Data Protection Policy
The International Stereotactic Radiosurgery Society (thereafter referred to as the « ISRS ») is committed to respecting the privacy of its members and any person who takes part to its webinars, consults its website, registers for its congresses or participates in the organization of the events (hereinafter “the Data Subjects”).
The purpose of this General Data Protection Policy is to describe how personal data (hereinafter “Data”) that ISRS collects or holds is used and to whom this Data may be disclosed.
The processing of Data by ISRS is subject to the applicable data protection legislation in force in France, in particular the General Regulation on Data Protection (hereinafter GDPR).
ISRS undertakes to:
- only use the Data for the purposes indicated;
- only collect Data that is necessary for these purposes;
- not to keep the Data longer than necessary for these purposes;
- to communicate the Data only to authorised organisations or persons who require it in the context of ISRS’ activities;
- to inform the Data Subjects in a clear and transparent manner about the use that ISRS makes of the Data and about their rights.
1. The Controller and the Processor
ISRS, c/o MCO Congrès, Villa Gaby – 285, Corniche Kennedy, 13007 MARSEILLE – France, is the controller of the Data covered by this General Data Protection Policy. It has appointed MCO Congrès, Villa Gaby – 285, Corniche Kennedy,13007 MARSEILLE – France as its processor for the management of its members registration, of its website and the organisation of webinars and congresses all around the world. A contract has been concluded between the controller and the processor as provided for by article 28 GDPR.
2. Processing Bases on which ISRS Collects and uses data
Data is collected and used on the following basis:
- Performance of contracts (subscription as a member or registration to a webinar or a congress);
- for its legitimate interests;
- in certain cases, consent.
3. Purposes
The Data is collected for the following purposes:
- members registration and management;
- organisation of events such as congresses;
- registration to webinars and events;
- relation with its sponsors and exhibitors at the events;
- consultation of its website.
4. What Type of Personal Data is Collected by ISRS?
- First name
- Last name
- Date of birth
- Gender
- Nationality
- Telephone number
- E-mail address
5. Data Protection Rights
Pursuant to the GDPR, the Data subjects have the following rights in particular:
Right of access – the Data Subject has, at any time and without giving any reasons, the right to request copies of its Data from ISRS.
Right to information – the Data Subject has the right to be informed of how its Data is used. This General Data Protection Policy and any additional information is intended to provide that information.
Right to withdraw consent – where Data is processed on the basis of consent, consent may be withdrawn at any time.
Right of rectification – the Data Subject has the right to request ISRS to rectify inaccurate Data and to complete incomplete Data.
Right to limit processing – the Data Subject may request to limit the processing of Data, if permitted by law.
Right to erasure / deletion – the Data Subject has the right to request ISRS to erase or delete the Data, unless a legal basis or the legitimate interest of ISRS requires or permits it to retain the Data.
Right to object to processing – the Data Subject has the right to object to the processing of its Data at any time.
Right to delivery or transmission of the Data – the Data Subject has the right to request the delivery or transmission of the Data in a portable format where the processing of the Data is carried out automatically, on the basis of consent or on the basis of a contract.
Right to lodge a complaint: if the Data Subject is not satisfied with the way in which the Data is processed, he or she may lodge a complaint with the courts or with the data protection authority.
The exercise of these rights is free of charge. Any request relating to the processing of Data should be made to the following address: [email protected]
6. Disclosure of Data
ISRS may disclose Data to its employees, processors, consultants and suppliers solely in order to fulfil its duties and to provide its services; provided that the legal conditions are met.
To protect the privacy and security of the Data Subjects, ISRS may take reasonable steps to verify their identity before granting access or making corrections.
7. Transfer Abroad
The Data is processed in France and is not transferred abroad.
The Data might be transferred abroad in the event where a congress is organised outside France. In such case, only the data needed for the organisation of such event is transferred. ISRS takes the necessary organisational and security measures in order to ensure that the data is only used for such purpose and is not accessible to any other third parties.
8. Promotion
Communications (for example, newsletters) from ISRS relating to the activities of ISRS may be sent to the Data Subjects, where they have opted in to receive them. Communications from ISRS will always include the option for the Data Subject to unsubscribe from receiving any further communications.
The Data Subject may unsubscribe at any time by sending an email to [email protected] and requesting to be removed from ISRS’s communication lists.
9. Cookies
ISRS uses cookies and other technologies on its website to enable the collection of certain information from Data Subjects’ web browser. Cookies are widely used on the Internet.
Cookies are small text files that are placed on Data Subjects’ computer by websites visited. They are used to make websites work, or work more efficiently, and to provide information to the site owners.
ISRS may collect information about the Data Subjects’ computer including, where applicable, IP address, operating system and browser type for system administration. This is statistical data about ISRS’ browsing actions and patterns and does not identify any individual.
Cookies help ISRS to improve the services of ISRS and to provide a better and more personalised service. They also help ISRS to ensure that the Data Subject has read any relevant legal information and to analyse how the ISRS website is used.
10. Security
ISRS undertakes to ensure the permanent security of the Data. Data are protected against any unauthorised processing by organisational and technical measures corresponding to international norms, quality standards and technical progress, in particular against the risks of falsification, destruction, theft, loss, copying and other unlawful processing.
ISRS shall take reasonable and appropriate measures to maintain the confidentiality and integrity of the Data and to prevent the unauthorised use or disclosure of the Data in accordance with the GDPR.
This Data, including backups of the Data is hosted in France.
ISRS processes Data only in a manner consistent with the purpose for which it was collected. To the extent necessary for these purposes, ISRS will take reasonable steps to ensure that the Data is accurate, complete, current and otherwise reliable for its intended use.
11. How Long Does ISRS Keep the Data?
ISRS retains Data only for as long as is necessary to fulfil the purposes for which it was collected, to meet the needs of the Data Subjects and to comply with ISRS’ legal obligations.
To establish how long the Data is kept, ISRS applies the following criteria:
- for ISRS membership, ISRS retains the Data for the duration of the membership and for 10 years after the end of membership;
- for ISRS events, ISRS retains the Data for the duration of the event; and for 2 years after the event;
- if the Data Subject has consented to receive communications (e.g. Newsletters), ISRS will retain the Data until unsubscription;
- if cookies are placed on the Data Subject’s computer, ISRS only retains the Data for the time necessary to achieve the purpose for which it was collected (for example, for one session for registration cookies or session identification cookies).
ISRS may retain Data to fulfil ISRS’ legal or regulatory obligations, or for statistical or historical purposes. When ISRS no longer needs to use or retain the Data, ISRS will delete it from its systems and files or anonymise it so that the Data Subject can no longer be identified.
12. Changes to this General Data Protection Policy
ISRS reserves the right to update or change this General Data Protection Policy at any time.
Any changes to this General Data Protection Policy will come into effect when ISRS posts it on its website.
13. Contact Information
If you have any questions about data protection, please send an e-mail to the following address [email protected]
14. Effective Date
This General Data Protection Policy has been updated on 31.08.2023.