ESMO Privacy & Data Security Policy

If you have questions regarding the use of your data and the measures ESMO employs to safeguard your data, we invite you to review our updated Privacy and Data Security Policy outlined below.

Definitions

Personal data – Any information relating to an identified or identifiable person (data subject), such as name, identification number, location data, e-mail address etc.

Processing – Any operation or set of operations which is performed on personal data, either by automated means or performed by an individual, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Data Subjects (or Individual) – person whose personal data is being processed.

Third parties – Any organisation or individual external to ESMO with whom ESMO has signed a contract which includes reference to data protection and privacy (i.e. a meeting partner, a national oncology society with whom ESMO has a Reciprocal Membership Agreement, a database provider, etc.)

Introduction

This privacy policy applies to your use of the websites (collectively referred to as the “Website”), operated by The European Society for Medical Oncology, a Swiss-based not-for-profit Society, and referred to interchangeably hereafter as “ESMO”.

The “Website” includes, without limitation, the ESMO website (www.esmo.org) and any specific versions (e.g.  oncologypro.esmo.org) or filters thereof, the Rare Cancers Europe website ( www.rarecancerseurope.org), and any other online platforms used by ESMO which could require your personal data.

ESMO respects your privacy and is committed to protecting the confidentiality of your personal information. This policy explains how ESMO collects and uses Member, ESMO organised meeting or event, customer and site visitor information, and how it protects your privacy. It also explains how you can manage your own personal information held by ESMO in the ‘myESMO’ area on the ESMO Website.

This policy applies to personal information held about individuals. It does not apply to information ESMO holds about companies and other organisations. It is in addition to any specific policies concerning specific products or services. It does not supersede the ESMO terms and conditions which govern the use of the ESMO Website. ESMO reserves the right to amend this privacy policy at its sole discretion, without prior notice, at any time, with the proviso that details of the amendments are published on the ESMO Website. They become effective from the time of posting. ESMO is the sole owner of the Website and as such is the sole owner of any information collected through the Website.

ESMO is committed to the following standards, on a commercially reasonable basis:

  1. To collect and use only the minimal amount of information necessary for us to deliver high quality service to users, to administer our business, and to inform you of ESMO products and services
  2. To protect the information you share with us, maintaining strong standards of security and confidentiality
  3. To require any other organisation that we retain or engage to provide support services to us to conform General Data Protection Regulations (GDPR) privacy standards, and
  4. To aim to keep data, if any, complete, up to date, and accurate

The Website may require you to register as a user and to receive our authorisation before you can use particular features. Whether you are an individual or a corporation, partner, or other form of commercial enterprise, in order for you obtain our authorisation to use those features and to be considered a registered user, you may be required to provide us with certain information about yourself or your business and, if a business, information about any or all individuals you designate to represent that business in connection with your use of the Website (e.g. names, addresses, e-mail addresses, telephone numbers, and other Personally Identifiable Information of each individual who uses the Website). Once ESMO has authorised you as a registered user, ESMO will assign a customer identification number. Your username will be your email address and you will be requested to create your own password.

You will be able to change your password and update any personal data you have provided. Please note that submitting information is not a guarantee or assurance that ESMO will authorise you, or anyone you designate, to use any or all of the services of the Website. If for any reason you are not granted authorisation ESMO will retain the information you submit only in order to communicate with you regarding your application. ESMO may, however, request additional or follow-up information for audit purposes or as may be required by law or regulation.

If you are a third party submitting personal information on behalf of others (for registration purposes or otherwise) you represent; this action implies that you have their permission, agreement and full authorisation to provide this information to us. ESMO reserves the right (a) to ask you to provide evidence of your authority at any time during, or even after, the submission process and (b) to contact those individuals to confirm your authority at any time. If ESMO determines that your authority has not been properly obtained, ESMO may immediately (and without notification) discontinue your access to those features of the Website.

Who is responsible for data processing?

The European Society for Medical Oncology (ESMO), via Ginevra, 4, 6900, Lugano, incorporated under the laws of Switzerland, is responsible as data controller for the processing of your personal data on the ESMO website (www.esmo.org) and any specific versions (e.g., oncologypro.esmo.org) or filters thereof, the Rare Cancers Europe website ( www.rarecancerseurope.org), and any other online platforms used by ESMO which could require your personal data.

