The European Alliance of Associations for Rheumatology, Kilchberg, Switzerland (hereinafter "EULAR" or "we") collects your personal data. EULAR, as data controller, processes your personal data in accordance with the provisions of the Swiss Data Protection Act (hereinafter "DPA") and the European General Data Protection Regulation (hereinafter "GDPR"). This Data Protection Policy describes how we process your personal data.

1. What personal data do we collect?

The personal data we collect includes the following data: your first and last name, title, postal address, e-mail address, telephone number, gender, date of birth, field of activity, education, carrier and employer, payment data (when you make a payment), preferences and interests, communication data that you provide us with.

When you access our services, the following data is stored in log files: IP address, date, time, browser inquiry, traffic information, metadata, websites clicks and general information transmitted to the operating system or browser.

2. How do we collect your personal data?

We collect personal data that you have voluntarily provided us with, for example when you

1. register as a member on our website or register for an event, education, conference and presentation
2. communicate with us via e-mail or other communication channels,
3. when you get involved in EULAR on the committees, task forces, etc.
4. when you ask us to send you communications or newsletters.

We also use tracking technologies such as cookies to collect data to better understand how users use the EULAR website and to improve security.

3. For what purpose do we process your personal data and on what legal bases?

We need your personal data for communication purposes, in particular to:

1. Perform our contracts with you or to take the necessary steps to enter into one (art. 6 sec. 1 lit b GDPR);
2. send you invitations to events, educations, conferences, presentations, newsletters, and other information about EULAR (art. 6 sec. 1 lit a and b GDPR);
3. administer our contact database (art. 6 sec. 1 lit a and b GDPR);
4. administer the website and IT systems, ensure their error-free operation, and enhance their security (art. 6 sec. 1 lit f GDPR);
5. protect our interests in any legal dispute (art. 6 sec. 1 lit f GDPR)
6. comply with our legal obligations (art. 6 sec. 1 lit c GDPR).

4. Who do we provide your personal data to?

We provide your data to the following categories of controllers:

1. Insurers, banks and providers of payment systems (like credit card providers or online payment processors);
2. the publisher of our journals;
3. to advisors, auditors and attorneys;
4. authorities and courts;
5. providers of website services, of cookies (in particular AdWords, Google Conversion-Tracking) and social media (such as, google, meta, X, LinkedIn, Youtube etc.).

We have no influence on how these controllers process your personal data, so please visit their data protection policies for further information.

We also provide your information on the following categories of providers:

1. congress service providers (such as M-events, congrex, JMT, etc.);
2.  teachers and providers of education services (such as learnchamp, etc.);
3. usual services providers and IT service providers (such as Microsoft Ireland, AWS, Dinotronic, Odoo, OBS, Sendgrid, IPT, Cloudflare, etc.)

5. Where is your personal data stored?

Your personal data is processed in Switzerland, in the member states of the EU and EEA, in the United Kingdom and in Canada, except when you use our website or send us emails or attend a EULAR-course or EULAR-event in another country, in which case your personal data is processed worldwide.

Switzerland, the member states of the EU and EEA, the United Kingdom and Canada have all an adequate level of data protection according to the EU Commission and the Swiss Federal Council.

We cannot exclude that some of our processors use sub-processors who process some of your personal data outside these countries, in which case they have to ensure that they have entered into standard contractual clauses of the EU with such sub-processors.

6. How long do we keep your personal data?

As a rule, we keep your personal data for ten years after the end of our relationship, starting at the end of the business year and log data and meta data are kept for one year.

7. Your rights

You have the right to know what personal data we process about you. You also have the right to request that incorrect personal data about you be corrected and that your personal data be deleted. You can also forbid the processing of certain personal data and can request that data processing is restricted. The restriction of the processing or deletion of personal data is not possible if this data is necessary for the fulfilment of a contractual or legal obligation or if we have a legitimate interest in the processing. You also have the right to data portability. You may withdraw a consent that you have given at any time.

If you do not agree to our data processing, you can lodge a complaint to the Federal Data Protection and Information Commissioner ("FDPIC") and/or the competent supervisory authorities in the EU.

8. How can you contact us?

If you have any questions about how we process your personal data, please contact us by email or letter as follows:

Contact:

EULAR
Data Protection Representative
Seestrasse 240
8802 Kilchberg
Switzerland
eular@eular.org