ECCTR logo

Privacy Policy

Data Privacy Policy | General Privacy Policy

Data Privacy Policy

This Privacy Notice sets out details of the personal data relating to you that we collect through the European Cornea and Cell Translation Registry (“ECCTR”) application (the “Registry”), how we will process such data and to whom it may be disclosed. This notice also explains your rights under applicable data protection law, including the EU General Data Protection Regulation (“GDPR”), in relation to our processing of your data.

About Us

The consortium of the project consists of seven partners: the European Society of Cataract and Refractive Surgeons (ESCRS), European Society of Cornea and Ocular Surface Disease Specialists (EuCornea), Fondazione Banca degli Occhi del Veneto Onlus (FBOV), European Eye Bank Association (EEBA), NHS Blood and Transplant (NHSBT), University of Maastricht (MU), Nederlandse Transplantatie Stichting (NTS).

The consortium provides an EU Web-based registry in the field of cornea transplant. The aim of the project is to build a common assessment methodology and establish an EU web-based registry and network for academics, health professionals and authorities to assess and verify the safety, quality and efficacy of (new) human tissue transplantations in ophthalmic surgery.

You can contact us using the details at the end of this notice, or if you have any queries in relation to the processing of your personal data you can also contact our Data Protection Officer by emailing info@ecctr.org

What is Personal Data?

Personal data is defined by the GDPR as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.

Personal data is, in simpler terms, any information about you that enables you to be identified.

What is Pseudonymized Data?

All patient and donor personal data is recorded using a unique ID number to prevent their identity being revealed. The link between your unique ID number and your identity is only known to the site entering the data and is not provided to ECCTR or made publicly available. This is considered Pseudonymized data.

Personal Data that We Process

When the registry receives registrations and information relating to surgeries using Cornea tissue we are “processing personal data”.

Most of the personal data that we collect about you and your patients will be information that you have given to us. This may include the following:

The registry will also collect follow-up details and details on any graft failures.

Personal information that we collect automatically:

When you use our Registry, we use various technologies to automatically capture details about the device you are using and how you interact with the Registry. This information includes:

Purposes of Processing and Legal Basis

The purpose of the registry is to collect and analyse data on Cornea surgeries throughout Europe.

We will only process personal data including special category data if:

Recipients of Data

We do not share your personal data with any third parties, however certain groups such as our IT providers may have access to it.

Personal information that you enter on to the registry about your patients and donors will be shared in aggregate format which is anonymised data and as such falls outside the scope of the GDPR.

The registry does not share personal data with third parties for commercial purpose.

Do you transfer my data outside of the EEA ?

We may store or transfer some or all of your personal data in countries that are not part of the European Economic Area (the “EEA”) These countries may not have data protection laws that are as strong as those in the EEA. This means that we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA.

We use specific contracts with external third parties that are approved by the European Commission for the transfer of personal data to third countries. These contracts require the same levels of personal data protection that would apply under the GDPR.

Data Security

We have taken appropriate technical and organisational measures to guarantee data security, in particular to protect your personal data against access by third parties, as well as accidental or intentional modification, loss or destruction. Such measures are reviewed periodically and adapted in line with the state-of-the-art technologies.

Retention

We retain your personal data in accordance with our record retention policy. The record retention policy operates on the principle that we keep personal data for no longer than is necessary for the purpose for which we collected it, and in accordance with any requirements that are imposed on us by law. This means that the retention period for your personal data will vary depending on the type of personal data.

Important Information about Consent

In circumstances where we process your personal data on the basis of your consent, you are free to withdraw that consent at any time. You can withdraw your consent by contacting us using the contact details at the bottom of this notice.

Your Rights

You have the following rights, in certain circumstances, in relation to your personal data:

In order to exercise any of the rights set out above, please contact us at using the contact details at the bottom of this notice. These rights do not apply to pseudonymized data that you have entered into the registry on patients and donors.

Consent for Children

In the event the surgery relates to a child, it is the sites responsibility to obtain the necessary parental consent.

Changes to Our Privacy Notice

We keep our privacy notice under regular review and we will place any updates on this web page.

Questions and Complaints

If you have any queries or complaints in connection with our processing of your personal data, you can get in touch with us using the following contact details:

Compliance Officer, ESCRS, Temple House, Temple Road, Blackrock, Dublin, Ireland

Email: compliance@escrs.org

Telephone: + 353 1 2091100

You also have the right to lodge a complaint with the Irish Data Protection Commission if you are unhappy with our processing of your personal data. Details of how to lodge a complaint can be found here, or you can call the Data Protection Commission at 353 (0)761 104 800.


