Information in accordance with Article 13 and 14 GDPR
In order to provide certain services to our business and cooperation partners, website users, job applicants as well as other interested parties (in the following collectively referred to as “data subject“, “you“), we process your personal data (in the following also referred to as “data“).
For the purpose of transparency and in accordance with Articles 13 and 14 of the General Data Protection Regulation (“GDPR“), we, therefore, want to inform you about the data processing as follows:
The controller of the data processing activities as described in this data protection information is
- IRAS Interventional Radiology Accreditation Service GmbH (in the following referred to as “IRAS”, “we“, “us“), Neutorgasse 9, 1010 Vienna, Company Registry Number 483890d.
For any request and further information regarding the processing of your data, please contact us at firstname.lastname@example.org.
How and why we process your data
2.1 IASIOS accreditation & account administration
For your IASIOS accreditation and the administration of your IASIOS account, we process the following data: title, name, gender, IASIOS ID, profession, date of birth, contact information (email, telephone number), postal address, associated medical institution (name, postal address), medical fields practiced, information on your IASIOS subscription history, information on your payment history, national HCP registration numbers (only if applicable), copies of any documents you send us to support your subscription or process your applications or registration.
The processing of above-mentioned data is necessary to administer your IASIOS accreditation and subscription as well as services associated therewith (e.g. administration of you IASIOS account). The processing is based on the fulfilment of our contractual obligations according to Art 6 (1) lit b GDPR.
Furthermore, we process your data for internal statistical use and optimisation of our activities based on our legitimate interest according to Art 6 (1) lit f GDPR as well as statutory obligations according to Art 6 (1) lit c GDPR.
Your data is stored for as long as you remain active with IASIOS and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).
2.2 Other business partner relationships
We process your data for the performance of our contractual duties according to our contractual relationship with you (Art 6 (1) lit b GDPR), for compliance with other legal obligations (Art 6 (1) lit c GDPR) and/or for the purpose of legitimate interests, except where such interests are overridden by your interests in the confidentiality of your data (Art 6 (1) lit f GDPR).
We transfer data to third parties as far as this is necessary in order to render our services to you. This includes in particular the following parties: Banks, tax accountants, lawyers and other accounting or consultant firms. Where legally obliged to, we also transfer your data to public authorities and or institutions.
We store the aforementioned data in any case for the duration of active business relationship and beyond that in accordance with the statutory retention and documentation obligations (e.g. in accordance with the Austrian Company Code and the Austrian Federal Tax Code).
2.3 Promotion & Newsletter
If you subscribe to IRAS newsletter available under https://cirse.us3.list-manage.com/subscribe?u=779f6cb869e5dbae472c59ab6&id=7d86fbe97b or other IRAS promotions, we process your data you voluntarily provide, in particular your contact details (such as name, postal address, email address), in order to send you up-to-date information on events and other relevant news by e-mail or postal means at regular intervals. The data processing is based on your explicit consent according to Art 6 (l) lit a GDPR in connection with Section 107 Abs 2 Austrian Telecommunications Act. You can withdraw your consent at any time with effect for the future by e-mail to email@example.com. Your data will be stored until you valid withdrawal.
2.4 Contact forms
If you contact us via email or via other contact options offered, the data you provide will be processed in order to handle and respond to your inquiry, in particular: Name, email or phone number, any data provided in the text or conversation. This data will be stored for a maximum of 2 years or, if applicable, during an ongoing business relationship for 7 years from the last business transaction.
We process the data for the purpose of your contact with us in the context of (pre)contractual relationships in accordance with Art 6 para 1 lit b DSGVO.
In addition, your data may be passed on to legal representatives, notaries, courts and administrative authorities in case of need.
2.5 Cookies & Log-files
You can refuse the storage of individual cookies via configuration in the cookie banner or you may withdraw your consent to storage at a later time via configuration of your browser. When cookies are stored on the basis of your voluntary consent, your data may be transferred to recipients in third countries outside the EEA, in particular to the US. The European Court of Justice, however, considers that the US does not offer an adequate level of data protection to data subjects; in particular, there is a potential risk that your data may be viewed by US authorities for control and monitoring purposes. With your consent, you agree that cookies from third-party providers in the US or from other insecure third countries may be used and you accept a possible lower level of data protection (Art 49 (1) lit a GDPR).
