Privacy Notice

The Austrian association “CEMPO” (Central European Myeloproliferative Neoplasm Organisation), registered under no. ZVR 956323515 and with its seat at Währinger Gürtel 18-20, 1090 Vienna, Austria, provides a platform for exchange of clinical and scientific experience in the diagnosis and treatment of MPNs. CEMPO organizes congresses and meetings to promote its goals.

Amongst other things, the congress “IHEM” (International Hematology Expert Meeting), which you have been invited to attend, has been organized. IHEM aims to bring together international medical experts in the field of Hematology with the focus on MPN.

We”, AOP Orphan Pharmaceuticals AG (see details below) have agreed to support and help CEMPO with the organization of IHEM. In this Privacy Notice, we would like to inform you about all IHEM-related data-protection issues in accordance with the General Data Protection Regulation (EU regulation 2016/679, in short: "GDPR"):

1.                     Data Controller

AOP Orphan Pharmaceuticals AG, is an Austrian corporation with its seat at Wilhelminenstraße 91/IIf, 1160 Vienna, Austria, and has several affiliates located throughout Europe and the Middle East. It is represented by its Board and can – pertaining to data-protection issues – also be reached under This email address is being protected from spambots. You need JavaScript enabled to view it..

2.                     Purpose of Data Processing

IHEM 2021 has been organized as a web-accessible Webinar. In order for you to be able to log in, partake, and access the Webinar, certain personal data must be processed. The purpose for such processing activities include the possibility to log-in, be contacted in the future, receive photos and videos of the event, receive training points, manage the event.

3.                     Categories of Personal Data to be Processed

The following categories of personal data may be processed by us and/or our affiliate(s):

Category of Data

Purpose and Examples of Personal Data

Access data

Log-In

E-mail address, IP address, date and time of the request, time zone difference to Greenwich Mean Time (GMT), content of the request (specific page), access status/HTTP status code, amount of data transmitted in each case, website from which the request comes, browser, operating system and its interface, language and version of the browser software, cookies, etc.

Personal Data

Recording and Screening of IHEM

Photos and videos of IHEM participants.

Contact data

Future Contacting

E-mail address, names, employer, etc.

Employment data

Training Points (DFP)

Employer, employment status, country, medical specialty etc.

Event data

Event Management

Status data regarding participation and log-in

4.                     Transfer of Personal Data

Your personal data may be transferred to affiliated companies and external service providers supporting us with, amongst other services, storage and administration of data, IT support, organizational measures, legal and tax consultancy, management consultancy. We make sure that any service provider is carefully selected and contractually bound to uphold relevant and applicable data protection legislation.

Among these service providers are also companies that process your data outside the European Union or have their headquarters there. In the case of such companies, we select companies that process the data at locations for which there is an adequacy decision by the Commission (Article 45 GDPR). If this requirement is not met, we only commission these service providers if they provide appropriate safeguards (Article 46 GDPR), for example by concluding the EU standard contractual clauses.

Category of Data

Service Providers (Service)

Access data

CEMPO (ZVR 956323515), Währinger Gürtel 18-20, 1090 Vienna (organizational activities, administration, data storage, IT support, etc.)

ZUPmedia OG [IT support] (organizational activities, administration, IT support, etc.)

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 (data storage, IT support, etc.)

Personal Data

AOP Orphan Pharmaceuticals AG, Wilhelminenstraße 91 / IIf, 1160 Vienna (organizational activities, administration, data storage, IT support, etc.)

ZUPmedia OG [IT support] (organizational activities, administration, IT support, etc.)

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 (data storage, IT support, etc.)

Contact data

AOP Orphan Pharmaceuticals AG, Wilhelminenstraße 91 / Iif, 1160 Vienna (organizational activities, administration, data storage, IT support, etc.)

ZUPmedia OG [IT support] (organizational activities, administration, IT support, etc.)

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 (data storage, IT support, etc.)

Employment data

AOP Orphan Pharmaceuticals AG, Wilhelminenstraße 91 / Iif, 1160 Vienna (organizational activities, administration, data storage, IT support, etc.)