General Privacy Policy

ESCRS
Temple House, Temple Road, Blackrock, Co Dublin, Ireland
Telephone: +353 1 2091100
Fax: +353 1 2091112
Email: escrs@escrs.org
http://www.escrs.org/

We look forward to your visit of our website. Your privacy and the associated protection of personal data are important to us. Therefore, our business conduct takes place in accordance with the applicable legislation on data protection and data security (in particular: General Data Protection Regulation (GDPR) and Federal Data Protection Act in the new version (FDPA-new)). It is very important to us that you feel safe with us. For this reason, we and our data protection officer pay attention to compliance with data protection regulations.

We are aware of the importance of the data entrusted to us and would like to inform you about the following:

Please read the following instructions carefully. If you have any questions, please contact our data protection officer. The contact details can be found below in this privacy policy.

1 Definitions

Privacy is a complex issue. In order for some basic meanings to make it easier to understand this privacy policy, we have collected it for you.

A "request processing" (abbreviated to RP) within the meaning of Art. 28 of General Data Protection Regulation (GDPR) simply means a service in which personal data, processed and commissioned by the so-called controller are collected, processed and / or used through a service provider (request processor according to GDPR). The service provider processes the personal data exclusively according to our instructions and does not acquire ownership or interest of your data. Before such an agreement is awarded to a carefully selected service provider, we conclude a special agreement with the service provider and ensure further measures to protect your personal data.

"Cookies" are small text files that are stored on your used terminal device (e.g. computer or smartphone) and that store certain settings and data for exchange with our system via your browser. A cookie usually contains the name of the visited web page from which the cookie data was sent, information about the age of the cookie and an alphanumeric identifier. Cookies allow the systems to recognize the user's device and make any presets immediately available.

Third party is any natural or legal person or entity other than the data subject, the controller, the processor and the persons authorized under the direct responsibility of the controller or processor to process the personal data, cf. Art. 4 No. 10 GDPR. It is therefore for example, not a third party if personal data is provided to a service provider in the course of processing the order in accordance with Art. 28 of GDPR or formerly § 11 of FDPA.

IP addresses are sequences of numbers that can be assigned to individual IT devices or a group. The IP serves, as with postal addresses, to be able to assign data to the right recipient.

"Personal data" means all information relating to an identified or identifiable natural person, in particular first and last name, date of birth, e-mail address, residential address, as well as bank and payment data, but also health data , see. Art. 4 No. 1 of GDPR (details of a specific or identifiable natural person formerly in accordance with § 3 para. 1 of FDPA).

"Responsible person" according to Art. 4 No. 7 of GDPR (formerly "Responsible Body" according to § 3 para. of 7 FDPA) is any person or body who alone or jointly with others decides on the purposes and means of processing personal data. (in this case: the website operator).

2 Responsible person

A person responsible for your personal data on this website is:

Contact details of the responsible person:

ESCRS
Temple House, Temple Road, Blackrock, Co Dublin, Ireland
Telephone: +353 1 2091100
Fax: +353 1 2091112
Email: escrs@escrs.org
http://www.escrs.org/

If a person other than the aforementioned is "responsible" within the meaning of the General Data Protection Regulation (GDPR) or the Federal Data Protection Act (FDPA-new), you will be explicitly and separately notified, unless this is obvious.

3 The use of the website

Every time you access this web page, data is logged, as well as for the retrieval of files. Here we use your IP address and / or set cookies to collect the technically necessary data. The technically necessary data, which are transmitted by your browser to our web server, include, for example, browser type / browser version, operating system used, referrer URL, pages accessed, duration, IP address, date and time of the request.

We need this data to make your visit to this website as pleasant as possible. We reserve the right to analyze the logged data for the purpose of data security on an ad-hoc basis. We do not carry out a single profile about your usage behavior. Your submitted data will not be linked or merged with other data sources.

The legal basis for processing the data described - insofar as these are personal - forms Art. 6 para. 1 letter f of GDPR.

4 Indication of personal data

If you provide us with personal information in order to use one of our services or to contact us, we will use your information to enable you to use it and to process your request. Below we inform you about the individual services and offers and the associated data processing including their respective legal basis.

Contact via e-mail, fax, telephone or postal mail

If you contact us via e-mail, fax, telephone or postal mail, we use your information to contact us and to process and respond to your request. A transfer of your data to third parties does not take place. Unless otherwise provided by law and your request does not serve to prepare a contract, your information will be deleted by us within a reasonable time after completion of the processing.

The legal basis for processing is Art. 6 para. 1 letter f of GDPR. If your request is to prepare / initiate a contract with you, Art. 6 para. 1 letter b of GDDPR is alternative legal basis.

5 Cookies

The basic use of the website is usually possible without cookies. However, we cannot exclude a limitation of the use of the website or a less user-friendliness.

