Privacy Policy 

1. INTRODUCTION 

This privacy policy applies to our website (www.aceoncology.org) (hereinafter: “our website”) and all services, products and communications (hereinafter: “services”), provided by ACE Oncology, B.V. (hereafter: “we,” “us” or “our”). In this privacy policy, we describe our privacy practices as they pertain to your use of our services. Please note that this privacy policy and our cookie policy forms part of our terms of use, which you agree to when you use our services. This privacy policy is updated regularly. The latest version is published on our website and takes effect from the day of publication. 

2. DEFINITIONS 

For a proper understanding of this privacy policy, some knowledge of legal definitions is helpful: 

What are “personal data”? 

Personal data refers to any information related to an identified or identifiable natural person. There are general and special personal data. Special personal data are data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health, genetic data, biometric data which may identify you as a unique person, and data concerning a person’s sex life or sexual orientation. All other data which may identify you as a natural person are general personal data. In this privacy policy we will use the general term “personal data” or “data”, unless otherwise specified. 

What is “processing” of personal data? 

Processing means any operation, whether or not automated, which is performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, making available, combination, restriction, erasure, or destruction. In this privacy policy and for reasons of readability we will use the words “collect(ing)”, “use/using” and “process(ing)” to refer to the legal definition of processing. 

What is a “data subject”? 

A data subject is any living natural person whose personal data are processed. For reasons of readability we will use the words “person” and “you(r)” to indicate the data subject. 

What is a “controller” 

A controller is the legal person who determines the purposes and means of the processing of personal data. In this privacy policy, that’s us. 

What is a “processor” 

A processor is a legal person who processes personal data on behalf of and at the instructions of the controller. 

What does “GDPR” mean? 

GDPR means General Data Protection Regulation, the European regulation on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, adopted by the European Parliament and the European Council on April 27, 2016, and current as of May 25, 2018. 

3. COLLECTING PERSONAL DATA 

What personal data do we collect? 

We collect personal data directly from you or indirectly from third parties, such as our business partners and/or third-party vendors. 

The personal data we collect are always and merely connected to you in your professional capacity. The data we collect include your names (first names, last name), gender, title, company name and company address, email address, telephone numbers, degrees, professional specialties, special professional interests, billing data such as credit card numbers or bank account numbers, possible billing address, and personalized registration numbers for events. If you ask us to book a flight or a hotel, we also collect location data (travel data). When you are a faculty member who contributes to one of our services (symposia, meetings, etc), we assess whether there are relevant financial relationships that may influence the content of your contribution and/or our services. Sometimes we ask faculty members to provide us with recent photographs to use on our promotional material. 

We do not collect special personal data, except for _ at your request _ dietary information or special needs which may (or may not) relate to your health or religious beliefs. 

When do we collect personal data? 

Your personal data are collected when: 

  • you make an account on our website 
  • you register (or are registered with your consent) for one of our events and/or other services 
  • you contribute to symposia,  meetings, presentations, or surveys, and/or you contact us or we contact you to do so 
  • you will be reimbursed for any contribution to our services 
  • you ask us to provide extra services such as booking flights or hotels 
  • you engage with us on or through social media (by mentioning/tagging us or by contacting us directly) 
  • one of our business partners provides us with a list of personal data to provide specific services and/or these lists are provided by third-party vendors. 
  • you have confirmed intent to participate as chair or faculty member in one of our programs 

Do we collect data of patients? 

No, we do not. All information concerning patients’ personal data is always anonymized before we receive it. 

Do we collect data of children? 

No, we do not. Our business is not aimed at children. 

4. USE OF PERSONAL DATA 

How we make use of personal data? 

We use the personal data that we collect to provide you with the information and services that you expect and/or request from us. This may be access to (online) events, meetings and presentations, as well as receipt of emails that inform you about our business activities. 

Whenever you have registered for one of our events or other services, we use your personal data to meet our obligations to provide you with the information and services you asked for. Whenever this includes billing or reimbursement, we use the billing data you provided to exercise our financial rights and obligations. 

Your personal data are also used for our internal business purposes, such as improving our services and communication, enhancing our website, and monitoring the use of our website. Data such as specialties, special interests, and degrees, combined with (general) data such as name and (email) address, are used for direct marketing purposes (see below). 

We rarely use special data (see definition above). These are only used in the event that you have responded to our questions concerning dietary requirements and/or special needs, which may relate to your health and/or religious beliefs. 

Is this use lawful? 

Yes, it is. Pursuant to the GDPR, there are various legal grounds for processing personal data. Insofar as is relevant, these are: 

  • you have given us consent to use your personal data for specific purposes 
  • we need the personal data for the performance of the contract (or entering into a contract) between you and us 
  • there is a legal obligation to process the personal data 
  • we _ or a third party we work with _ have a legitimate interest to process these data 

In most cases, we have asked for your consent directly. In other cases, your personal data are provided to us by a business partner (ie, the party that has asked us to organize an event or render other services) or by third-party vendors (ie, parties that are specialized in compiling lists of professionals for whom our services may be of interest). In these two cases, we act as processor rather than controller. 

Since our core business is providing you with the knowledge, information, and other services you asked for, we need these data for performance of the agreement we have or will enter into. Without these data, access to our services, information, and knowledge is impossible. 

Moreover, it may happen that we (have to) make use of these data to comply with a legal obligation to which we are subject, for example fiscal legislation, court orders, or criminal charges. 

Finally, we have our own legitimate interests in processing these data, which include the interests of our business partners. These interests are improving our services, our communication, our website, and business development. Our legitimate interests involve profiling for direct marketing purposes. If you wish to opt out from our direct marketing activities, see below. 

