Information regarding data processing in the course of the membership to the European Dermatology Forum

Within the framework of your membership with the European Dermatology Forum (“EDF”) personal data is processed. With the following information we, EDF, would like to give you an overview of data processing by us.

1. Controller
Controller according to the General Data Protection Regulation EU (2016/679)(“GDPR”) and other data privacy rules is:
EDF, European Dermatology Forum
University Hospital Zurich
Gloriastrasse 31
CH-8091 Zurich, Switzerland
Phone: +41 44 255 19 48
Fax: +41 44 255 99 85
2. Representative
Prof Véronique del Marmol
EDF Membership Committee
3. Processing of Personal Data
According to Article 4 lit 1 GDPR personal data is information relating to an identified or identifiable natural person, e.g. name, email address, IP address.

We are using the following data:
- Title
- Name
- Address
- Email address

4. Purpose and legal basis
We process your personal data for the purpose of establishing and implementing your membership. The legal basis for data processing is Article 6 para. 1 lit. b GDPR (contract for your membership) and Article 6 para 1 lit. c GDPR (statutory obligations, in particular tax and commercial law provisions) and the applicable provisions of Swiss law.
5.Recipients, categories of recipients
Other members can be recipients of data. If you are involved in committees or working groups, other members of the committees or working groups will receive your contact data.

6. Transfer
The data will be transferred to Switzerland. The European Commission has recognised Switzerland as providing adequate protection according to Art. 45 GDPR.

7. Retention period
The data will be deleted as soon as they are no longer necessary to achieve the purpose for which they were collected, unless there is a longer legal retention period. All data relevant to the membership with EDF are stored for a period of 10 calendar years after the end of the contract in accordance with tax and commercial law retention periods.

8. Rights of the data subject
As a data subject you have several rights. For assertion of rights you can contact us:
European Dermatology Forum (EDF)
University Hospital Zurich
Gloriastrasse 31
CH-8091 Zurich, Switzerland
Phone: +41 44 255 19 48
Fax: +41 44 255 99 85

a. Access, rectification, erasure
In accordance with Art. 15 GDPR, you may at any time obtain from the controller confirmation as to whether or not personal data concerning you  are being processed, and where that is the case, access to personal data. Information is provided free of charge.
If your personal data is incorrect or incomplete, you have the right to correct
and amend it (Art. 16 GDPR).
You can request the erasure of your personal data at any time, unless we are legally obliged or entitled to further processing of your data (Art. 17 GDPR).
If the legal requirements are met, you can demand a restriction on the
processing of your personal data.

b. Right to object
You can object to data processing in accordance with Art. 21 GDPR. We will then stop processing your data. This is not the case if we can prove compelling reasons worthy of protection, which outweigh your rights. This is especially the case when storing the data in logfiles, because these are absolutely necessary for the operation of the website.

c. Right to data portability
Upon request, we will provide you with your personal data transmitted by you in a standard machine-readable data format (Art. 20 GDPR).

d. Right to withdraw consent
If you have given us your consent to process personal data, you can withdraw it at any time without affecting the legality of the processing carried out on the basis of the consent until withdrawal. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR was valid, i.e. before 25 May 2018.

e. Right to lodge a complaint
You have the right under Article 77 GDPR to lodge a complaint with the supervisory authority if you believe that the processing of personal data concerning you violates the GDPR.

9. Automated decision making
In principle, we do not use automated decision making for the establishment, execution and termination of business relationships. If we use automated decision making, we will inform you separately.

May 2018