Data Privacy

ECCO IT HUB consists of the following organisational entities with their registered seat in 1030 Wien, Ungargasse 6/13, and is based on a joint controllership agreement according to Article 26 General Data Protection Regulation (“GDPR”):

• ECCO – European Crohn’s and Colitis Organisation (“ECCO”), registered in the Austrian Register of Associations (ZVR) under the registration number 468755685, as well as its daughter entity:
• OCEAiN – Organisation, Congress, Emotion, Association, iNnovation GmbH (“OCEAiN”)

(together hereafter referred to as “ECCO IT HUB” or “we”).

except for the following data protection tasks which are done separately:

• selection and assignment of data processors
• processing of notifiable data breaches

all other data protection tasks are done jointly.

The ECCO Database constitutes the core for all projects on the side of ECCO Association as well as on the side of OCEAiN GmbH, which is in charge of organising the annual ECCO Congress, the e-Learning platform and publishing the ECCO News magazine.

As the ECCO Congress constitutes the annual meeting of the ECCO Members and other stakeholders in the field of inflammatory bowel diseases, the ECCO Database has a significant intersection set of data subjects as the same data subjects can be ECCO Members and Congress Delegates. 

The data subjects in the ECCO Database are health care professionals, pharma industry representatives, patient representatives and students in the field of inflammatory bowel diseases with an interest in both ECCO Association activities and/or ECCO Congress and e-Learning activities. In addition, the ECCO Database captures press contacts, as well as employees and contact persons of tour operator agencies booking group registrations and of supplier companies, which are contracted to implement projects of ECCO and OCEAiN.

With the increasingly enhanced digitalisation of the joint data processing operations over the past years, the ECCO Website with the login-area, called the ECCO Portal, constitutes the main entrance door to all activities of ECCO and OCEAiN and, after personal Login-In, the front display of the respective personal data-set captured in the ECCO Database.

As soon as an ECCO Portal Account holder applies for ECCO Membership or engages in another activity, joint processing takes place in the ECCO Database since both controllers have access to the data and administrate them. The use of synergy effects in data harmonization aims to facilitate access of data subjects to activities within the larger framework of ECCO IT Hub (e.g. distribution of our newsletters, promotion of our Congress and educational/scientific activities, access facilitation via the publisher/distributor of our publications). 

Depending on the status of the data subject (e.g.: Membership status, Congress Registration statutes, Scientific Reviewer Status), the data subject can access various online tools (e.g.: online application process per open call, registration process for workshops or ECCO Congress, reimbursement submissions, industry webshop, voting function in the App) and various levels of online content (e.g.: applications received for internal or scientific review, e-Learning material, meeting documents).

The ECCO Website and the ECCO Database are hosted on a rented ECCO Server space in Austria, in Germany and in Switzerland. The EU Commission has issued an adequacy decision for Switzerland.

The ECCO App uses servers located in the EU that are provided by AWS for the hosting of its content management system. An adequacy decision has been issued by the EU Commission for the US. AWS is certified in accordance with the EU-U.S. Data Protection Framework, on which the EU adequacy decision is based, and is therefore subject to the scope of the adequacy decision.

Additional Platforms and necessary technologies needed are handled with a single-sign on technology with the ECCO Database, which are in particular

• the ePayment tool used to process online credit card payments for ECCO Membership and ECCO Congress Registrations.
• the e-Learning platform which is accessible to all ECCO Members and also to health care professionals who hold an ECCO Portal Account without active ECCO Membership up to the age of 35. The single-sign on mechanism is based on an age verification check, which takes place within the ECCO Database before the access interface to the e-Learning Platform is activated.
• the ECCO App: upon installation of the ECCO App (offering a dedicated section for ECCO Association and another dedicated section for the annual Congress) on the data subject’s mobile device, first name, last name and email address are shared with the App provider to allow the single-sign-on mechanism. With additional consent from the data subject which is given in the settings of the App, the personal status (of Membership or Congress Delegates) can be shared in order to be visible for a chat tool and allows voting functions.

