ESIM2025
EUROPEAN SUMMER SCHOOL OF INTERNAL MEDICINE
1-7 June 2025
Alexandroupolis
Greece


Privacy Policy

Personal Data Protection Statement of the European Federation for Medical Informatics and its appointed Professional Congress Organizer (CONVIN SA) for ESIM2025.

The European Federation for Medical Informatics and its appointed Professional Congress Organizer (CONVIN SA) for ESIM2025 (hereinafter jointly referred to as ESIM 2025 ORGANISING TEAM), recognize and respect the importance of the personal data they handle within the framework of their activity and therefore have fully adapted their policy to the requirements of the General Data Protection Regulation (hereinafter GDPR) 2016/679/EC.

By this statement, the ESIM 2025ORGANISING TEAM wishes to inform anyone contacting it in any of the following ways:

  • through physical presence at its registered offices in Athens, Greece
  • by phone
  • on its official e-mail addresses or through its website
  • using any of its services

in what capacity, for what purpose and on what legal basis it processes information relating thereto and which can be used to identify them directly or indirectly, namely:

  • their personal data
  • the categories of their data
  • the sources of their data (when data are not provided by the person himself)
  • the criteria for determining the period of keeping their personal data
  • their option to exercise with respect to their personal data the rights to access and rectification and, where appropriate, to erasure, restriction and objection to the processing as well as to automated decision-making, including profiling, any perchance transfer of data to third countries or international organisations
  • the option of individuals to denounce any violation of their personal data rights to the Data Protection Authority as well as the observance of the relevant data protection policies and guarantees of personal data protection by the ESIM 2025 ORGANISING TEAM

To this purpose, please take a moment to read the ESIM 2025 ORGANISING TEAM statement.

If you have any questions or concerns, if you wish to receive a copy of this statement or if you wish to exercise any of the rights related to your personal data, you can contact us by email at workshop_hms@convin.gr.

ESIM 2025 ORGANISING TEAM STATEMENT

1. The ESIM 2025ORGANISING TEAM as “Controller” and “Processor” of Personal Data
The Professional Congress Organiser (CONVIN S.A.) operates in the form of Société Anonyme, registered at the General Commercial Registry (GEMI) of the Athens Chamber of Commerce and Industry, under number 7359701000 and it has its registered office at 29 K. Varnali Street, Chalandri 15233, Athens, Greece.

The European Federation for Medical Informatics is a nonprofit scientific association, seated in Chemin de Maillefer 37, CH-1052 Le Mont-sur-Lausanne, Switzerland.

The ESIM 2025 ORGANISING TEAM processes, in the course of its activity, the personal data of the parties trading with it, becoming as regards such data the “controller” or “processor”.

In carrying out its business, the ESIM 2025 ORGANISING TEAM processes (simple and special category) personal data of the subjects participating in the Programs for the purposes of implementation, evaluation and control and the relevant legal obligation for the processing of personal data in the form of individual participants’ data (microdata) derives mainly from both the General Regulation and the European Social Fund Regulation as well as from specific provisions of the Greek legislation.

The data processing concerned is governed by the provisions of Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).

2. Data sources
The ESIM 2025 ORGANISING TEAM collects your personal data from various sources. Particularly:

1) Personal data you directly provide to it.

2) Personal data that it collects automatically, such as through cookies

The following may be collected:

– Your IP address
– Your cookie ID
– Your browser
– Your location
– The web pages you visit on our website

as well as,

3)  Personal data collected from other sources, i.e., from other public authorities as well as from publicly accessible sources.

4)  Personal data collected from its contacts with companies / sponsors of its Programmes.

3. Categories of data
The data we process, as the case may be, are:

  • Simple Data, such as mainly first and last name, date of birth, ID number, TIN, address, telephone, e-mail, etc.
  • Special Category data, such as data on religion, nutritional allergies, possible health problems and data on ethnic origin.

4. Purpose of Processing
The reasons the ESIM 2025 ORGANISING TEAM processes your data, as the case may be, are:

–   to communicate with you
–   to answer your questions
–   to process your requests
–   to conclude contracts with you
–   to execute its contractual obligations towards you
–   to declare your membership status and any related entitlement
–   to declare your participation in events / activities
–   to fulfil its legal obligations under the domestic and EU law
–   to organise its activity in the field of electronic communications

5. Legal bases of processing
In particular, as the case may be, the legal bases on which we support the processing of your data are the following:

–   Article 6, par. 1a of GDPR

When you have given consent to the processing of your data for one or more specific purposes.

