Table of Contents
– Data Protection Principles
– Data Subject’s Rights
– Data we Collect
– The use of your Personal Data
– Who else can access your Personal Data
– Security of your Personal Data
– Retention Period
– Cookies and other technologies we use
– Cross-Border Transfer
– Embedded content from other websites
– IDS’s social media websites (Facebook, Twitter, Instagram and LinkedIn)
– Contact Information
Personal Data – any information that relates to an identified or identifiable living individual.
Processing – covers a wide range of operations performed on Personal Data, including by manual or automated means. It includes the Collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of personal data.
Data Subject – a natural person or individual whose Personal Data is being processed.
We/us – The International Dermoscopy Society (IDS)
Data Protection Principles
We ensure that we follow the following Data Protection Principles
- Processing is lawful, fair and transparent. Our Processing activities have lawful grounds. We always consider your rights before Processing Personal Data. We will provide you information regarding Processing upon request.
- Processing is limited to the purpose. Our Processing activities fit the purpose for which Personal Data was gathered.
- Processing is done with minimal data. We only Collect and Process the minimal amount of Personal Data required for any purpose.
- Processing is limited with a time period. We will not store your personal data for longer than needed.
- We will do our best to ensure the accuracy of data.
- We will do our best to ensure the integrity and confidentiality of data.
Data Subject’s Rights
The Data Subject has the following rights:
- Right to information: you have the right to know whether your Personal Data is being Processed, what personal data is gathered, from where it is obtained and why and by whom it is Processed.
- Right to access: you have the right to access the data Collected from/about you. This includes your right to request and obtain a copy of your Personal Data Collected.
- Right to erasure (“right to be forgotten”): in specific circumstances you have the right to request for your Personal Data to be erased from our records.
- Right to rectification: you have the right to request the prompt rectification of inaccurate personal data concerning you. Furthermore, and taking into account the purposes of the Processing, you have the right to have incomplete personal data completed – including by means of a supplementary statement.
- Right to object to Processing: in certain cases you have the right to object to Processing of your Personal Data.
- Right to restrict Processing: where certain conditions apply, you have the right to restrict the Processing of your Personal Data.
- Right to object to automated Processing: meaning you have the right to object to automated Processing, including profiling, and not to be subject to a decision based solely on automated Processing. This right you can exercise whenever there is an outcome of the profiling that produces legal effects concerning or significantly affecting you.
- Right to data portability:you have the right to obtain your Personal Data in a machine-readable format or if it is feasible, as a direct transfer from one Processor to another.
- Right to lodge a complaint: in case that we refuse your request under the Rights of Access, we will provide you with a reason as to why. If you are not satisfied with the way your request has been handled please contact us.
- Right for the help ofsupervisory authority: you have the right for the help of a supervisory authority and the right for other legal remedies such as claiming damages.
- Right to withdraw consent: you have the right to withdraw any given consent for Processing of your Personal Data.
Data we Collect
We may request basic Personal Data when you use this Site. We may request additional Personal Data. Any information we Collect is solely for the purpose of enhancing your membership experience.
This Site may request personally identifiable data from you (“Personal Information”), which may include your domain name (where possible) or other personal information such as your name, contact details (postal address, telephone number, email address, etc), photographs, etc. We may also request additional personal data related to our professional interaction with you which may include your professional biography/credentials, data related to your licensures, specialties, professional affiliations, publications, credentials, and other professional achievements.
Our web server automatically recognizes and stores your e-mail address or your domain name (where possible) when you log onto our Site, the e-mail addresses of those who communicate with us via e-mail, and aggregate information about what pages on our Site you visit or access.
When you are asked to provide Personal Data, you may decline. But if you choose not to provide data that is necessary for us to provide requested services/information, we may not be able to provide you those services/information.
Publicly available information
We may Collect information about members that is publicly available.
