This policy defines and informs EATG members, applicants to EATG’s training programmes and other meetings and events, and visitors to EATG’s websites of how EATG uses and protects the personal information provided to it. The following are EATG’s websites:
- www.eatg.org ;
- www.eatgtrainingacademy.com ;
- www.eatg4women.com ;
It also defines how EATG complies with and applies Regulation 2016/679 of the European Parliament on the protection of these individuals with regard to the processing of their personal data.
I. PERSONAL DATA
In accordance with the General Data Protection Regulations (GDPR) of 14 April 2016, EATG informs you of the following points:
1. Identity of the controller
The controller is
EUROPEAN AIDS TREATMENT GROUP E.V.,
Mettmanner Strasse 24-26 – 40233 DUSSELDORF – Germany (Dem. Rep.)
Headquarters in Belgium: Interoffices, Avenue des Art 56-4c – 1000 Bruxelles
Tel. + 32 (0) 2 626 96 40
E-mail addresses: firstname.lastname@example.org and email@example.com
2. Data collected
EATG may collect personal data for professional purposes and with the express consent of the individual.
EATG may collect the following personal data:
- contact details (surname(s), first name(s), postal address, e-mail, fixed and/or mobile telephone number(s), region);
- affiliations (professional / volunteer);
- food preference when attending a meeting/event;
- passport data for ticket booking and/or visa assistance;
- HIV status as part of the application for membership or other application (e. g. training);
- personal skills, needs;
- banking information (e. g. for payment of reimbursement, daily meal allowance);
- educational background;
- other personal data necessary for membership or training applications, or for financial procedures.
3. Purposes of the processing operation
EATG may process personal information transmitted for the following purposes:
- sending the newsletter and/or information bulletin to the person;
- investigation following an application for membership;
- participation in an event;
- providing the information or services requested by the user (by being present at the operating sites, by e-mail, by telephone or by post) and adapted to the user, and more particularly:
- processing and follow-up of requests for information from EATG;
- presenting the services offered and provided by EATG;
- statistics of visits to EATG websites;
- collect information to enable EATG to improve sites, products and services (including through cookies);
- enable the training applicant to access EATG’s services under the best possible conditions;
- manage the contracts concluded between the member, the partner and EATG with regard to its legal and contractual obligations.
This data will only be used for internal EATG purposes.
Only EATG is the recipient of the personal information provided.
This, whether in individual or anonymised form, is under no circumstances passed on to a third party, with the exception of subcontractors, external service providers or partners used by EATG in the context of its legal or contractual obligations or in the context of the achievement of its corporate purpose, in order to ensure a complete and adequate service to the member and/or partner.
Neither EATG nor any of its subcontractors, external service providers or partners may market the personal data provided to EATG.
5. Shelf life
Personal information is kept by EATG only for the time corresponding to the purposes of collection as stated above.
In addition to the above, EATG notes the following:
• Application for membership
DMAG is responsible for securely storing membership applications and recommending applicants to the BoD. In this context, both BoD and DMAG have signed a confidentiality agreement and act strictly within this framework. Once the BoD has reviewed the applications recommended by DMAG and made their decision, all approved application files are securely stored by the ED. Some personal data (e.g., name(s), contact details) of the accepted applicants are then only accessible to staff, BoD and DMAG. In terms of the rejected applications, the only information stored will be the applicant’s name, date of application, and reasons why their application was rejected.
After the files are stored, sensitive personal data (e. g. HIV status) are only accessible by the ED and the BoD, and may also be used for anonymised statistical purposes.
All changes and updates In the members’ profiles are treated according to the same rules and principles as described above.
• Declaration of Interests
The information provided by members in their declaration of interest is collected and forwarded to DMAG for review. On the basis of the information received, DMAG prepares an opinion for the Board of Directors. Contact information is used to update membership forms.
• Photos and videos
When participating in photographed and/or filmed events, a request for consent to use the image is automatically requested from EATG members and other participants (e.g., request for signature for agreement to use the image by EATG, or by checking the corresponding box in the EATG conference participation request form, etc.). These will only be used for event related reports/minutes, social media communication, and other publications such as annual publications (e.g. birthdays), etc. They will not be otherwise shared with external parties without the explicit consent of EATG members and the person concerned.
In the event of a person’s refusal to use their image, they will (a) receive a clearly visible sign from EATG before the event to wear so that everyone can respect this refusal, or (b) follow the organisers’ instructions during the online event in order to keep anonymity.
All participants in EATG events who use their personal photo or video devices are required to follow this procedure.