In addition, two further joint data processing platforms are used to facilitate project management and communication:

• the ECCO Office inhouse server
• the eNewsletter Mailing Platform

The data transfer between the joint controllers is based on your consent (Art 6 para 1 lit a GDPR) and on our legitimate interests (Art 6 para 1 lit f GDPR). The legitimate interest is the processing of personal data within the organisational entities for internal management purposes of the data subjects.

ECCO IT Hub processes the IP address of ECCO Website visitors and cookie information chosen by you and as explained in the cookie banner and cookie data protection information:

I. The IP address is transmitted with every server request. ECCO IT Hub and its provider of statistical services do not store IP addresses permanently, but use them for session identification purposes and to prevent attacks only. The following information will be stored in the server logs, in order to display the website for you: the IP address of the requesting computer, together with the date, time, which file is requested (name and URL), what amount of data is transferred to you, a message as to whether the request was successful, identification data of the browser used and the operating system used, as well as the website from which access was made (if access is via a link). This data processing is carried out in order to provide you with a service you have expressly requested, namely our website (§ 165 (3) of the Telecommunications Act, hereinafter referred to as TKG).

II. In addition, certain logfiles (IP address, date and time of visit, browser type, pages visited ) are processed. These logfiles are used to detect and track cyberattacks or other unauthorized access. We process this data on the basis of our legitimate interest in the security of our website (Art 6 para 1 lit f GDPR).

III. During your visit to the ECCO Website, some additional information is collected and analysed for web controlling purposes. This information is provided by your browser. We process this data on the basis on your consent (Art 6 para 1 lit a GDPR) The following data is processed:

IV. Furthermore, the ECCO Website relies on several so-called cookies. Cookies are text files that are stored on your computer or mobile device, regardless of whether they are personal or not. They serve to recognize the website user and store temporary information. Without your consent, we only use cookies that are technically necessary to display the website.

In order to enable interaction with us via our website, it is necessary to store the cookies contained in the following link on your device (e.g. computer, mobile phone or tablet) for the duration specified there for the purpose described there and also to read them. The cookie is stored on your device on the legal basis of Section 165 Paragraph 3 TKG for the purpose of displaying the website, as this is a service you have expressly requested in accordance with Section 165 Paragraph 3 TKG.

V. Only if you give us your consent will we set cookies for other, non-technically necessary purposes. The ECCO Website uses the Matomo Analytics software, which relies on cookies as well. They are stored on your computer and generate information for the analysis of the ECCO webpages used by you (including your IP address in anonymised form), which is stored on a server located in Austria.

The provision of the data listed above is neither legally nor contractually required and is not necessary for the conclusion of a contract. You are under no obligation to provide this information. Please understand that we cannot display the website to you if you do not provide us with the relevant data under points I, II, and IV. If you do not allow cookies to be set and read in your browser, we will not be able to display certain features of the website to you.

ECCO IT Hub processes the following personal data as provided by you in setting up an ECCO Portal Account and choosing to participate in further interactions (please refer to the section 3 below, which describes the different categories of interaction from the perspective of data subject types) :

• Basic information required: first name, last name, date of birth/ age, email, nationality
• Further optional information – depending on activity or project: 
  • title, address(es), phone number(s), postal address(es), fax, gender identity, profession, place of work, professional specialization, expertise & particular areas of interest, HCP (health care professional) status; ORCID number
  • biography and photo – if shared by you via portal profile
  • your ECCO Membership status
  • disclosures of potential conflicts of interest
  • questions, answers & votes submitted via the Q&A tool provided in the ECCO App
  • passport details for congress invitation letters
  • bank transfer andreimbursement data, invoicing data, pseudonymised Credit Card data
  • The election process generates a ranking result which is kept confidential within ECCO Office archives. 
  • applications to open calls, event and project participation(s)
  • reviewer status / availability
  • In addition, the scientific review process generates a review result for the submitters of abstracts and applications for fellowships and grants which will be stored in connection with the abstract submitted via the submitter’s account.
  • E-QUALITY data (supported by unrestricted grants)
  • portrait pictures and event photos and film footage

ECCO App processes the following data:

I. If you installed the App without any further sign-in and consent in the app:

information related to end users’ personal devices and network including microphone and camera information, CPU status, memory status, battery status, system version, phone model, phone signal level, received signal strength indicator (RSSI), network type, user attributes and channel attributes, in order to display the app to you and enable you to use its basic functions. The processing of basic device data and privacy settings is necessary for the performance of the contract in accordance with the terms of use and in order to provide you with a service you have expressly requested, namely our app (§ 165 (3) TKG, Art. 6 para 1 lit b GDPR).

