The European-African Hepato-Pancreato-Biliary Association (E-AHPBA), the Organiser of the 14th Congress of the E-AHPBA and ERCISA as the Local Professional Conference Organiser (PCO) are required to comply with the GDPR which regulates the processing of Personal Data in commercial transactions.  For the purpose of the above laws, the terms “Personal Data” and “processing” shall have the meaning as prescribed in the GDPR.

14th Congress of the E-AHPBA will be managed by E-AHPBA and ERCISA as the Local Professional Conference Organiser (PCO) appointed by the Organiser and their scope of services includes, among others, administrative work, speakers and participants management, financial management, sponsorship and exhibitors management including promotion and marketing.

For the purpose of the above laws, the terms “we”; “us” or “our” refers to E-AHPBA as the Data Controller and ERCISA as Data Processors whose address is presented below:

• Data Controller
  The European-African Hepato-Pancreato-Biliary Association 
  Email address: carrie@eahpba.org 
  Postal address:  13 Whittingehame Drive, Glasgow, G12 0XT, United Kingdom
  Telephone: +44 (0) 141 530 2760

• Data Processor (On behalf of E-AHPBA)
  ERCISA, Eventos y Servicios
  Postal address: Telesforo Aranzadi, 2, 1º Dcha, 48008 Bilbao, Spain
  Email address:   congress@eahpba2021bilbao.com
  Telephone: +34 (0) 94.410.41.77

For any question related to your registration or the development of the 14th Congress of the E-AHPBA, as well as any question related to the treatment of your Personal Data, including those derived from the exercise of the rights granted to you by the regulations on data protection, you can contact ERCISA by the means indicated above (congress@eahpba2021bilbao.com).

You provide the data yourself when you register for the 14th Congress of the E-AHPBA through this website or contact us for information.

By providing us with your data, you guarantee that you are qualified to do so, and that the information is true and up to date. You have the responsibility to keep your data correct and updated, declining all responsibility both the person responsible for the treatment and those in charge in case of not doing so.

The Personal Data collected by E-AHPBA and ERCISA is the information you provide directly to us which may include, but not limited to:

• Your name;
• Nationality;
• Gender;
• Passport number;
• Position;
• Address;
• Telephone;
• Your email address;
• Special categories of data, specifically relating to your health, in case of Dietary requirements;
• Images and videos of you when you attend 14th Congress of the E-AHPBA.
  During the Congress we may take photographs or videos, to inform and publicise the 14th Congress of the E-AHPBA, as well as to document and form part of the audiovisual memory of the event.

These images may be published both on the Internet (on this website, on the website of E-AHPBA and on their social network profiles), and on paper including but not limited to: memories, brochures, programmes, magazines, advertising or informative posters and other stationery.

If you do not want to be featured or recognised in images, we recommend that you try not to be in the front rows or in front of the cameras.

• Data we derive through your interaction with us.
  In this case, the categories of data that may include are: the IP address of the user, the date and time of the visit, the URL of the site from which the user comes, the pages visited on our website, information about the browser used (type and version of browser, operating system, etc.)
  
  
• Communication of third-party data: With respect to other people's data, you must respect their privacy by taking special care when communicating or publishing their Personal Data. Only the owner can authorise the processing of his/her Personal Data. The publication of data of third parties without their consent may infringe, in addition to the regulations on data protection, the right to honour, privacy or the image of such third parties.
  
  If you provide us with the data of third parties, it is your responsibility to have their prior and express consent to use them, and it is your duty to inform them of the treatment we are going to carry out with their data. By accepting this Privacy Policy, you expressly guarantee that you have the authorisation for such contribution, exonerating us of any responsibility in case of any claim by interested persons.

We will only use your personal information for our legitimate business purposes as set out in this privacy notice. The Personal Data collected and processed by E-AHPBA and ERCISA amongst others, are for the following purpose:

• Registration, abstract submission and administrative work related to the 14th Congress of the E-AHPBA;
• Programmes;
• Tax invoices;
• Updates;
• Information about 14th Congress of the E-AHPBA by means of electronic newsletters, flyers or notices about programme updates. Since we already have a prior contractual relationship with attendees, we will send such communications based on our legitimate interest. In the case of not having a previous contractual relation, we will only send you this type of communications if you authorise it by marking the option that is expressly included to the effect in the corresponding forms. The electronic communications that we send you will include, in the communication itself, the option to stop receiving them by writing us to congress@eahpba2021bilbao.com. If you choose to do so, we will no longer send you this type of communication in the future.
• Certificates of attendance;
• Social Programme Information;
• Invitation letters for visa applications;
• Attendees’ list;
• Mobile App;
• To manage our relationship with you or comply with our contractual obligations.
• To communicate with and from you by email on: 

• All the above matters related to the 14th Congress of the E-AHPBA;
• Enquiries by or about you;
• Complaints by or about you;
• All administrative and legitimate matters related to 14th Congress of the E-AHPBA.

The Personal Data held by us shall be kept confidential and in a protected and secure manner. However, we may disclose your Personal Data to:

• Regulatory and governmental agencies as permitted or required by law, or to meet obligations to regulatory authorities.
• To banks: for the management of collections and payments.
• To insurers in case of travel insurance or travel cancellation insurance. 
• To the entities to which there is a legal obligation to perform data communications (Tax Administration, etc.)
• To the promoter of the event and/or to the management body of the venues in which the event is held to manage the security of the event and the access to it. 
• To hotel, airlines and/or correspondent travel agencies at the place of destination, reservation centres or car rental companies for the purpose of managing accommodation reservations, transport tickets or car rental.
• To international embassies to issue a visa to enable traveller access to the country of destination where required. 
• Everyone attending the 14th Congress of the E-AHPBA requires an official, printed badge. The information displayed will be provided by you during registration – either online or on site.

