PRIVACY POLICY

In accordance with Articles 12, 13 and 14 of the EU Regulation 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereafter the “GDPR”), this Privacy Notice (hereafter the “Notice”) explains how the University of Luxembourg (hereafter also the “Organiser”) collects, processes and protects Personal Data in relation to the hosting of this website, with your registration and participation in the European Digital Medicine Conference Luxembourg (hereafter the “event”) organized by the University of Luxembourg detailed on https://digitalmedicineconference.uni.lu.

 

1)      WHO ARE WE?

University of Luxembourg:

 

The University of Luxembourg is a public higher education and research establishment, operating under the supervision of the Ministry for higher education.

 

The University of Luxembourg has its official address at:

MAISON DU SAVOIR

2, avenue de l’Université

L- 4365 ESCH-BELVAL

Phone number: Tel.: (+352) 46 66 44 1

Internet address: https://wwwen.uni.lu/university

 

The University has appointed a Data Protection Officer (DPO): reachable during working hours. Further information is provided on https://wwwen.uni.lu/university/data_protection and an email address is available: dpo@uni.lu

 

2)      WHY DO WE PROCESS YOUR PERSONAL DATA?

Your personal data will only be processed for the organisation and management of the event including the processing of payments for attending the congress.

 

In addition, the temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user's computer.

 

3)      HOW AND WHICH PERSONAL DATA DO WE COLLECT AND FURTHER PROCESS?

The conference management software offers users the possibility to register by entering personal data. The data is entered into an input mask and then transmitted and stored. Mandatory information may be requested during registration. This information must be entered completely and accurately. If this is not the case, the registration will be rejected.

 

 

 

3.1. Registration process

 

The following data is collected and stored during the registration process and use of the software features:

  • Access data (username, password)
  • Given name
  • Family name
  • Academic title (optional)
  • Company/Institution
  • Job/Function (optional)
  • Address details
  • Email address
  • Shopping cart data
  • Billing information
  • Information on contributions submitted
  • Information on verification (e.g. student identification)

 

3.2. Payment processing. The following data is collected for payment processing:

  • selected method of payment
  • invoice amount
  • amounts paid
  • billing data

 

3.3. Website processing

The following data is collected for the purposes of the provision of the website and creation of log files:

  • Information on the browser type and version used
  • The user’s operating system
  • The user’s internet service provider
  • The user’s IP address
  • Date and time of access

 

The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us.

 

4)       RECIPIENTS OF YOUR PERSONAL DATA AND PERSONAL DATA TRANSFERS OUTSIDE THE EU

The University of Luxembourg uses a conference management software called Converia. For this purpose, the University of Luxembourg has put in place a data protection agreement with Lombego Systems GmbH. Lombego Systems GmbH will be acting as a processor in the meaning of the GDPR and there is a contract in place in accordance with Article 28 GDPR.

 

 

 

5)      ON WHICH LEGAL BASIS DO WE PROCESS YOUR PERSONAL DATA AND FOR HOW LONG DO WE STORE YOUR PERSONAL DATA?

5.1. Registration process

Data processing for the purposes of the registration process is based on your consent in accordance with Article 6 (1) (a) of the GDPR. The University will store this personal data until March 2023 in order to enable the University to obtain all the required data from the registration process from the Company as well as for the University’s statistical and reporting purposes. Personal data will be stored on a server with restricted access to the congress organisers.

 

5.2. Payment processing

Data processing for the purposes of the payment of registration fees is based on 6 (1) (b) of the GDPR the data is collected during the registration process to fulfill a contract or to carry out pre-contractual measures. A registration of the user is necessary for the fulfilment of a contract with the user or for the implementation of pre-contractual measures.

 

Please keep in mind that, various payment options (e.g. invoice/bank transfer, credit card, PayPal) are available for payment processing when participants register for the event. Sensitive payment information is not stored in the conference management system itself. For this purpose, specially certified payment service providers are employed which perform the data processing and storage. The user is led directly to the website of the respective provider. Further information on data protection can be found on the websites of the respective service provider.

 

The data will be deleted as soon as it is no longer required to achieve the purpose for which they were collected. After conclusion of the contract, it may still be necessary to store personal data of the contractual partner in order to fulfil contractual or legal obligations.

