During a visit of our websites generally some personal data, for example the IP address of the computer system used, is stored in server log files. More information about this data can be found at "Recording of general data and information". Insofar as a data subject wants to make use of special services offered by us on our websites, a more extensive processing additional personal data may become necessary. We generally ask for the consent of the data subject before processing personal data if the processing is not based on legal obligations.
The controllers are:
CPO HANSER SERVICE GmbH
Paulsborner Straße 44
Tel.: +49 30 300669-0
European Society of Pathology (ESP)
Rue Bara 6
Tel.: +32 25208036
Our joint Data Protection Officer can be contacted at:
CPO HANSER SERVICE GmbH
Am AKKU 7
Tel.: +49 40 6964809-0
Every data subject may contact our Data Protection Officer directly for questions and comments regarding our data protection practices at any time.
Upon visiting our websites our servers are recording a set of general data and information. This set of general data and information is stored in server log files. The following information may be recorded: (1) the Internet browser and browser version used, (2) the operating system of the computer system used, (3) the website that referred to our website (referrer), (4) the sub pages that are accessed on our website, (5) time and date of the access to our website, (6) an internet protocol address (IP address), (7) the internet service provider of the accessing system and (8) or any other similar data and information, which may be used to protect our information technology system against danger in the case of a cyber attack.
When using this general data and information we are not drawing any conclusion on the directly affected data subject. Furthermore, this information is necessary to (1) deliver the contents of our websites correctly, (2) optimise the contents of our websites and the respective advertising without individualisation, (3) guarantee the long-term operational liability of our information technology systems and our websites as well as (4) provide necessary information for prosecution to law enforcement authorities in the case of a cyber attack.
The recorded sets of data and information are processed statistically and beyond that to improve data protection and data security in our organisation to finally guarantee an optimum level of data protection for all processed personal data. This optimisation is a legitimate interest according to Article 6(1)(f) GDPR. This data is stored separately from all other personal data provided by the data subject and is deleted 14 days after the data subjects' access to our website.
Our website allows the data subject to register for an event, such as congresses, conferences and training courses. Which personal data is gathered and processed for these purposes results from the respective form that is used for the registration process. These forms vary depending on the type of registration.
The registration of the data subject, providing the mandatory personal data, serves the controller to enable the data subject to attend an event or submit scientific contributions.
When registering for the attendance at an event a contractual relationship will be established. The data subject will be informed about this, along with the terms and conditions, during the registration process. Mandatory data for the contractual relationship are labeled as such in the registration process. The processing of the data is legally based on Article 6(1)(b) GDPR.
Personal data that is gathered from data subjects to serve for the attendance at an event, such as congresses, conferences and training courses, and the submission of scientific contributions will be transferred to processors by using their IT systems.
All personal data that is not subject to a legal retention period will be deleted automatically 24 months (grace period to be able to issue invoices and certificates of attendance) after the liquidation or termination of a contractual relationship.
Our website allows you to submit scientific contributions to events, such as congresses, conference or training courses. The gathering of this data to organise an event is based on a legitimate interest according to Article 6(1)(f) GDPR. Parts of the provided will be published in the printed event program, the online program on this website and the mobile event app. The published data includes (a) name of persons, (b) name, city and country of the clinic or institute of all persons who are named during the submission of the contribution, such as Chairs, Co-Chairs, Speakers and further participants where applicable, like Discutants or Moderators in sessions or contributions. Beyond that, the data of Authors and Co-Authors of submitted posters will be published.
Furthermore, this data will be transfered to processors for the purposes of scientfic reviewing, as well as the gathering of additional data for on-site services, like the submission of presentations or handout papers.
The scientific evaluation of contributions (reviewing) is carried out by a scientific review committee commissioned by the European Society of Pathology.
Due to statutory obligations our websites provide contact information to electronically contact our organisation rapidly and allow a direct communication with us. This also includes the provision of a public e-mail address. If a data subject contacts us via e-mail or a provided contact form, the transmitted personal data will be saved automatically. This personal data is transmitted to us on a voluntary basis and is processed by us for contacting reasons only and will not be distributed to third parties.
Our websites offer the opportunity to register for a newsletter about our services, such as memberships, congresses, conferences and education programms, to our website visitors. Which kind of personal data are transmitted to the controller for different newsletters depends on the provided registration forms.
We periodically inform our customers and business partners about our offers and services through newsletters. Our newsletters can generally be received by a data subject if (1) the data subject provides a valid e-mail address and (2) the data subject registers for the newsletter self-reliantly. Using double opt-in procedures, we are sending out a validation e-mail to the e-mail address that has been provided by the data subject during the registration for newsletters for legal reasons. This validation e-mail is intended to verify that the owner of the provided e-mail address gives his consent to the newsletter registration as a data subject.
During the newsletter registration we are processing the IP address that is assigned by the internet service provider (ISP) to the computer system used during the registration by the data subject, along with the date and time of registration. This data processing is necessary to trace a possible abuse of the data subject's e-mail address at a later time and, therefore, serves for our legal protection.