Photo and video footage is stored for an indefinite period of time by EATG for reasons of preserving its organisational history.
• Financial data
EATG, as an officially registered organisation in Germany, is required to keep the archived financial data for 10 years, according to German law. Therefore, personal data relating to financial transactions are kept in EATG’s archives during this period. This includes digital and printed forms (e.g., reimbursement or project forms, accounting books, DMA forms, emails related to these financial transactions, etc.).
At the end of these 10 years, the financial archives are destroyed.
Payment data via PayPal is encrypted and is not stored by EATG.
• Personal data collected for events and/or travel arrangements
Personal data (such as passport data, food preferences, etc.) may be collected for events and/or travel arrangements. This data is used exclusively for the organisation of the event for which the request was made. Such data shall be deleted after the expiry of the period necessary for the storage of such data for legal purposes.
The sharing of documents between participants, such as lists of participants, departures, information on speakers and others, is only done with the explicit approval of the persons concerned.
The disclaimer below will be used for the organisation of events:
By completing the registration form, the candidate authorises EATG to process the personal data provided as part of the event, in accordance with European legislation on the GDPR.
The applicant gives explicit consent to EATG to (tick the box if they consent):
- be contacted by e-mail and/or telephone for organisational reasons, and/or to receive all relevant information about the event;
- appear on photos and/or videos;
- receive and wear a badge with name, first name, organisation/country;
- be on the list of participants;
- appear on the departure list;
- receive a certificate of attendance;
- use passport data (surname, first name, family name, date of birth, gender, citizenship, passport number, validity of the passport) for organisational purposes such as booking flight/train/bus tickets, hotel reservations, visa support.
The processing of this personal data is carried out on behalf of EATG by FCM Travel Solutions.
This processing is governed by a contract between EATG and FCM Travel Solutions and complies with the requirements of the EU GDPR Regulation, in particular Art. 28. FCM Travel Solutions is subject to compliance with the EU GDPR regulation.
7. Data Rights
The following rights are in accord with the above-mentioned European regulation:
• Right of access and communication of data
A person has the right to access and consult their personal data stored by EATG. They can also find out how EATG obtained that data and to whom they are communicated.
In view of EATG’s obligation of security and confidentiality in the processing of personal data, the person’s request for access and consultation of their data will be processed subject to proof of identity, in particular by producing an electronic or paper copy (accompanied by a signature) of their identity card or passport during the period of its validity. The request is, in all cases, free of charge for the person.
However, EATG may object to manifestly abusive requests (for example, by their number or repetitive or systematic nature).
• Right to rectify data
The European regulation allows persons to request the rectification, updating or deletion of their personal data held by EATG which may prove to be inaccurate, erroneous, incomplete or obsolete.
• Right of opposition
The person has the right to object to the processing of their personal data in the following two situations:
- where the exercise of this right is based on legitimate reasons, or
- when the exercise of this right is intended to prevent the data collected from being used for commercial prospecting purposes.
• Right to erase
The person has the right to request and obtain the deletion of data concerning them held by EATG.
EATG will respond to the request if:
- the personal data are no longer necessary for the purposes for which they were collected;
- the data processing was based exclusively on the visitor’s consent and the visitor withdrew their consent;
- the visitor objects, for justified reasons, to the processing.
In any event, the deletion request may be refused by EATG if the personal data is necessary to:
- the exercise or defence of legal rights;
- compliance with a legal or contractual obligation on the part of EATG;
- the processing is necessary to respect freedom of expression and information;
- other reasons in the public interest to retain personal data, such as for health purposes or scientific and historical research;
- to establish a legal claim.
• Right to data portability
The person may request that their personal data be transmitted to a controller identical to EATG. The person can therefore request EATG to transmit the data in a structured, commonly used and machine-readable format.
• Modalities for exercising rights
The above-mentioned rights may be exercised by sending a letter to EATG’s address or by sending an e-mail to the following addresses: firstname.lastname@example.org or email@example.com or firstname.lastname@example.org.
8. Response times
EATG undertakes to respond to any request for access, rectification or opposition, deletion or any other additional request for information within a reasonable time and in any event within a maximum period of 1 month from receipt of the request.
Depending on the complexity of the request, the response time may be extended to 3 months in accordance with the applicable European regulation.
9. Persons entitled to access personal data
Respecting the exceptions noted in 4 and 6 above, the BoD, DMAG and staff are authorised to consult personal data. These persons must have a reasonable need for the data due to the tasks and missions entrusted to them or the needs related to EATG’s activity.
