INFORMATION NOTICE ON THE PROCESSING OF PERSONAL DATA
In accordance with art. 13 of the Data Protection Regulation (EU) 2016/679 (GDPR), we inform you that the processing of your personal data by European Endometriosis League e.V as Data Controller, will be carried out through PROevents & Conference S.R.L., with registered office in: Bucharest, Str. Soldat Gheorghe Matac no. 31, 5th floor, Sector 2 and mailing address: Municipality of Cluj-Napoca, strada Someşului, numărul 34-36, Scala Center, Biroul numărul 7, Cluj County, registered with the Trade Register Office under no. J2007014064402, e-mail: , Fiscal Code 50180048, as Data Processor.
1. Purpose and Legal Basis of Data Processing
The purposes of processing personal data of data subjects who will interact with the Data Controller are the following:
- Registering and managing event participants, including confirming registration and facilitating access to the event.
- Providing organizational information and communications related to the event, such as schedule, location and any relevant changes to the organization.
- Issuing tickets or access documents required for participation in the event.
- Personal data is also processed at the event by sub-processors, whereby biometric/image data is processed.
The legal grounds for data processing are the following:
- Execution of a contract (Art. 6(1)(b) GDPR): The registration of participants and the provision of access to the event constitutes a contractual relationship between the main organizer and the participant.
- Legal Obligation (Art. 6(1)(c) GDPR): In handling payments and issuing invoices for access to the event, the legal financial requirements are complied with.
- Consent (Art. 6(1)(a) GDPR): In certain cases, data may be used for marketing or promotional purposes only if the data subject has consented to this.
- Legitimate interest (Art. 6(1)(f) GDPR): The processing of data to improve services through statistical analysis may be justified by the legitimate interest of the controller to ensure the smooth running of the event and to optimize future experiences.
2. Types of Personal Data Collected
The data collected may include, as appropriate: identification information (name, surname, ID or passport data), contact data (e-mail address, telephone number, postal or correspondence address), CUIM, specialty, professional grade, job, city (geographical area), nationality, itinerary data, biometric information obtained by photographing/video recording, billing data.
3. Data Recipients
The Data Controller European Endometriosis League e.V, as well as its authorized Data Processor, PROevents & Conference S.R.L will not disclose the data to third parties without the consent/information of the data subjects, except in cases necessary for the performance of the organizational services and the execution of the contract or except in cases required by law.
Your personal data may be sent to: Romanian College of Physicians, hotel establishments, transportation companies, document printing companies facilitating access.
4. Duration of Data Storage
The data will be kept for the period of validity of the contract and after its termination, for a period of 3 more years, unless the law requires that the data be kept for a longer period.
Data processed in accordance with the legal obligation shall be subject to the validity periods imposed by law.
Post event promotion on social networks/digital media for a period of 3 years.
5. Rights of Data Subjects
Under applicable law, you have the following rights:
- Right to access
- Right to rectification
- Right to erasure (“right to be forgotten”)
- Right to restriction of processing
- Right to object
- Right to data portability
- Right to lodge a complaint
- Right to withdraw consent
- Additional rights related to automated decisions
To exercise these rights, you can contact the Data Protection Officer by e-mail at or you can contact A.N.S.S.P.D.C.P. (National Supervisory Authority for Personal Data Processing).
6. Data Transfers Outside the European Union
Personal data may be transferred outside the EU/EEA (e.g. the United States of America) for storage and processing, complying with GDPR standards. The United States has been confirmed by the European Union as GDPR compliant in accordance with the EU-US Privacy Framework, thus allowing for a secure transfer of data.
