Personal data is any information relating to an identified or identifiable living person. When collecting and using personal data, our policy is to be transparent about why and how we process personal data.
What data do we collect
We may collect the following information:
- first name, last name, form of address, job title.
- contact information (including postal and email address).
- demographic information such as nationality, postcode country, preferences and interests.
- other information relevant to customer surveys and/or offers.
- credit/debit card information provided to us other than online.
For an event, meeting or congress (“Event”), this may also include the following information:
- Participant type (membership status, membership number)
- Declaration of professional capacity (e.g., as health care professional or as working in a professional capacity with such health care professionals as a routine part of their employment).
- Electronic further education number (timestamp for certification).
- Interaction (electronic commentaries, questions or answers, surveys, polls).
- Media (photo, video, audio, webcast).
- Other content (abstract, presentation).
- Networking (profile picture, pin-recommendations, chat messages, chat-comments and emoticons, areas of interest, group membership, 1:1 messages).
- Speaker details (biographies, conflict of interest).
- Programme details (personal programme on mobile website, app, and ESE On Demand).
- Account information (log-in data, contact data, business information).
- Tracking data (usage data such as search activity, pages viewed and date and time of visit, browser type, type of computer or mobile device, browser language, IP address, mobile operator, unique device identifier, location information, and requested and referring URLs).
How the data is collected
Data you supply via online forms
You may choose to submit your personal information to us by filling in an online form on the websites that are used by ESE to deliver its services. Examples of when we may collect personal information from you in this way include:
- when you apply for, or renew, your ESE membership.
- when you apply for an ESE grant.
- when you vote for an ESE award.
- when you apply for ESE positions.
The list above is not exhaustive.
Whenever you provide your personal information to us via an online form, we will ensure that your data is only used in accordance with this privacy statement.
We will only ever use your personal data for marketing purposes if you have consented to this.
Information we collect at receipt and opening of emails
We use a third-party provider to deliver our marketing emails. If you have opted-in to receive marketing communications from us, we will collect the following information on your email consumption:
- how you interacted with each email: e.g. whether you opened, deleted, or forwarded the email, and details of any links you clicked.
- the type of device you used to open the email.
- your browser type and operating system.
- your geographic location.
Inclusion in the membership directory of the European Society of Endocrinology
Members of ESE have the opportunity to include their details in the Society's membership directory to maximise opportunities for networking and collaboration. If you consent to this, the following personal information will be displayed in the membership directory:
- Your name.
- Your institution.
- How long you have been a member.
- Your telephone number and email address.
This information is only ever available to other members of ESE and will never be made available to the wider public. You can give or withdraw consent to be included in the membership directory at any time by changing your preferences in the ‘my profile’ section of the members’ area.
Subscribing to email communications and newsletters
Individuals and members of ESE have the opportunity to subscribe to email communications and newsletters. If you subscribe to these, the following information may be collected:
- Your name.
- Your contact details (postal and/or email).
- How long you have been a member.
- Your telephone number and email address.
You can withdraw your subscription at any time by following the ‘unsubscribing’ link contained within the communication you have received.
Registering, attending and participating at an Event
ESE provides registration to their Events using a registration system named M-anage and provides access to recorded content using a digital platform named “ESE On Demand". ESE On Demand publishes and operates various content and interaction formats, which are linked to a person (e.g., a participant in an online congress). In the context of such an Event it is possible for participants to retrieve information about speaker details, program details (schedule, abstracts), personalised services and information (My Programs, My Profile and Setting, My View History), personalised advertising and information, and to interact (electronic comments, questions and answers CME evaluation including CME user tracking, polling, questions and answers/comments, FreshChat /Support Chats).
Various networking modules are implemented with the following functionalities, within the scope of which personal data may be processed:
- My Profile & Settings
Personal settings for interactivity functions (e.g. selectable options to inform visitors about personal participation in sessions, pin content, be visible in search, be open for contact requests, 1: 1 messenger accessibility, etc).
- User Group Functionality
Users can visit, join or leave a group and use the following functionalities: Group chat and text messaging (1:1 messaging to users with appropriate settings), Group user search, Group Pins, search by first name/last name, Congress user search, search by first name/last name, Send group invitations to other users.
In order to provide services within the ESE On Demand platform, access is granted to the registration system and data held within the Event registration. In addition, personal data may be processed in the performance of the services depending on the specific interfaces and to provide support.
- Email communication
E-mails generated via the Event (e.g. message to author as well as 1:1 message) or m-anage.com (e.g. registration process, speaker invitation, presentation upload and others) are sent to registered participants.
- Online scheduling
An online appointment booking and/or -management service to enable speakers to rehearse their presentations (e.g. "You Can Book Me").
For admin purposes and to protect our charitable interests
The purposes for which we will use your information include accounting, billing and audit, credit or other payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis, legacy administration, systems testing, maintenance and development.
Our processing also includes the use of CCTV systems at our premises for the detection and prevention of crime.
Our legal basis for processing your data
We rely on the following lawful bases to process your personal data:
- Consent (for example, to send you direct marketing by email).
- Contractual relationship (for example, to provide you with goods or services that you have bought from us, or when you agree to participate in user experience research).