How ESMO collects personal information

ESMO is a professional Society involved in a wide range of activities in the field of medical oncology, including

  • Provision of Membership Services
  • Collection and dissemination of education and scientific information
  • Provision of Products and Services

The sources of personal information received by ESMO are:

  • The individuals themselves
  • Third parties acting on behalf of individuals (e.g. an agent or secretary arranging registration for an ESMO organised meeting or event; abstract submission, etc.)

ESMO may collect personal information in the following ways:

  • Account creation: when you enter personal details when creating or updating a ‘myESMO’ account on the ESMO Website
  • ESMO Membership application: When you enter personal details online or on paper
  • ESMO organised meeting or event registration: When you, or an agent on your behalf, enter personal details online or on paper requesting access to an ESMO product or service such as registering for the ESMO organised meeting or event, registering for the ESMO Examination or applying for an ESMO Fellowship
  • Abstract submission: When you, or someone on your behalf, submits proposals or content in connection with scientific sessions at an ESMO organised meeting or event
  • Subscribe to ESMO Newsletters: When you subscribe to an ESMO Newsletter, Digital Magazine or other electronic communication
  • When you participate in a survey, questionnaire or competition

What personal information is collected by ESMO?

Mandatory Personal Information

As a general rule, to maintain the integrity of the Society and ensure the appropriate membership category is assigned, to enable ESMO to correctly identify you, to provide you with the products and services you have requested and to communicate with you, the following minimal information must be provided in order for your order, request, application, etc. to be processed:

  • First Name
  • Last Name
  • Full Postal Address (work)
  • Email address
  • Date of Birth (mandatory for Membership applications)

Optional Personal Information

Other optional personal information may be requested to help identification during events, to ensure eligibility for membership and for internal statistical profiling and demographic analysis of members, event attendees and users of ESMO products and services. Profiling reports for internal use could include information about: gender, academic degree, profession, nationality, areas and topics of interest).

Credit Card Information

Credit Card information, along with other information related to specific transactions, is collected at the time of your order, request or application, and is used only for that particular transaction. Credit card information is encrypted and stored in our system only if you have explicitly expressed that you wish to have automatic renewal of the annual membership fee.

The financial record of the transaction is kept for 10 years for legal and audit reasons.
ESMO takes every precaution to ensure that this information is stored in a safe location and that it cannot be accessed by unauthorised parties. For further information about security, please refer to our Data Security Policy.

Email address

Your email address is mandatory when you use ESMO electronic services on the ESMO Website.

Electronic communication is for most purposes ESMO’s preferred method of communication because it is fast, environmentally friendly and efficient.

You are required to supply your email address when you create your ‘myESMO’ account on the ESMO Website, which enables you to access a variety of services online.

Unique Email Address

For your security, ESMO does not permit two different individuals to have the same email address in the system. You are strongly recommended to use an email address which is personal to you and that is not shared with others. This is to ensure that communications which are sent to you personally are not read by others, and that others do not gain access to the information in your ‘myESMO’ account. Furthermore, ESMO may use your email address to communicate with you about value added products linked either to your membership or your congress attendance.

Your unique email permits the automated retrieval of your login details, which are sent to your personal email address.

Data from surveys and questionnaires

ESMO conducts a number of surveys or questionnaires whereby we collect data from volunteer respondents about topics that are of interest to the Society or to the practice of oncology. The respondent data remains completely anonymous, unless the respondents specifically choose to share their contact data. Upon completion of the survey or questionnaire, the data is stored on ESMO's internal server. To ensure the complete anonymity of all respondents, all data collected is kept confidential and no individual respondent’s answers will be disclosed at any time by ESMO.

How ESMO uses personal information

Personal information is needed by ESMO to fulfil a contractual membership agreement, event registration contract and enable ESMO to fulfil its role in providing a wide range of services to its members, contributors and customers.

ESMO collects personal data for the following internal purposes:

  • Accounting and billing
  • Membership management
  • Account management for members and non-members who:
    • Register for an ESMO organised meeting or event (e.g. Congress, Examination, Fellowship, etc.)
    • Submit an abstract for an ESMO organised meeting or event
    • Subscribe to ESMO digital communications
    • Statistical reporting
    • Event logistics

The personal information which you supply may be specifically used to:

  • Enable ESMO to provide you with the products or services you request
  • Enable ESMO to communicate with you about specific matters regarding your transaction, e.g. Registration for an ESMO organised meeting or event, abstract submission, membership, application to participate in Society activities etc.
  • Enable ESMO to send you information about specific ESMO activities which it believes may interest you according to the information provided in the account creation process.