II. If you sign in with your ECCO Portal Account in the ECCO App, the following categories of data are processed in the ECCO App:

first name, last name, email address, password (encrypted), title, job title, company, country, biography, picture, social media handles (Facebook (URL to profile)/ LinkedIn (URL to profile)/ X (X account name), website URL, phone number and other profile information, chat messages, chat participation for sessions and topics, votes in sessions, bookmarks of programme items, notes taken, check-ins of programme items, contacts made with other users (is used for chat messages) in order to provide you the full experience. The processing ist necessary for the performance of the contract in accordance with the terms of use and in order to provide you with a service you have expressly requested, namely our app (§ 165 (3) TKG, Art. 6 para 1 lit b GDPR).

The provision of the above data is necessary for the conclusion of a contract. Please understand that you will not be able to use the app if you do not provide us with the relevant data.

In addition, as a signed in user, you can create appointments in the respective ECCO Congress App/ My Congress / Programme section. If you agree to be “visible”, other ECCO App users can find, contact and invite you to a meeting (Art 6 para 1 lit a GDPR).

Within the data processing of ECCO IT HUB as joint controllership described in Sections 1, you as ECCO Portal Account holder can choose to participate in various interactions and to assume “particular roles”  as listed in the table below.

The following section aims to provide an overview on the data-processing purposes and respective legal basis from reader-friendly perspective according to the roles that you can choose.

As ECCO IT HUB may receive your personal via a contact person in the case of group registration, nomination and submission processes, the overview table below also shows for which roles this can be the case. For data received by third parties Article 14 of the GDPR stipulates that you can separately identify in the privacy policy the source purpose, legal basis and data categories.

The basic data as follows, is required for all processing activities: first name, last name, date of birth/ age, email, nationality. ECCO IT HUB also processes the following data as provided by you. Under “Data subjects, Purposes, Legal basis” you will find references to the respective reference):

1. 1. Additional basic data: title, address(es), phone number(s), postal address(es), fax, gender identity, profession, place of work (including the institute and department), professional specialization, expertise & particular areas of interest, HCP (health care professional) status; ORCID number
   2. Biography and photo – if shared by you via portal profile
   3. ECCO Membership Status
   4. Potential conflicts of interest
   5. Questions, answers & votes submitted via the Q&A tool provided in the ECCO App
   6. Passport details for congress invitation letters
   7. Payment details: Bank transfer and reimbursement data, invoicing data, pseudonymised Credit Card data
   8. Ranking result which is generated within the election process and is kept confidential within ECCO Office archives
   9. Applications to open calls, event and project participation(s)
   10. Reviewer status / availability
   11. Review result for the submitters of abstracts and applications for fellowships and grants which will be stored in connection with the abstract submitted via the submitter’s account
   12. E-QUALITY data (supported by unrestricted grants)
   13. Portrait pictures and event photos and film footage

ECCO IT HUB solely processes your personal data for the purpose of:

• centralised and up-to-date data administration of ECCO Membership, Congress and event participations as well as stakeholder status in order to avoid scattering loss of up-to-date contact details among the business units of the joint data controllers
• facilitating communication among stakeholders of the IBD Community (= the data subjects in the ECCO Database) and making relevant data visible via the ECCO Website and the ECCO App (including the display of names and affiliations of Congress speaker and ECCO Officer and the disclosure of conflicts of interest, names and affiliation)
• the collection and selection process with respect to open research calls, open manuscript-project calls and open calls for positions in ECCO
• the collection of nominations for educational activities or for projects for IBD Intensive Course for Trainees and N-ECCO School held at the annual ECCO Congress 
• facilitating the whole process of submission, review and publication of scientific abstracts of the annual ECCO Congress as well as facilitating the scientific review of ECCO Fellowships and Grants application
• conducting statistical analyses and reports based on legitimate interest
• historic self-documentation of ECCO (especially with respect to the association and congress history)

