ECCO IT HUB (= ECCO DATABASE) – PRIVACY POLICY ACCORDING TO GDPR

Version: June 2022

ECCO IT HUB consists of the following organisational entities with their registered seat in 1030 Wien, Ungargasse 6/13, and is based on a joint controllership agreement according to Article 26 General Data Protection Regulation (“GDPR”):

• ECCO – European Crohn’s and Colitis Organisation (“ECCO”), registered in the Austrian Register of Associations (ZVR) under the registration number 468755685, as well as its daughter entity:
• OCEAiN – Organisation, Congress, Emotion, Association, iNnovation GmbH (“OCEAiN”)

(together hereafter referred to as “ECCO IT HUB” or “we”).

1. Purpose

ECCO IT HUB solely processes your personal data for the purpose of:

• centralised and up-to-date data administration of ECCO Membership, Congress and event participations as well as stakeholder status in order to avoid scattering loss of up-to-date contact details among the business units of the joint data controllers
  • ECCO Membership administration (contractual basis)
  • ECCO Congress abstract submission system (consent)
  • ECCO Congress delegate registration (contractual basis)
  • ECCO Congress faculty registration (contractual basis)
  • ECCO Congress travel bursary reimbursement procedure (contractual basis)
  • ECCO Congress industry webshop and sponsor & exhibitor administration (contractual basis)
  • ECCO Virtual Congress access administration (contractual basis)
  • ECCO Congress CME accreditation and administration (consent)
  • ECCO e-Learning access administration (contractual basis)
  • ECCO Educational Workshop registration (contractual basis)
  • ECCO Meetings (such as ECCO Autumn Meetings, ECCO Meetings at UEGW, Bi-annual Council of National Representatives Meeting) administration (consent) & reimbursement procedure (contractual basis)
  • ECCO supplier and employee contact administration (contractual basis)
• facilitating communication among stakeholders of the IBD Community (= the data subjects in the ECCO Database) and making relevant data visible via the ECCO Website and the ECCO App (including the display of names and affiliations of Congress speaker and ECCO Officer and the disclosure of conflicts of interest, names and affiliation)
  • Promotion of ECCO Congress and Association activities (depending on ECCO Membership or Congress Participant status: legitimate interest, contractual basis, consent) 
  • ECCO Congress programme publication & printed matters (contractual basis)
  • ECCO Congress abstract publication (contractual basis) 
  • ECCO Congress entrance and exit badge scanners in case of COVID requirements (legal obligation- if required under the local law of the congress venue)
  • ECCO Virtual Congress platform (contractual basis) 
  • ECCO Congress Exhibitor & Sponsorship management such as freight forwarding company, Congress Centre (contractual basis)
  • ECCO Congress onsite speaker centre (contractual basis)
  • ECCO Disclosure policy of potential conflicts of interest
  • ECCO Organs communication & meeting organisation (contractual basis)
  • ECCO General Assembly access control via badge scanning and voting via ECCO App (contractual basis)
  • ECCO National Study Group meeting (consent)
  • ECCO Manuscript development (Guidelines, Topical Reviews, Scientific Workshop Papers, Position Statements) (consent)
  • E-QUALITY project publications (contractual basis)
  • ECCO e-Learning content development & publication (depending on contributor status: consent, contractual basis)
  • ECCO e-Guide content development (consent)
  • Publication of ECCO News (consent)
  • ECCO Website security measures and fraud prevention (consent)
• the collection and selection process with respect to open research calls, open manuscript-project calls and open calls for positions in ECCO
  • Nomination collection for IBD Intensive Course for Trainees and N-ECCO School held at the annual ECCO Congress (consent)
  • ECCO Organs elections - application collection (consent)
  • ECCO Fellowships and Grants - application collection (consent)
  • ECCO Young Researcher Award – application collection (consent)
  • ECCO Manuscript application collection (Guidelines, Topical Reviews, Scientific Workshop Papers, Position Statements) (consent)
  • ECCO CONFER project case proposal and similar case collection (consent)
    
