GDPR

1. Introduction

At UEMS ORL board meeting, we are committed to protecting your personal data in compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable national data protection laws. This Privacy Notice explains how we collect, process, store, and protect your personal data when you register for our conference.  

By submitting your registration, you acknowledge that you have read and understood this Privacy Notice.  

2. Data Controller & Contact Information  

The Data Controller responsible for your personal data is:  

Organisator: UEMS ORL represented by host: Miro Tedla, MD, MPH, PhD 

e-Mail address: uemsorl2025@gmail.com

Phone Number:  +421910214805

For any inquiries regarding data protection, you can contact our Data Protection Officer (DPO) at: tatianachrenekova@gmail.com or uemsorl2025@gmail.com.

3. What Personal Data We Collect

When you register for our conference, we collect and process the following types of personal data:  

Mandatory Data (Required for Registration) 

- Full Name  

- Email Address  

- Phone Number  

- Job Title & Organization (if applicable) 

- How long do you plan to stay 

- If you are accompanied by someone

Optional Data (Depending on Your Preferences) 

- Programme for accompanying people (if noted)  

- Dietary Preferences (if noted)  

- Accessibility Requirements (if noted)  

- Billing Information (if noted)  

- Social Media Handles (if noted)

Sensitive Data (Only if Explicitly Provided) 

- Any health-related information for accessibility or dietary requirements (if noted)  

We will only process sensitive data when necessary and with your explicit consent as per Article 9. of GDPR.  

4. Purpose of Data Processing & Legal Basis  

We process your personal data for the following purposes:  

• Processing your conference registration 

• Sending event-related updates and information 

• Managing payments and issuing invoices (if applicable) 

• Providing dietary and accessibility accommodations 

• Sending marketing emails (if you opt-in)

• Ensuring security and compliance with event regulations 

We will only use your data for the purposes stated above and will not process it in a way that is incompatible with these purposes.  

5. Data Retention Policy 

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice. Our retention periods are as follows:  

• Registration Data | Up to 12 months after the event |  

• Invoices & Payment Data | 5-10 years (for tax/legal obligations) |  

• Marketing Preferences | Until consent is withdrawn |  

• Accessibility & Dietary Data | Deleted after the event |  

After these periods, your data will be securely deleted or anonymized unless required for legal obligations.  

6. Data Sharing & Third Parties 

We do not sell your personal data. However, we may share it with:  

- Conference Service Providers (e.g., venue organizers, catering, registration platforms)  

- Payment Processors (for ticket payments, if applicable)  

- Legal Authorities (if required by law)  

All third-party service providers are required to comply with GDPR and protect your data appropriately.  

7. Data Transfers Outside the EU/EEA  

If any of our service providers are located outside the European Economic Area (EEA), we ensure that appropriate safeguards (e.g., "Standard Contractual Clauses" approved by the European Commission) are in place to protect your data.  

You may request a copy of these safeguards by contacting us.  

8. Your Rights Under GDPR 

Under GDPR, you have the following rights regarding your personal data:  

1. Right to Access (Article 15 GDPR) – Request a copy of your personal data.  

2. Right to Rectification (Article 16 GDPR) – Correct inaccurate or incomplete data.  

3. Right to Erasure ("Right to be Forgotten") (Article 17 GDPR) – Request deletion of your data (subject to legal obligations).  

4. Right to Restriction of Processing (Article 18 GDPR) – Limit how we use your data.  

5. Right to Data Portability (Article 20 GDPR) – Obtain your data in a structured format.  

6. Right to Object (Article 21 GDPR) – Object to data processing based on legitimate interests.  

7. Right to Withdraw Consent (Article 7(3) GDPR) – Withdraw consent for optional data processing (e.g., marketing).  

8. Right to Lodge a Complaint – File a complaint with a data protection authority if you believe your rights have been violated.  

To exercise your rights, contact us at tatianachrenekova@gmail.com.

9. Security Measures 

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, or loss. These measures include:  

• Data Encryption (for secure storage and transmission)  

• Access Controls (limiting access to authorized personnel only)  

• Regular Security Audits (to assess vulnerabilities)  

10. Updates to This Privacy Notice  

We may update this Privacy Notice from time to time to reflect changes in legal requirements or event operations. Any updates will be communicated via email or on our website.  

Last Updated: 17th March 2025