ESMO shares or provides access to minimal personal data with third parties and in some cases third parties outside of the EU (i.e. Registration for ESMO Asia) for the following purposes:

  • Group registration for Group Leaders or agencies inside and outside the EU 
  • Companies and Societies who scan badges at their stand in the Exhibition and collect this information for marketing purposes following the event
  • Member-checks with oncology organisations (i.e. Reciprocal Membership agreements, ESMO organised meeting or event partners)
  • Local Authorities or organisations for operational or administrative needs when organising meetings and events, membership verification, etc.

Badge scanners used by third parties (exhibiting societies and Satellite Symposia)

If you are attending an ESMO organised meeting or event you may be requested to have your badge scanned by third parties who wish to track their interaction with individuals.  Should you agree to have your badge scanned, the following information is transferred:  title, first name, last name, institute, department, profession, city, country, email address.  Processing of personal data must be in line with the GDPR and other applicable data protection laws, and third parties are responsible for and must be able to demonstrate compliance with the principles relating to the processing of personal data (which includes having a legal basis for processing).

On what legal basis do we process your personal data?

  • For fulfilment of contractual obligations
    • When you create an account with ESMO to become a member, submit an abstract, register for an ESMO organised meeting or event or sign up for a newsletter, ESMO collects personal information to fulfil our contractual obligation with you (with members and event participants) and to improve delivery of products and services.
    • For purposes of legitimate interests
      • Processing of personal data is necessary for ESMO’s legitimate business interests and the legitimate interests of customers. The information collected is generally used to prevent fraud, maintain network security, allow access to products and services, direct marketing, and improvement of our websites.
      • Due to legal obligations
      • For billing purposes, ESMO requires specific personal information to comply with tax requirements
      • As a result of your consent
        • ESMO allows you to access, change, remove the personal information submitted to us at any time

Data Transfer and Storage

For most processing activities your personal data will be stored in the ESMO database / CRM system, and subsequently in third party systems following data download via the badge scanners. In some cases, your personal data will also be transferred to countries outside of the EU (so called third countries). Please note that some of the jurisdictions in third countries do not offer the same level of data protection as the member states of the EU. ESMO applies administrative, physical, and technical data protection safeguards intended to ensure the confidentiality, integrity and availability of personal data.

Listed below are some of the security procedures that ESMO uses to protect your privacy:

  • A personal username and a password is required for users to access their personal data
  • Use of firewalls to protect information held in our servers
  • Limited number of ESMO employees and third parties who have access to your data
  • All ESMO employees must abide by our Privacy Policy regulations and be subject to disciplinary action if violated
  • Back-up our systems to protect the integrity of your data

Data integrity and confidentiality

  • The users can access to its own data:
    • Each user can access his/her reserved myESMO area using a secured password. The password does not appear while writing but is obscured by black circles.
    • An automatic locking mechanism logs out automatically any user from the system after a fixed time of inactivity.
    • The ESMO staff or its data processors can access the data
    • Data transfers are done only when necessary and via HTTPS in a folder located in SharePoint and protected with specific permission, the user is authenticated with strong password. Internal System data transfer is done through encrypted API method.
    • An Audit trail is available to track access and modifications
    • The ESMO network internal environment is segregated and monitored by a firewall, each vLan is scanned by antivirus and intrusion detection system. Outbound traffic is filtered by proxy system.
    • The ESMO local servers are physically accessible only with badge access control system and behind uninterruptible power supplies.

Data storage and availability

  • All information is securely kept in cloud servers, located in the European Union
  • ESMO protects itself against accidental or deliberate destruction or loss; data is regularly backed up and securely kept in ESMO servers in Switzerland (or in vendor’s servers, in the European Union (Daily back up strategy on-site, Monthly back up strategy off-site).
  • ESMO internal servers are configured to provide High Availability (HA) services, the physical servers are installed to have a complete redundancy of all components. A backup power source (UPS) are available to avoid hard server shutdown in case of complete power outage

Email privacy

ESMO respects the privacy of personal email addresses and complies with the current legislation on email communication (according to General Data Protection Regulation and the Swiss Data Protection Act). ESMO will not send you unsolicited email messages and will not contact you on behalf of third parties. Your email details will not be passed on to any other individual or organisation without your explicit permission. In the case of meeting registration, exceptions may be made (i.e. member checks for a meeting or event organised in partnership with ESMO) but full details of all cases are outlined in this policy. See Registration Terms and Conditions for full details.