• facilitating the whole process of submission, review and publication of scientific abstracts of the annual ECCO Congress as well as facilitating the scientific review of ECCO Fellowships and Grants application
  • ECCO Congress Abstracts – scientific review (consent)
  • ECCO Fellowships and Grants – scientific review (consent)
    
    
• publicly acknowledging volunteer contributions to ECCO Association and Congress activities (on the ECCO Website, on the e-Learning platform and on the Virtual Congress platform 
  • as scientific reviewer (consent)
  • as e-Learning material contributor (consent)
    
    
• conducting statistical analyses and reports
  • ECCO Congress, Membership and project statistics (legitimate interest)
  • ECCO Website statistics for internal market research purposes (consent)
  • ECCO App statistics (consent)
  • ECCO Congress industry badge scanners (consent)

2. Legal basis of data collection

ECCO IT Hub only processes your personal data as follows:

• We will ask for your consent to process your data in the following areas of our Website/App (Art 6 para 1 lit a GDPR). You may withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal:
  • ECCO Website cookies
  • ECCO Portal Account set-up
  • ECCO App installation and usage
  • ECCO e-Learning access for non-member health-care professionals until the age of 35
  • ECCO eNewsletter subscription of ECCO Portal Account Holders (without Membership)
  • Replies to open calls of ECCO (ECCO Organs, Manuscripts, Fellowships and Grants, Young Researcher Award, IBD Intensive Course for Trainees, N-ECCO School, CONFER project, IBD National Study Group Meeting)
  • ECCO Congress Abstract submission
  • ECCO Congress CME attendance tracking
  • ECCO Scientific Reviewer status
  • ECCO Congress poster presentations: the consent to be contacted via ECCO Virtual Platform by delegates with regards to their e-poster  
  • ECCO National Study Group Meeting participation
  • Personal contributions to ECCO Virtual Congress
  • Publication of personal disclosure information of potential conflicts of interest, of e-Learning and e-Guide material, of ECCO manuscripts and ECCO News

• in performance of our (pre-)contractual obligation (Art 6 para 1 lit b GDPR)
  • ECCO Congress registration
  • ECCO Congress exhibition and sponsorship
  • ECCO Congress Faculty invitation & reimbursement
  • ECCO supplier and employee contact administration
  • ECCO Membership administration for the fulfilment of our association purpose
  • ECCO Educational Workshop registration
  • ECCO Officer status and business meeting participation
     

• on legal obligation (Art 6 para 1 lit c GDPR)
  
  • ECCO Congress onsite – regulatory COVID tracking of entry and exit times (if required under the local law of the congress venue)

• Photo policy:
  • Portrait pictures submitted by data subjects themselves or taken by the ECCO photographer are based on your explicit consent (Art 6 para 1 lit a GDPR), which can be withdrawn according to point 7 below.
  • As event organisers, ECCO and OCEAiN reserve the right on their legitimate interest (Art 6 para 1 lit f GDPR) to use ECCO Congress photos and film footage of the official ECCO photographers and film team (as also stated in the ECCO Congress registration terms and conditions) as well as to use photos of other ECCO events in which you might be captured. Should you wish to object to the use of a specific photo or film footage, you can address the ECCO Office as outlined in point 7 below.

These photos and film footage are intended for reporting about the event on the ECCO Website, the e-Learning Platform of ECCO, in the ECCO eNewsletters, in promotional material (such as Congress break slide) and in printing material (such as the ECCO Anniversary Book series, posters and flyers). 

3. Data categories: What kind of data?

Your personal data will not be subject to further processing in a way and manner that are incompatible with the intended purposes listed above.

ECCO Website

ECCO IT Hub processes the IP address of ECCO Website visitors and cookie information chosen by you and as explained in the cookie banner and cookie data protection information:

