EACTS Data Privacy and Cookies Policy

The European Association for Cardio-Thoracic Surgery (EACTS) respects individuals’ privacy. Your visit to www.eacts.org, logging in to the Membership and Registration area, Training Management SystemAdult Cardiac Database and visiting our sister sites (ebcts.org, euromacs.org, mmcts.org, ejcts.org, icvts.org) are collectively referred to in the following document as (the “Site”) and are subject to the terms set out in this Privacy Policy. The entity responsible for the collection and processing of data under this Privacy Policy is:

The European Association for Cardio-Thoracic Surgery, EACTS House, Madeira Walk, Windsor SL4 1EU UK

In accordance with the principles which underpin the UK Data Protection Act (DPA) of 1998 (and any law passed by the UK Parliament which repeals, supersedes, or amends the DPA), and the EU General Data Protection Regulation (GDPR) 2016 (which is in force from 25 May 2018) (together referred to in this Privacy Policy as the Data Protection Legislation), this Privacy Policy describes the types of personal data we collect, how we use it, and with whom we share it. Our Privacy Policy also describes the measures we take to protect your personal data, how to exercise your rights, and how to contact us should you wish to update or remove your data from our records.

EACTS aims to advance education in the field of cardiac, thoracic and vascular interventions; and promote research into cardiovascular and thoracic physiology, pathology and therapy.  In doing so, it is necessary for us to collect relevant personal data from our Site visitors, members, authors, instructors, Fellowship candidates, speakers and attendees of our educational programmes.

We only use your personal data such as your name and contact details, qualifications, funding disclosures, topics of interest and when required your age, references and any payment details, in our legitimate business of administering membership and courses. We do not sell your data to any third parties. In order to provide our services to you (e.g. to administer our annual meeting, courses and membership benefits) we may be required to send your relevant personal data to our trusted 3rd party processors and sister societies, a summary of these are listed in the section “3rd party processors”.

Please read this full policy carefully; by accessing our Site, you consent to the collection and use of any information you provide in accordance with this policy. Occasionally, we may make changes to this policy, so do remember to check back from time to time.

To review and update the personal data you have supplied us with, please login in to your EACTS account at https://membership.eacts.org/#/login.

We have appointed a lead for data protection who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this Privacy Policy, including any requests to exercise your legal rights, please contact our lead for data protection via our EACTS privacy enquiry form or via email at DataSecurity@eacts.co.uk.  If you have any other query you may contact us by email at info@eacts.co.uk or write to us at: The European Association for Cardio-Thoracic Surgery, EACTS House, Madeira Walk, Windsor SL4 1EU UK.

The data controller as it relates to this privacy policy is The European Association for Cardio Thoracic Surgery (EACTS). EACTS is comprised of EACTS Publishing, EACTS Academy and EACTS Trading Ltd.

EACTS publishes the European Journal of Cardio-Thoracic Surgery (EJCTS), Interactive Journal of Cardio-Thoracic Surgery (ICVTS), and The Multimedia Manual of Cardio-Thoracic Surgery (MMCTS).  EACTS also administers the European Board of Cardio-Thoracic Surgery Exams (EBCTS), the Quality Improvement Programme Database, the Training Management System and works to author various clinical guidelines.

In order to carry out the important educational work of EACTS, we collect your personal data. One of the reasons we do so is that it helps to ensure that our interactions with you are timely, relevant and tailored for you.

We collect personal data during your visit on this Site. By personal data we mean “any information relating to an identified or identifiable natural person” such as name, address, e-mail. The personal data we process is either provided directly by you on a voluntary basis or collected automatically via the Site.

Personal data you provide to us on a voluntary basis

You may choose to provide EACTS with personal data. If you choose not to give some data, this may affect the way you navigate on this Site or receive the services that we can offer you.

When registering for EACTS membership, courses, events, fellowships or submitting material for publication such as an abstract, case study, article or video tutorial, we ask for personal data such as your name, title, e-mail address, telephone number, the name of your organization, qualifications, topics of interests, payment details and where required your date of birth. This data will be used for identity, membership and eligibility verification and billing purposes.

When you contact us via e-mail or information request links on this Site we will use the data you provide in order to provide the information or support you requested.


Personal data we collect automatically

Like many companies, EACTS uses cookies and log files to enhance your visit to our Site and to better understand how our Site is used. Please read our Cookie Policy below to learn more.