2.6 Job Applications
If you apply for a job with IRAS, the data you provide within the application process will be processed (in particular curriculum vitae, contact details). The processing of your data is based on the performance of pre-contractual measures, namely the application procedure aiming to conclude an employment contract according to Art 6 (1) lit b GDPR or your explicit consent if you would like IRAS to keep your application on file according to Art 6 (1) lit a GDPR.
Your data will be deleted after 7 (seven) months in accordance with the provisions of the Austrian Equal Treatment Act (Gleichbehandlungsgesetz, GlBG) unless IRAS will keep your data on file based on your explicit consent.
Unless otherwise indicated above, your data is stored on the servers of our IT provider, CTI Meeting Technology, Nussdorferstrasse 20/22, 1090, Vienna, which we have contractually obliged to comply with applicable data protection laws according to Art 28 GDPR.
If the above-mentioned recipients of your data are located outside the EEA and it has not been established by a decision of the EU Commission that the country concerned has an adequate level of data protection, we will ensure that the transfer takes place on the basis of standard contractual clauses (as amended from time to time) or otherwise in accordance with Articles 46, 47 or 49 GDPR.
IRAS takes all necessary and appropriate technical and organizational measures to protect the rights and freedoms of data subjects as well as reviews these measures on a regular basis. Accordingly, our IT providers are contractually obliged to adhere to all standards of applicable data protection laws. Please note that e-mails are sent using commercially available software programs, some of which are not encrypted. If contents to be transmitted are particularly confidential or worthy of protection for data subjects, they should be transmitted to IRAS by post or end-to-end encrypted.
Information and Access
You are entitled to obtain information by IRAS as to which data are being processed and to get access to that data upon your request. We will provide you with one copy of the data undergoing processing free of charge, unless the disclosure may adversely affect the rights and freedoms of others.
Should you have consented to a specific use of your data by IRAS, you can withdraw that consent at any time, by changing your IRAS account settings or contacting us under firstname.lastname@example.org.
Rectification and Erasure
You are entitled to request rectification of inaccurate data or completion of incomplete data concerning you without undue delay.
You are entitled to request erasure of data without undue delay, if
(i) Data are no longer necessary in relation to the purposes for which they were collected,
(ii) You object to the processing
(iii) Data have been unlawfully processed
(iv) Data have to be erased for compliance with a legal obligation applicable to IRAS
However, IRAS is not obliged to execute such erasure if processing is necessary
(i) for exercising the right of freedom of expression and information,
(ii) for compliance with a legal obligation to which IRAS is subject,
(iii) for the establishment, exercise or defence of legal claims.
Restriction of Processing
You are entitled to request the restriction of processing of data in the following circumstances and for the following periods of time:
(i) you contest the accuracy of the data concerning you; restriction of processing may be affected for a period enabling us to verify the accuracy of the relevant data,
(ii) the processing is unlawful and you oppose the erasure of the data and request the restriction of their use instead,
(iii) we do no longer need the data for the purposes of the processing, but they are required by you for the establishment, exercise or defence of legal claims,
(iv) you have objected to processing, for the period until the verification whether our legitimate grounds override those of you.
You are entitled to data portability, namely to receive your data which you have provided to IRAS and which is processed
(i) based on the concluded contract
(ii) and by automated means
in a structured, commonly used and machine-readable format.
You are entitled to request that the data is transmitted directly to another controller by us, where technically feasible. This right shall not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority.
Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of data concerning you which is based on our legitimate interests according to Art 6 (1) lit f GDPR. If you object to processing of your data we shall cease to process this data unless our legitimate interests to processing your data prevail.
Right to file complaint
You have the right to file a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, if you believe that your rights to data protection are being infringed.
Last updated October 11, 2021
What is a cookie?
A cookie is a small file that can be stored on your device that allows your browser to remember things about your use of a website. These cookies can be strictly technically necessary for the correct functioning of the website (e.g. by remembering log-ins or previously selected site preferences or feedback information to the host of the website) or just help us understand your browsing behaviour.
What types of cookies do we use?
