Interventionell Radiologisches Olbert Symposium
Data protection

Data protection

Information in accordance with Article 13 and 14 GDPR

In order to provide certain services to our account holders, society members, event participants, faculty, examination candidates, corporate partners, other business partners or job applicants (in the following collectively referred to as “data subject“, “you“), we process your personal data (in the following also referred to as “data“).

For the purpose of transparency and in accordance with Articles 13 and 14 of the General Data Protection Regulation (“GDPR“), we, therefore, want to inform you about the data processing as follows:

  1. General information

The controller of the data processing activities as described in this data protection information is

  • Cardiovascular and Interventional Radiological Society of Europe (in the following referred to as “CIRSE”, “we“, “us“), Neutorgasse 9, 1010 Vienna, ZVR: 112548646.

For any request and further information regarding the processing of your data, please contact us at dpo@cirse.org.

  1. How and why we process your data

2.1 CIRSE Membership

CIRSE, in its role as a non-profit making, educational and scientific association, is providing education and training to its members (physicians and scientists) with a focus on cardiovascular and interventional radiology.

For the administration of the CIRSE memberships, we process the following data of our members: title, name, gender, CIRSE ID, profession, date of birth, contact information (email, telephone number), postal address, associated medical institution (name, postal address), medical fields practiced, information on membership history, information on member’s payment history, previous congress participations, previous funding for congress attendance, national HCP registration numbers (only if applicable), copies of any documents you send us to support your membership or process your registration.

The processing of above-mentioned data is necessary to administer your membership, your participation in CIRSE Committees (if any) as well as services associated therewith like the use of CIRSE Library. The processing is based on the fulfilment of our contractual obligations according to Art 6 (1) lit b GDPR.

Please also note that if you are a CIRSE member, it may be necessary for CIRSE to share some of your data with the European Society of Radiology (ESR), Neutorgasse 9, 1010 Vienna, Austria, in order to determine the correct institutional membership fee. In this case, the contact data will be shared with ESR. This data will not be processed by ESR beyond the above-defined purpose and will not be shared with any third parties.

Furthermore, we process your data for internal statistical use and optimisation of our activities based on our legitimate interest according to Art 6 (1) lit f GDPR as well as statutory obligations according to Art 6 (1) lit c GDPR.

Your data is stored for as long as you remain an active member with CIRSE and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).

2.2 Events & Courses

CIRSE organizes on a regular basis different kinds of events & courses (both online and onsite) for its members and other interested parties, such as the CIRSE Annual Congress, ECIO, IDEAS, ET, ESIR as well as CIRSE Webinars, CIRSE Curricula, CIRSE Academy and webcasts on CIRSE Library. In addition, CIRSE offers a Digital All-Access Pass containing access to the aforementioned events and courses.

In the course of the event participation, the following data of the participants is processed: name, gender, CIRSE ID, profession, contact information (email, telephone number), associated medical institution (name, postal address), medical fields practiced, previous congress participations, previous funding for congress attendance, city and country of residence.

When watching live-streamed or on-demand webcasts via CIRSE Library, CIRSE is tracking your time of participation via your CIRSE ID. This only applies to logged-in users of the CIRSE Library, open access webcasts are excluded. There is no opt-out possibility, as the tracking of your CIRSE ID is necessary for CIRSE to be able to issue your confirmation of participation as needed to claim CME (continuing medical education) credits.

The procession of above-mentioned data is necessary to administer the participations and/or your Digital All-Access Pass, the processing is therefore based on the fulfilment of our contractual obligations according to Art 6 (1) lit b GDPR.

Your data is stored for as long as you remain active with CIRSE (membership or participation in events and congresses) and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).

If you participate in/at CIRSE events and/or visit an online activity (such as satellite symposium, webinar, exhibition booth, hospitality suite or learning centre) in the virtual exhibition or onsite exhibition (providing your event badge details), your following data will be, upon your valid and explicit consent (according to Art 6 (1) lit a GDPR), passed on to the respective exhibitor: first name, last name, country, institute and email address.