Most popular browsers allow disabling cookies or restricting them to specific web pages. Regularly, browsers also have the option of informing you when cookies are set.

Cookies can be deleted at any time from the hard disk of your device. However, we can not exclude a limitation of the use of the website or a less user-friendliness also for this case. Our external data protection officer will provide you with the guideline "View, remove and delete cookies - Privacy protection with Firefox, Safari, Chrome, Internet Explorer and Co." on his website (Attention, external links). If you use another browser, you can also find out about cookies on the websites of your browser manufacturer.

The legal basis for the use of cookies - insofar as these relate to individuals - forms Art. 6 para. 1 letter f of GDPR.

6 Disclosure of your data, use of service providers

We collect and use your data according to legal requirements and only for our own purposes. A transfer to so-called third parties does not take place, unless there is a legal obligation or you have consented to the transfer.

Insofar as we access other service providers to facilitate our offer and possibly grant them access to your data, we have naturally made an agreement of request processing (abbreviated to the RP agreement) pursuant to Art. 28 of GDPR with our service providers for request processing (in short, request processor). We also remain responsible for the protection of your data. Due to the conclusion of the agreement, the service providers used are not considered so-called third parties.

7 Duration of data usage / storage

A deletion of your personal data takes place, as far as legal storage requirements do not oppose, if the data for the fulfillment of the purpose pursued with the storage are no longer necessary, if you have asserted a deletion claim or if their storage is for other legal reasons inadmissible.

8 Place of data processing

Your data is usually processed in the EU. In exceptional cases, information that you submit to us may be stored on servers in the United States. Appropriate security measures were taken by concluding suitable agreements. Should we deviate from this as "responsible person" or "responsible body", we will inform you about this.

9 Data security / secure data transmission

We would like to inform you that in case of data transmission on the internet (e.g. via e-mail) security gaps can occur. A complete protection against access by third parties is therefore not possible. We secure our IT systems (including the website (s)) by means of so-called technical and organizational measures (short TOM) against unintentional: access, admission, transfer, entry, loss and distribution as well as destruction and alteration by unauthorized persons.

10 Data subjects' rights

Contact person for the protection of your data subject rights is our data protection officer (see above contact details).

10.1 Right to Information

Under the legal requirements of Art. 15 of GDPR, you can, of course, demand information at any time as to whether we process personal data from you. If we process personal data of you, you can also request information about the circumstances and design of the processing and more detailed information on the processed data.

10.2 Right to rectification

According to Art. 16 of GDPR, you may request that incorrect information about yourself be corrected if you cannot make a change yourself.

10.3 Right to cancellation

Under the statutory requirements of Art. 17 of GDPR, you are entitled to demand that we delete your personal data without delay. The right to delete exists inter alia not if the processing of the personal data is necessary for the exercise of the right to freedom of expression and information, for the fulfillment of a legal obligation to which we are subject to (e.g. statutory retention obligations) or for the assertion, exercise or defense of legal claims.

10.4 Right to restriction of processing

According to Art. 18 of GDPR you may demand the restriction of the processing of your personal data.

10.5 Right to data transferability

You are entitled, under the conditions of Art. 20 of GDPR, to require us to provide you with the personal data concerning you which are processed by us in a structured, standard and machine-readable format.

10.6 Right of objection

Under the conditions of Art. 21 of GDPR, you have the right to object to the processing of your personal data and to require us to stop processing. The right to object exists only to the extent required by law. Their opposition may be precluded by legitimate interests which require further processing.

10.7 Right of rescission

You may withdraw your consent to the processing of your personal data (e.g. as part of a newsletter subscription) at any time and with effect for the future, without incurring costs that exceed the transmission costs according to the basic rates.

10.8 Right of appeal / Inspectorate

You have the right under Article 77 of GDPR to complain to a supervisory authority or a competent body if you have a reason to complain, in particular, if you believe that the processing of your personal data is not in accordance with the legal requirements and the specifications of this privacy policy.

The contact details of the supervisory authority responsible for ESCRS are:

Data Protection Commission
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Tel.: +353 (0761) 104 800
Fax: +353 57 868 4757
E-Mail: info@dataprotection.ie

11 External links and information on the website

We accept no liability for external links and the offers made available by third parties. Furthermore, we point out that the information on this website is for information purposes only and does not create any legally binding effect.

12 Changes to the Privacy Policy

The advancing technology, legal requirements or changed processes can, among others, also affect this Privacy Policy. We therefore reserve the right to change this Privacy Policy at any time with future effect. The current version of the Privacy Policy can be found on this website. Please visit this subpage of the homepage regularly to find out about the applicable regulations.

As of: 28/05/2020