–   Article 6, par. 1b of GDPR

Processing necessary for the performance of a contract to which you are a party or in order to take

steps at your request prior to entering into a contract.

–   Article 6, par. 1c of GDPR

Processing necessary for our compliance with our legal obligation as this derives from the EU or the National Law.

–   Article 6, par. 1e of GDPR

Processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller.

–   Article 6, par. 1f of GDPR

Processing necessary for the purposes of the legitimate interests pursued by the ESIM 2025 ORGANISING TEAM, except where such interests are overridden by your interests and fundamental rights and freedoms as data subjects.

And with regard to special category data:

–   Article 9, par. 2a of GDPR

When you have given consent to the processing of your special category data (nutritional specificity,

health, ethnic origin) for one or more specific purposes

– Article 9, par. 2b GDPR

Where processing is necessary for carrying out the obligations and exercising specific rights of data

subjects in the field of social protection, in so far as it is authorised by the Union or national law.

And as regards data relating to criminal convictions and offences:

–   Article 10 of GDPR

Where processing is authorised or required by the Union or national law.

6. Disclosure to third parties
The ESIM 2025 ORGANIZING TEAM does not proceed to any unauthorised disclosure or transfer of your personal data to third parties. Therefore, it will not share your data with third parties for marketing purposes.

It uses processors, i.e., third parties, providing services thereto. It has contractually bound the processors in order not to be able to manage your personal data unless it gives them specific instructions and thus, they will not share your personal data with anyone other than the ESIM 2025 ORGANISING TEAM itself, while it will retain your data safe for the period that it has indicated to you.

In some cases, it may have a legal obligation to disclose your data. Such a case occurs on the basis of a court order or when it cooperates with other public authorities and bodies within the European Union, under provisions of the EU or domestic law.

The ESIM 2025 ORGANISING TEAM may, therefore, disclose or transfer your data to third parties, provided the legal requirements are met, namely when there is:
– Previous consent on your behalf as data subjects
– Legal Obligation to disclose data to Competent State Agencies and Organisations and to the relevant Judicial and Prosecution Authorities, if lawfully and competently requested.

7. Retention Period of your Data
The ESIM 2025 ORGANIZING TEAM shall retain your personal data for as long as the processing purpose lasts. Upon its expiration, the ESIM 2025 ORGANISING TEAM shall lawfully retain your personal data when this is necessary in order to comply with a legal obligation thereof arising from the provisions of the Union or National Law and where retention is necessary to substantiate, exercise or support legal claims of the Company.

8. Which are your rights
According to the General Data Protection Regulation, depending on the legal basis on which the ESIM 2025 ORGANISING TEAM is based to process your data, you have the following rights:

8.1 Right of Access
You have the right to receive:
– confirmation as to whether or not your personal data are being processed
– a copy of such data
You may submit your request to access your personal data in writing, by email to the ESIM 2025 ORGANISING TEAM
You may not want all the personal data that the ESIM 2025 ORGANISING TEAM has on you. For this reason, it would facilitate and speed up the process if you clarified to the ESIM 2025 ORGANISING TEAM which data do you precisely want.

When requesting access (to personal data), it is necessary to include the following information:
– Your name and contact details
– Any information that the ESIM 2025 Organising Team uses to identify you or to differentiate you from other people with the same name, such as a code, etc.
– Details or relevant dates to help the ESIM 2025 ORGANISING TEAM identify what you need

When can the ESIM 2025 ORGANISING TEAM refuse to grant access?

The ESIM 2025 ORGANISING TEAM may refuse to satisfy the right of access if your data include other person’s personal data unless the other person has consented to the disclosure of his or her data or it is reasonable that the said information is provided to you without the consent of the other person.

In order to make the relevant decision, the ESIM 2025 ORGANISING TEAM will need to regulate your own right of access vis-a-vis the other person’s rights with respect to his or her own information.

The ESIM 2025 ORGANISING TEAM shall also be entitled to refuse to grant access when this is clearly unfounded or abusive.

In any case, the ESIM 2025 ORGANISING TEAM should notify you and justify its decision. It should also inform you of your right to make a complaint to the Data Protection Authority or even to appeal before Courts.

How long will it take for the ESIM 2025 ORGANISING TEAM to respond?

The ESIM 2025 ORGANISING TEAM must answer your request within a month.

In specific cases extra time may be needed to assess your request and up to two months to answer.

