PRIVACY POLICY REV. 2 OF 05.2021 Information pursuant to articles 13-14 of EU Regulation 2016/679 (European General Data Protection Regulation – GDPR) and the Italian Legislative Decrees 196/2003 and 101/2018

We take your privacy very seriously and we confirm that all data processing is done in compliance with the EU General Data Protection Regulation (2016/679) and the relevant updates as well as with the laws of Italy on this same topic.

1. Who is the Data Controller and how to contact it
ERA (European Renal Association)
Registered Office
c/o PKF Littlejohn, 15 Westferry Circus, Canary Wharf London E14 4HD – United Kingdom

ERA Operative Headquarters
Strada dei Mercati 16/A, I-43126 Parma, Italy
Tel: +39 0521 989078
secretariat@era-online.org
www.era-online.org

2. Additional Specifications
ERA GROUP refers to: ERA (European Renal Association) and ERA-Eurocongress Ltd. The companies belonging to the ERA GROUP manage personal data provided by ERA in their capacity as External Data Processors only for the purposes set forth in points 6 and 7 of this document, in compliance with the policies laid out herein.

3. Definitions
“Data Subject” is a natural person.
“Personal Data” means any information relating to an identified, or identifiable, natural person (the “Data Subject”). An identifiable natural person is a person who can be identified, directly or indirectly by reference of an identifier such as: a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Non-Personal Data” is data which can be recorded/kept automatically for statistical purposes. This data cannot be tracked back to the Data Subject. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
“Restriction of Processing” means the marking of stored personal data with the aim of limiting their processing in the future.
“Profiling” means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.
“Pseudonymisation” means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
“Filing System” means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis.
“Controller” means the natural or legal person, public authority, agency or any other entity which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.
“Recipient” means a natural or legal person, public authority, agency or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
“Third Party” means a natural or legal person, public authority, agency or body not already identified as a Data Subject, Controller, Processor and persons who, under the direct authority of the controller or processor, are authorized to process personal data. “Consent of the Data Subject” means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her. “Personal Data Breach” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to, personal data transmitted, stored or otherwise processed.

4. Processed data
For the purposes of the indicated processing, ERA will collect, process and store various categories of data. Please find below an indicative, non-exhaustive list of general and specific examples of personal data collected by ERA:
a. Title and Full Name;
b. Email address;
c. Postal Address;
d. Telephone and Fax number;
e. Date and place of birth and/or age range;
f. CV data;
g. Fields of scientific/educational interest/expertise;
h. Gender;
i. Nationality;
j. Academic degree;
k. Declaration of interest (DoI);
l. Identity card details (in order to receive discounts/grants);
m. Affiliation information (institution/university) necessary for those who wish to submit an abstract/apply for a grant;
n. Professional status (prescriber/non-prescriber);
o. Training certificates and/or list of publications (for receiving FERA/grants/awards);
p. Photo/video.

5. Important!
If you enter data relating to third parties, you must have already received explicit authorization from these individuals in order to enter their personal data in our websites. You shall be exclusively accountable and responsible for providing this privacy information beforehand to such parties who wish to have you register them.

6. Purpose, legal basis for data processing
The processing of personal data supplied by you is aimed solely at performing contractual obligations and complying with specific requests, as well as complying with regulatory obligations, also concerning accounting matters. The processing is necessary for the contractual or precontractual purposes or purposes of the legitimate interests pursued by ERA in the meaning of Article 6, paragraph 1 (b) and (f) of the GDPR. Explicit and independent consent is likewise required to allow third-party companies to carry out various types of promotional activities by sending emails or hard copy notices or making telephone calls pursuant to Article 6, paragraph 1 (a) of the GDPR.

7. Data processed and purpose of the processing
a. Data you send us through our website for informational requests: when you surf on the ERA website and use the services available on the website, when you contact one of the ERA offices, when you wish to receive personalized information, or when you wish to receive nonmarketing communications, we process these data in order to provide the best response. These data may be processed by us as well as by external parties responsible for the maintenance of the association’s IT systems and by external parties that participate in providing the service requested. All of the external parties listed operate as properly appointed External Data Processors. The processing of your personal data is legitimate as it is necessary to provide you with the service you specifically requested from us pursuant to Article 6, paragraph 1 (b) and (f) of the GDPR. If you do not consent to this processing, we will not be able to provide you with the product / service requested. Therefore, it is impossible to submit the form without your consent.

