GDPR COMPLIANCE STATEMENT

Thank you for visiting CSI Foundation csi-foundation.org website. We respect your privacy and consider it an important element of our business. Our privacy policy is straightforward: We do not collect personal information about you when you visit our website unless you volunteer to provide that information to us.

Introduction

The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.

Our Commitment

At CSI Foundation we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the German Bundesdatenschutzgesetz – BDSG

CSI Foundation is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

How We are Preparing for the GDPR

CSI Foundation already has a consistent level of data protection and security, however it is our aim to be fully compliant with the GDPR by 25th May 2018.

Our preparation includes:

• Information Audit – carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
• Policies & Procedures – Implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
  • Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
  • Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
  • Data Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
• Legal Basis for Processing – we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
• Privacy Policy – we are revising our Privacy Policy to comply with the GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
• Obtaining Consent – we are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.

DATA SUBJECT REQUEST RIGHTS (SAR)

In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via email of an individual’s right to access any personal information that CSI Foundation processes about them and to request information about:

• What personal data we hold about them
• The purposes of the processing
• The categories of personal data concerned
• The recipients to whom the personal data has/will be disclosed
• How long we intend to store your personal data for
• If we did not collect the data directly from them, information about the source
• The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
• The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
• The right to lodge a complaint or seek judicial remedy and who to contact in such instances

Information Security & Technical and Organizational Measures

CSI Foundation takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:

• SSL
• Access controls
• Password policy
• Encryptions
• Restriction
• Authentication

CSI Foundation understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.

If you have any questions about our preparation for the GDPR, please contact info@csi-foundation.org

PRIVACY POLICY

Cookies

When you participate in our conferences/congresses or use our website and related services, you trust us with your information. We respect your privacy and our privacy policy is meant to help you understand what data we collect, why we collect it and what we do with it.

Automatically stored information

If you visit our website we gather and store certain information about your visit automatically. This information cannot and does not identify you personally. The kind of information that is gathered automatically includes the type of browser you are using, the type of operating system you are using, the date and time of your visit and the pages you visit. We sometimes use this non-personally identifiable information to improve our website(s) design, content and primarily to give you a better browsing experience. We use Google Analytics to analyse the audience of the website and improve our content. No personal information is collected by Google Analytics.

You may refuse the use of cookies by selecting the appropriate settings on your browser. However, please note that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under https://tools.google.com/dlpage/gaoptout?hl=en-GB

Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or https://www.google.de/intl/en_uk/policies/.

Collection and use of personal information

We will collect personal information from you only if you provide it voluntarily. Such data may include for example your name, e-mail address, postal address, date of birth, email address, telephone number or photograph. The data collected is for specific purposes only, for example in order to register you as a member or as a congress participant or a user of other services or in order to be able to send you information tailored to your interests. You agree that the data you provide us with is being stored and used by us. This also applies for the use of the data for future events organised by CSI Foundation. You declare yourself to be in particular agreement with us sending your data to other companies entrusted with the processing of your registration. You declare your consent to your data being released to other participants of congresses and you also declare your consent to us forwarding your data for consulting, advertising, market or opinion research purposes to industry partners whose stand you visited during the event and whom you permitted to scan the QR code of your name badge. You may revoke your consent to this at any time by sending a corresponding email to info@csi-foundation.org

Third-party sites and services – links to other sites

Our website has links to other websites. The privacy policies of these websites is not under our control. Once you leave our webpage(s), use of any information you provide is governed by the privacy policy of the operator of the site you are visiting. It is advisable to read their privacy policies for further information. The user acknowledges and agrees that CSI Foundation has no responsibility for the content provided on third party websites, or for the practices or privacy policies of such websites. Links to such websites do not constitute an endorsement by CSI Foundation of their content. CSI Foundation is not responsible or liable, directly or indirectly, for any damage or loss caused by or in connection with third parties linked websites.
Certain features or services offered on or through our site is strictly limited to members and may require you to open an account. You are entirely responsible for maintaining the confidentiality of the information you hold for your account, including your password, and for any and all activity that occurs under your account as a result of your failing to keep this information secure and confidential. It is thus strictly forbidden for any third party to include on its website a link to the restricted-access content of csi-foundation.org.