All personal data that is processed for the newsletter registration is solely used for sending our newsletters to the registered recipients. We are offering several newsletters to subscribe to, such as newsletters for different congresses, conferences or services. The personal data of a data subject that has been provided for the subscription to a specific newsletter will categorically be used only to send out these specific newsletters. The data will not be used for any additional newsletters. Furthermore, newsletter subscribers may be informed about changes by e-mail to the registered e-mail address, if required for operational or registration purposes of the newsletter service, as well as for technical changes. The provided personal data will not be transferred to third-parties, except processors of the newsletter sendings. You can unsubscribe from our newsletter at any time. Your consent to the processing of your personal data can be revoked at any time, too. To revoke your consent and to unsubscribe from our newsletters please use the unsubscribe link, which can be found in every newsletter we send. Furthermore, you can unsubscribe from the newsletter by entering the e-mail address, which is registered for the newsletter, in the unsubscribe form on our website. Beyond that a subject may revoke the consent for the data processing by sending us a written notice.
The data for the newsletter sending is processed by processors. We have contracted the following processors for the newsletter sending:
Our newsletters contain so called tracking pixels. A tracking pixel is a miniature graphic, which is embedded to e-mails, that are sent in HTML format, to allow us to log and analyse newsletters. This is the basis for statistical evaluations of the success or failure of our e-mail marketing campaigns. On the basis of a tracking pixel we can reproduce if, when and on which platform, for example PC, mobile phone or tablet, an e-mail has been opened by the data subject. Furthermore we are able to see which links have been clicked in the e-mail by the recipient.
The personal data that is collected through the usage of tracking pixels is processed by us to optimise the sending of newsletters and improve the contents of the newsletters according to the recipients' interests. This personal data will not be transferred to third-parties, except processors of the newsletter sendings. Data subjects are entitled to revoke the consent for the usage of tracking pixels in the newsletters, which has been given in the double opt-in registration for newsletters, at any time. After revoking your consent we will automatically delete all data of that kind. An unsubscription from the newsletter is considered a revocation of consent.
The consent to the newsletter tracking is given on a voluntary basis and can be revoked by the data subject through editing the newsletter recipient profile at any time. You can find a link to edit your profile in every newsletter.
We store and process your personal data only for the term that is needed to reach the purpose of the data storage and processing or terms that are required by European or other legislative or regulative authorities for the processing and storage of data by the controller or the purposes of storage and processing.
Once the purpose of the data storage and processing lapses or the storage period required by European or other legislative or regulative authorities expires, the personal data will routinely and in accordance with the legal regulations be locked for processing or deleted.
Right to information
According to Article 15 GDPR you have the right to demand a confirmation whether we process your personal data. Should we process your personal data you have the right to be informed about this personal data and further information, which are explained in Article 15 GDPR.
Right to rectification
According to Article 16 GDPR you have the right to demand immediate rectification of incorrect personal data relating to you. Furthermore, taking into consideration the purposes of the processing you have the right to request the completion of incomplete personal data, also by means of a complementary declaration.
Right to erasure
You have the right to demand that we delete all of your stored personal data immediately. We are obligated to delete personal data immediately, provided the conditions of Article 17 GDPR are met. For further information about the details of these conditions we refer to Article 17 GDPR.
Right to restriction of processing
According to Article 18 GDPR you have the right to demand the restriction of processing of your personal data under certain circumstances.
Right to data portability
According to Article 20 GDPR you have the right to receive your provided personal data in a structured, common and machine-readable format from us. Furthermore, you have the right to transmit this data to a controller of your choice without any obstruction by us, insofar the processing is based on a consent according to the Articles 6(1)(a) or 9(2)(a) GDPR, as well as it is based on a contract according to Article 6(1)(b) GDPR and the data is processed by the means of automated procedures.
Right to object
According to Article 21 GDPR you have the right to object to the processing of your personal data that is based on the Articles 6(1)(e) or (f) GDPR. This also applies for a profiling based on these rules.
If we process your personal data for direct marketing purposes, you are entitled to object to the processing of your personal data for these purposes. This also applies for profiling that is linked to such direct marketing activities.
If you intend to exercise your given rights, please contact us - the controller - directly using the above stated contact information or choose one of the provided options to contact us on an alternative way to inform us. If you have any questions in this respect, please also contact us directly.
Right to logde a complaint with a supervisory authority
According to Article 77 GDPR you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider the the processing of personal data relating to you infringes the GDPR.
We have integrated the component of Google Analytics (with the anonymizer function) on this website. Google Analytics is a web analytics service. Web analytics is the collection, gathering, and analysis of data about the behavior of visitors to websites. A web analysis service collects, inter alia, data about the website from which a person has come (the so-called referrer), which sub-pages were visited, or how often and for what duration a sub-page was viewed. Web analytics are mainly used for the optimisation of a website and in order to carry out a cost-benefit analysis of Internet advertising.