b. Data that you send us by registering to take advantage of the services offered: these are necessary data due to the nature and performance of the contract between the parties. The services in question may include: creating a personal account on the ERA website (i.e. Members’ Log In section); performing a payment through the website (i.e. membership fees); becoming a member of ERA; registering for the annual ERA Congress and/or for an educational/scientific meeting organized by ERA and/or one of ERA’s committees/working groups; submitting an abstract for the annual ERA Congress; asking to become a candidate for one of the ERA Committees, Working Groups, Council; applying for an ERA Fellowship/Grant/Award/FERA; registering to receive an invitation letter to attend one of our scientific/educational events for VISA purposes; receiving information related to your ERA membership status (i.e. annual reports, candidates for Council, membership renewals); registering to our APPs and using the services included in them; accepting to be an abstract reviewer. These data may be processed by ERA as well as by third-party companies specialising in the management of credit information (such as data processing centres, banks, financial and credit intermediaries, etc.), carriers, companies and/or independent contractors for the contractual management of management / administrative / logistics / accounting services, relied on to fulfil legal or contractual obligations or to provide the requested service, other parties (businesses, companies, natural persons) helping to provide contractual services or associated support services, also referred to as providers (e.g., sector specialists, IT consultants, etc.). All of the external parties listed operate as properly appointed External Data Processors. The processing of your personal data is legitimate as it is necessary to provide you with the product / service you specifically requested from us pursuant to Article 6, paragraph 1 (b) and (f) of the GDPR. If you do not consent to this processing, we will not be able to provide you with the product / service requested. Therefore, it is impossible to submit the form without your consent.

Conventions and seminars in person:
If you decide to register for an ERA congress or meeting, due to the nature of this event it will be filmed and photographed. The videos and images will also include participants, speakers and everyone present in the room. For similar events of this size, the use of audio/visual materials is necessary for the purposes of the event in question; thus, this type of processing is legitimate and refusal will mean that you cannot participate in the event. ERA will remind you of this processing at the start of each event. Please note that the data relating to registrations on our websites are disclosed and made visible to other members of ERA , due to the collegial nature of our services. Newsletters and notices relating to ERA’s activities, member opportunities and information relating to the existing contractual relationship are activities conducted for the best performance of the contract existing between the parties or, depending on their nature, for the legitimate interests of the parties pursuant to Article 6, paragraph 1 (b) and (f) of the GDPR.

Conventions and seminars online:  If you decide to register for a congress or educational/scientific meeting organised by ERA via web and in virtual mode, because of the actual nature of the event itself, it will be recorded. The participants in the event will also be filmed, as well as the speakers. For events of this size, the use of audio/visual materials is necessary for the purposes of the event in question; thus, this type of processing is legitimate and refusal will mean that you cannot participate in the event. ERA will remind you of this processing at the start of each event.

c. Personal data and contact information for marketing by third-party companies (commercial and promotional communications): this processing is conducted only when you have autonomously, freely and knowingly decided to be part of this processing. These data may be processed by third parties for marketing purposes. These third parties are properly appointed by the Controller or the Processor. The processing of your personal data is legitimate as it is the result of your explicit consent pursuant to Article 6, paragraph section 1 (a) of the GDPR. If you do not authorize this type of processing, there will be no negative impacts whatsoever on other existing or requested relationships.

8. Personal data processing tools and logic
With respect to the purposes referred to herein, processing takes place with the help of manual, IT and electronic instruments with logics strictly correlated with the above-mentioned purposes and, in any event, in such a manner so as to guarantee the security and confidentiality of said data.

9. Use of Internet website and creation of an account
At any time, you can update your account details by logging in on the ERA websites and clicking on the appropriate link, for the ERA membership for example this is the “Sign in” button. If you want to delete your entire account, please contact us (secretariat@era-online.org). The ERA databases are appropriately protected against theft, unauthorized access and loss of your personal data. Our data are stored on a professionally maintained, externally hosted server that is regularly backed up and updated to prevent security breaches. Although we have used all reasonable measures to prevent security breaches, please note that no website can be 100% protected against targeted hacking attacks. Therefore, we advise you to change your password periodically, choosing one with more than 8 alphanumerical characters which includes uppercase as well as lowercase letters. Your account on the ERA websites is protected by a combination of a unique personal username and password. You may never share this username or password with third parties, as this may expose your personal data (such as contact details and previous payments) and allows these third parties to access some personal data of other ERA members. You are personally responsible for keeping this username and password secure. Should your username and/or password at any time be compromised, you can change it by logging in and following the instructions uploaded. You can also contact the appropriate ERA office in such case for assistance. For what concern the use of cookies, please check our cookie policy.

10. How long do we store your data?
Depending on the aim of the processing, ERA will store all the personal data until their processing will be necessary for the service/s you have requested. Notwithstanding the following mentioned retention periods, certain personal data may be deleted or otherwise disposed of prior to the expiry of their mentioned retention period where a decision is made within ERA to do so or in response to a request by a data subject. In limited circumstances, it may also be necessary to retain personal data for longer periods where such retention is for archiving purposes that are in the public interest, for scientific or historical research purposes, or for statistical purposes. All such retention will be subject to the implementation of appropriate technical and organizational measures to protect the rights and freedoms of data subjects, as required by the GDPR. The data is periodically checked for obsolescence.