These purposes translate into the following specific processing per subject group:

ECCO IT Hub of course also observes the principle of storage limitation for personal data and will process the following data of Portal Account Holders until withdrawal of consent, but not longer than for 7 years:

• Beyond that time, ECCO IT Hub will only process data for association archive purposes (such as name, photographs and video material).
• Personal (non-scientific) supporting documents (such as letters of intent, CVs, publication lists), submitted in the context of applications to open calls, event and project participation(s)are stored not longer than 3 years.

These purposes translate into the following specific processing per subject group. You will find the data categorization in parentheses.:

Data received from third parties (Article 14 of the GDPR):

Membership Group Registrations

• Source of the data: tour operator agencies booking group memberships
• Purpose: invitation to pre-paid ECCO Membership
• Legal Basis: consent of data subject to tour operator agencies booking group registrations; these tour operators are under a contractual obligation with OCEAiN to collect your consent for this registration in advance.
• Data categories processed: first name, last name, email address and country

Data received from third parties (Article 14 of the GDPR):

Nomination process of the course candidates:

• for the IBD Intensive Course for Trainees

• Source of the data: National Representatives of ECCO Country Members
• Purpose: invitation to free-of-charge educational course at ECCO Congress
• Legal Basis: consent of data subject to respective ECCO National Representative submitting nominations for this course; legitimate interest of data subject to be admitted to this selective course.
• Data categories processed: first name, last name, email address, city, country, years of experience, letter of intent

• for the N-ECCO School

• Source of the data: N-ECCO National Representatives of ECCO Country Members
• Purpose: invitation to free-of-charge educational course at ECCO Congress
• Legal Basis: consent of data subject to respective ECCO National Representative submitting nominations for this course; legitimate interest of data subject to be admitted to this selective course.
• Data categories processed: first name, last name, email address, city, country, phone number

Data received from third parties (Article 14 of the GDPR):

Congress Abstract submission process for an author group:

• Source of the data: Abstract submitter
• Purpose: participation in the abstract selection for Abstract presentations at the ECCO Congress
• Legal Basis: consent of data subject to submitting author of the author group; legitimate interest of data subject to participate in this scientific abstract selection.
• Data categories processed: first name, last name, email address, institute, department, city, country, conflicts of interest

Data received from third parties (Article 14 of the GDPR):

Congress Group Registrations (Article 14 of the GDPR):

• Source of the data: tour operator agencies buying e-vouchers which they sent to their delegates to be activated
• Purpose: invitation to pre-paid ECCO Congress Registration
• Legal Basis: consent of data subject to tour operator agencies booking group registrations; these tour operators are under a contractual obligation with OCEAiN to collect your consent for this registration in advance.

Data categories processed: first name, last name, company, email address and country, badge-pick-up

Satellite symposia speaker information received from event organisers (Article 14 of the GDPR):

• Source of the data: sponsor agencies organising satellite symposia
• Purpose: ECCO Congress programme publication – speaker presentation on faculty webpage
• Legal Basis: consent of data subject to sponsor agencies; these agencies are under a contractual obligation with a corporate sponsor to collect your consent in advance of publishing your speaker bio and picture
• Data categories processed: first name, last name, speaker biography and picture 

When you visit the ECCO Profile page on LinkedIn, we and LinkedIn process personal data about you in connection with that visit whether or not you are registered and logged in to LinkedIn. This company page allows us to present our company to individuals who visit our company page and to communicate with those individuals. The data will be processed by us exclusively for the purposes of increasing the visibility of ECCO and our brand(s), communication and providing information about congresses or other services from our range that may be of interest to you, which also justify our legitimate interests in processing the aforementioned data within the meaning of Art. 6 (1) (f) GDPR. We do not use LinkedIn Premium, LinkedIn Pixel – Insight Tag, or LinkedIn's application tool .

