A. Data protection
Please note that data transmitted via the internet (e.g. via email communication) may be subject to security breaches. Complete protection of your data from third-party access is not possible. ENETS processes the personal data of its members, customers and ENETS’ events and educational offers as well as applicants for grants and abstracts.
Continuous technological development, changes to our services or to the legal situation, as well as other reasons may require adjustments to our data protection information. We therefore reserve the right to change this data protection declaration at any time and ask you to inform yourself regularly about the current status.
Responsible for processing data is the following controller:
ENETS – European Neuroendocrine Tumor Society (ENETS e.V.)
Langenbeck Virchow Haus
10117 Berlin, Germany
The responsible party is the natural or legal person who, alone or jointly with others decides on the purposes and means of processing personal data (names, email addresses, etc.).
C. Purpose of Processing
ENETS processes personal data in accordance with the provisions of the EU Data Protection Basic Regulation GDPR (in German: DSGVO) and the Federal Data Protection Act (BDSG)
a) For the fulfilment of contractual obligations [Art. 6 Abs. 1 lit. b) DSGVO/GDPR] - the processing of personal data takes place to safeguard the rights and obligations of our members, such as the payment of membership fees and regular contact via email to update you on ENETS and current topics in the field of neuroendocrinology. Furthermore, ENETS processes event participants’ personal data in order to facilitate onsite registration and answer any inquiries prior to the event, as well as to verify incoming payments.
b) For reasons of legitimate interest [Art. 6 Abs. 1 lit. f) DSGVO/GDPR] - if necessary, ENETS may collect the addresses or email addresses of experts, who are necessary for initial contact and correspondence as part of our continuing education offers. ENETS only uses non-sensitive and publicly accessible data of all data subjects.
c) With your consent [Art. 6 Abs. 1 lit. a) DSGVO/GDPR] – ENETS will only process your personal data for specific purposes if the data subject has given consent to their data being processed. The data subject can withdraw their consent at any time by contacting ENETS Office at firstname.lastname@example.org.
D. Server log files
The website provider automatically collects and stores information that your browser automatically transmits to us in "server log files". These are:
- Browser type and browser version
- The operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address.
This data will not be combined with data from other sources. The basis for data processing is Art. 6 (1) (b) DSGVO/GDPR, which allows the processing of data to fulfil a contract or for measures preliminary to a contract.
E. Recipients or Categories of Recipients of Personal Data
Your data will only be used so that ENETS can fulfil its contractual obligations and statutory duty or in cases where it is necessary for its internal organisation (for IT or business purposes). ENETS will take reasonable steps to ensure that your personal data is handled in compliance with statutory requirements. Only ENETS staff members will process your personal data. All ENETS staff members are required to handle your data confidentially and know how to handle your personal data.
Your personal data will not be forwarded to a third party (to any party outside of ENETS) except in cases where you have already provided consent or where there is a solid legal basis.
The following groups of recipients are subject to statutory obligation:
- Public authorities, supervisory authorities and supervisory bodies, e.g. tax authorities, jurisdiction authorities and law enforcement, e.g. police, public prosecutor’s office, courts, lawyers, attorneys, solicitors and notaries, e.g. in insolvency proceedings: tax advisors and auditors.
Moreover, ENETS employs several service providers (processors in accordance with Article 28 of the General Data Protection Regulation (GDPR)), who are contractually bound to GDPR requirements and who are monitored for compliance. Such providers include IT contractors, billing software, telecommunications, sales, and marketing consultants. Service providers may only process personal data in accordance with ENETS’ instructions and shall use the data for these purposes only.
Except in cases where confidential information is disclosed to service partners such as logistic service providers – in such cases, the logistic service providers will receive all necessary data for independent use. ENETS restricts itself to delivering only the necessary data.
You can register on our website in order to access the additional functions offered here. The input data will only be used for the purpose of using the respective site or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise, we will be unable to accept your registration.
To inform you about important changes, such as those within the scope of our site or technical changes, we will use the email address specified during registration.
We will process the data provided during registration only based on your consent per Art. 6 (1)(a) DSGVO/GDPR. You may revoke your consent at any time with future effect. An informal email request is sufficient. Any data processed before we receive your request may still be legally processed.
We will continue to store the data collected during registration for as long as you remain registered on our website. Statutory retention periods remain unaffected.
G. Contact form
If you contact us via the contact form, any data you provide will be processed according to Art. 6 paragraph 1 lit. b DSGVO/GDPR. We require at least the following set of data to contact you:
User data may be stored in a customer relation management (CRM) system or a similar system. We will delete all data if the purpose for its storage no longer pertains; data clean-ups will be performed every two years. Mandatory data retention periods remain unaffected by this provision.
H. Access to Your Personal Data
Only ENETS staff members have access to your personal data provided it is necessary for ENETS to fulfil its contractual and legal obligations. ENETS external service providers may also receive data for specific purposes. All the above-mentioned persons are contractually obliged to comply with the requirements of the GDPR and all other data protection relevant regulations.