• The IP address is transmitted with every server request. ECCO IT Hub and its provider of statistical services do not store IP addresses permanently, but use them for session identification purposes and to prevent attacks only. The following information will be stored in the server logs: the IP address of the requesting computer, together with the date, time, which file is requested (name and URL), what amount of data is transferred to you, a message as to whether the request was successful, identification data of the browser used and the operating system used, as well as the website from which access was made (if access is via a link).
• The ECCO Website uses Matomo Analytics software, which relies on cookies as well. They are stored on your computer and generate information for the analysis of the ECCO webpages used by you (including your IP address in anonymised form), which is stored on a server located in Austria.
• During your visit to the ECCO Website, some information is collected and analysed for web controlling purposes. This information is provided by your browser. The following data are collected:
  • Requests (file name of the requested file) (e.g., beispiel.de/index.html)
  • Browser type/browser version (e.g., Google Chrome, Mozilla Firefox, Microsoft Edge)
  • Browser language (e.g., English)
  • Operating system used (e.g., Windows 10)
  • Inner resolution of browser window
  • Screen resolution
  • JavaScript activation
  • Java on/off
  • Cookies on/off
  • Colour depth
  • Referrer URL (the previously visited web site)
  • Time of access
  • Clicks
  • Total orders, if any
  • Content of forms, if any (in the case of text fields, e.g. name and password, only the information “completed“ or “not completed“ is transmitted)
  • The ECCO Website relies on several so-called cookies, which are small text files that are placed on your computer and saved by your browser ( - access all cookie details under the cookie banner). Cookies cannot be used to identify specific individuals and do not contain personal data. Most of the cookies used are so-called “session cookies” that are deleted at the end of your browser session. In addition, there are some persistent cookies used to recognize you as a returning visitor to the website.

ECCO Portal Account Holders in ECCO IT Hub

ECCO IT Hub processes the following personal data as provided by you in setting up an ECCO Portal Account and choosing to participate in further interactions:

• Basic information required: first name, last name, date of birth/ age, email, nationality
• Further optional information – depending on activity or project: 
  • title, addresse(s), phone number(s), postal addresse(s), fax, gender, profession, place of work, professional specialization, expertise & particular areas of interest, HCP (health care professional) status
  • your ECCO Membership status (which may also be published once per year with names per country in the context of the ECCO Congress)
  • disclosures of potential conflicts of interest
  • questions, answers & votes submitted via the Q&A tool provided in the ECCO App
  • portrait pictures and event photos and film footage
  • passport details for congress invitation letters
    
  • bank transfer and reimbursement data, invoicing data, pseudonymised Credit Card data
  • The election process generates a ranking result which is kept confidential within ECCO Office archives. 
  • applications to open calls, event and project participation(s)
  • reviewer status / availability, biography
  • In addition, the scientific review process generates a review result for the submitters of abstracts and applications for fellowships and grants which will be stored in connection with the abstract submitted via the submitter’s account.
  • E-QUALITY data (supported by unrestricted grants)
    

If you participate in the ECCO App and/or an ECCO virtual event and the volunteer acknowledgement section of the ECCO Website, you can choose to share your personal information as well as your opinion in public debates with the other participants.

• The content of all postings and the contribution to public debates is solely your responsibility as participant who chose to actively share information. Neither ECCO or OCEAiN nor their expert volunteers or staff members can be held liable for this posted content, while ECCO and OCEAiN reserve the right to edit, rectify or delete postings of participants for good faith or legal reason.
  • Self-management of consent-based data of ECCO Portal Account used for single-sign on solution in ECCO App: your first name, last name, and email address (= you can reject that the ECCO Portal data is shared with the ECCO App)
  • Self-management of data storage and data subject rights (= the users can delete themselves): social media, website, address, job title, biography, company, country, topics of interest, portrait picture, written chat contributions
  • No data storage; self-management of data subject rights in live engagement (= you can decide yourself when to turn on/off the camera/mic/screen sharing): camera image, audio transmission, image and screen sharing
  • While text postings on the social wall can be deleted by you (= self-management of data subject rights) and with this deletion also the answer comments, you cannot delete on your own your answer-comments to postings.