By setting up the ECCO page, we contribute to the processing of personal data of visitors to our company page by LinkedIn. As the operator of the company page, we are therefore involved in determining the purposes and means of the processing of personal data of visitors to our company page and are therefore together with LinkedIn joint controllers pursuant to Art 26 GDPR for this processing.

If you have questions or complaints about this privacy information, please first contact LinkedIn. LinkedIn's terms of use and privacy and cookie information can be found on LinkedIn's websites:

• Terms of use: https://www.linkedin.com/legal/user-agreement
• Privacy information: https://www.linkedin.com/legal/privacy-policy
• Cookie information: https://www.linkedin.com/legal/cookie-policy

Please note that we have no influence on LinkedIn's terms of use, privacy policy, or cookie policy.

We would like to inform you that no data processing takes place within the meaning of Article 22 GDPR. This means: We will not take a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you; any decision with a corresponding effect will be made by a natural person.

In order to initiate, maintain and administer your data according to the respective purpose, it is necessary for us to disclose your data to the following recipients for the following purposes. This disclosure may be made by transmission, dissemination, or any other form of making available.

In order to adequately fulfil the intended purposes listed above, ECCO IT Hub contracts primarily data processors based in the European Union

The ECCO Congress platform - and the online exhibition in particular - also features links to external company websites and chat tools – which are declared as such. This privacy policy and the terms and conditions of the ECCO Congress platform do not apply to these external websites, which need to be consulted separately for cookie and data protection policies. These websites are not within the responsibility of ECCO and OCEAiN, who may therefore not be held liable.

The ECCO Website, the ECCO Congress platform and the eNewsletter might contain news items of partner organisations which feature external links: the privacy policy and the terms and conditions of the ECCO IT HUB do not apply to these external websites, which need to be consulted separately for cookie and data protection policies.

ECCO IT HUB may also process your data for the purpose of asserting, exercising or defending legal claims and for handling proceedings before authorities (including courts) to protect its legitimate interest (Article 6 (1) (f) GDPR). This legitimate interest lies in enforcing existing and defending against non-existent claims as well as in handling official (including judicial) proceedings to protect the legal position of ECCO and OCEAiN.For this purpose, we also store your consent as outlined in Section 3 to protect this legitimate interest in proving your consent, i.e. to defend legal claims. In order to assert legal claims and to carry out proceedings before authorities (including courts), ECCO IT HUB processes all categories of data that are necessary for this. This potentially includes all categories of data from you that is already processed for other purposes as well as data that ECCO IT HUB does not collect from you (see Section b in detail). 

For the purpose of asserting, exercising or defending legal claims and conducting proceedings before authorities (including courts), we also collect your data from other sources: Data category: contact details – publically accessibleSource: Website of organisationPurpose: extrajudicial contact, provision of contact details to authorities (including courts)  Data category: data retrieved form public registers, mainly contact details of and roles in a legal entity, data of running or closed proceedingsSource: commercial registers, association registers, land title registers, executive registers

Purpose: to assert legal claims and conduct proceedings before authorities (including courts)

ECCO IT HUB processes data required to assert legal claims for this purpose for up to 30 years after the end of the business relationship.In the event of official or judicial proceedings, ECCO IT HUB will store your data for the duration of these proceedings and, depending on the subject matter and outcome of the proceedings, for up to a further 30 years from the final conclusion of the proceedings. In the event that data subjects' rights are asserted under the GDPR (see point 6 for details), we store the associated data for three years from the last contact in connection with the assertion of a data subject's rights.  

In order to assert, exercise or defend legal claims and to handle official (including judicial) proceedings, it is necessary that we disclose your data to the following recipients for the following purposes. This disclosure may be made by transmission, distribution or other form of delivery. 

