subsidiaries (e.g. Google LLC) comply the requirements of the EU-U.S. Privacy Shield Framework, as well as the Suisse-US Privacy Shield Framework. Further information about these treaties may be retrieved under https://www.privacyshield.gov/.
- USE AND APPLICATION OF YOUTUBE (PRIVACY-ENHANCED MODE)
ESP has integrated components of YouTube on this website. The operating company of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
15.1. YouTube videos on our website are embedded solely by usage of the “privacy-enhanced mode” of YouTube. According to its terms YouTube collects information about the visitors of a website only if they play a video. Further information about this can be accessed athttps://support.google.com/youtube/answer/171780?hl=en in the section “Turn on privacy-enhanced mode”.
15.2. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
15.3. The embedding of YouTube videos serves the purpose of providing informative, additional or scientific contents on this website, which are published by their authors to a broad audience through a public platform (YouTube). This purpose is considered a legitimate interest according to Article 6(1)(f) GDPR.
15.4. If the data subject is logged in on YouTube, YouTube recognizes with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
15.5. YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject is logged in on YouTube while playing the video on our website. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
15.6. YouTube’s data protection provisions, available at https://www.google.de/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
15.7. Alphabet Inc. and its subsidiaries (e.g. Google LLC, YouTube LLC) comply the requirements of the EU-U.S. Privacy Shield Framework, as well as the Suisse-US Privacy Shield Framework. Further information about these treaties may be retrieved under https://www.privacyshield.gov/.
- AUTOMATED DECISION MAKING AND PROFILING
ESP processes your data responsibly and neither use automated decision making nor profiling.
- NOTE CONCERNING MINORS
Persons under the age of 18 and persons who do not have full legal capacity are not allowed to use the Website. ESP asks them not to provide their personal data. Any infringement found in this provision must be reported without delay to the following address: admin@esp-pathology.org.
- UPDATES AND CHANGES TO THE POLICY
By informing Users through the Website or email, ESP may modify and adapt the Policy, in particular to comply with any new legislation and/or regulations applicable (such as the General Data Protection Regulation applicable from 25 May 2018), the recommendations of the Belgian Data Protection Authority, the guidelines, recommendations and best practices of the European Data Protection Board and the decisions of the courts and tribunals on this issue.
- VALIDITY OF THE CONTRACTUAL CLAUSES
19.1. Failure by ESP to invoke – at any given time – a provision of this Policy, may not be interpreted as a waiver to subsequently make use of its rights under the said provision.
19.2. The invalidity, expiration or the unenforceable nature of all or part of one of the above or below mentioned provisions shall not give rise to the invalidity of all the Policy. Any fully or partially invalid, lapsed or unenforceable provision shall be deemed not to have been written. ESP undertakes to substitute this provision with another which, to the extent possible, fulfils the same objective.
- APPLICABLE LAW AND COMPETENT COURT
20.1. The validity, interpretation and/or implementation of the Policy are subject to Belgian law, to the extent permitted by the provisions of applicable private international law.
20.2. In the event of a dispute relating to the validity, interpretation or implementation of the Policy, the courts and tribunals of Brussels have exclusive jurisdiction, to the extent permitted by the provisions of applicable private international law.
20.3. Before taking any step towards the judicial resolution of a dispute, the User and ESP undertake to attempt to resolve it amicably. To this end, they shall first contact each other before resorting, where appropriate, to mediation, arbitration, or any other alternative method of dispute resolution.