We do not sell, rent, trade or otherwise disclose personal data about our Site visitors or membership, except as described below. When you provide us with personal data through this Site you consent to us using that personal data for our lawful reasons as set out below.

We share your personal data with 3rd party processors and controllers we have retained to perform various services on our behalf and in relation to the purposes set forth in this Privacy Policy. These 3rd parties are contractually required to act only on our instructions and to maintain an appropriate level of data protection and data security. Service providers are not authorised by us to use the data provided by us for their own purposes or to disclose the data to third parties except as necessary to perform services or functions for EACTS or to comply with legal requirements. For example, service providers are not authorized by EACTS to use the data we share with them for their own marketing purposes.

We also collect, use and share aggregated data such as statistical or demographic data for any purpose aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect aggregated data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We enlist the services of other companies and organizations to help us fulfill our contracts and deliver services to you; we maintain privacy contracts with them to ensure they will safeguard any personal data they process on our behalf. These companies and organizations include:

Publishing partners

Sister societies such as: Society or Thoracic Surgery (STS), US and Cardio Thoracic Surgery Network (CTSNET), US

Database and website development companies

Financial services companies

Insurance companies

Research universities

Travel and destination management companies

We may disclose data about you: (1) if we are required to do so by law or pursuant to Court order, or (2) in response to a legitimate request from law enforcement authorities. We also reserve the right to transfer any data we have about you in the event we sell or transfer all or a portion of our business or assets. Should such a sale or transfer occur, we will use reasonable efforts to try to require that the transferee uses personal data you have provided through this Site in a manner that is consistent with this Privacy Policy. If you do not want the transferee to further process your data in such case, you should contact the transferee.
The Data Protection Legislation states that we are only allowed to process personal information if we have a proper reason to do so. This includes sharing it with third parties. We must be clear about why we process your data and what is our lawful basis for processing.

The lawful bases for processing are set out in the DPA and the GDPR. At least one of these must apply whenever we process personal data:

(a) Consent: you have given clear consent for us to process your personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.

Source: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

Contractually, in order to provide our services to you, we need to process your data to:

• Process your EACTS membership application.
• Administer your membership benefits by sharing your details with the Society of Thoracic Surgery (STS) and Cardiothoracic Surgery Network (CTSNET) both are based in the US.
• Process your membership fees and other financial transactions as required.
• Produce membership cards and conference badges.
• Enroll you in courses and email you information you have requested.
• Process job applications.
• Publish your abstracts.
• Publish journal articles in EJCTS and ICVTS.
• Publish video tutorials in MMCTS.
• Process Frances Fontan Fellowship candidate applications by sharing their details with an EACTS appointed committee whose members may reside outside of the UK.
• Administer the Training Management Programme.
• Administer the Adult Cardiac and Euromacs databases.
• Maintain accurate membership and correspondence records.
• Deliver our products and services.

When it is in our legitimate interest we process your data to:

• Communicate with you about your membership.
• Email you with information on our educational programmes and publications.
• Invite you to speak at our annual meeting, events and academy courses.
• Invite you to submit video tutorials for publication in MMCTS.
• Invite you to submit articles in EJCTS and ICVTS.
• Invite you to participate in an EACTS task force.
• Process financial transactions as required.
• Ask you to participate in relevant surveys or research.

When you have given your consent we process your data to:

• Promote our educational programmes and publications.
• Promote participation in the Frances Fontan Fund
• Share general news

Generally, we do not rely on consent as a legal basis for processing your personal data other than as described above. However, where we do ask for your consent we will do so in order to comply with the principle that any processing must be lawful, fair and transparent.

We may also use social media sites such as Facebook, Instagram, Twitter and YouTube to reach you about EACTS educational opportunities, publications and fellowships If you do not want to see targeted advertising from us on social media, please refer to the instructions provided by the social media networks including without limitation; Facebook, Twitter, Instagram, and Google.

We may disclose personal information if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of EACTS, our websites or our visitors and for other lawful purposes.

EACTS mainly collects, processes and uses your personal data within the European Economic Area (EEA). We will only transfer your personal data outside of the EEA or if we have a legitimate reason to do so. If we use third party service providers located outside of the EEA we will take the necessary steps to ensure compliance with the Data Protection Legislation, in particular the legal requirements on adequate protection for data transfers to countries outside of the EEA.