Recepient: Christely
Data categories: access to all data of ECCO IT Hub necessary for remote support
Purpose: IT Remote Support
Legal Basis :  No legal basis is required as there is an order processing relationship
Registered Seat: Austria
Basis for transfer to 3rd country: no

Recepient: Lawyers and Tax Advisors
Data categories: all data necessary to establish compliance with legal obligations and for defence in court
Purpose: Evaluating and establishing compliance with legal obligations
Legal Basis: legitimate interest (Art 6 Abs 1 lit f DSGVO)
Registered Seat: Austria or EU
Basis for transfer to 3rd country: Art. 49 (1) e

Recepient: Insurance companies
Data categories: all data necessary to process insurance claims
Purpose:  Processing of claims
Legal Basis: legitimate interest (Art 6 Abs 1 lit f DSGVO)
Registered Seat: Austria or EU
Basis for transfer to 3rd country: Art. 49 (1) e

Recepient: Authorities (including courts)
Data categories: all data necessary to establish compliance with legal obligations and for defence in court and in front of authorities
Purpose: Handling of proceedings and legal disputes
Legal Basis: Not required as recipient is located within the EEA.
Registered Seat: Austria or EU
Basis for transfer to 3rd country: Art. 49 (1) e

If you participate in the ECCO App and/or an ECCO virtual event and/or the volunteer acknowledgement section of the ECCO Website, you can choose to share your personal information as well as your opinion in public debates with the other participants.

• The content of all postings and the contribution to public debates is solely your responsibility as participant who chose to actively share information. Neither ECCO or OCEAiN nor their expert volunteers or staff members can be held liable for this posted content, while ECCO and OCEAiN reserve the right to edit, rectify or delete postings of participants for good faith or legal reason.
  • Self-management of consent-based data of ECCO Portal Account used for single-sign on solution in ECCO App: your first name, last name, and email address (= you can reject that the ECCO Portal data is shared with the ECCO App)
  • Self-management of data storage and data subject rights (= the users can delete themselves): social media, website, address, job title, biography, company, country, topics of interest, portrait picture, written chat contributions
  • No data storage; self-management of data subject rights in live engagement (= you can decide yourself when to turn on/off the camera/mic/screen sharing): camera image, audio transmission, image and screen sharing
  • While text postings on the social wall can be deleted by you (= self-management of data subject rights) and with this deletion also the answer comments, you cannot delete on your own your answer-comments to postings.
• You may directly access and modify your information via your personal log-in under the following link: https://cm.ecco-ibd.eu/cmPortal/Account/Login?ReturnUrl=%2FcmPortal%2FPortal%2FGEN00%2Fnormal.

To assert one of the below mentioned rights or to withdraw your consent, you can  contact ECCO IT HUB at any time under the contact details provided in point 9.

Data subjects of group registrations are contacted by ECCO Office within the first month with full transparency about this general ECCO Privacy Policy outlined here. 

Your personal data will not be subject to further processing in a way and manner that are incompatible with the intended purposes listed above.

According to Art. 13 (2) e GDPR, you are not obliged to agree to the processing of your data. However, please also note

• that in case of the withdrawal of consent you will not be able to benefit or use all functions of ECCO IT Hub;
• that in case of disagreement with the processing of necessary data for (pre-) contractual obligations, the business transaction cannot be implemented.

Please note that the withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal, and that in certain circumstances ECCO IT Hub is entitled or else required to process certain forms of personal data for a period extending beyond the withdrawal of consent, either due to our contractual relationship with you, or else due to legal requirements.

In case you have chosen to enter in one or more contractual roles within the ECCO IT Hub, it is a requirement to provide us with the above-mentioned data. Please understand that we would not be able to manage your contractual role if the above-mentioned personal data required for this purpose were not available to us.

If you provide us with further data, we process it for the purposes of our legitimate interests (Art 6 para 1 lit f GDPR), namely to improve the quality of our contractual relationship and our service provision to you. The provision of such data is neither legally nor contractually required and is also not necessary for the entering into a contract. You are not obliged to provide this data.

