Information duties according to art. 13 of the European General Data Protection Regulation (GDPR) – 11th World Congress of Melanoma and 21st EADO Congress

The protection of your personal data is of particular concern to us. We therefore process your personal data (in short “data”) exclusively on the basis of the legal regulations. With this privacy policy, we would like to inform you comprehensively about the processing of your data in our company and the data protection claims and rights to which you are entitled in accordance with Art. 13 of the European General Data Protection Regulation (GDPR).

Who is responsible for data processing and who can you contact?

Person in charge:
MedConcept
Gesellschaft für medizinische Projekte mbH
Friedenstr. 58
15366 Neuenhagen near Berlin
Tel. : +49 (3342) 42 68 9 – 30
Fax.: +49 (3342) 42 68 9 – 40
email: info@medconcept.org
Internet: www.medconcept.org

For data protection issues you can reach us at: info@medconcept.org.

Data protection is a matter of trust and your trust is important to us. The protection and legally compliant handling of your personal data (“processing”) is therefore an important concern for us. All information about your person (name, telephone number, e-mail address, IP address, etc.), as well as all information which could be traced back to you, is referred to as personal data.
We would like you to know when we collect which data and how we use them. We have taken technical and organizational measures to ensure that the regulations on data protection are observed both by us and by possible external service providers with whom we have concluded a data processing agreement in accordance with Art. 28 GDPR.
We use the information we have received about you during the trade fair exclusively in accordance with the General Data Protection Regulation (GDPR) of the European Union (EU), which has been in force since 25.05.2018, and the new German federal data protection act (BDSG).

Information duties according to Art. 13 GDPR
According to Art. 13 GDPR, the basic data protection regulation obliges us to provide appropriate information whenever personal data is collected directly from the person concerned. #

Which of your personal data are processed by us? And for what purposes?
We process the information we receive during the trade fair (your contact details and, if applicable, your requests) exclusively for the purpose of fulfilling your request and in the context of initiating a possible business relationship.

Legal basis of the processing
The processing of your data is either carried out according to

Art. 6 para. 1 lit. b GDPR for the implementation of pre-contractual measures (e.g. if you have a concrete interest in our services and products) or
Art. 6 para. 1 lit. f GDPR in the context of legitimate interests, because we can assume that you are interested in a business contact through us.
In individual cases the processing may be carried out on the basis of your explicit consent according to Art. 6 para. 1 lit. a, e.g. by accepting the scanning of the badge / or the SpotMe QR Code at any stand at the congress or symposium. You can revoke this consent at any time with effect for the future.

We store your contact data in our commercial systems. Likewise your request will be stored until the purpose and legal basis are no longer applicable.

Disclosure of data to third parties:
Every visitor must remember that by accepting the scanning of the badge / or the SpotMe QR Code at any stand at the congress or symposium, the visitor gives his or her consent to the WCD organisation secretariat to pass on his or her data. In fact, this is a clearly affirmative act, which implies consent to the processing of personal data concerning you (Art. 6, para. 1, and Art. 4, para. 1). Therefore, if you agree to your badge being scanned by a hostess when visiting a stand of an exhibiting company or during a meeting of an industrial sponsor, the hostess can access the following personal data with your badge: Nominative (title, first name(s), surname(s), address (postal address and e-mail), country, telephone, fax and, if applicable, profile information (professional activity, place of work and areas of interest). Therefore, if you agree to have your badge scanned when visiting the stand of an exhibiting company or by a hostess at a meeting of the industry sponsor, your personal data will be disclosed to the sponsor of the congress or to third parties who have the stand at the congress.

In accordance with Art. 14 of the GDPR, it is mandatory for exhibitors to inform all delegates at their stand that their personal data will be recorded by scanning their badges. It is also obligatory for companies to attach the exhibitors’ privacy policy to the first marketing e-mail sent to participants.

To which other recipients will the data be passed on?
In principle, your data will not otherwise be passed on to third parties, unless this is necessary to fulfil your request within the framework of order processing in accordance with Art. 28 GDPR or on the basis of a legal obligation.

How long is the data stored?
The data is stored at least as long as it is necessary for the processing of your request or a possible contractual relationship. In principle we assume an unlimited business relationship. Therefore, we only delete the data if you request us to do so – if the legal obligations for storage (e.g. from commercial or tax law) are opposed to this, the data will only be deleted after the expiry of these periods. If deletion is not possible in our systems, the data will be made anonymous so that a personal reference can no longer be established.

As a matter of principle, towards the end of a calendar year we check data with regard to the need for further processing. Due to the volume of data, this check is carried out with regard to specific types of data or the purpose of processing.

What data protection rights do I have?
You have the right to information, correction, deletion or restriction of the processing of your stored data, a right to object to the processing as well as a right to data transferability and to complain in accordance with the requirements of data protection law at any time.

Right to information:
You can demand information from us as to whether and to what extent we process your data.

Right to rectification:
If we process your data that are incomplete or incorrect, you can demand that we correct or complete them at any time.

Right to erasure (‘right to be forgotten’):
You can demand the erasure of your data from us if we process them illegally or if the processing interferes disproportionately with your legitimate protection interests. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated storage obligations.
Irrespective of the exercise of your right to erasure, we will delete your data immediately and completely, provided that there is no legal obligation to retain them.

Right to restriction of processing:
You can demand that we limit the processing of your data if

you dispute the accuracy of the data, for a period of time that allows us to verify the accuracy of the data,
the processing of the data is unlawful, but you refuse to have it deleted and instead demand a restriction on the use of the data,
we no longer need the data for the intended purpose, but you still need the data to assert or defend legal claims, or
you have lodged an objection to the processing of the data.

Right to data portability:
You may require us to provide you with your data that you have provided to us in a structured, common and machine-readable format and that you may transfer this data to another responsible party without hindrance from us, provided that

we process this data on the basis of a revocable consent granted by you or for the fulfilment of a contract between us, and
such processing is carried out by means of automated procedures.

If technically feasible, you can request us to transfer your data directly to another responsible person.

Right of object:
If we process your data out of a legitimate interest, you can object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can prove compelling reasons for processing worthy of protection which outweigh your interests, rights and freedoms or the processing serves to assert, exercise or defend legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.

Right to lodge a complaint:
If you are of the opinion that we are processing your data in violation of German or European data protection law, please contact us so that we can clarify any questions you may have. Of course you also have the right to contact the respective data protection supervisory authority responsible.
If you wish to assert any of the above rights against us, please contact our data protection officer. In case of doubt, we may request additional information to confirm your identity.

Am I obliged to provide data?
The processing of your data is necessary for the conclusion or the fulfilment of your contract with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and therefore have to terminate it. However, you are not obliged to give your consent to data processing in respect of data that is not relevant to the performance of the contract or not required by law.

Status: 05_2020