EACTS Data Privacy and Cookies Policy
The European Association for Cardio-Thoracic Surgery, EACTS House, Madeira Walk, Windsor SL4 1EU UK
EACTS aims to advance education in the field of cardiac, thoracic and vascular interventions; and promote research into cardiovascular and thoracic physiology, pathology and therapy. In doing so, it is necessary for us to collect relevant personal data from our Site visitors, members, authors, instructors, Fellowship candidates, speakers and attendees of our educational programmes.
We only use your personal data such as your name and contact details, qualifications, funding disclosures, topics of interest and when required your age, references and any payment details, in our legitimate business of administering membership and courses. We do not sell your data to any third parties. In order to provide our services to you (e.g. to administer our annual meeting, courses and membership benefits) we may be required to send your relevant personal data to our trusted 3rd party processors and sister societies, a summary of these are listed in the section “3rd party processors”.
Please read this full policy carefully; by accessing our Site, you consent to the collection and use of any information you provide in accordance with this policy. Occasionally, we may make changes to this policy, so do remember to check back from time to time.
To review and update the personal data you have supplied us with, please login in to your EACTS account at https://membership.eacts.org/#/login.
EACTS publishes the European Journal of Cardio-Thoracic Surgery (EJCTS), Interactive Journal of Cardio-Thoracic Surgery (ICVTS), and The Multimedia Manual of Cardio-Thoracic Surgery (MMCTS). EACTS also administers the European Board of Cardio-Thoracic Surgery Exams (EBCTS), the Quality Improvement Programme Database, the Training Management System and works to author various clinical guidelines.
In order to carry out the important educational work of EACTS, we collect your personal data. One of the reasons we do so is that it helps to ensure that our interactions with you are timely, relevant and tailored for you.
We collect personal data during your visit on this Site. By personal data we mean “any information relating to an identified or identifiable natural person” such as name, address, e-mail. The personal data we process is either provided directly by you on a voluntary basis or collected automatically via the Site.
Personal data you provide to us on a voluntary basis
You may choose to provide EACTS with personal data. If you choose not to give some data, this may affect the way you navigate on this Site or receive the services that we can offer you.
When registering for EACTS membership, courses, events, fellowships or submitting material for publication such as an abstract, case study, article or video tutorial, we ask for personal data such as your name, title, e-mail address, telephone number, the name of your organization, qualifications, topics of interests, payment details and where required your date of birth. This data will be used for identity, membership and eligibility verification and billing purposes.
When you contact us via e-mail or information request links on this Site we will use the data you provide in order to provide the information or support you requested.
Personal data we collect automatically
We do not sell, rent, trade or otherwise disclose personal data about our Site visitors or membership, except as described below. When you provide us with personal data through this Site you consent to us using that personal data for our lawful reasons as set out below.
We enlist the services of other companies and organizations to help us fulfill our contracts and deliver services to you; we maintain privacy contracts with them to ensure they will safeguard any personal data they process on our behalf. These companies and organizations include:
Sister societies such as: Society or Thoracic Surgery (STS), US and Cardio Thoracic Surgery Network (CTSNET), US
Database and website development companies
Financial services companies
Travel and destination management companies
The Data Protection Legislation states that we are only allowed to process personal information if we have a proper reason to do so. This includes sharing it with third parties. We must be clear about why we process your data and what is our lawful basis for processing.
The lawful bases for processing are set out in the DPA and the GDPR. At least one of these must apply whenever we process personal data:
(a) Consent: you have given clear consent for us to process your personal data for a specific purpose.
(b) Contract: the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
(c) Legal obligation: the processing is necessary for us to comply with the law (not including contractual obligations).
(d) Vital interests: the processing is necessary to protect someone’s life.
(e) Public task: the processing is necessary for us to perform a task in the public interest or for our official functions, and the task or function has a clear basis in law.
(f) Legitimate interests: the processing is necessary for our legitimate interests or the legitimate interests of a third party unless there is a good reason to protect your personal data which overrides those legitimate interests.
Contractually, in order to provide our services to you, we need to process your data to:
• Process your EACTS membership application.
• Administer your membership benefits by sharing your details with the Society of Thoracic Surgery (STS) and Cardiothoracic Surgery Network (CTSNET) both are based in the US.
• Process your membership fees and other financial transactions as required.
• Produce membership cards and conference badges.
• Enroll you in courses and email you information you have requested.
• Process job applications.
• Publish your abstracts.
• Publish journal articles in EJCTS and ICVTS.
• Publish video tutorials in MMCTS.
• Process Frances Fontan Fellowship candidate applications by sharing their details with an EACTS appointed committee whose members may reside outside of the UK.
• Administer the Training Management Programme.
• Administer the Adult Cardiac and Euromacs databases.
• Maintain accurate membership and correspondence records.
• Deliver our products and services.
When it is in our legitimate interest we process your data to:
• Communicate with you about your membership.
• Email you with information on our educational programmes and publications.