You may withdraw your consent regarding consent based data at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

4. Data received from third parties (Article 14 of the GDPR)

Please note that in the context of the following group registration, nomination and submission processes, ECCO IT HUB received your personal data via the contact person of the respective group registration:

• Membership Group Registrations
  • Source of the data: tour operator agencies booking group memberships
  • Purpose: invitation to pre-paid ECCO Membership
  • Legal Basis: consent of data subject to tour operator agencies booking group registrations; these tour operators are under a contractual obligation with OCEAiN to collect your consent for this registration in advance.
  • Data categories processed: first name, last name, email address and country

• Congress Group Registrations
  • Source of the data: tour operator agencies buying e-vouchers which they sent to their delegates to be activated
  • Purpose: invitation to pre-paid ECCO Congress Registration
  • Legal Basis: consent of data subject to tour operator agencies booking group registrations; these tour operators are under a contractual obligation with OCEAiN to collect your consent for this registration in advance.
  • Data categories processed: first name, last name, company, email address and country, badge-pick-up
    
    
• Satellite symposia speaker presentation on the ECCO Faculty webpage
  • Source of the data: sponsor agencies organising satellite symposia
  • Purpose: ECCO Congress programme publication – speaker presentation on faculty webpage
  • Legal Basis: consent of data subject to sponsor agencies; these agencies are under a contractual obligation with a corporate sponsor to collect your consent in advance of publishing your speaker bio and picture
  • Data categories processed: first name, last name, speaker biography and picture 

• Nomination process of the candidates for the IBD Intensive Course for Trainees
  • Source of the data: National Representatives of ECCO Country Members
  • Purpose: invitation to free-of-charge educational course at ECCO Congress
  • Legal Basis: consent of data subject to respective ECCO National Representative submitting nominations for this course; legitimate interest of data subject to be admitted to this selective course.
  • Data categories processed: first name, last name, email address, city, country, years of experience, letter of intent

• Nomination process of candidates for the N-ECCO School
  • Source of the data: N-ECCO National Representatives of ECCO Country Members
  • Purpose: invitation to free-of-charge educational course at ECCO Congress
  • Legal Basis: consent of data subject to respective ECCO National Representative submitting nominations for this course; legitimate interest of data subject to be admitted to this selective course.
  • Data categories processed: first name, last name, email address, city, country, phone number

• Congress Abstract submission process for an author group
  • Source of the data: Abstract submitter
  • Purpose: participation in the abstract selection for Abstract presentations at the ECCO Congress
  • Legal Basis: consent of data subject to submitting author of the author group; legitimate interest of data subject to participate in this scientific abstract selection.
  • Data categories processed: first name, last name, email address, institute, department, city, country, conflicts of interest

Please note that data subjects of such group registrations are contacted by ECCO Office within the first month with full transparency about this general ECCO Privacy Policy outlined here. 

As a data subject, you can address the contact point and data protection officers as well as the data protection authority indicated below.

5. Data recipients and sub-processors:

• European recipients and sub-processors: 
  In order to adequately fulfil the intended purposes listed above, ECCO IT Hub contracts primarily data processors based in the European Union – including but not limited to:
  • COVR / Netropolix : https://www.netropolix.be/ for the customer management system of the ECCO Database
  • SOL4: https://www.sol4.at/ for ECCO Website Support
  • Matomo Analytics: https://matomo.org/ for website statistcs
  • EU server providers & local IT support
  • Conference Compass: https://www.conferencecompass.com/ for the ECCO App software including ECCO Congress onsite voting
  • Rapidmail: rapidmail.de for ECCO eNewsletter distribution
  • Viveum: www.viveum.com  and PAYONE https://www.payone.com/DE-en as ePayment system on the ECCO Website
  • acconomy Software GmbH: www.acconomy.at as bookkeeping system
  • Tax advisor & bank
  • CGS Clinical Guidelines Services https://www.guideline-service.de/ as Guidelines Platform
  • Oxford University Press as publisher of JCC
  • GTN: https://gtn-solutions.com/ as e-Learning platform support
  • IBDiM Ltd. (research unit of ECCO) and its sub-processor Persei https://perseivivarium.com/ for E-QUALITY project implementation
  • H82 https://www.h82.eu as ECCO Congress Speaker Centre
  • Proddigi https://www.proddigi.com/ for ECCO (Congress) film team
  • Rainer Mirau https://www.rainermirau.at/ as ECCO (Congress) photographer
  • Printing companies
  • IML as freight forwarding company
  • Congress centre of the ECCO Congress destination
    

The ECCO Website, the ECCO Virtual Congress platform and the eNewsletter might contain news items of partner organisations which feature external links: the privacy policy and the terms and conditions of the ECCO IT HUB do not apply to these external websites, which need to be consulted separately for cookie and data protection policies.

