European Association for Dental Public Health (EADPH)
3rd February 2019
European Association for Dental Public Health (EADPH), a registered charity in the Federal Republic of Germany
means the General Data Protection Regulation.
The President of EADPH
Register of Systems
EADPH/ Joint EADPH BASCD members
The General Data Protection Regulation (GDPR) is a new, Europe-wide law.The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This policy will be updated in line with changes which may happen post Brexit.
1. Data protection principles
The European Association for Dental Public Health (EADPH) is committed to processing data in accordance with its responsibilities under the GDPR.
EADPHis committed to ensuring that your privacy is protected. The EADPHmay change this policy by updating this page. Members are advised to check the website for the most up-to-date version. Queries should be directed to the EADPH secretary.
This policy sets out EADPH’scommitment to ensuring that any personal data, including special category personal data, which EADPHprocesses, is carried out in compliance with data protection law.
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. General provisions
- This policy applies to all personal data processed by EADPH.
- The Responsible Person shall take responsibility for the EADPH’songoing compliance with this policy.
- This policy shall be reviewed at least annually.
3. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, EADPHshall maintain a Register of Systems.
- The Register of Systems shall be reviewed at least annually.
- Individuals have the right to access their personal data and any such requests made to EADPHshall be dealt with in a timely manner.
4. Lawful purposes
- EADPH shall note the appropriate lawful basis in the Register of Systems.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-inconsent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in EADPH’s
5. Data minimisationand individual membership information
- EADPH shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- We collect membership information from members via the Membership Officer who has a database of members including those on the Borrow Membership Subsidised Scheme. The information collected includes:
- Name, surname and title
- Contact information including email addressand postal address
- Attendance at EADPH conferences/workshops and SIGs
- We will email EADPH and Joint EADPH/BASCD members about the annual general meeting, conferences, newsletters and any information that is relevant to activities of EADPH. These will be service-based messages that are related to legitimate activities of EADPH, membership issues, any sharing of information from any other relevant organisations in the field such as the local conference organisers, the European Association for Public Health, SESPO, WFPHA, ADEE, CECDO, BASCD, IADR, European Platform for Better Oral Health, our sponsors (e.g. Borrow Foundation, GSK, Colgate) etc..
- EADPH shall take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
- Accuracy of the data will depend on whether members update their contact details with the Membership Officer
7. Archiving / removalor cancellation of membership
- The member has the responsibility for notifiying the Membership Officer their wish to cancel their membership. When cancelling membership, the registrant will no longer received the Community Dental Health Journal.
- Membership fees is due annually on 1st
- To ensure that personal data is kept for no longer than necessary, EADPH shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
- The archiving policy shall consider what data should/must be retained, for how long, and why.
- EADPHshall ensure that personal data is stored securely using modern software that is kept-up-to-date. Any databases should be encrypted
- Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information. Members contact details are only accessed by Council members who need those details to serve the functions of EADPH
- When personal data is deleted this should be done safely such that the data is irrecoverable.
- Appropriate back-up and disaster recovery solutions shall be in place.
- Data Sharing
EADPH will share your details with the British Association for the Study of Community Dentistry and more specifically with Dennis Barber Ltd; who are responsible having a database for posting Community Dental Health Journal.
EADPH will share details of members with the Conference Local Organising Committee to enable members to register for the conference. EADPH will also share data with the Borrow Foundation, and the sponsors if it is deemed relevant (to share information about the Borrow Subsidy Scheme, travel grant awards, research awards and membership related-issues). For example, winners of travel grant awards, research prizes and the Borrow Subsidy Scheme.
Photographs will be taken at conferences and uploaded on the website and newsletters. If a delegate does not agree, they can opt out by letting the Communications Officer know in writing or verbally at the conference.
- Conference organisers
The Local Organising Committee for conferences should clearly informpotential registrants about all the ways they are intending to use personal data and ask them to give separate consent for each instance.
Under the GDPR, any EU citizen can request a copy of all the personal data you hold on them, for free. Create a process to help you provide people with their data in a machine-readable format, like an Excel file, within 30 days of their request.
We will use your data to:
- register your attendance at the conference and workshops
- provide you with attendance certificates
- inform the relevant SIG Chairs which group you will be attending
- display your abstract in the conference booklet and poster presentation sessions
- share your information with EADPH board members and sponsors if relevant
Attendees need to give you permission to store and use their personal information. Using pre-ticked boxes and automatic opt-ins within registration formswill no longer be an option. Instead, consent will need to be unambiguous, using unticked opt-in boxes, separate from other terms and conditions. Attendees will also expect more clarification on how their information will be used. For example: When you areasking attendees if you can include their details in a delegate list, then you will need to clearly state what personal information will be included in that list, the names of the third parties you will be sharing that data with and how these organisations will be using their information.
I consent for the local organising committee to collect and process my data
I consent for the local organising committee to share my data with EADPH Board Members and institutional members such as the Borrow Foundation
If you are using an external conference organiser, event registration or event management platforms or tech that usespersonal data, you need to ask them to prove GDPR compliance.