ZUP media [IT support] (organizational activities, administration, IT support, etc.)

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052 (data storage, IT support, etc.)

Event data

AOP Orphan Pharmaceuticals AG, Wilhelminenstraße 91 / Iif, 1160 Vienna (organizational activities, administration, data storage, IT support, etc.)

5.                     Legal Basis for Processing of Personal Data

With your participation in our event, whether in connection with its initiation, performance or termination, the legal basis for processing is Article 6 paragraph 1 sentence 1 lit b GDPR. Your data will be stored until the end of the statutory retention period, which is generally seven years. In all other cases, the legal basis is Article 6 paragraph 1 sentence 1 lit f of the GDPR, according to which the processing of personal data may be carried out without the consent of the data subject if the processing is necessary to safeguard the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular if the data subject is a child. Communication outside a contractual relationship is in our mutual interest. We store your data until the purpose resulting from the legitimate interest is fulfilled.

If a contractual relationship is established between us regarding the participation in an event, we will subsequently process your data for the purpose of performing and, if necessary, terminating the contractual relationship. This typically results in the processing of further data. In this respect, the legal basis of the processing is Article 6 paragraph 1 sentence 1 lit b GDPR. In this case, we store the data until the end of the statutory retention period, which is generally seven years.

6.                     Photos and Videos of Event

We do not expect to take your photo or a video of you during IHEM 2021. However, the online-sessions of the Webinar may be recorded for educational, informative, or advertising purposes. These recordings may be published on our internet and intranet sites, profiles on social networks, newsletter programs and other media. There is no legal obligation to collect this data. As long as we do not take photographs and/or videos, you will not be visible on any recordings.

The legal basis is your consent within the meaning of Article 6 paragraph 1 sentence 1 lit a GDPR together with Article 7 GDPR. We would like to point out that you can revoke this consent at any time by sending an informal message to us (see above “Data Controller“). We would like to point out that your consent may also include the processing of special categories of personal data within the meaning of Article 9 paragraph 1 GDPR, so that the processing prohibition pursuant to Article 9 paragraph 1 GDPR does not apply because of your consent in accordance with Article 9 paragraph 2 lit a GDPR.

7.                     Data Protection

We maintain up-to-date technical measures to ensure data security, in particular to protect your personal data from risks during data transmission and from third parties gaining knowledge of them. These measures are always adapted to the current state of the art.

8.                     Your Rights in connection with the Processing of Personal Data

With regard to data privacy, you have various rights. However, these rights may be subject to conditions which we will insist on. In detail you have the following rights:

Right of access by the data subject (Article 15 GDPR):

In accordance with Article 15 GDPR, you have the right to receive information about your personal data processed by us at any time and free of charge. We will send you this information in electronic form or as a copy upon request.

Right to rectification (Article 16 GDPR):

In accordance with Article 16 GDPR, you can demand that we correct processed incorrect personal data.

Right to erasure (Article 17 GDPR):

Under the conditions of Article 17 GDPR, you can demand from us the immediate erasure of the personal data concerning you. You can demand the erasure of your personal data if, among other things, they are no longer necessary for the purposes for which they were collected or processed, if you revoke any consent you may have given and no other legal basis applies, if you have objected to the processing and there are no overriding legitimate reasons for the processing or if the data processing was unlawful.

Right to restriction of processing (Article 18 GDPR):

You have the right to request that the processing of your personal data be restricted if the conditions of Article 18 GDPR are met.

Right to data portability (Article 20 GDPR):

This right exists if the data processing was carried out with your consent or was necessary for the performance of the contract.

Right to object (Article 21 GDPR):

Under Article 21 GDPR, you have the right to object at any time to the processing of personal data concerning you for reasons arising from your particular situation. We will then no longer process your personal data unless we can prove compelling and legitimate reasons for processing which outweigh your interests, rights and freedoms, or unless the processing serves to assert, exercise or defend legal claims.

Right to lodge a complaint with a supervisory authority (Article 77 GDPR)

Furthermore, you have the right to complain about us to the supervisory authority responsible for us in accordance with Article 77 GDPR.

___________________________

Last updated: Vienna, July 2020