• Invite you to speak at our annual meeting, events and academy courses.
• Invite you to submit video tutorials for publication in MMCTS.
• Invite you to submit articles in EJCTS and ICVTS.
• Invite you to participate in an EACTS task force.
• Process financial transactions as required.
• Ask you to participate in relevant surveys or research.
When you have given your consent we process your data to:
• Promote our educational programmes and publications.
• Promote participation in the Frances Fontan Fund
• Share general news
Generally, we do not rely on consent as a legal basis for processing your personal data other than as described above. However, where we do ask for your consent we will do so in order to comply with the principle that any processing must be lawful, fair and transparent.
We may also use social media sites such as Facebook, Instagram, Twitter and YouTube to reach you about EACTS educational opportunities, publications and fellowships If you do not want to see targeted advertising from us on social media, please refer to the instructions provided by the social media networks including without limitation; Facebook, Twitter, Instagram, and Google.
We may disclose personal information if required to do so by law or if we believe that such action is necessary to protect and defend the rights, property or personal safety of EACTS, our websites or our visitors and for other lawful purposes.
EACTS mainly collects, processes and uses your personal data within the European Economic Area (EEA). We will only transfer your personal data outside of the EEA or if we have a legitimate reason to do so. If we use third party service providers located outside of the EEA we will take the necessary steps to ensure compliance with the Data Protection Legislation, in particular the legal requirements on adequate protection for data transfers to countries outside of the EEA.
We may provide links to other non-EACTS websites for your convenience and information. These sites operate independently and are not affiliated with EACTS are not under our control. These sites may have their own privacy policies in place, which we strongly suggest you review if you visit any linked websites.
We maintain appropriate administrative, technical and physical safeguards to protect your personal data against accidental or unlawful destruction, accidental loss, unauthorized alteration, unauthorized disclosure or access, misuse, and all other unlawful forms of processing of the personal data in our possession.
We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. All staff with access to your personal data understand the importance of keeping your information safe and secure at all times and are given training to support them in this.
However, the transmission of information over the internet is never completely secure and as a result, while we strive to protect your personal information, EACTS cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your data, we make every effort to ensure its security, both on our systems and while in transit between our systems and our partners who work on our behalf.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We cannot be responsible for the privacy policies and practices of other websites even if you access them using links from our websites and recommend that you check the policy of each site you visit.
We will hold your personal information on our systems for as short a time as is necessary for the relevant activity and meet any legal or regulatory requirement. This is so that we can provide the services, products or information you have requested, to administer your relationship with us, to ensure we don’t communicate with you if you’ve asked us not to and to comply with the law.
Under GDPR you have the rights to:
a. Request access to your personal data.
b. Request correction of your personal data.
c. Request erasure of your personal data.
d. Object to processing of your personal data.
e. Request restriction of processing your personal data.
f. Request transfer of your personal data.
g. Right to withdraw consent.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee of £10 if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
If you would like to know more about the personal data we process about you; access a copy of this information; correct, update, erase, or transfer the data we hold about you; or revoke your consent for us to use your data or ask any other questions you may have about our privacy practices, we offer three options:
1) To review and update your personal data, please login in to your EACTS account at https://membership.eacts.org/#/login.
2) To request more information about your data, please complete the EACTS Data Privacy Enquiry Form. To administer your request, we may need you to provide a description of the information you would like, as well as approved proof of identity.
3) Privacy related queries may also be sent via email to DataSecurity@eacts.co.uk or in writing to The European Association for Cardio-Thoracic Surgery, EACTS House, Madeira Walk, Windsor SL4 1EU UK. For all other matters, not related to data privacy, please send email to firstname.lastname@example.org.
When you tell us that you no longer want to hear from us for marketing purposes, please be aware that we may still contact you for administration purposes.
Lastly, you also have the right to lodge a complaint about the way we manage your data with the Information Commissioners Office (ICO), if you feel that we have failed to comply with the DPA or EU GPDR. The ICO is the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to hear your concerns and resolve any problems before you approach the ICO, so please contact us in the first instance as set out above.
Cookies are small text files that are placed on your device to help us give you a better experience of using our website. Cookies do lots of different things, such as helping us to:
• Avoid asking you to register or complete details twice.
• Understand how visitors use the site so we can enhance their experience.
You can set your devices to accept all cookies, to notify you when a cookie is issued, or not receive cookies at any time, although doing this would disable some personalized services. You should read the information that came with your browser software to see how you can do this.
We sometimes use Facebook, Twitter and LinkedIn to promote our EACTS educational offerings on our social media channels to previous visitors to our site. To opt out of receiving these cookies, please visit Facebook, Twitter, Linkedin.
This information was last updated and made effective on 17 April 2018. From time to time, we may make changes to this policy, at any time and without prior notice to you so you may wish to check back from time to time. The amended information will apply from the date it is posted on the site and will govern the way in which we collect and use personal information from then on.