We would like to inform you that you have the right to

• request confirmation as to whether or not we process personal data relating to you; If this is the case, you have the right to information about this personal data and the information listed in Article 15 Paragraphs 1 and 2 GDPR; for the right to receive a copy of the personal data concerning you that is the subject of processing, see Article 15 Paragraphs 3 and 4 GDPR;

• request the correction or completion of incorrect or incomplete data concerning you (see in detail Art 16 GDPR);

• request the deletion of your data if there is no legal basis for further processing of your data (see in detail Art 17 GDPR); In this context, we cannot comply with deletion if the processing (storage) is necessary to fulfill a legal obligation (legal retention obligations) or we are entitled to do so based on overriding interests (e.g. assertion, exercise or defense of specific legal claims);

• request the restriction of the processing of your data if certain conditions are met (see in detail Art 18 GDPR);

• object to the processing of your data that is necessary to protect our legitimate interests or those of a third party (Article 6 (1) (f) GDPR). In the event of an objection, we will no longer process your data unless the processing serves to assert, exercise or defend legal claims or we demonstrate compelling legitimate reasons for the processing which outweigh your interests (if necessary taking your particular situation into account). If you object to processing for direct advertising purposes (including profiling to the extent that it is related to such direct advertising), we will no longer process your personal data for these purposes (see in detail Art 21 GDPR);

• receive the transmission of the data you have provided in a structured, common and machine-readable format. However, the right to data portability only exists if the processing is based on your consent or on a contract (see Article 20 GDPR in detail).

If you revoke your consent, this does not affect the lawfulness of the data processing that has taken place up to this point (Article 7 Paragraph 3 GDPR). If, despite our commitment to process your data lawfully, you unexpectedly believe that your personal data is not being processed lawfully, please contact us under the contact details provided in point 9 so that we can learn about your concerns and address them.  However, you also have the right to lodge a complaint with the Austrian Data Protection Authority or with another data protection supervisory authority in the EU, in particular at your place of residence or work.

ECCO IT HUB processes data required to assert legal claims for this purpose for up to 30 years after the end of the business relationship.In the event of official or judicial proceedings, ECCO IT HUB will store your data for the duration of these proceedings and, depending on the subject matter and outcome of the proceedings, for up to a further 30 years from the final conclusion of the proceedings. In the event that data subjects' rights are asserted under the GDPR (see point 6 for details), we store the associated data for three years from the last contact in connection with the assertion of a data subject's rights.  

In order to assert, exercise or defend legal claims and to handle official (including judicial) proceedings, it is necessary that we disclose your data to the following recipients for the following purposes. This disclosure may be made by transmission, distribution or other form of delivery. 

Recepient: Christely
Data categories: access to all data of ECCO IT Hub necessary for remote support
Purpose: IT Remote Support
Legal Basis :  No legal basis is required as there is an order processing relationship
Registered Seat: Austria
Basis for transfer to 3rd country: no

Recepient: Lawyers and Tax Advisors
Data categories: all data necessary to establish compliance with legal obligations and for defence in court
Purpose: Evaluating and establishing compliance with legal obligations
Legal Basis: legitimate interest (Art 6 Abs 1 lit f DSGVO)
Registered Seat: Austria or EU
Basis for transfer to 3rd country: Art. 49 (1) e

Recepient: Insurance companies
Data categories: all data necessary to process insurance claims
Purpose:  Processing of claims
Legal Basis: legitimate interest (Art 6 Abs 1 lit f DSGVO)
Registered Seat: Austria or EU
Basis for transfer to 3rd country: Art. 49 (1) e

Recepient: Authorities (including courts)
Data categories: all data necessary to establish compliance with legal obligations and for defence in court and in front of authorities
Purpose: Handling of proceedings and legal disputes
Legal Basis: Not required as recipient is located within the EEA.
Registered Seat: Austria or EU
Basis for transfer to 3rd country: Art. 49 (1) e

ECCO Office
Ungargasse 6/13, A-1030 Vienna, Austria
Tel: +43-(0)1-710 2242-0
Fax: +43-(0)1-710 2242-001
E-Mail: ecco@ecco-ibd.eu or ecco-congress@ecco-ibd.eu

Knyrim Trieb Rechtsanwälte OG
Mariahilfer Straße 89a, A-1060 Wien
T: +43 1 909 30 70, F: +43 1 9093639
E: kt@kt.at, W: kt.at
FN 462250f, HG Wien