- Legal obligation (for example, carrying out due diligence on agreements).
- Legitimate interests (see below).
Personal data may be legally collected and used if it is necessary for a legitimate interest of the organisation using the data, as long as its use is fair and doesn’t adversely impact the rights of the individual concerned.
We will always assess if our processing of your personal information is fair and balanced and if, in our opinion, it is within your reasonable expectations. We will balance your rights and our legitimate interests to make sure that we use your personal information in ways that are not unduly intrusive or unfair.
Our legitimate interests
- Achieving our charitable aims – to promote for the public benefit research, education and clinical practice in endocrinology by the organisation of conferences, training courses and publications, by raising public awareness, liaison with national and international legislators, and by any other appropriate means.
- Administration and operational management - this includes running the charity, legal and financial reporting and meeting legal requirements, responding to your enquiries, providing information and our support, research, surveys, events management, the administration of volunteers and employment and recruitment requirements.
Who we share information with
We can’t do everything ourselves, so often we need to share your personal information with third parties with the skill, experience and facilities to deliver services to you and give you the information you’ve requested. We may also share your personal information with third parties so they can provide services in order to carry out our work.
We’ll always make sure that your information is kept securely and can’t be used for other purposes. We will never sell or give your information to third parties for their own promotional marketing purposes.
Occasionally we may be legally required to share information with official agencies, regulatory bodies or the police to protect you or to prevent or detect a crime.
Providing information to you and delivering services
When we send out information to you, for example about our events or membership benefits, we often use companies who provide support services like printing, design or mailing houses to do this.
Suppliers who provide services to us
We also use the services of online or mobile platforms for a number of reasons, for example to manage registrations for our Events, to manage grant applications, to send out forms and surveys.
When you submit your data to these platforms, the platform will collect your registration details for us. Sometimes the platforms will use your data for their own purposes such as analysing the use of their platform, so we recommend that you check their privacy policies for more details.
We always make sure that we have a legal agreement in place with our third-party suppliers, which obliges them to only use your information on our instructions and in accordance with the law.
Why we need the information and what we do with it
We require this information to understand your needs and provide you with a better service, and for the following reasons:
- Internal record keeping.
- Delivery of our products and services.
- For statutory or contractual requirements.
- Improvement of our products and services.
- With your consent, we may periodically send emails which we think you may find interesting, using the email address which you have provided. Such communications may include information in relation to our activities and services, including approved occasional communications from Corporate members, and any other activity related to our status as a professional membership association and medical charity.
- From time to time, we may also use your information to contact you. We may contact you by email, phone, fax or mail. We may use the information to customise the website according to your interests.
- If you sign up to a network, your contact details (among other information) can be seen by other members of the same network.
How long do we keep the information
We retain the personal data processed by us in a live environment for as long as is considered necessary for the purpose(s) for which it was collected (including as required by applicable law or regulation, typically 6 years).
In addition, personal data may be securely archived with restricted access and other appropriate safeguards where there is a need to continue to retain it.
We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic, and managerial procedures to safeguard and secure the information we collect online.
If you pay your fees by credit or debit card, we will not retain your card details after processing your payment. You will need to resubmit this information for future transactions.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added, and the cookie helps analyse web traffic or lets you know when you visit a site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.
Links to other websites
Locations of Processing
We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EEA are done lawfully. Where we transfer personal data outside of the EEA to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the requirements for the transfer of personal data outside the EU.
Individuals have certain rights over their personal data and we are responsible for fulfilling these rights as follows:
- Individuals may request access to their personal data held by ESE.
- Individuals may request us to rectify personal data submitted to us or, where appropriate, contact us via the relevant website registration page or by amending the personal details held on relevant applications with which they registered.
- Individuals may request that we erase their personal data.
- Where we process personal data based on consent, individuals may withdraw their consent at any time by contacting us or clicking on the unsubscribe link in an email received from us.
- Individuals may have other rights to restrict or object to our processing of personal data and the right to data portability.
- Individuals may request information about, or human intervention into, any automated data processing that we may undertake.
If you wish to exercise any of these rights, please send an email to the Data Protection Contact at email@example.com, or you can write to the European Society of Endocrinology, Redwood House, Brotherswood Court, Great Park Road, Almondsbury Business Park, Bradley Stoke, Bristol, BS32 4QW, UK.
Controlling your personal information
Where we process your information based on your consent, you may withdraw your consent at any time. You can do this by contacting us at any time by writing to or emailing us at: firstname.lastname@example.org.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to or emailing us at: email@example.com.
We will not sell, distribute, or lease your personal information to third parties unless it is necessary for us to fulfil our obligation to you, we have your permission or are required by law to do so. We may use your personal information to send you promotional information about third parties which we think you may find interesting if you tell us that you wish this to happen.
If you want to complain about our use of personal data, please send an email with the details of your complaint to the Data Protection Contact at: firstname.lastname@example.org. We will investigate and respond to any complaints we receive.
You also have the right to lodge a complaint with the UK Data Protection Regulator, the Information Commissioner's Office (“ICO”). For further information on your rights and how to complain to the ICO, please refer to the ICO website: https://ico.org.uk/concerns.
How to contact us