The use of your Personal Data
We use your Personal Data on legitimate grounds and/or with your Consent. The Personal Information described above will be Collected solely by IDS. We use email to communicate with you about IDS activities and news. Personal Information is used by IDS to assist in serving you more effectively. Personal Information is also used by IDS to improve the content of our web page, to customize the content and/or layout of our page for each individual member, to notify members about updates to our web Site, and/or to contact members for issues related to IDS.
We might Process your Personal Data for additional purposes that are not mentioned here, but are compatible with the original purpose for which the data was gathered. To do this, we will ensure that:
- the link between purposes, context and nature of Personal Data is suitable for further Processing;
- the further Processing would not harm your interests and
- there would be appropriate safeguard for Processing.
With your consent we Process your Personal Data for the following purposes:
- to send you newsletters, information about training courses and campaign offers (from us and/or our carefully selected partners);
- for other purposes we have asked your consent for.
We will inform you of any further Processing and purposes.
Who else can access your Personal Data
We do not share your Personal Data. Personal Data about you is in some cases provided to our trusted members/partners in order to either make providing the service to you possible or to enhance your member experience.
Security of your Personal Data
We do our best to keep your Personal Data safe. We seek to use reasonable organizational, technical and administrative measures to protect your Personal Data. We use safe protocols for communication and transferring data. We use anonymising and pseudonymising where suitable. We monitor our systems for possible vulnerabilities and attacks. However, no data transmission or storage system can be guaranteed to be 100% secure. We promise to notify suitable authorities of data breaches. We will also notify you in case there is a threat to your rights or interests.
Cookies and other technologies we use
A cookie is a tiny text file stored on your computer. Cookies store information that is used to help make Sites work. Only we can access the cookies created by our website. You can control your cookies at the browser level. Choosing to disable cookies may hinder your use of certain functions. (+ google analytics)
The data we Collect through the Site may be stored and Processed in any country where we have members or in which we engage service providers, including in the USA and where our members operate.
Some non-EEA countries are recognized by the European Commission as providing an adequate level of data protection according to EEA standards. For transfers from the EEA to countries not considered adequate by the European Commission, we have put in place adequate measures, such as by ensuring that the recipient is bound by EU Standard Contractual Clauses, to protect your Personal Data. You may obtain a copy of these measures by contacting us as indicated in the Contact Us section.
Embedded content from other websites
Articles on this Site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has viSited the other website.
If you subscribe to a newsletter offered on our website, the information provided during registration for the newsletter will be used solely for the purpose of mailing the newsletter unless you consent to its use for additional purposes. You may cancel the subscription at any time by using the option to unsubscribe contained in the newsletter.
IDS’s social media websites (Facebook, Twitter, Instagram and LinkedIn)
You can find us on Facebook, Twitter, Instagram and LinkedIn. We use plugins which contain services provided by third parties not connected to IDS. The social media accounts of IDS help us to provide you with more multimedia-based information. They also enable us to communicate with you and exchange ideas on a range of important issues. Along with the providers of these social networking services, we use our social media Sites to Collect and Process personal information on our users. The aim of this data protection statement is to inform you of the nature of the personal data we Collect via our social media Sites, and the way in which we use these data.
Regarding our social media accounts, we share responsibility with the providers of the relevant social media platforms for the Collection of your data, their Processing on our social media pages and their transmission (refer to Article 26 of the GDPR). Point (f) of Article 6(1) of the GDPR shall serve as the legal basis for this Processing, which is necessary for the pursuit of our legitimate interests of engaging in public relations activities, providing you with dermoscopy-related information and entering into direct communication with you. For any additional Processing carried out in relation to these social media Sites, the platform provider shall act as the sole controller under the GDPR.
In regard to our Site, which we provide via the social media provider’s platform, the provider grants us access to the following categories of data:
- The social media platform provider grants us access to web analytics data which provide information on the use of our social media Sites. The web analytics data visible to us do not permit us to analyse the behavior of individual users. We can only view aggregated data (including data on numbers of visits, likes, followers, country of origin, age group, gender) which provide information on our audience and the manner in which visitors use our social media Site. Individual user data which were used to produce these web analytics data are not transmitted to us.