Cookies, Google Analytics and other technologies

We do not collect any personal and non-personal information about your use of our website and your use of the websites of selected sponsors and advertisers through the use of Cookies or Google Analytics. Every computer accessing CSI-foundation.org website is assigned different Cookies by CSI-foundation.org. These Cookies are used to facilitate a user’s log-in, as navigation aids and as session timers. Browsers can be set to reject all Cookies and offer instructions on how to reset the browser to reject Cookies. If you reject our Cookies, certain functions and conveniences of our web site may not work properly but you do not have to accept our Cookies in order to productively use our site. We do not link non-personal Information from Cookies to personally identifiable information without your permission and do not use Cookies to collect or store personal health information about you.

Your right to change and delete your data we have stored about you

You may at any time change your data or revoke your consent to process and use your personal data. If you would like to do so, please contact info@csi-foundation.org.

Our right to change this privacy policy

We retain the right to change this privacy policy at any time whilst observing the respectively valid data protection guidelines.

TERMS OF USE

By accessing or using csi-foundation.org or attending one of our events, you agree to be bound by the Terms of Use and the Privacy Policy of CSI Foundation.

1. Privacy Policy

When you participate in our conferences or use our website and related services, you trust us with your information. We respect your privacy and our privacy policy is meant to help you understand what data we collect, why we collect it and what we do with it. Please take the time to read our Privacy policy

2. Copyright – Intellectual Property

Copyright under German and International law applies to all content owned by csi-foundation.org. All rights on content on csi-foundation.org (including without limitation all articles, statements, texts, images, logos, videos, slides and design) are owned by or licensed to CSI Foundation. All rights reserved.
If you have any questions regarding the ownership or use of content on the website, please contact us at info@csi-foundation.org. Any unapproved use may result in action being taken by CSI Foundation to require removal of material concerned from display / distribution and possible legal action.

3. Priority of legal obligations

In the event of any conflict with policies of the site, the laws of Germany will take precedence over this agreement and the site’s privacy policy. The Agreement itself will be interpreted under the laws of Germany.

4. Content disclaimer

All information provided in csi-foundation.org or during CSI Foundation events is provided for information purposes only and does not constitute a legal contract between CSI Foundation and any person or entity unless otherwise specified. Information on csi-foundation.org website is subject to change without prior notice. Although every reasonable effort is made to present current and accurate information, CSI Foundation makes no guarantees of any kind.
The csi-foundation.org website may contain information that is created and maintained by a variety of sources. CSI Foundation does not control, monitor or guarantee the information contained in links to other external web sites, and does not endorse any views expressed or products or services offered therein. In no event shall CSI Foundation be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such site or resource.

All contents remain the property of their authors. Downloadable PDFs are provided for private use only: public use is forbidden without an express authorization by the speaker. If you are willing to contact a speaker to request his authorization, please contact us.

5. Health-related content disclaimer

Health related topics found on csi-foundation.org website, should not be used for diagnosing purposes or be substituted for medical advice. It is your responsibility to research the accuracy, completeness, and usefulness of all opinions, services, and other information found on the site. CSI Foundation assumes no responsibility or liability for any consequence resulting directly or indirectly for any action or inaction you take based on or made in reliance on the information, services, or material on or linked to this site.

Since medical developments occur daily, this site may contain outdated material. While CSI Foundation makes every reasonable effort to present current and accurate information, no guarantee of any kind is made. CSI Foundation is not liable for any damage or loss related to the accuracy, completeness or timeliness of any information contained on this site.

6. Link disclaimer

Any links to external web sites and/or non CSI Foundation information provided on csi-foundation.org website pages or returned from built-in search engine are provided as a courtesy. They should not be construed as an endorsement by CSI Foundation of the content or views of the linked materials.

Questions

If you have any questions or concerns about our privacy policy, data processing or other terms and conditions please send us your enquiries to info@csi-foundation.org

SUBJECT ACCESS REQUEST FORM (SAR)

You should complete this form if you want us to supply you with a copy of any personal data we hold about you. You are currently entitled to receive this information under the Data Protection Act 1998 (DPA) and will continue to be under the EU General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. We will also provide you with information about any processing of your personal data that is being carried out, the retention periods which apply to your personal data, and any rights to rectification, erasure, or restriction of processing that may exist.

We will endeavour to respond promptly and in any event within one month of the latest of the following:

• Our receipt of your written request; or
• Our receipt of any further information we may ask you to provide to enable us to comply with your request.

The information you supply in this form will only be used for the purposes of identifying the personal data you are requesting and responding to your request. You are not obliged to complete this form to make a request, but doing so will make it easier for us to process your request quickly.

You can download our SAR Form here.