If it is going to use the additional time, the ESIM 2025 ORGANIZING TEAM will inform you within one month of the reason why it needs more time.

Can the ESIM 2025 ORGANIZING TEAM charge a fee for satisfying my right of access?

A copy of your personal data will be provided to you free of charge. However, if your claim is manifestly abusively repeated or excessive, it may charge you a fee for the administrative costs associated with it.

8.2 Right to Rectification
You have the right to ask for your data to be rectified when they are inaccurate or completed when they are incomplete.

In order to exercise your right, you must inform the ESIM 2025 ORGANISING TEAM that you dispute the accuracy and completeness of your personal data. You will need to identify what data are inaccurate or incomplete, explain how the ESIM 2025 ORGANISING TEAM will have to correct them and provide relevant evidence of inaccuracies.

When you ask the ESIM 2025 ORGANISING TEAM to rectify your data, it will thoroughly check whether the data are accurate or not, on the basis of the evidence you will provide thereto and those held by it. It will then let you know if it has rectified, erased or completed the data. In case the ESIM 2025 ORGANISING TEAM considers that the inaccuracy or incompleteness of the data is not substantiated, it will inform you accordingly, providing at the same time a justification for its negative response. If it has disclosed the data to third parties, the ESIM 2025 ORGANISING TEAM will contact them and inform them of the rectification or completion of the data, unless this is impracticable or requires disproportionate efforts. At the same time, if you wish, it can inform you to which recipients it has transferred your data. 

8.3 Right to Erasure
You have the right to request the erasure of your personal data if you no longer wish to have such data processed and if there is no legitimate reason for the ESIM 2025 ORGANISING TEAM to hold them as Controller.

In particular, this right shall be exercised:

  • when the legal basis of processing is your consent and you withdraw it, so, if there is no other legal ground for the processing, data must be erased;
  • where your data are no longer necessary in relation to the purposes for which they were collected or otherwise processed or illegally processed or if you object to the processing thereof and there are no overriding legitimate grounds for the processing; and, finally,
  • if the data have been collected illegally or when you were a child within the frameworks of provision of an on-line service.

It should be noted, however, that this is not an absolute right, as further retention of personal data by the ESIM 2025 ORGANISING TEAM is lawful when it is necessary for reasons such as compliance with a legal obligation of the ESIM 2025 ORGANISING TEAM or the establishment, exercise or defense of legal claims.

The ESIM 2025 ORGANISING TEAM is entitled to refuse to erase the data in the following cases:

  • when retention of data is necessary for exercising the right of freedom of expression and information
  • when retention of your data is a legal obligation
  • when retention of your data is necessary for reasons of public health
  • when retention of your data is necessary for the establishment, exercise or defense of legal claims
  • when erasing your data would significantly hinder or render processing impossible for scientific or historical research purposes

8.4 Right to Restriction of Processing
As an alternative to the right to erasure and the right to object, you have the right to request the restriction of your data processing only where one of the following applies:

  • the accuracy of your data is contested by you and the ESIM 2025 ORGANISING TEAM as Controller considers the request
  • when processing is unlawful
  • when data are no longer necessary for the purpose of the processing, but you are requesting their retention for the establishment and defense of your legal claims
  • when you have objected to processing and the ESIM 2025 ORGANISING TEAM as Controller examines whether the legitimate grounds thereof override yours

This right may be combined with the right of rectification and the right to object, and in particular:

  1. If you request correction of your inaccurate data, you may request that the processing be restricted for as long as the ESIM 2025 ORGANISING TEAM examines the request for rectification, or,
  2. If you request the right to object, you may request at the same time the restriction of processing for as long as the ESIM 2025 ORGANISING TEAM examines the request to object

8.5 Right to Data Portability
You have the right to receive your personal data that have been processed by the ESIM 2025 ORGANISING TEAM as controller in a structured, commonly used and machine-readable format (e.g., XML, JSON, CSV etc.).

You also have the right to ask the ESIM 2025 ORGANISING TEAM to transmit those data without hindrance directly to another Controller.

The right to portability can only be exercised by you when the following conditions are cumulative satisfied:

  • Personal data are processed by automated means (i.e., printed records are excluded)
  • The processing is based either on your consent or on the performance of a contract to which you are a party (Article 6 par. 1b of GDPR)
  • Personal data concern you as data subject and have been provided by you
  • The exercise of the right does not adversely affect the rights and freedoms of others

8.6 Right to object
You have the right to object at any time and on grounds related to your particular situation to processing of personal data concerning you when processing is based either on a task carried out in the public interest or on the existence of a legitimate interest pursued by the company, including profiling.