We may provide links to other non-EACTS websites for your convenience and information. These sites operate independently and are not affiliated with EACTS are not under our control. These sites may have their own privacy policies in place, which we strongly suggest you review if you visit any linked websites.

We maintain appropriate administrative, technical and physical safeguards to protect your personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and all other unlawful forms of processing of the personal data in our possession.

We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. All staff with access to your personal data understand the importance of keeping your information safe and secure at all times and are given training to support them in this.

However, the transmission of information over the internet is never completely secure and as a result, while we strive to protect your personal information, EACTS cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your data, we make every effort to ensure its security, both on our systems and while in transit between our systems and our partners who work on our behalf.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our websites and recommend that you check the policy of each site you visit.

Sometimes we may transfer information submitted by you to our other offices or we may need to use a service provider or partner outside the European Economic Area (EEA) – which may include a country that does not have the same level of data protection as the UK. In these circumstances, we take all reasonable steps to ensure the safety and security of your information as set out in this Privacy Policy, including adhering to the EU-US privacy shield agreement.

We will hold your personal information on our systems for as short a time as is necessary for the relevant activity and meet any legal or regulatory requirement. This is so that we can provide the services, products or information you have requested, to administer your relationship with us, to ensure we don’t communicate with you if you’ve asked us not to and to comply with the law.

Under GDPR you have the rights to:

a. Request access to your personal data.
b. Request correction of your personal data.
c. Request erasure of your personal data.
d. Object to processing of your personal data.
e. Request restriction of processing your personal data.
f. Request transfer of your personal data.
g. Right to withdraw consent.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee of £10 if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

If you would like to know more about the personal data we process about you; access a copy of this information; correct, update, erase, or transfer the data we hold about you; or revoke your consent for us to use your data or ask any other questions you may have about our privacy practices, we offer three options:

1) To review and update your personal data, please login in to your EACTS account at https://membership.eacts.org/#/login.

2) To request more information about your data, please complete the EACTS Data Privacy Enquiry Form. To administer your request, we may need you to provide a description of the information you would like, as well as approved proof of identity.

3) Privacy related queries may also be sent via email to DataSecurity@eacts.co.uk or in writing to The European Association for Cardio-Thoracic Surgery, EACTS House, Madeira Walk, Windsor SL4 1EU UK. For all other matters, not related to data privacy, please send email to info@eacts.co.uk.

When you tell us that you no longer want to hear from us for marketing purposes, please be aware that we may still contact you for administration purposes.

Lastly, you also have the right to lodge a complaint about the way we manage your data with the Information Commissioners Office (ICO), if you feel that we have failed to comply with the DPA or EU GPDR. The ICO is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to hear your concerns and resolve any problems before you approach the ICO, so please contact us in the first instance as set out above.

Cookies are small text files that are placed on your device to help us give you a better experience of using our website. Cookies do lots of different things, such as helping us to:

• Avoid asking you to register or complete details twice.
• Understand how visitors use the site so we can enhance their experience.

You can set your devices to accept all cookies, to notify you when a cookie is issued, or not receive cookies at any time, although doing this would disable some personalized services. You should read the information that came with your browser software to see how you can do this.

We sometimes use Facebook, Twitter and LinkedIn to promote our EACTS educational offerings on our social media channels to previous visitors to our site. To opt out of receiving these cookies, please visit Facebook, Twitter, Linkedin.

You can also find out more about cookies at www.allaboutcookies.org and www.youronlinechoices.eu/.

This information was last updated and made effective on 17 April 2018. From time to time, we may make changes to this policy, at any time and without prior notice to you so you may wish to check back from time to time. The amended information will apply from the date it is posted on the site and will govern the way in which we collect and use personal information from then on.

In case of substantial changes to the Privacy Policy, we will, however, post a notice on the homepage and the changes will only be effective 30 days after their posting. We will indicate above the effective date of the Privacy Policy and which version is published on this website.

Your use of our sites constitute your unconditional acceptance of the practices described in this privacy policy and the other terms and conditions of the terms of use. If you do not agree with and accept all of the practices described in this privacy policy, do not use the website or do not provide or submit any personally identifiable information via or while using our websites, software or services.