As for the processing of special personal data (dietary requirements and/or special needs), this only takes place after your explicit consent. With that consent, we have met the legal obligation for the processing of special personal data. 

5. SHARING PERSONAL DATA 

We will never sell your personal data to any third party. However, in order to provide our services to you, we acquire personal data from third parties from time to time. To these data, this privacy policy, as well as all security measures we take, are equally applicable. 

We always work with trusted service providers, who help us to carry out our services and make us improve our work and our (online and offline) communication and act as processors. Since these service providers have skills and capabilities we may not have, it is in our and your interest that we collaborate with these third parties. These service providers are never allowed to process your personal data for other (commercial or noncommercial) purposes than the purposes previously defined by us. 

In the context of an onward transfer of personal data, we shall remain responsible for the processing of personal data to a third party who acts as a processor on our behalf. Whenever this third party processes personal data in a manner that is inconsistent with our instructions, we shall remain liable for the consequences, unless we can prove that we are not responsible for the event giving rise to the damage. 

Where appropriate we share your personal data with third parties, such as accredited providers, organizers of live events, travel agencies and hotels/hotel booking agencies, credit card companies, and banks, for the performance of contractual obligations. 

If necessary we also share personal data to meet legal obligations, such as combating fraud, adhering to medical law and accreditation regulations, and maintaining compliance with the EFPIA Code and Sunshine Act. 

6. DATA MINIMIZATION, ACCURACY, & STORAGE LIMITATION 

We comply with the principles of data minimization, accuracy, and storage limitation. In short, this means that we will merely retain the personal data for as long as it is necessary, and that we clean up our databases containing personal data from time to time. Given the fact that we use personal data for different purposes, our retention periods may vary. 

Along with own responsibility in this regard, you can at all times exercise your rights concerning the accuracy of the personal data we collected from you (see below). 

7. SECURITY 

We do our utmost to keep the security of your personal data up to date. This implies technical and organizational measures such as encryption techniques, login procedures, firewalls, and regular updates of our technical infrastructure. 

As part of this, we see to it that access to (part of) our systems is restricted to employees who actually work with personal data. An account with access to (part of) our systems is created for an employee only after authorization. 

8. YOUR RIGHTS AS DATA SUBJECT 

As data subject, you are entitled to be informed about what happens with your personal data. This means that you can exercise the following rights: 

  • the right to be informed about the way we process your personal data (as in this privacy policy) 
  • the right to have access to the personal data we collected about you: you can request a copy of your personal data collected by us, which will be provided to you in a machine readable form 
  • the right to know the source when these data are not directly collected from you 
  • the right to know with whom your data are shared by us 
  • the right to have your personal data rectified when these are incomplete, out-of-date, incorrect, or otherwise inaccurate 
  • the right to have your personal data erased (the “right to be forgotten”) 
  • the right to obtain a restriction of processing by us for a period of time when the use of the personal data is contested on the ground that this use is inaccurate, unlawful, or no longer necessary or when you have objected to processing pursuant to article 21 (1) GDPR (profiling), pending the verification 
  • the right to have your personal data transferred to another service provider 
  • the right to object to automated decision making, including profiling (see below) 

Whenever you wish to exercise one of the above-mentioned rights, please contact us. The information you request shall be provided by us in a commonly used electronic form. 

9. DIRECT MARKETING 

You have the right to object at any time to the processing of your personal data for direct marketing purposes. Whenever you do, we shall no longer use your data for direct marketing. However, this doesn’t mean that we will no longer use these data for other specified, explicit and legitimate purposes. 

If you have created an account on our website, you can simply amend your preferences or follow the unsubscribe links provided in our direct marketing emails and our other direct marketing communication. If you do not wish to see personalized marketing content, you can clear the cookies in your browser settings (see our cookie policy). 

If you have any difficulties or complaints regarding our direct marketing activities, which cannot be solved in the above mentioned way, please contact us. 

10. INTERNATIONAL TRANSFERS 

We may transfer your personal data to recipients outside of the European Economic Area (EEA), including to one of our group companies or a service provider, some of whom are located in the United States. In the event of such a transfer, we will implement safeguards so that your personal information continues to be protected in accordance with the standards set out in this privacy policy. Where applicable law requires us to ensure that an international data transfer is governed by a data transfer mechanism, we use one or more of the following mechanisms: EU Standard Contractual Clauses with a data recipient outside the EEA or verification that the recipient adheres to the EU-US and Swiss-US Privacy Shield Framework. If you would like more information, please contact us at info@aceoncology.org. 

11. COMPLAINTS 

If you have any complaints about our way of processing your personal data or if you wish to speak to us about our privacy policy, please contact us at info@aceoncology.org. If you feel that we didn’t handle your complaints satisfactorily, you can apply to: 

  • EU citizens:  Dutch Data Protection Authority (Autoriteit Persoonsgegevens), Bezuidenhoutseweg 30, P.O. Box 93374, 2509 AJ The Hague (the Netherlands), 
    Telephone number +31 70 8888 500 
    or: https://autoriteitpersoonsgegevens.nl 
    /en/contact-dutch-dpa/contact-us 
  • Swiss citizens:  Office of the Federal Data Protection and Information Commissioner FDPIC Feldeggweg 1 
    CH _ 3003 Berne 
    Telephone number +41 58 46243 95 
    or: https://www.edoeb.admin.ch 
    /edoeb/en/home.html 

12. CHANGES TO THIS PRIVACY POLICY 

We may update this privacy policy from time to time. When the changes are significant, we will notify all our members. Along with this, we advise you to check this page regularly to acquaint yourself with the latest version. 

This Privacy Policy was last updated on January, 2021.