• Non-European recipients and sub-processors:
  • In case applications are submitted to the scientific review in the context of Fellowships and Grants application reviews and the Congress Abstract reviews, this process includes individual experts from outside of Europe.
  • In case Educational Workshops take place outside of Europe, the registration lists for this respective Workshop are shared with the local organiser.
  • Zoom https://www.zoom.us/ as ECCO online meeting and webinar tool
  • Metafusion https://www.meta-fusion.com/ using AWS for live streaming of the scientific programme of the ECCO Congress.
  • Kuoni using Eventsair https://eventsair.com/ with Centium Software PTY LTD in Austrialia as sub-processor: ECCO is arranging accommodation for the faculty members with the Kuoni housing agency which needs contact details to confirm bookings with the respective hotel. 
  • The ECCO Virtual Congress and event platform relies on some US-based IT Services as well as on European IT Services with US-based sub-processors:
    Zoom https://www.zoom.us/ as online back-end for ECCO Congress Speakers in case of virtual solution
    Cloudflare https://www.cloudflare.com/ as peak-time server capacity support
    Slido https://www.sli.do/ as virtual solution for Q&As
    Vimeo https://www.vimeo.com/ as streaming channel on the Virtual Congress Platform
    Pubnub https://www.pubnub.com/ as networking extension tool on the Virtual Congress Platform
    
  • The ECCO Virtual Congress platform - and the online exhibition in particular - also features links to external company websites and chat tools – which are declared as such. This privacy policy and the terms and conditions of the ECCO Virtual Congress do not apply to these external websites, which need to be consulted separately for cookie and data protection policies. These websites are not within the responsibility of ECCO and OCEAiN, who may therefore not be held liable.
  • In case you explicitly consent to badge scanning in the ECCO Congress exhibition or satellite symposia, we transfer your personal data (Name; Contact details) to the exhibition or sponsor companies of the congress, some of which do have their head-quarters in the USA. The current list of exhibitors (which can change from year to year) can be found via the annual Congress Website (accessible via https://www.ecco-ibd.eu/congresses-and-events.html )  in the exhibitor section. You may withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.

6. Data storage time-frame:

ECCO IT Hub of course also observes the principle of storage limitation for personal data.

• IP address of ECCO Website visitors: The server logs are saved in order to be able to check the system security, to administrate the website technically and to be able to optimize the offer. The server logs are stored for the duration of 3 months. After this period the identity of the user can no longer be determined, even by ISPs.
• Pseudonymised IP address storage in the Matomo Analytics software of the ECCO Website: 24 months
• ECCO IT Hub will process the following data of Portal Account Holders until withdrawal of consent, but not longer than for 7 years:
  • first name, last name, date of birth/ age, email, nationality
  • title, addresse(s), phone number(s), postal addresse(s), fax, gender, profession, place of work, professional specialization, expertise & particular areas of interest, HCP (health care professional) status 
  • your ECCO Membership status (which may also be published once per year with names per country in the context of the ECCO Congress)
  • disclosures of potential conflicts of interest
  • questions, answers & votes submitted via the Q&A tool provided in the ECCO App
  • The election process generates a ranking result which is kept confidential within ECCO Office archives.
  • portrait pictures and event photos and film footage
  • passport details for congress invitation letters
  • bank transfer and reimbursement data, invoicing data, pseudonymised Credit Card data
  • applications to open calls, event and project participation(s)
  • reviewer status / availability, biography
  • In addition, the scientific review process generates a review result for the submitters of abstracts and applications for fellowships and grants which will be stored in connection with the abstract submitted via the submitter’s account.
  • E-QUALITY data (supported by unrestricted grants)
    
    
• Beyond that time, ECCO IT Hub will only process data for association archive purposes (such as name, photographs and video material).
• Personal (non-scientific) supporting documents (such as letters of intent, CVs, publication lists), submitted in the context of applications to open calls, event and project participation(s)are stored not longer than 3 years.