If you wish to continue receiving valuable and informative communications from ESMO containing news, updates and products and services, you will need to opt-in to the types of communications you wish to receive:

  • ESMO news and announcements: Society news & notifications
  • ESMO organised meeting or event: Important dates, news and developments about ESMO organised meeting or event
  • ESMO OncologyPRO alert: Latest meeting and educational resources

Without your affirmative action, ESMO cannot send you communications.

How long is personal information kept?

Personal information supplied during a transaction with ESMO: As a rule, personal financial information is kept for 10 years as from the moment of transacting with ESMO.
This limit does not apply to informational about ESMO members, including Officers, where personal information and professional roles held within the Society is kept as part of  permanent, historical archive records of individuals involved with ESMO’s governing bodies (Committees, Working Groups, Task Forces, etc.). 

Disclosure of information and marketing

ESMO complies with Swiss (Switzerland and the Swiss data protection legislation) and GDPR. ESMO staff and contractors have a contractual responsibility to keep your information confidential.

Based on your consent, ESMO may share your address with certain contractors to perform specific services (such as to the publishers and distributors to deliver ESMO journals, etc.).  ESMO does not disclose personal information to any other person or organisation without your consent.

‘myESMO’ – Managing your contact with ESMO

Access to personalised services

You do not need to login to access most of the ESMO Website, but you do have to login to use personal services online and access certain restricted web content.

The details you provide ESMO may be combined with information from other ESMO records to:

  • provide you with online services like Abstract Submission, Registration for ESMO organised meeting or event, etc.
  • save you having to keep giving the same information for different ESMO services
  • allow you to access specific web content reserved for ‘myESMO’ users
  • help you to get more out of ESMO by keeping you up to date about ESMO activities, scientific developments, and products and services by email

Accessing your personal information

You may at any time manage your personal information held by ESMO by accessing the ‘myESMO’ area. If you are an ESMO Member, or have used ESMO products and services in the last three years, a record will already exist for you which you can potentially access by logging in online through:

  • use of your existing login details (username and password)
  • the ‘Retrieve your Login’ feature which, if your email address is recognised, will automatically send details of your username and a newly generated password (for your protection) to the email address given

Please note that ESMO does not permit more than one ‘myESMO’ account per person to ensure accuracy in communication and clean data on individuals. If an account already exists for you in the ESMO system, your new account will be matched to it within a reasonable time frame, but longer during or after an ESMO organised meeting or event periods for technical reasons.

If you do happen to create a second account, then you should be aware that ESMO will merge your membership and other information regarding products and services used between your accounts, and your contact details held by ESMO will be replaced by the new ones you entered.

Managing your personal information and Data Subjects Rights

According to Art. 15 – 21 GDPR, every data subject has the right to access, the right to rectification, the right to erasure, the right to restrict processing, the right of object, and if applicable – the right to data portability. Furthermore, if applicable on you, there is also a right to lodge a complaint with an appropriate data privacy regulatory authority (Article 77 GDPR).

In addition, every data subject can withdraw data processing consent at any given time. Please note that the withdrawal only applies to the future and that any pre-existing processing will not be affected.

You can access and change the personal information in your account at any time from your ‘myESMO’ homepage. Once logged in to your ‘myESMO’ account, you can view and update your personal details, email address and password. Usernames are unique and cannot be updated, you will need to contact membership@esmo.org.
Additionally, you may choose whether you wish to be kept informed by email of ESMO activities, products and services by using the e-News section. ESMO also asks you to provide optional information about your professional activities and interests to better understand your professional needs and improve the services it offers to you and to the oncology community in general.

Should you wish to speak to ESMO about your personal data, please contact us in either of the following ways:

European Society for Medical Oncology
via Ginevra, 4
6962 Lugano
Switzerland
Tel: +41 (0)91 973 19 00

Data security

To protect your information, ESMO uses an industry standard security protocol called Transport Layer Security (TLS) to encrypt the transmission of sensitive information between you and our website.