11. What are your rights?
You have the right to request access to your personal data from the data controller using the data controller contact information provided at the top of the page. You have the right to request the modification / erasure / restriction of your personal data from the data controller using the data controller contact information provided at the beginning of this document. You have the right to submit your objection to the processing of your personal data to the data controller using the data controller contact information provided at the beginning of this document. You have the right to receive the full list of Data Processors (internal and external) using the data controller contact information provided at the beginning of this document. You have the right to lodge a complaint with a supervisory authority like the Italian Data Protection Authority (Garante per la Privacy – http://www.garanteprivacy.it/). Please note that there is no automated decision-making process, including the profiling pursuant to Article 22, paragraphs 1 and 4 of the European General Data Protection Regulation 2016/679.

12. Links to other websites
The ERA websites contain links to other third-party websites. ERA is not responsible for data privacy policies and/or practices on other websites and ERA has no influence as to whether the operators of these other websites act in compliance with data protection provisions. ERA’s Privacy Policy is solely applicable to data collected by ERA itself.

13. Transfer of data abroad
Data are transferred abroad on the basis of an adequacy decision (Article 45 of EU Regulation 2016/679 on data protection), in particular:
– The personal data of the data subject are transferred to the USA on the basis of the verification that the recipient of the data presented suitable guarantees according to Article 46 of European Regulation 2016/679.
– Personal data are transferred to Swiss companies on the basis of the European Commission Decision no. 2000/518/EC as amended by European Commission Implementing Decision (EU) 2016/2295 of 16 December 2016.

14. Personal Data processed for the following purposes and using the following services:
a. Advertising
Google Ad Manager, Google Ads Similar audiences, LinkedIn Ads and Facebook Lookalike Audience
Personal Data: Trackers; Usage Data
b. Analytics
Google Analytics with anonymised IP, Twitter Ads conversion tracking, Google Analytics and Google Ads conversion tracking
Personal Data: Trackers; Usage Data
c. Google Analytics Demographics and Interests reports
Personal Data: Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example)
d. Google Analytics Advertising Reporting Features
Personal Data: Trackers; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example); various types of Data as specified in the privacy policy of the service
e. LinkedIn conversion tracking (LinkedIn Insight Tag)
Personal Data: device information; Trackers; Usage Data
f. Collection of privacy-related preferences
iubenda Cookie Solution
g. Personal Data: Trackers
Contacting the User
h.Mailing list or newsletter
Personal Data: city; country; date of birth; email address; first name; gender; last name; phone number; physical address; profession; state; ZIP/Postal code
i. Data transfer outside of the UK
Data transfer abroad based on consent (UK)
Personal Data: various types of Data
j. Displaying content from external platforms
Google Fonts, YouTube video widget and Instagram widget
Personal Data: Trackers; Usage Data
k. Interaction with external social networks and platforms
Twitter Tweet button and social widgets, Facebook Like button and social widgets and LinkedIn button and social widgets
Personal Data: Trackers; Usage Data
YouTube button and social widgets
Personal Data: Usage Data
l. Managing contacts and sending messages
SendinBlue Email
Personal Data: email address; Trackers; Usage Data
m. Platform services and hosting
WordPress.com
Personal Data: Trackers
n. Remarketing and behavioural targeting
Twitter Remarketing, Google Ad Manager Audience Extension, Google Ads Remarketing, LinkedIn Website Retargeting and Facebook Remarketing
Personal Data: Trackers; Usage Data
o. Twitter Tailored Audiences and Facebook Custom Audience
Personal Data: email address; Trackers

15. Further information about the processing of Personal Data. Other websites of European Renal Association (ERA)

The Privacy and Cookie Policy of European Renal Association (ERA) also applies to the following websites:
– 58th ERA Virtual Congress Official Website – Fully virtual 2021 (www.era-online.org/en/virtualcongress2021/)
– 59th ERA Congress Official Website – Paris 2022 (www.era-online.org/en/paris2022/)
– 60th ERA Congress Official Website – Milan 2023 (www.era-online.org/en/milan2023/)
– Kidney Health Awareness Days – Strong Kidneys (www.era-online.org/en/strongkidneys/)
– The Nephrology Patient Cookbook Project – Cookbook (https://www.era-online.org/en/cookbook/)
– European Renal Best Practice – ERBP (https://www.era-online.org/en/erbp/)
– ERA Registry (https://www.era-online.org/en/registry/)
– Nephrology Education Portal – NEP (https://www.era-online.org/en/nep/)
– Clinical Transplantation Day 2021 – CTDAY (https://www.era-online.org/en/ctday/)

In addition to any opt-out feature provided by any of the services listed in this document, Users may learn more on how to generally opt out of interest-based advertising within the dedicated section of the Cookie Policy.

This policy may be amended and supplemented over time. Therefore, we suggest that you check it periodically. The valid version will be the one that is published on our website (http://www.era-online.org).

Latest update: June 13, 2022

ERA
Charity registered in England and Wales: registration n° 1060134
Registered office:
c/o PKF Littlejohn
15 Westferry Circus
Canary Wharf
London E14 4HD
United Kingdom
ERA Operative Headquarters
Strada dei Mercati 16/A, I-43126 Parma, Italy
Tel: +39 0521 989078
Email: secretariat@era-online.org