7. Your rights as data subject:

Should you be affected by our processing of personal data, you have the right at any time to request access to rectification, or erasure of personal data, or restriction of the processing concerning your personal data or to object to processing as well as the right to data portability.

As data subject, you may withdraw your consent for

• ECCO Website cookies (via deinstallation on user side)
• ECCO Portal Account set-up
• ECCO App installation and usage (via deinstallation on user side)
• ECCO e-Learning access for non-member health-care professionals until the age of 35
• ECCO eNewsletter subscription of ECCO Portal Account Holders (without Membership)
• Replies to open calls of ECCO (ECCO Organs, Manuscripts, Fellowships and Grants, Young Researcher Award, IBD Intensive Course for Trainees, N-ECCO School, CONFER project)
• ECCO Congress Abstract submission 
• ECCO Congress CME attendance tracking 
• ECCO Scientific Reviewer status
• ECCO Congress poster presentations: the consent to be contacted via ECCO Virtual Platform by delegates with regards to their e-poster 
• ECCO National Study Group Meeting participation
• Personal contributions to ECCO Virtual Congress
• Publication of personal disclosure information of potential conflicts of interest, of e-Learning and e-Guide material, of ECCO manuscripts and ECCO News
• ECCO Congress – Industry Badge Scanner consent
• Portrait pictures, event photos and film footage

from ECCO IT HUB to process your personal data at any time under This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it. or by postal mail to ECCO Office, Ungargasse 6/13, A-1030 Vienna, Austria.

Please note that the withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal, and that in certain circumstances ECCO IT Hub is entitled or else required to process certain forms of personal data for a period extending beyond the withdrawal of consent, either due to our contractual relationship with you, or else due to legal requirements.

According to Art. 13 (2) e GDPR, you are not obliged to agree to the processing of your data. However, please also note

• that in case of the withdrawal of consent you will not be able to benefit or use all functions of ECCO IT Hub;
• that in case of disagreement with the processing of necessary data for (pre-) contractual obligations, the business transaction cannot be implemented;
• that in case you disagree with the legitimate interest according to Article 6 of the GDPR regarding ECCO Membership, you will not be able to become an ECCO Member.

You directly access and modify your information via your personal log-in under the following link: https://cm.ecco-ibd.eu/cmPortal/Account/Login?ReturnUrl=%2FcmPortal%2FPortal%2FGEN00%2Fnormal.

In case you believe that the processing of your personal data does not comply with the provisions of data protection, you can – other legal remedies in law courts or under administrative law notwithstanding – make a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement. In Austria, the supervisory authority is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde).

According to Art. 13 (2) f GDPR, ECCO IT HUB does not generate automatic decisions including data profiling.

 

8. Nature of joint data processing by ECCO and OCEAiN:

The essence of the ECCO IT Hub arrangement according to Article 26 GDPR:

DESCRIPTION OF JOINT DATA PROCESSING OPERATIONS:

The ECCO Database constitutes the core for all projects on the side of ECCO Association as well the side of OCEAiN GmbH, who is in charge of organising the annual ECCO Congress, the e-Learning platform and publishing the ECCO News magazine.

As the ECCO Congress constitutes the annual meeting of the ECCO Members and other stakeholders in the field of inflammatory bowel diseases, the ECCO Database has a significant intersection set of data subjects as the same data subjects can be ECCO Members and Congress Delegates. 

The data subjects in the ECCO Database are health care professionals, pharma industry representatives, patient representatives and students in the field of inflammatory bowel diseases with an interest in both ECCO Association activities and ECCO Congress and e-Learning activities. In addition, the ECCO Database captures press contacts, as well as employees and contact persons of tour operator agencies booking group registrations and of supplier companies, which are contracted to implement projects of ECCO and OCEAiN. 

MEANS OF JOINT DATA PROCESSING OPERATIONS:

With the increasingly enhanced digitalisation of the joint data processing operations over the past years, the ECCO Website with a Login-Area called the ECCO Portal constitutes the main entrance door to all activities of ECCO and OCEAiN.

The ECCO Portal Account is the “front” side entrance door to and, after personal Login-In, the front side display of the respective personal data-set captured in the ECCO Database.