Exhibitors are responsible for processing data complying with terms of data protection law. See list of exhibitors on the respective website for each event.

You can withdraw your consent towards CIRSE with regard to passing on data to exhibitors for the future. If you wish to unsubscribe from any third-party promotional communications or other processing, please contact the respective exhibitor directly.

2.3 EBIR exam

The European Board of Interventional Radiology (EBIR) is a voluntary supplemental examination designed to evaluate interventional radiologists on the clinical and technical knowledge necessary to carry out safe and effective treatments for patients. For CIRSE to perform the examination accordingly, the following data of candidates needs to be processed: name, contact information, gender, CIRSE ID, CV information (such as profession, description of medical education, list of publications, information on radiology and IR training, information on IR experience and competency), date of birth, postal address, associated medical institution (name, postal address) and national HCP registration numbers (only if applicable).

The examination is held online by means of the examination software “Maxexam”, as provided by our processor Maxinity Software Ltd. The following information is therefore processed additionally: records of your voice, video, photos, ID document, screenshots, webcam photos and webcam video streams of your computer. Video recordings and streams are screened by Maxexam for suspicious behaviour or movements (e.g. a second person entering the room where the examination is taking place) and flagged for CIRSE who re-evaluates those events. In no case data according to Art 9 GDPR, in particular biometric data, is processed by Maxexam.

The data processing is based on Art 6 (1) lit b GDPR (performance of a contract). If above-mentioned data is not provided, the execution of the examination is not possible.

Data relevant for the examination are stored on the servers of our processor Maxinity Software Ltd., based in the United Kingdom. We will delete the data once it has been confirmed that the exam has been conducted properly, which usually is 12 weeks after the examination.

Furthermore, CIRSE will share some of your data (name, country of residence) with the European Society of Radiology (ESR), Am Gestade 1, 1010 Vienna, Austria, in order to facilitate ESR endorsement of your EBIR examination.

Your positive result of EBIR exam, your name as well as your country and city of residence are published, only upon your valid consent, on CIRSE website (Art 6 (1) lit a GDPR). Data published on the website will be deleted after one year or earlier in case you withdraw your consent.

2.4. Job Applications

If you apply for a job with CIRSE, the data you provide within the application process will be processed (in particular curriculum vitae, contact details). The processing of your data is based on the performance of pre-contractual measures, namely the application procedure aiming to conclude an employment contract according to Art 6 (1) lit b GDPR or your explicit consent if you would like CIRSE to keep your application on file according to Art 6 (1) lit a GDPR.

Your data will be deleted after seven months in accordance with the provisions of the Austrian Equal Treatment Act (Gleichbehandlungsgesetz, GlBG) unless CIRSE will keep your data on file based on your explicit consent.

2.5 CIRSE Website

We use cookies and log-files for the functioning of our website. In the course of your use of our website, we collect and process the following data: IP address and IP location, referrer URL, number, duration and time of views of your interactions with the website, search engines and keywords you used to find us, information about browser type, device type, screen resolution, internet service provider and operating system. We collect this data automatically with cookies (provided by third parties) based on your consent pursuant to Art 6 (1) lit a GDPR (or in conjunction with Section 96 (3) Austrian Telecommunication Act in the case of so-called “persistent” cookies, which are stored on your device).

You can refuse the storage of individual cookies via configuration in the cookie banner or you may withdraw your consent to storage at a later time via configuration of your browser. When cookies are stored on the basis of your voluntary consent, your data may be transferred to recipients in third countries outside the EEA, in particular to the US. The European Court of Justice, however, considers that the US does not offer an adequate level of data protection to data subjects; in particular, there is a potential risk that your data may be viewed by US authorities for control and monitoring purposes. With your consent, you agree that cookies from third-party providers in the US or from other insecure third countries may be used and you accept a possible lower level of data protection (Art 49 (1) lit a GDPR).