The legitimacy for the treatment of your data is the fulfilment of the contractual legal relationship as a participant in the 14th Congress of the E-AHPBA. The provision of the requested data is obligatory as it is essential to formalise and/or maintain this contractual relationship and to fulfil the legal obligations derived from it; if you do not provide the data, we will not be able to provide the service derived from this relationship.

Your specific consent to process sensitive data subject to special protection (such as data relating to your health). This consent is given to us by accepting the Privacy Policy in the registration form. You can withdraw that consent at any time by sending an email in this regard to congress@eahpba2021bilbao.com. Such withdrawal will mean that we cannot process your health data for the purposes of the 14th Congress of the E-AHPBA.

It can also be the fulfilment of a regulation or legal obligation that affects us: such as those established in the fiscal regulation, tributary, of consumers and users, etc.

Our legitimate interest as an organisation is also a legal basis for processing your data. In accordance with recital 47 of the GDPR, we are interested in informing you of our activities, including through electronic communications. If we already have a prior contractual relationship with you as an attendee of the 14th Congress of the E-AHPBA, we will send such communications based on our legitimate interest. Otherwise, we will only send you this type of communication if you give us your consent by ticking the option that is expressly included for this purpose in the corresponding forms.

We have a legitimate interest in taking photographs and/or filming videos, to inform about and/or publicise the 14th Congress of the E-AHPBA, as well as in documenting it. These images may be published both on the Internet (on this website, on the website of E-AHPBA and on their social network profiles), and on paper (memories, brochures, programmes, magazines, advertising or informative posters and other stationery).

In the event that you do not want your image captured and/or published, please try not to be in the front rows or in front of the cameras.

In case of using service providers located outside the European Union, who may have access to Personal Data, for the provision of services ancillary to our activity (accommodation, housing, SaaS, remote backup, computer support or maintenance services, email managers, sending emails and email marketing, etc.), we will choose companies adhering to the privacy shield agreement between the US and the EU, or belonging to countries that have been declared as countries with an adequate level of protection, which means that they are obliged to comply with requirements equivalent to those of Europe in terms of data protection. By accepting this Data Protection Policy, you expressly and unequivocally authorise the communication of data to these companies, knowing that this implies an international transfer of data to a country not belonging to the European Economic Area and giving your unequivocal consent to said transfer.

The security of your Personal Data is ensured by the E-AHPBA, Organiser of 14th Congress of the E-AHPBA and we shall take all physical, technical and organisational measures needed to ensure the security and confidentiality of your Personal Data.

If we disclose any of your Personal Data to any entities in paragraph 5, we will require them to appropriately safeguard the Personal Data provided to them.

Please note that while we will endeavour to take all reasonable measure to protect your Personal Data, you should similarly take all necessary precautions, such as implementing strong passwords, limiting access to your computer and avoiding misplacing any documents or access passwords.

BREACH OF DATA SECURITY

E-AHPBA will notify you and data protection authorities within 72 hours of discovering a security breach.

The Personal Data that you provide us with will be kept as long as the contractual relationship, derived from the attendance at the 14th Congress of the E-AHPBA, is maintained and once this has ended, as long as the interested person does not request its suppression. Even if the deletion is requested, we will be able to keep them for the necessary time and limiting their treatment, only for:

• To comply with the legal/contractual obligations to which we are subject, 
• and/or within the statutory time limits for the limitation of any liability on our part, 
• and/or the exercise or defence of claims arising from the relationship maintained with the person concerned.

You may, when appropriate, exercise your rights of access, rectification, deletion, limitation and opposition to its treatment, as well as other rights, at the postal or electronic mail address indicated at the beginning of this Privacy Policy; in both cases by written and signed request enclosing a copy of your ID or passport or other valid document that identifies you. In case of modification of your data must be notified at the same address, declining this entity all responsibility in case of not doing so.

• Right of access: You can ask us what Personal Data we are processing and ask us for a copy of it. 
• Right of rectification: You can ask us to rectify inaccurate or incomplete Personal Data, including by means of an additional declaration. 
• Right of deletion (right to forget): You can ask us to delete your Personal Data when: they are not necessary for the purposes for which they were collected, you withdraw your consent, there has been an unlawful processing of them or by compliance with a legal obligation. 
• Right to limitation of treatment: You can ask us to limit the treatment of your data, in which case we will only keep them for the exercise or defence of claims. 
• Right to object: You may object to the processing of your data if such processing is based on the legitimate interest of the controller or is for advertising purposes.

Once we have received any of the above requests, we will respond within the legally established deadlines. You can complain to the Spanish Data Protection Agency. If you would like more information about the rights you may exercise and for requesting model forms for the exercise of rights, you may visit the website of the Spanish Data Protection Agency, www.aepd.es

I agree and acknowledge that I have read the Privacy Notice. I am undertaking participation in 14th Congress of the E-AHPBA and activities at my own free and intentional act. I give this acknowledgement freely and knowingly and that I am, as a result, able to participate in 14th Congress of the E-AHPBA and I do hereby assume responsibility for my own wellbeing and safety.

We regularly review and, where necessary, update our privacy information. This Privacy Policy was last updated on 27 January 2020.