The operator of the Google Analytics component is Google Inc., 1600 Amphitheatre Pkwy, Mountain View, CA 94043-1351, United States.
During the first visit of our websites we invite the data subject to consent the usage of Google Analytics. The data subject's activities on our websites are not recorded as long as the respective consent has not been given.
If Google does not provide this Internet browser plugin for the Internet browser or IT system used for your visit, you can deactivate Google Analytics by using this Link: Deactivate Google Analytics. This deactivation only takes effect for the currently used IT system and for the currently used Internet browser
For the web analytics through Google Analytics we use the application "_gat. _anonymizeIp". By means of this application the IP address of the Internet connection of the data subject is abridged by Google and anonymised when accessing our websites from a Member State of the European Union or another Contracting State to the Agreement on the European Economic Area.
The purpose of the Google Analytics component is to analyze the traffic on our website. Google uses the collected data and information, inter alia, to evaluate the use of our website and to provide online reports, which show the activities on our websites, and to provide other services concerning the use of our Internet site for us. This purpose is considered a legitimate interest according to Article 6(1)(f) GDPR.
Google Analytics places a cookie on the information technology system of the data subject. The definition of cookies is explained above. With the setting of the cookie, Google is enabled to analyze the use of our website. With each call-up to one of the individual pages of this Internet site, which is operated by the controller and into which a Google Analytics component was integrated, the Internet browser on the information technology system of the data subject will automatically submit data through the Google Analytics component for the purpose of online advertising and the settlement of commissions to Google. During the course of this technical procedure, the enterprise Google gains knowledge of personal information, such as the IP address of the data subject, which serves Google, inter alia, to understand the origin of visitors and clicks, and subsequently create commission settlements.
The cookie is used to store personal information, such as the access time, the location from which the access was made, and the frequency of visits of our website by the data subject. With each visit to our Internet site, such personal data, including the IP address of the Internet access used by the data subject, will be transmitted to Google in the United States of America. These personal data are stored by Google in the United States of America. Google may pass these personal data collected through the technical procedure to third parties.
The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such an adjustment to the Internet browser used would also prevent Google Analytics from setting a cookie on the information technology system of the data subject. In addition, cookies already in use by Google Analytics may be deleted at any time via a web browser or other software programs.
Further information and the applicable data protection provisions of Google may be retrieved under https://www.google.de/intl/en/policies/privacy/ and under http://www.google.com/analytics/terms/us.html. Google Analytics is further explained under the following Linkhttps://www.google.com/analytics/.
Alphabet Inc. and its subsidiaries (e.g. Google LLC) comply the requirements of the EU-U.S. Privacy Shield Framework, as well as the Suisse-US Privacy Shield Framework. Further information about these treaties may be retrieved under https://www.privacyshield.gov/.
We have integrated components of YouTube on this website. The operating company of YouTube is YouTube LLC, 901 Cherry Ave., San Bruno, CA 94066, USA.
YouTube videos on our website are embedded solely by usage of the “privacy-enhanced mode” of YouTube. According to its terms YouTube collects information about the visitors of a website only if they play a video. Further information about this can be accessed athttps://support.google.com/youtube/answer/171780?hl=en in the section “Turn on privacy-enhanced mode”.
With each call-up to one of the individual pages of this Internet site, which is operated by the controller and on which a YouTube component (YouTube video) was integrated, the Internet browser on the information technology system of the data subject is automatically prompted to download a display of the corresponding YouTube component. Further information about YouTube may be obtained under https://www.youtube.com/yt/about/en/. During the course of this technical procedure, YouTube and Google gain knowledge of what specific sub-page of our website was visited by the data subject.
The embedding of YouTube videos serves the purpose of providing informative, additional or scientific contents on this website, which are published by their authors to a broad audience through a public platform (YouTube). This purpose is considered a legitimate interest according to Article 6(1)(f) GDPR.
If the data subject is logged in on YouTube, YouTube recognises with each call-up to a sub-page that contains a YouTube video, which specific sub-page of our Internet site was visited by the data subject. This information is collected by YouTube and Google and assigned to the respective YouTube account of the data subject.
YouTube and Google will receive information through the YouTube component that the data subject has visited our website, if the data subject is logged in on YouTube while playing the video on our website. If such a transmission of this information to YouTube and Google is not desirable for the data subject, the delivery may be prevented if the data subject logs off from their own YouTube account before a call-up to our website is made.
YouTube's data protection provisions, available at https://www.google.de/intl/en/policies/privacy/, provide information about the collection, processing and use of personal data by YouTube and Google.
Alphabet Inc. and its subsidiaries (e.g. Google LLC, YouTube LLC) comply the requirements of the EU-U.S. Privacy Shield Framework, as well as the Suisse-US Privacy Shield Framework. Further information about these treaties may be retrieved under https://www.privacyshield.gov/.
We process your data responsibly and neither use automated decision making nor profiling.