Your continued use of CSI Foundation website means you agree to the following documents, so please take a few minutes to read and understand them.
GDPR Compliance Statement
The EU General Data Protection Regulation (“GDPR”) comes into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardize data protection laws and processing across the EU; affording individuals stronger, more consistent rights to access and control their personal information.
At CSI Foundation we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We have always had a robust and effective data protection program in place which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this program to meet the demands of the GDPR and the German Bundesdatenschutzgesetz – BDSG
CSI Foundation is dedicated to safeguarding the personal information under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.
How We are Preparing for the GDPR
CSI Foundation already has a consistent level of data protection and security, however it is our aim to be fully compliant with the GDPR by 25th May 2018.
Our preparation includes:
- Information Audit - carrying out a company-wide information audit to identify and assess what personal information we hold, where it comes from, how and why it is processed and if and to whom it is disclosed.
- Policies & Procedures - Implementing new data protection policies and procedures to meet the requirements and standards of the GDPR and any relevant data protection laws, including:
- Data Protection – our main policy and procedure document for data protection has been overhauled to meet the standards and requirements of the GDPR. Accountability and governance measures are in place to ensure that we understand and adequately disseminate and evidence our obligations and responsibilities; with a dedicated focus on privacy by design and the rights of individuals.
- Data Retention & Erasure – we have updated our retention policy and schedule to ensure that we meet the ‘data minimization’ and ‘storage limitation’ principles and that personal information is stored, archived and destroyed compliantly and ethically. We have dedicated erasure procedures in place to meet the new ‘Right to Erasure’ obligation and are aware of when this and other data subject’s rights apply; along with any exemptions, response timeframes and notification responsibilities.
- Data Subject Access Request (SAR) – we have revised our SAR procedures to accommodate the revised 30-day timeframe for providing the requested information and for making this provision free of charge. Our new procedures detail how to verify the data subject, what steps to take for processing an access request, what exemptions apply and a suite of response templates to ensure that communications with data subjects are compliant, consistent and adequate.
- Legal Basis for Processing – we are reviewing all processing activities to identify the legal basis for processing and ensuring that each basis is appropriate for the activity it relates to. Where applicable, we also maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR and Schedule 1 of the Data Protection Bill are met.
- Obtaining Consent - we are revising our consent mechanisms for obtaining personal data, ensuring that individuals understand what they are providing, why and how we use it and giving clear, defined ways to consent to us processing their information. We have developed stringent processes for recording consent, making sure that we can evidence an affirmative opt-in, along with time and date records; and an easy to see and access way to withdraw consent at any time.
Data Subject Request Rights (SAR)
In addition to the policies and procedures mentioned above that ensure individuals can enforce their data protection rights, we provide easy to access information via email of an individual’s right to access any personal information that CSI Foundation processes about them and to request information about:
- What personal data we hold about them
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from them, information about the source
- The right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
- The right to request erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
- The right to lodge a complaint or seek judicial remedy and who to contact in such instances
Information Security & Technical and Organizational Measures
CSI Foundation takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We have robust information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction and have several layers of security measures, including:
- Access controls
- Password policy
CSI Foundation understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.
If you have any questions about our preparation for the GDPR, please contact firstname.lastname@example.org
Automatically stored information
If you visit our website we gather and store certain information about your visit automatically. This information cannot and does not identify you personally. The kind of information that is gathered automatically includes the type of browser you are using, the type of operating system you are using, the date and time of your visit and the pages you visit. We sometimes use this non-personally identifiable information to improve our website(s) design, content and primarily to give you a better browsing experience. We use Google Analytics to analyse the audience of the website and improve our content. No personal information is collected by Google Analytics.
Further information concerning the terms and conditions of use and data privacy can be found at http://www.google.com/analytics/terms/gb.html or https://www.google.de/intl/en_uk/policies/.