The ESIM 2025 ORGANISING TEAM shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms as data subject or for the establishment, exercise or defense of legal claims.

8.7 Right to Non-Automated Individual Decision-Making including Profiling
If the ESIM 2025 ORGANISING TEAM is required to make a decision that produces legal effects concerning you based solely on automated processing, including profiling, we inform you of the following:

  • The ESIM 2025 ORGANISING TEAM as controller may lawfully take such a decision only if you have given us your explicit consent or when the decision is necessary for entering into or performance of a contract between us or if such a decision is authorised by the Union or National law, which also lays down suitable measures to safeguard the data subject’s rights.
  • If such a decision is taken as necessary for entering into or performance of a contract between us, namely the ESIM 2025 ORGANISING TEAM as the Controller and you as the data subject or based on your explicit consent, you have the right to contest the decision so that the ESIM 2025 ORGANISING TEAM will be obliged to implement suitable measures to safeguard your rights, at least the right to obtain human intervention in decision-making, or the right to express your point of view and contest the decision as data subject.
  • If the ESIM 2025 ORGANISING TEAM intends to process data automatically, including profiling, it will provide you, when receiving the data (when it has collected them from you) or in a reasonable time (when such data have been taken from another source), also the following additional information:
  •  
    • whether and to what extent automated decision-making, including profiling, takes place
    • on the logic involved
    • on the importance and the foreseeable consequences of the processing
    • information on the subject’s right to object, which is presented clearly and separately from any other information

You are entitled, in the case that profiling takes place, to obtain restriction of processing at any stage thereof.

The ESIM 2025 ORGANISING TEAM will be obliged to erase the relevant personal data if profiling is based on your consent and this is revoked or if you exercise the right to erase your data and if there is no other legal basis for processing in accordance with the provisions of Regulation.

You have the right to object at any time and on grounds related to your particular situation to processing of personal data concerning you when processing is based on the existence of a legitimate interest pursued by the company, including profiling and the ESIM 2025 ORGANISING TEAM shall no longer process the personal data unless it demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms as data subject or for the establishment, exercise or defense of legal claims.

9. Right to lodge a Complaint with the Data Protection Authority
If you find out that your personal data are being unlawfully processed or your rights in connection with your personal data have been infringed, provided you have previously contacted the ESIM 2025 Data Protection Officer (DPO) about the relevant issue, that is you have exercised your rights vis-a-vis the ESIM 2025 ORGANISING TEAM and you either did not receive a reply within one month (the deadline being extended to two months in case of a complex request) or you believe that the response you received from the ESIM 2025 Organising Team is not satisfactory and your issue has not been resolved, you can contact the Data Protection Authority, 1-3 Kifisias Avenue, PO Box 11523 Athens Greece, complaints@dpa.gr, fax: +302106475628 (for more information, see also the Authority’s Portal https://www.dpa.gr/en).

10. Security of Personal Data
The ESIM 2025 ORGANISING TEAM implements appropriate technical and organisational measures to ensure an adequate level of protection of personal data in order to prevent the destruction, loss, alteration, unauthorised access, disclosure or transfer to a non-entitled person or entity in any way.

The ESIM 2025 ORGANISING TEAM has business continuity and recovery plans, which it periodically tests and updates; it has in fact established and implemented appropriate policies and procedures for the security and protection of the data it processes.

In addition, to that purpose, the ESIM 2025 ORGANISING TEAM has reviewed the contracts it holds with the processors to commit them to respect your personal data under the GDPR by taking and enforcing measures to secure them from risks of destruction, loss, alteration unauthorised access, disclosure or transfer to a non-entitled person or entity, in any way and by signing a confidentiality clause.

11. Links to other websites
When we provide links to websites or other Organisations, this personal data protection notice does not cover the way in which these sites or Organisations process your personal data and the information provided by you in general. That is why we encourage you to read the privacy policies of other websites you visit.

12. Social Media Accounts
We maintain social media pages for your information. We do not share your data with another organisations, but social media providing companies have their own GDPR policy to which we refer you.

 13. Revision of the Personal Data Protection Statement
This statement is subject to periodic revisions and updates. In this case you will be informed through the website.

Summer School Secretariat


Convin S.A. - 29 K. Varnali str., 1533 Chalandri, Athens, Greece

info@convin.gr - www.convin.gr

Privacy Policy / Cookies Policy / Phishing Policy