Iasios.org uses strictly technically necessary cookies – These cookies are essential to provide you with the services of our website, including cookies that make it possible for you to stay logged into your IASIOS account. If you set your browser to block all cookies, then the website’s functions and services will not work for you, we would not even be able to save your preferences about cookies.
List of cookies used by iasios.org:
- metaDCR-user (purpose: recognise user after login)
- MoodleSession (purpose: maintain login from page to page)
- MoodleID (purpose: remembers username within the browser)
- _ga (purpose: to distinguish users)
- _gid (purpose: to distinguish users)
- ga (purpose: to persist session state)
- gac_gb (purpose: Contains campaign related information)
- _gat_gtag_UA* (purpose: to store and track conversions)
- _ga (purpose: to store and count pageviews)
- _gid (purpose: to store and count pageviews)
- wordpress_[hash] (purpose: recognising user)
- wordpress_logged_in_[hash] (purpose: recognising user)
- wordpress_test_cookie (purpose: saving cookie preferences)
- cirse_login_gtm_event (purpose: track user login in Google Analytics)
- cirse_login_matomo_event (purpose: track logged in user status in Matomo)
- cirse_logout_matomo_event (purpose: track user logout in Matomo)
- cirse_user_id (purpose: recognise returning user)
- catAccCookies (purpose: saving cookie preferences)
- woocommerce_cart_hash (purpose: contain information about shopping cart)
- woocommerce_items_in_cart (purpose: contain information about shopping cart)
- wp_woocommerce_session (purpose: identifying cart data in the database for each customer)
- _pk_id (used to store a few details about the user such as the unique visitor ID)
- _pk_ref (used to store the attribution information, the referrer initially used to visit the website)
- _pk_ses, _pk_cvar, _pk_hsr (short lived cookies used to temporarily store data for the visit)
- __cflb (purpose: Cloudflare Load Balancer; expires: on closing browser)
- cc_cidentify_user_id (purpose: cache recognised user to reduce network traffic; expires: on closing browser)
- cc_user_professions (purpose: cache professions of recognised user to reduce network traffic; expires: on closing browser)
- cc_professions (purpose: cache available professions to reduce network traffic; expires: on closing browser)
- cirse_api_session (purpose: recognising user; expires: after 67 days)
- cirse_api_destination (purpose: redirecting user after login; expires: on closing browser)
- PHPSESSID (purpose: recognising user; expires: on closing browser)
List of cookies used by Matomo:
- pk_id – 13 months (used to store a few details about the user such as the unique visitor ID)
- pk_ref – 6 months (used to store the attribution information, the referrer initially used to visit the website)
- pk_ses, _pk_cvar, _pk_hsr – 30 minutes (short lived cookies used to temporarily store data for the visit)
- pk_testcookie is created and should be then directly deleted (used to check whether the visitor’s browser supports cookies)
- mtm_consent (or mtm_consent_removed) are created with an expiry date of 30 years to remember that consent was given (or removed) by the user
- mtm_cookie_consent is created with an expiry date of 30 years to remember that consent for storing and using cookies was given by the user
List of cookies used by Google Analytics:
- __utma cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmb cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmc cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmv cookie (purpose: collecting basic anonymised data about your use of cirse.org like log in duration or time of day visited)
- __utmz cookie (purpose: collecting anonymised data on how you reached the website – via link, google search, keyword search etc.)
Regarding strictly technically necessary cookies, which are required for the functioning of the website, it is not possible to reject the use of these cookies on this website. However, you are able to modify the application of technically non-necessary cookies (e.g. Google Analytics, Matomo) in our cookie banner or in your browser settings.
If you do not agree to the storage of Matomo cookies you can deactivate the storage here. In this case, an opt-out cookie will be stored in your browser, which prevents Matomo from accessing your data. If you delete your cookies, the Matomo opt-out cookie will be deleted as well. The opt-out must be reactivated when you visit our site again.
You have the option to reject the use of Google Analytics on our website and prevent any cookies this tool places on your device. To deactivate Google Analytics on this site (or on others) you are required to install this browser extension/add-on: https://tools.google.com/dlpage/gaoptout?hl=en
Please note that CIRSE is not responsible for the functioning or content of third party cookies.
Last updated October 11, 2021