- We can adjust our social media Site’s settings to target our Site or individual items published on the Site to a specific audience. Adjusting general parameters (e.g. age group, language, region, interests) enables us to target our content at specific groups. The data provided to us by the social media platform providers do not enable us to contact or identify individual persons.
- If you contact us directly via the social media provider or interact with us in any other way that involves knowingly transmitting personal data (e.g. by establishing a direct link with our social media Site), we shall store and Process these personal data in line with the purposes for which you transmitted them.
- We will only Process these data for the purpose of providing targeted notifications regarding content on our social media Site and in order to better understand and optimise the way in which our social media Site is used.
- We will store usernames and comments which have been blocked or deleted following a breach of our etiquette rules. These are stored solely for the purpose of serving as evidence in potential legal disputes arising within the permitted time period.
Please consult the information below regarding other purposes of Processing and the categories of data concerned. This is provided separately for each of the social media platforms used.
Our website contains a link to the Facebook social networking Site provided by Facebook Inc., 1601 S. California Ave. Palo Alto, CA 94304, USA, and operated within the EU by Facebook Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland (jointly referred to as “Facebook”). Clicking on this link will take you to the Facebook website. This action notifies Facebook of your IP address and the fact that the user of this IP address has accessed the page you viSited. Provided you are logged into your Facebook account, Facebook will be able to link this visit to your Facebook account. If you interact with the plugins, e.g. by clicking the ‘Like’ button or posting a comment, your browser will transmit the relevant information directly to Facebook, where it will be stored.
You will find us on Facebook under International Dermoscopy Society. Our username is @dermoscopy. In this context, please note that IDS has accepted Facebook’s Page Insights Controller Addendum.
If you visit our fan page, Facebook will Collect, store and Process your personal data in line with Facebook’s Data Policy. The Facebook Data Policy is available here: https://www.facebook.com/policy.php/
While we also carry out some data Processing, this Processing shall not exceed the scope and limited data sets described above.
The Processing of your personal data will be performed not only by Facebook Ireland Limited but also by Facebook Inc. in the United States of America. The USA is a third country that does not have an EC adequacy decision, meaning it does not provide an adequate level of protection for personal data. Through its use of standard contractual clauses, Facebook Inc. guarantees compliance with EU data protection provisions even where data Processing occurs in the USA.
For the standard contractual clauses, please see https://www.facebook.com/policy.php/
Once you have clicked on the Twitter link, you will be taken to our Twitter feed, a service provided by Twitter Inc. 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. The link can be identified by the Twitter logo. Our Twitter account (@IDS_Dermoscopy) is used for media and public relations purposes and covers all issues pertaining to IDS.
We have no influence over the nature or scope of the data Processed by Twitter, the way in which these data are Processed or used, or the disclosure of these data to third parties. Nor do we have any effective means of regulating this.
By using Twitter, you will have your personal data Collected, transmitted, stored, disclosed and used by Twitter Inc. and, regardless of your place of residence, it will be transferred to the United States, Ireland and any other country in which Twitter Inc. conducts business, where it will be stored and used.
As part of these activities, Twitter will Process data which you have provided voluntarily when uploading or synchronizing them, such as your name and username, email address, telephone number and the contacts in your address book.
However, Twitter will also analyse the content you share in order to determine the topics you are interested in. Twitter will also store and Process confidential messages sent by you to other users, and can determine your location based on GPS data, information on wireless networks or your IP address. This is done with the aim of sending you advertising material and other contents.
Twitter Inc. may use web analytics tools such as Twitter Analytics or Google Analytics to analyse your data. IDS has no influence over the use of such tools by Twitter Inc. and has not been informed of any potential use of such tools. Should Twitter Inc. use such tools in relation to IDS’s account, this use was not commissioned or approved or in any other way supported by IDS. Data generated as a result of this analysis will not be made available to us. Via the IDS account, we only have access to certain types of non-personal information on Twitter activity, such as the number of profile or link clicks generated by a specific tweet. Please note that IDS has no way of preventing or deactivating the use of such tools on our Twitter account.