Collection and use of personal information
We will collect personal information from you only if you provide it voluntarily. Such data may include for example your name, e-mail address, postal address, date of birth, email address, telephone number or photograph. The data collected is for specific purposes only, for example in order to register you as a member or as a congress participant or a user of other services or in order to be able to send you information tailored to your interests. You agree that the data you provide us with is being stored and used by us. This also applies for the use of the data for future events organised by CSI Foundation. You declare yourself to be in particular agreement with us sending your data to other companies entrusted with the processing of your registration. You declare your consent to your data being released to other participants of congresses and you also declare your consent to us forwarding your data for consulting, advertising, market or opinion research purposes to industry partners whose stand you visited during the event and whom you permitted to scan the QR code of your name badge. You may revoke your consent to this at any time by sending a corresponding email to email@example.com
Third-party sites and services – links to other sites
Certain features or services offered on or through our site is strictly limited to members and may require you to open an account. You are entirely responsible for maintaining the confidentiality of the information you hold for your account, including your password, and for any and all activity that occurs under your account as a result of your failing to keep this information secure and confidential. It is thus strictly forbidden for any third party to include on its website a link to the restricted-access content of csi-foundation.org.
Cookies, Google Analytics and other technologies
Your right to change and delete your data we have stored about you
You may at any time change your data or revoke your consent to process and use your personal data. If you would like to do so, please contact firstname.lastname@example.org.
2. Copyright – Intellectual Property
Copyright under German and International law applies to all content owned by csi-foundation.org. All rights on content on csi-foundation.org (including without limitation all articles, statements, texts, images, logos, videos, slides and design) are owned by or licensed to CSI Foundation. All rights reserved.
If you have any questions regarding the ownership or use of content on the website, please contact us at email@example.com. Any unapproved use may result in action being taken by CSI Foundation to require removal of material concerned from display / distribution and possible legal action.
3. Priority of legal obligations
4. Content disclaimer
All information provided in csi-foundation.org or during CSI Foundation events is provided for information purposes only and does not constitute a legal contract between CSI Foundation and any person or entity unless otherwise specified. Information on csi-foundation.org website is subject to change without prior notice. Although every reasonable effort is made to present current and accurate information, CSI Foundation makes no guarantees of any kind.
The csi-foundation.org website may contain information that is created and maintained by a variety of sources. CSI Foundation does not control, monitor or guarantee the information contained in links to other external web sites, and does not endorse any views expressed or products or services offered therein. In no event shall CSI Foundation be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such content, goods, or services available on or through any such site or resource.
All contents remain the property of their authors. Downloadable PDFs are provided for private use only: public use is forbidden without an express authorization by the speaker. If you are willing to contact a speaker to request his authorization, please contact us.
5. Health-related content disclaimer
Health related topics found on csi-foundation.org website, should not be used for diagnosing purposes or be substituted for medical advice. It is your responsibility to research the accuracy, completeness, and usefulness of all opinions, services, and other information found on the site. CSI Foundation assumes no responsibility or liability for any consequence resulting directly or indirectly for any action or inaction you take based on or made in reliance on the information, services, or material on or linked to this site.
Since medical developments occur daily, this site may contain outdated material. While CSI Foundation makes every reasonable effort to present current and accurate information, no guarantee of any kind is made. CSI Foundation is not liable for any damage or loss related to the accuracy, completeness or timeliness of any information contained on this site.
6. Link disclaimer
Any links to external web sites and/or non CSI Foundation information provided on csi-foundation.org website pages or returned from built-in search engine are provided as a courtesy. They should not be construed as an endorsement by CSI Foundation of the content or views of the linked materials.
SUBJECT ACCESS REQUEST FORM (SAR)
You should complete this form if you want us to supply you with a copy of any personal data we hold about you. You are currently entitled to receive this information under the Data Protection Act 1998 (DPA) and will continue to be under the EU General Data Protection Regulation (GDPR), which comes into effect on 25 May 2018. We will also provide you with information about any processing of your personal data that is being carried out, the retention periods which apply to your personal data, and any rights to rectification, erasure, or restriction of processing that may exist.
We will endeavour to respond promptly and in any event within one month of the latest of the following:
- Our receipt of your written request; or
- Our receipt of any further information we may ask you to provide to enable us to comply with your request.
The information you supply in this form will only be used for the purposes of identifying the personal data you are requesting and responding to your request. You are not obliged to complete this form to make a request, but doing so will make it easier for us to process your request quickly.
You can download our SAR Form here.