The transfer of personal data to third countries or international organisations in principle does not apply. In individual cases, however, we use selected service providers based in the USA. In these cases, we would like to point out that there is currently no final decision by the EU Commission within the meaning of Article 40 of the GDPR. This means that the EU Commission has not yet positively determined that the country-specific level of data protection in the USA corresponds to that of the European Union on the basis of GDPR.
The GDPR requires so-called appropriate safeguards for a data transfer to a third country or to international organisations, Art. 45 GDPR. We would like to emphasise that we have agreed with our service providers on EU data protection regulations and standard contracts approved by a supervisory authority and have continued to take additional measures to secure personal data as well.
For processing customer inquiries, ENETS uses Freshdesk - a ticket system from the supplier Freshworks. As such, there is a transfer of data to a third country, in this case the USA. Freshworks complies with the requirements of the German data protection standard.
ENETS uses Google Analytics for its website analysis; anonymous data is transferred to the USA within this framework. The legal basis for this is an addendum with Google for data processing. Google Analytics is implemented by ENETS in accordance with the law: all users have the option to use the ENETS privacy page to stop anonymous web tracking altogether or only for our website.
For webinar purposes, ENETS uses VIMEO as an embedded iframe on MY ENETS. VIMEO implements its own tracking system, which is beyond the of ENETS responsibility. By watching ENETS videos on the ENETS website, you also agree to the conditions of VIMEO: https://vimeo.com/privacy
For webinar, conference and advisory board or task force/working group purposes, ENETS uses Zoom or Microsoft Teams. Both platforms use their own tracking system, which is beyond ENETS’ responsibility. For more information, please look at the respective privacy policies:
- Zoom: https://zoom.us/privacy
- Microsoft Teams: https://www.microsoft.com/en-us/microsoft-365/blog/2020/04/06/it-professionals-privacy-security-microsoft-teams/
- WONDER ME: https://www.wonder.me/privacy-policy
For virtual, hybrid and physical conferences, ENETS may contract service partners, who on their side contract technical partners providing the platform and technical services.
Our service providers within the framework of the organisation of the ENETS events 2022 are:
event lab GmbH
LamdaLogic Informationssysteme GmbH
Karlsruher Straße 11
AI ANTWORT: INTERNET GmbH
Agentur für digitale Business-Lösungen
The participant registration page is operated by our service provider event lab. GmbH via Lambdalogic.
During registration, personal data (e.g., name, address, contact information, etc.), as well as detailed data required for processing (e.g., desired type of registration, type of participant, additional booking options) are collected; in addition, payment information (account details, credit card details) may be requested under certain circumstances (and depending on the options selected). If applicable, statistical data such as profession, field of study, etc. will also be collected.
ENETS will receive usage data in order to assign UEMS-CME credit points and provide reliable conference statistics.
Payment Service Provider (PSP) Ogone, Ingenico Payment Services
On the conference registration website, among other things, payment by "credit card payment with Ogone" is offered. The provider of this payment service is Ingenico e-Commerce Solutions GmbH, Daniel-Goldbach-Str. 17-19, 40880 Ratingen (hereinafter "OGONE").
If you select payment via Ogone, the payment data you entered will be transmitted to Ogone. The transmission of your data to Ingenico e-Commerce Solutions GmbH is based on Art. 6 para. 1 lit. a DSGVO (consent) and Art. 6 para. 1 lit. b DSGVO (processing for the performance of a contract). You have the option to revoke your consent to data processing at any time. A revocation does not affect the validity of past data processing operations. For details on payment with Ogone, please see the following link: https://ingenico.de/payment-services.
Connected to the virtual conference platform and its virtual meeting rooms, there are also subpages from supporters of the conference. These pages fall completely within the responsibility of the respective company. ENETS takes no responsibility for the content as well as potential links to other websites which might be offered there.
ENETS will not share any personal data with such companies unless required by national law, e.g. for compliance reasons.
Most of the cookies we use are so-called "session cookies." They are automatically deleted after your visit. Other cookies remain in your device's memory until you delete them. These cookies make it possible to recognise your browser when you next visit the site.
J. Tracking Service Google Analytics
This website uses Google Analytics, a web analytics service. It is operated by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. Google Analytics cookies are stored based on your consent Art. 6 (1) (a) DSGVO/GDPR, which we confirm via the consent banner.
We have activated the IP anonymisation feature on this website. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases will the full IP address be sent to a Google server in the US and shortened there. Google will use this information on behalf of the operator of this website to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and internet usage for the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.
Demographic data collection by Google Analytics
This website uses Google Analytics' demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described in the section "refusal of data collection".
Objecting to the collection of data
You can prevent the collection of your data by Google Analytics by clicking on the following link. An opt-out cookie will be set to prevent your data from being collected on future visits to this site.