Cookies that are absolutely necessary for the structure or functioning of the website (technically necessary cookies) cannot be deactivated. If this involves data, the processing is based on our legitimate interest pursuant to Art 6 (1) lit f GDPR to ensure the functionality of the website. The storage period of the respective cookies may vary and amount to a maximum of 10 weeks. For further information on the cookies we use see our Cookie Information.

2.6 Journal Subscriptions

For the administration of your journal subscription’s (CVIR and CVIR Endovascular), CIRSE processes the following data based on Article 6 (1) lit b GDPR (contractual obligation): name, post address, email address.

Please also note that if you sign up for a print subscription of CVIR, it will be necessary for CIRSE to share above mentioned data with Springer Verlag GmbH, Tiergartenstraße 17, 69121 Heidelberg, Germany, in order for you to receive the journals and to enable them to provide you with their services as requested by you. Data will not be processed by Springer beyond the above-defined purpose and will not be shared with any other third parties.

We store the aforementioned data for the duration of your active subscription and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).

2.7 Promotion & Newsletter

If you subscribe to CIRSE newsletter (available under https://login.cirse.org/register) or other CIRSE promotions, we process your data you voluntarily provide, in particular your contact details (such as name, postal address, email address), in order to send you up-to-date information on events and other relevant news by e-mail or postal means at regular intervals. The data processing is based on your explicit consent according to Art 6 (l) lit a GDPR in connection with Section 107 Abs 2 Austrian Telecommunications Act. You can withdraw your consent at any time with effect for the future by changing your mailing preferences in your account on the CIRSE website (myCIRSE). Your data will be stored until you valid withdrawal.

2.8 CIRSE Society App

CIRSE offers the “CIRSE Society App”, a free app, available on iOS and Android, for participants of CIRSE events to customize their personal timetables/event experience and take part in e-votings/polls during CIRSE events. It further more features a news section, which lets participants stay in touch with all news pertaining to the society and upcoming CIRSE events. Within the usage of the app, CIRSE processes the following data: name, job title, professional information/CV, links to social media profiles, contact information, profile picture, events participated in, personal time schedules.

For the provision and administration of the app, we use the services of Conference Compass B.V., based in the Netherlands, which we have contractually obliged to comply with applicable data protection laws according to Art 28 GDPR.

The above-mentioned data is required for the app to be deployed and function accordingly, the processing is therefore based on Art 6 (1) lit b GDPR. Data will be stored until you delete your account and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).

2.9 Faculty (event speakers and scientific contributors)

In the course of its scientific activities (in particular events, courses and/or publications), CIRSE processes data of speakers and other scientific contributors (“Faculty“) for purposes of communication, programme planning of events, courses and publications, administration of your account as well as documentation of scientific research, publishing and development in the field of cardiovascular and interventional radiology.

In particular, CIRSE processes the following data: name, gender, CIRSE ID, profession, birthdate, contact information (email, telephone, fax numbers), associated medical institution (name, postal address), faculty commitments taken by you, presentations uploaded by you (where applicable), abstracts submitted by you (where applicable), abstract ratings (where applicable, given to your abstract or given by you to abstracts of others), possible conflicts of interest declarations (where applicable), attendees’ feedback to presentations delivered by you and sessions you contributed to (where applicable), your feedback session you attended and specific presentations (where applicable), communication history.

We process your data for the performance of our contractual duties according to our contractual relationship with you (Art 6 (1) lit b GDPR), for compliance with other legal obligations (Art 6 (1) lit c GDPR) and/or for the purpose of legitimate interests, except where such interests are overridden by your interests in the confidentiality of your data (Art 6 (1) lit f GDPR).

We transfer data to third parties as far as this is necessary in order to render our services to you. This includes in particular the following parties: banks, tax accountants, lawyers and other accounting or consultant firms. Where legally obliged to, we also transfer you data to public authorities and or institutions.