As soon as an ECCO Portal Account holder applies for ECCO Membership or engages in another activity, joint processing takes place in the ECCO Database: the use of synergy effects in data harmonization also aims to facilitate access of data subjects to activities within the larger framework of ECCO IT Hub (e.g. distribution of our newsletters, promotion of our Congress and educational/scientific activities, access facilitation via the publisher/distributor of our publications). 

Depending on the status of the data subject (e.g.: Membership status, Congress Registration statutes, Scientific Reviewer Status), the data subject can access various online tools (e.g.: online application process per open call, registration process for workshops or ECCO Congress, industry webshop, General Assembly voting) and various levels of online content (e.g.: applications received for internal or scientific review, e-Learning material, meeting documents).

Most of the functionalities are directly provided by the ECCO Database suppliers and do not need data transfers to other suppliers.

The ECCO Website and the ECCO Database are hosted on a rented ECCO Server space in Austria and in Germany.

Additional Platforms and technology needed are solved with a single-sign on technology with the ECCO Database, which are in particular

• the ePayment tool used to process online credit card payments for ECCO Membership and ECCO Congress Registrations.
• the e-Learning platform which is accessible to all ECCO Members and also to health care professionals as ECCO Portal Account holders without active ECCO Membership up to the age of 35. The single-sign on mechanism is based on an age check, which takes place within the ECCO Database before the access interface is enabled to the e-Learning Platform.
• the ECCO App: upon installation of the ECCO App (offering a dedicated section for ECCO Association and another dedicated section for the annual Congress) on the data subject’s mobile device, first name, last name and email address is shared with the App provider company to allow the single-sign-on mechanism. In case of additional consent of the data subject chosen in  the settings of the App, the personal status (of Membership or Congress Delegates) can be shared in order to be visible for a chat-function tool and to allow for voting in the General Assembly.

In addition, two further joint data processing platforms are used to facilitate project management and communication:

• the ECCO Office inhouse server
• the eNewsletter Mailing Platform

PURPOSE OF JOINT DATA PROCESSING OPERATIONS: please refer to all purposes listed in point 1 above.

LEGAL BASIS: The data transfer between the joint controllers is based on legitimate interests (Art 6 para 1 lit f GDPR). The legitimate interest is the processing of personal data within the organisational entities for internal management purposes of the data subjects.

CATEGORIES OF DATA PROCESSED UNDER THIS AGREEMENT: please refer to point 3 above.

DATA STORAGE LIMITATION: please refer to point 6 above.

ALLOCATION OF DATA PROTECTION TASKS/DUTIES (under Art. 26 GDPR)

The data protection tasks done jointly are:

• provision of information according to Article 26 paragraph 2 sentence 2 GDPR
• common contact point for the fulfilment of data subjects’ requests,
• information obligation according to Article 13 / 14 GDPR,
• fulfilment of the request of access,
• fulfilment of the request of rectification,
• fulfilment of the request of erasure and restriction of processing,
• notification to recipients (Article 19 GDPR),
• fulfilment of the request of data portability, processing of withdrawals,
• implementation of technical and organisational measures (Article 32 GDPR),
• review and adaption of technical and organisational measures,
• maintenance of a record of processing activities

The data protection tasks done separately are:

• selection and assignment of data processors
• processing of notifiable data breaches

CONTACT POINT ACCORDING TO ARTICLE 13, 14 and 26 GDPR:

ECCO Office
Ungargasse 6/13, A-1030 Vienna, Austria
Tel: +43-(0)1-710 2242-0
Fax: +43-(0)1-710 2242-001
E-Mail: This email address is being protected from spambots. You need JavaScript enabled to view it. or This email address is being protected from spambots. You need JavaScript enabled to view it.

DATA PROTECTION OFFICER ACCORDING TO ARTICLE 37 GDPR:

Knyrim Trieb Rechtsanwälte OG
Mariahilfer Straße 89a, A-1060 Wien
T: +43 1 909 30 70, F: +43 1 9093639
E: This email address is being protected from spambots. You need JavaScript enabled to view it., W: www.kt.at
FN 462250f, HG Wien