K. Payment methods
If you enter into a contract which requires you to send us your payment information (e.g. account number for direct debits), we will require this data to process your payment. Data processing in connection with payment is based on your consent in accordance with Art. 6 (1) (a) DSGVO/GDPR or on the basis of a contractual relationship per Art. 6 (1) (b) DSGVO/GDPR .
Payment transactions are only made via encrypted SSL or TLS connections. In the case of encrypted communication, any payment details you submit to us cannot be read by third parties.
You have the option of transferring the payment to ENETS using the payment service provider Unzer. In this case, your data will be passed on to Unzer GmbH, Vangerowstraße 18, 69115 Heidelberg, as part of the transaction processing. The transfer takes place on the basis of your consent in accordance with Art. 6 (1) (a) DSGVO/GDPR and only insofar as this is necessary for the payment processing. You can object to this processing of your data at any time by sending a message to Unzer. Further information on your data processing by the payment service provider Unzer can be found here: https://www.unzer.com/en/datenschutz#datenschutzhinweise-gem-art-1314-und-21-dsgvo
L. Interactive Map
M. Data Storage Duration:
ENETS processes and stores your personal information providing it is necessary for the fulfilment of its contractual and legal obligations. Data that is no longer required for the fulfilment of contractual or legal obligations will be deleted on a regular basis. ENETS distinguishes between the various groups of affected persons accordingly:
1. Members: ENETS processes and stores your personal information such as title, first name and surname, address, telephone number, fax, and email address as well as account data providing it is necessary for the fulfilment of its contractual and legal obligations. Membership data shall be kept for ten years from the date of the last invoice in order to comply with statutory requirements. Since invoice documents are electronically assigned to the respective master data record, the corresponding data record must also be retained for ten years.
Personal data of members who become functionaries in ENETS committees will be displayed on the website (portrait photo, title, first name and surname and short biography). Committee members may object to the use of their personal data.
2. Customers: ENETS processes and stores your personal information (first name and surname, email, job title, pseudonymised account data) providing it is necessary for the fulfilment of its contractual and legal obligations.
3. Conference participants: Participant master data (such as title, first name and surname, address, telephone number, fax, and email address as well as account data) is stored for ten years from the date of the last invoice to comply with statutory requirements [§ 257 (1) Nr. 1 and Nr. 4 HGB]. Since invoice documents are electronically assigned to the respective master data record, the corresponding data record must also be retained for ten years. If the participant indicates during his online registration that he would not like to receive future information on ENETS events, the data set will be deleted upon individual request.
4. Learners/UEMS accredited e-learning: Credentials and results of webinar tests, for which UEMS training credits are awarded, will be kept or stored for one year after the course accreditation expires. Thereafter the data will be deleted.
5. Applicants - grant applications: Data and documents pertaining to grant applications (title, first name and surname, address, telephone number, fax and e-mail address as well as account data, names and institutions of co-authors, address of your institution) will be kept or stored for ten years.
6. Applicants - conference abstract applications: Data and documents pertaining to conference abstract applications (title, first and last name, address, telephone number, fax, and email address as well as account data, names and institutions of co-authors, address of your institution) will be kept and stored for ten years.
Data sets of conference abstracts will be made available to members and customers in the form of Portable Document Format files (PDF) in the ENETS Media Library and will only be deleted upon request.
N. Rights and Obligations
You may request insight into your personal data and/or revoke your consent to the processing of personal data at any time. This also applies to the revocation of declarations of consent that were issued to ENETS prior to the validity of the EU General Data Protection Regulation, i.e. before 25 May 2018. Please note that the revocation will only take effect in the future. Any processing that occurred before the revocation is not affected.
You also have certain data subject rights, which include:
- The right to obtain confirmation from ENETS as to whether or not your personal data is being processed. If that is the case, you have access to your personal data.
- You may request ENETS to rectify (correct) incorrect or inaccurate personal data. Incomplete data is to be completed taking the purposes of the processing into account.
- In certain circumstances, you may request ENETS to delete your personal data. If the conditions are met, we have the obligation to delete your personal data without undue delay.
- You have the right to request ENETS to restrict how your data is processed. In such cases, ENETS will not delete your data but will restrict how this data will be processed.
- You have the right to receive your personal data (which you have provided to ENETS) in a structured, commonly used, and machine-readable format. Under certain conditions, you also have the right to transmit this data to another controller without hindrance from ENETS.
- You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your personal data has infringed the data protection laws.
Please note that it is necessary for ENETS to ensure that any information or data to be provided should not be disclosed to unauthorised third parties. In order to confirm the identity of the customer, ENETS can and will request additional information according to paragraph 6 of Article 12 of the GDPR. As part of the membership or business relationship, you must provide the personal information necessary to enter into a business relationship so that ENETS can fulfil its contractual and legal obligations. Without this data, ENETS will in general will be unable to execute the order; additionally, ENETS will be unable to complete an existing contract and will possibly have to terminate it.
Thank you for your continued trust and support.