We store the aforementioned data in any case for the duration of active business relationship and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).

2.9 Business partner relationships

In the course of our daily business, we make use of various service providers and their offers to simplify our business processes.

We process your data for the performance of our contractual duties according to our contractual relationship with you (Art 6 (1) lit b GDPR), for compliance with other legal obligations (Art 6 (1) lit c GDPR) and/or for the purpose of legitimate interests, except where such interests are overridden by your interests in the confidentiality of your data (Art 6 (1) lit f GDPR).

We transfer data to third parties as far as this is necessary in order to render our services to you. This includes in particular the following parties: banks, tax accountants, lawyers and other accounting or consultant firms. Where legally obliged to, we also transfer you data to public authorities and or institutions.

We store the aforementioned data in any case for the duration of active business relationship and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).

  1. Data Storage

Unless otherwise indicated above, your data is stored on the servers of our IT provider, Centium Software Pty Ltd, which we have contractually obliged to comply with applicable data protection laws according to Art 28 GDPR.

  1. Data Transfers

If the above-mentioned recipients of your data are located outside the EEA and it has not been established by a decision of the EU Commission that the country concerned has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses (as amended from time to time) or otherwise in accordance with Articles 46, 47 or 49 GDPR.

  1. Data Security

CIRSE takes all necessary and appropriate technical and organizational measures to protect the rights and freedoms of data subjects as well as reviews these measures on a regular basis. Accordingly, our IT providers are contractually obliged to adhere to all standards of applicable data protection laws. Please note that e-mails are sent using commercially available software programs, some of which are not encrypted. If contents to be transmitted are particularly confidential or worthy of protection for data subjects, they should be transmitted to CIRSE by post or end-to-end encrypted.

  1. Your rights

Information and Access

You are entitled to obtain information by CIRSE as to which data are being processed and to get access to that data upon your request. We will provide you with one copy of the data undergoing processing free of charge, unless the disclosure may adversely affect the rights and freedoms of others.

Withdrawing consent

Should you have consented to a specific use of your data by CIRSE, you can withdraw that consent at any time, by changing your account settings or contacting us under dpo@cirse.org.

Rectification and Erasure

You are entitled to request rectification of inaccurate data or completion of incomplete data concerning you without undue delay.

You are entitled to request erasure of data without undue delay, if

(i)  Data are no longer necessary in relation to the purposes for which they were collected,

(ii)  You object to the processing

(iii) Data have been unlawfully processed

(iv) Data have to be erased for compliance with a legal obligation applicable to CIRSE

However, CIRSE is not obliged to execute such erasure if processing is necessary

(i)  for exercising the right of freedom of expression and information,

(ii)  for compliance with a legal obligation to which CIRSE is subject,

(iii)  for the establishment, exercise or defence of legal claims.

Restriction of Processing

You are entitled to request the restriction of processing of data in the following circumstances and for the following periods of time:

(i)  you contest the accuracy of the data concerning you; restriction of processing may be affected for a period enabling us to verify the accuracy of the relevant data,

(ii)  the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead,

(iii)  we do no longer need the data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,

(iv)  you have objected to processing, for the period until the verification whether our legitimate grounds override those of you.

Data Portability

You are entitled to data portability, namely to receive your data which you have provided to CIRSE and which is processed

(i)  based on the concluded contract

(ii)  and by automated means

in a structured, commonly used and machine-readable format.

You are entitled to request that the data is transmitted directly to another controller by us, where technically feasible. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of data concerning you which is based on our legitimate interests according to Art 6 para 1 point f GDPR. If you object to processing of your data we shall cease to process this data unless our legitimate interests to processing your data prevail.

Right to file complaint

If you believe your data protection rights have been infringed in any way, you can complain to the competent supervisory authority. In Austria this is the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, www.dsb.gv.at).

Last updated March 1, 2022