Last but not least, Twitter will receive information on Site usage (such as when you look at content), even if you haven’t created an account. This is known as ‘log data’ and can include your IP address, browser type, operating system, information on the website you previously visited and the pages you accessed, your location, your cell/mobile phone provider, the end device you are using (including device ID and application ID), the search terms you used and cookie-related information.
It is possible to limit the Processing of your data by adjusting the ‘General’ account settings of your Twitter account and by consulting the tab ‘Privacy and safety’. On your mobile devices (smartphones, tablets), you furthermore have the option of using your device settings to limit the degree to which Twitter can access your contact and calendar data, photos, location data, etc. The extent to which this is possible will depend on the operating system used.
While we also carry out some data Processing, this Processing shall not exceed the scope and limited data sets described above.
The Processing of your personal data will be performed not only by Twitter Ireland but also by Twitter Inc. in the USA. The USA is a third country that does not have an EC adequacy decision, meaning it does not provide an adequate level of protection for personal data. Through its use of standard contractual clauses, Twitter Inc. guarantees compliance with EU data protection provisions even where data Processing occurs in the USA.
For the standard contractual clauses, please see https://twitter.com/en/privacy.
Our Instagram account is operated by Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (“Facebook”). The relevant link used on our website can be identified by the Instagram camera icon. You will find us under the username @dermoscopy.
Your browser will only establish a direct connection to Facebook’s servers once you click on this link. When you visit our Instagram account, Facebook will receive notification that your browser has accessed the relevant page from our overall web presence, even if you do not have an Instagram profile or are not currently logged into Instagram. This information (including your IP address) will be transmitted directly from your browser to Facebook servers in Ireland and the United States, where it will be stored.
A visit to our Instagram profile will result in Facebook, as the provider of the service, storing and processing your personal data in line with Facebook’s Data Policy. The Instagram Data Policy is available here. https://www.facebook.com/help/instagram/155833707900388
While we also carry out some data processing, this processing shall not exceed the scope and limited data sets described.
The processing of your personal data will be performed not only by Facebook Ireland Limited but also by Facebook Inc. in the USA. The USA is a third country that does not have an EC adequacy decision, meaning it does not provide an adequate level of protection for personal data. Through its use of standard contractual clauses, Facebook Inc. guarantees compliance with EU data protection provisions even where data processing occurs in the USA. For the standard contractual clauses, please see https://www.facebook.com/policy.php/.
Our Linkedin account is operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). The relevant link used on our website can be identified by the LinkedIn logo. You will find us under the username @dermoscopy.
Your browser will only establish a direct connection to LinkedIn’s servers once you click on this link. When you visit our LinkedIn account, LinkedIn will receive notification that your browser has accessed the relevant page from our overall web presence, even if you do not have an LinkedIn profile or are not currently logged into LinkedIn. This information (including your IP address) will be transmitted directly from your browser to LinkedIn servers in the United States, where it will be stored.
A visit to our LinkedIn profile will result in LinkedIn, as the provider of the service, storing and processing your personal data in line with LinkedIn’s Data Policy. The LinkedIn Data Policy is available here https://www.linkedin.com/legal/privacy-policy.
Under certain conditions you have the right to to require us to:
- receive an exported file of the Personal Data we hold about you, including any data you have provided to us.
- erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
- In addition, at any time you may request to correct the Personal Information, request that such information should be removed from IDS database, or request that IDS no longer solicit you either by e-mail, telephone, regular mail or by any other means.
To make any request described above, send an email to the President of the society. When contacting us, please be sure to provide us with your exact e-mail address, name, address and/or telephone number(s) in order to be sure we handle your request correctly.