 

Since the access data including address data will be used for other events such as follow-up events, this data will be removed from the system within 2 years after the last login.

 

5.3. Website processing

Data processing for the purposes of enabling the website to be delivered to the user’s computer is based

our legitimate interest in accordance with Article 6 (1) (f) of the GDPR. The data will be erased as soon as

it is no longer required to achieve the purpose for which it was collected. If data is collected for the

provision of the website, this is the case when the respective session has ended.

 

Data stored in log files is erased after no more than ten days. Storage for a longer period is possible. In such cases, the user’s IP address is erased or masked so that it can no longer be associated with the accessing client.

6)      WHAT ARE YOUR RIGHTS WITH REGARD TO THE PROCESSING OF YOUR PERSONAL DATA?

According to the GDPR, you benefit notably from the following rights: right to be informed, right to access to your personal data, right to rectification, right to erasure, right to restrict the scope of the processing, right to object, right to data portability, right to lodge a complaint. The University provides further information on its website page: https://wwwen.uni.lu/university/data_protection/your_rights.

 

In practice, you can exercise your rights by contacting our DPO by sending a request per email to the DPO, at dpo@uni.lu

 

You also have the possibility to cancel the registration and withdraw your consent at any time. You can have the data stored about you amended at any time. For this purpose, please contact the Organiser at lcsb-events@uni.lu. Please keep in mind that, if you withdraw consent you may not be able to participate in the event as we may not be able to process your registration.

 

Please keep in mind that data concerning payment processing is required to fulfil a contract or to carry out pre-contractual measures. Consequently, a premature deletion of this data is only possible to the extent that contractual or legal obligations do not preclude deletion.

Please keep in mind that the collection of data concerning the providing of the website and storage of such data is absolutely necessary for operating this website. Consequently, there is no possibility for the user to object to this processing.

 

7)      HOW CAN YOU LODGE A COMPLAINT?

If you consider that the Processing of Personal Data relating to you infringes the GDPR, you will have the right – without prejudice to any other administrative or judicial remedy – to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement.

In Luxembourg, the competent authority is the Commission Nationale pour la Protection des Données (CNPD).

 

Contact of the CNPD:

Commission Nationale pour la Protection des Données

1, avenue du Rock’n’Roll

Service des réclamations

L-4361 Esch-sur-Alzette

Tel. : (+352) 26 10 60 -1

Fax : (+352) 26 10 60 -29

 

You can also use their contact form, at: https://cnpd.public.lu/fr/support/contact.html

 

COOKIE POLICY

The website uses cookies. Cookies are text files that are stored in or by the web browser on the user’s computer system. When a user accesses a website, a cookie might be stored on the user’s operating system. This cookie contains a distinct character sequence that allows unambiguous identification of the browser when the website is accessed again.

 

The cookies are classified into the following categories:

Necessary cookies (type 1)

These cookies are essential for websites and their functions to work properly. Without these cookies, services such as attendee registration cannot be provided.

 

 

 

Functional cookies (type 2)

These cookies make it possible to improve the convenience and performance of websites and to provide various functions. For example, language settings can be stored in functional cookies.

 

Performance cookies (type 3)

These cookies collect information on how you use websites. For example, performance cookies help us to identify particularly popular areas of our internet presence. In this way, we can adapt the content of our websites more specifically to your needs and thereby improve what we offer you. No personal data is stored in these cookies.

 

Third-party cookies (type 4)

These cookies are installed by third parties, e.g. social networks. Their main purpose is to integrate social media content on our site, such as social plugins.

Legal basis for data processing

The legal basis for the processing of personal data using cookies is Article 6 (1) (f) of the GDPR.

Purpose of data processing

The following cookies are used on the registration website:

Cookie name

Purpose

Type

PHPSESSID

Identification of a user session

1

Converia_SID

Identification of a front-end user

1

 

Storage period, possibility of objection and deletion

Cookies are stored on the user's computer and transmitted from there to our website. This means that you as user have full control over the use of cookies. By changing the settings in your internet browser, you may deactivate or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also be effected automatically. If cookies are deactivated for our website, it may no longer be possible to use all of the website’s functions in full.