DATA PROTECTION REGULATIONS acc. EU-GDPR
1. General Regulations
The WMA GmbH reserves the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.
1.1. Personal Data:
Your voluntarily transmitted personal details (through submission in the online forms respectively sent by your group coordinator) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018).
Registration:
A registration to New Horizon Fellowship is not possible without collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the event. Your data will only be passed on to third parties, who are directly involved in running the event and when the organisational process makes it necessary – in accordance with your bookings (host center.).
1.2. Links to other websites:
Our online forms may contain links to other websites. The WMA GmbH is not responsible for the data you provide on other websites. Our partner companies are also bound to act according to EU-GDPR, the implementation however rests with each company individually. Our data protection guidelines are solely applicable to data controlled by us (
2. Information Obligation acc. Art 12-14 EU-GDPR (EU-DSGVO)
We would be pleased to provide you with the following information describing the type, purpose and scope of the processing of your personal data.
2.1. Controller
WMA GmbH, Alser Str. 4, 1090 Vienna
T: +43 1 405 1383 0
E-mail: dataprotection@medacad.org
Management of the person responsible: Romana König, Jerome del Picchia
Data Protection Coordinator: Therese Popp
The data is collected within the framework of the New Horizon Fellowship
Data processor:
WMA GmbH, Alser Str. 4, 1090 Vienna
T: +43 1 405 1383 0
E-mail: dataprotection@medacad.org
Management of the person responsible: Romana König, Jerome del Picchia
Data Protection Coordinator: Therese Popp
The data is collected within the framework of the New Horizon Fellowship.
2.2. Purposes of Processing:
Depending on the participant status, the data are processed for one or more of the purposes listed below.
|
Processing Purpose |
Data Categories |
|
Registration Data |
Name Date of birth Nationality Name and address of current institution and contact information Phone E-mail (required) CV data Name of internal referee Address of internal referee Phone of internal referee E-mail of internal referee Date of internal referee Name of external referee Address of external referee Phone of external referee E-mail of external referee Date of external referee |
|
General Organisation / Accounting |
name contact data registration data bank data |
|
Marketing & Development |
name contact data email |
2.3. Legal Basis for the data processing purposes:
|
Processing Purpose |
Legal Basis |
|
|
Fellowship Management (application management) |
Binding completion of the application submission for participation of the fellowship Acceptance of active participation in the selected event Coordination with host center for fellowship |
|
|
Marketing & Development |
Legitimate interest of the controller (see point 4.1.-4.2.) |
|
2.4. Third Party Data Recipients – Categories:
The recipients receive the data they require. Your data will only be forwarded when the organisational process makes it necessary and when a legal basis exists.
|
Processing Purpose |
Data Categories |
Recipient Categories |
|
Registration Data
|
Name Date of birth Nationality Name and address of current institution and contact information Phone E-mail (required) CV data Name of internal referee Address of internal referee Phone of internal referee E-mail of internal referee Date of internal referee Name of external referee Address of external referee Phone of external referee E-mail of external referee Date of external referee |
Evaluation committee |
|
General Organisation
|
Name Date of birth Nationality Name and address of current institution and contact information Phone E-mail (required) |
Host centers |
|
General Organisation / Accounting |
name contact data registration data additional bookings bank data (if necessary) credit card data (if necessary) |
responsible authorities, bank, fiscal office, tax consultant |
|
Marketing |
name contact data |
online mailing provider |
2.5. Transfer to Third Country:
|
Processing Purpose |
Data Categories |
Recipient Categories |
|
Marketing |
name |
Mailchimp – USA / Online Mailing Provider / adequacy decision of EU = Privacy Shield framework, Mailchimp participates in and has certified its compliance with the EU-U.S. privacy shield framework. |
2.6. Data Storage Period:
Sensitive data (special dietary requirements), which are collected with consent of the data subjects, as well as passport data and information submitted for statistical data collection are irrecoverably deleted with the end of the event wrap-up.
All other data are stored for 7 years, to meet the retention period according to the Austrian VAT Act 1994 (Umsatzsteuergesetz 1994) and to permit post-event support and service (i.e. belated participation confirmations and presentation certificates).
In the case of (e.g. annually) recurring congresses, the data are stored for at least 7 years after the end of the entire event series.
Upon revocation of the person concerned, their data will be deleted immediately
3.Data Subject Rights
We are pleased to inform you about your rights according to EU-GDPR:
3.1. Data Subject Rights acc. Art 15-21 EU-GDPR:
- Right of access by the data subject
- Right to rectification
- Right to erasure/”Right to be forgotten”
- Right to restriction of processing
- Right to data portability
- Right to object (at legitimate interest of the controller)
Detailed descriptions can be found here:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679&from=EN
© European Union, http://eur-lex.europa.eu/, 1998-2018′
3.2. Right to withdraw consent acc. Art. 7 EU-GDPR
Depending on your participant status, we kindly ask you for different declarations of consent. These are queried within the online forms or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU GDPR.
Each data subject has the right to withdraw his/her given consent(s) at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the declaration of consent until the withdrawal.
3.3. Right to lodge a complaint with a supervisory authority acc. Art 77 EU-DSGVO
Every data subject shall have the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes to the EU-GDPR. If in your opinion the data proceeding would be contrary to the data processing law or to your data protection high demands, you may complain to the Austrian data protection authority.
4. Description of other Purposes
Legitimate Interests of the Controller acc. Art 6 (1) f) EU-GDPR
4.1. Advertising/Marketing:
Processing data of the data subject to inform him/her about the above-mentioned event, as well as future and topic-related events.
4.2. Development:
Processing data of the data subject to develop the programme as well as the organisation and implementation of the above-mentioned event, future and topic-related events.
(update 06/2019)