TLS is used, for example, when you login or when you make a credit card payment. To verify if transmissions are encrypted, look for the lock on your web browser or check that the URL starts with https://.

The online purchase through our websites are safe encrypted connections.

Despite ESMO’s efforts to protect your personal data, there is always some risk that an unauthorised third party may find a way around our security systems or that transmissions of information over the Internet will be intercepted. ESMO is not responsible or liable for any loss or damage of any sort arising from or relating to any breach of our security or interception of your transmissions (see Terms of Use).

Use of Cookies

Cookies are pieces of information that a website transfers to your computer’s hard disk for record keeping purposes. They are small text files that a website can use to recognise repeat users and facilitate their ongoing access to, and use of, the site. They do not pose a threat to your system or files.

The use of cookies is an industry standard, and many websites use them to provide useful features. Cookies in and of themselves do not personally identify users. Most browsers are set initially to accept cookies. You can set your computer to reject cookies. However, if you do choose to disable cookies, you will not be able to enjoy the full range of online services available through the ‘my ESMO’ area.

When you use our websites, services, applications, messaging and tools, ESMO or authorised service providers collect information such your IP address, geographical location, referral source, length of visit and pages viewed. 

The technical cookies which are used for site usage are not analysed or read by ESMO by any means

We use analytics cookies and tracking in an aggregate manner to operate and improve the websites and for marketing analysis where the personal information is completely anonymised since it is summarised. More info about analytics in the paragraph below.

Use of web analytics

As a website gathers individual pieces of Information from its users, it may combine similar data from many or all the users of the website into one big “batch.” This sort of statistical information is called aggregate data because it reflects the habits and characteristics of a large group of anonymous people. Websites may use aggregate data or share it with business partners so that the information and services they provide best meet the needs of the users. Aggregate data also helps advertisers and sponsors on the Web know how effectively they are reaching and meeting the needs of their target audience.

Click Stream Information. A record of all the pages you have visited during your visit to a Website or the services you accessed from the site or from an email. Click Stream Information is associated with your browser and not with you personally. It records the archives of your browser.

(1) ESMO android Apps use Google Analytics App Tracking, an analytics service provided by Google, Inc. (“Google”). Google Analytics App Tracking uses “ID’s”, which are identifier generated and saved on your device, to help us analyse how the app is being used across users. The information about your use of the app (including your IP address) which is generated by the ID will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymisation, Google will truncate/anonymise the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. 

Google will use this information on our behalf for evaluating your use of the app, compiling reports on your activity in the app and other services relating to app activity and internet usage to us. Google will not associate your IP address with any other data held by Google. 

You may refuse the logging of the information about your use of the app (including your IP Address) generated by the ID of Google Analytics App Tracking by selecting “disable Google Analytics” in the settings of the app. Henceforth, any further tracking will be stopped as you will have “opted-out“ by selecting the disable setting. However, please note that this applies only to this version of the app. In other apps tracking still might be activated. 

In this app the IP anonymisation is activated. 

More information about the terms and conditions and the privacy policy can be found under  http://www.google.com/analytics/terms/ and  https://www.google.com/policies/ 

(2) You have the possibility to create notes and bookmarks.

iOS user: This data will not be saved on your device and will be lost in the case of an app update or the reinstallation of the app on your device. We therefore recommend you use the backup software provided by Apple to save your notes and bookmarks on iCloud so that you may restore your data. iCloud is a could service provided by Apple; please review the respective disclaimer and privacy policy from Apple.

Android user: This data is stored on the SD card of your device and can be restored in case of app updates or reinstalling the app. If you change the location / file storage of backups manually, the app is unable to access your notes and bookmarks. 

(3) You also have the possibility to send a feedback e-mail directly from the app. In the e-mail template, the software version of your device, the app version as well as the type of your device will be automatically included. This information is necessary to process your request; you do, however, have the option to delete this information from the e-mail, if you choose not to send it to us. Your data will remain with us only for the duration of time it takes to process your request. 

The ESMO Events app and ESMO Academy app require login on a third party platform (Conference Compass and SpotMe respectively) for authorisation and platform access. These third parties confirm GDPR compliance.

Conclusion

If you have any further questions about the ESMO Privacy and Security Policy or its implementation, or if at any time you believe that ESMO has not adhered to the principles stated in this Policy, please contact us by email (select 'Membership').

 

Last update: 24 September 2018