10. Authorized service providers and transfer to a third country of the European Union
EATG uses authorised service providers to facilitate the collection and processing of some of the data provided. These service providers are located within the European Union and comply with EU GDPR regulations.
EATG has previously ensured that the service providers have implemented adequate guarantees and that strict conditions regarding confidentiality, use and data protection are respected.
11. Complaint to the competent authority
EATG hopes that any possible difficulties related to the processing of personal data will be resolved through dialogue. However, if this cannot be the case, the visitor has the right to lodge a complaint with the competent German data protection authority.
The German Data Protection Authority is located at Zentrale Anlaufstelle (ZASt) beim Bundesbeauftragten für den Datenschutz und die Informa_onsfreiheit, Graurheindorfer Str. 153, 53117 Bonn, Germany.
Telephone: +49 (0)228 99 77 99-7777
12. Downloads and multimedia files
All documents, files or downloadable media made available by EATG on its websites are freely accessible. Although every precaution is taken by EATG to ensure that only authentic downloads are available, EATG advises users to verify their authenticity using third-party anti-virus software or similar applications.
II. VISITING EATG WEBSITES
In general, it is possible to visit EATG websites without providing any personal information. In any event, the visitor is under no obligation to transmit their information to EATG.
However, in certain situations where information is not transmitted, it is possible that the website visitor may not be able to benefit from the requested services. In order to provide visitors with the services offered by EATG, in some cases, visitors may be asked to provide, for example, name(s), first name(s), telephone, addresses (e-mail and postal), gender (sex), hereinafter referred to as “personal information”. By transmitting this information, the visitor expressly agrees that it may be processed by EATG for the purposes indicated in point 2 above and for the purposes mentioned at the time of each request.
When first visiting EATG websites, the visitor is informed that browsing information may be stored in files called “cookies”.
A cookie is an invisible piece of information stored by a website within the computer’s Internet browser. This “cookie” can be retrieved during a subsequent visit to the same site.
The “cookie” cannot be read by a website other than the one that created it. Most “cookies” only work for the duration of a session or visit. None of this information is disclosed to third parties except where EATG has obtained the prior consent of the visitor or where disclosure of the information is required by law, by order of a court or any administrative or judicial authority authorised to take cognizance thereof. This use is made by EATG in order to facilitate navigation on EATG websites.
Some cookies are exempt from prior collection of the visitor’s consent insofar as they are strictly necessary for the operation of the websites or have the exclusive purpose of allowing or facilitating communication by electronic means. These include session ID, authentication and interface customization cookies. These cookies are entirely subject to this policy insofar as they are issued and managed by EATG.
Other cookies, issued by third parties, are described as “persistent”. These remain in the visitor’s terminal until they are deleted or expired.
As such cookies are issued by third parties, their use and storage are subject to their own privacy policies, the links to which are set out below. This cookie family includes audience measurement cookies, advertising cookies (which EATG does not use) and cookies for sharing social networks.
Audience measurement cookies collect statistics about the use and usage of various elements of the website (such as content/pages visited). This data contributes to improving the ergonomics of the EATG website.
Social network sharing cookies are issued and managed by the publisher of the social network concerned. Subject to the visitor’s consent, these cookies make it easy to share some of the content published on the EATG website, in particular through a “button” sharing application depending on the social network concerned.
Five types of social network sharing cookies are available on the EATG website:
Most Internet browsers are configured by default so that cookies are allowed. The browser used by the visitor allows the standard settings to be modified so that all cookies are systematically rejected or only part of the cookies are accepted or rejected depending on their origin.
However, refusing to accept cookies may affect the visitor’s experience and access to certain services or features of the site.
If necessary, EATG declines all responsibility for the consequences related to the deterioration of browsing conditions that occur due to the refusal, deletion or blocking of cookies necessary for the operation of the site. These consequences cannot constitute damage and no compensation can be claimed as a result.
Each Internet browser has its own cookie management settings. To learn how to change your cookie preferences, the links below provide the visitor with help on how to change your cookie preferences.
Internet Explorer: https://support.microsoft.com/fr-be/help/17442/windows-internetexplorer-delete-manage-cookies
Draft, proposed by Overhaul Team
Adopted as a Working Term of Reference by the Board
Ratified by General Assembly
Are you living with HIV/AIDS? Are you part of a community affected by HIV/AIDS and co-infections? Do you work or volunteer in the field? Are you motivated by our cause and interested to support our work?
Stay in the loop and get all the important EATG updates in your inbox with the EATG newsletter. The HIV & co-infections bulletin is your source of handpicked news from the field arriving regularly to your inbox.