1. User information
Who is the controller of your personal data?
European Migraine & Headache Alliance (EMHA) is a non-profit umbrella organization and is the CONTROLLER of the USER’s personal data and informs him/her that these data shall be processed in accordance with the provisions of Regulation (EU) 2016/679 of 27 April (GDPR). We consider USER those individuals (professionals, supporters, politicians, patients, contacts and other) who may provide their personal data to EMHA
You can contact to us at:
Rue d’Egmont 11
1000 Brusels (Belgium)
Why EMHA processes your personal data?
To maintain a professional relationship with the user. The planned processing operations are:
- Managing the relationship with EMHA members, professionals, supporters, politicians, patients, users and all those individuals who may provide their personal data through our forms.
- If the USER signs out the MIGRAINE STATEMENT, EMHA will process the personal data with the sole aim of supporting this initiative before European Union Institutions in order to claim for migraine patients´rights. Only in the case the user expressly accepts and provides consent, personal data (name) will be shown in the website. In the case of migraine patients, if they subscribe the MIGRAINE STATEMENT they may be providing health data and the fact of subscribing this statement means that EMHA may process only in this context.
- Sending commercial advertising communications by email. These communications will be made by the CONTROLLER and will be related to their activities or those of their partners or suppliers with whom they have reached a promotion agreement. In this case, the third parties will never have access to personal data.
- Conduct market research and statistical analysis.
- Processing orders, requests, respond to queries or any type of request made by the USER through any of the contact methods available at the CONTROLLER’s website.
Why can we process your personal data?
Because the processing is legitimised by article 6 of the GDPR as follows:
- With the USER’s consent: support the MIGRAINE MANIFEST (and if the user consents, display his or her name), sending commercial communications and the newsletter.
- In the legitimate interest of the CONTROLLER: conduct market research, statistical analysis, etc. and process orders, requests, etc. at the request of the USER.
For how long will we keep your personal data?
Data shall be stored for no longer than is necessary to maintain the purpose of the processing or for as long as there are legal prescriptions dictating their custody, and when such purpose is no longer necessary the data shall be erased with appropriate security measures to ensure the anonymization of the data or their complete destruction.
¿To whom do we disclose your personal data? (International transfers)
If you accept in the form “Show your name” any person who access to our web site will be able to see it with your express consent.
No communication of personal data to third parties is foreseen except, if necessary for the development and execution of the purposes of the processing, to our suppliers of services related to communications, with which the CONTROLLER has signed the confidentiality and data processor contracts required by current privacy regulations.
Some of those providers (i.e. Mailchimp) may be located out of the European Union but in this case, they have adopted guarantees enough (Standard Contractual Clauses among others) in order to comply with GDPR.
What are your rights?
The rights of the USER are:
- Right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
- Right of access, rectification, portability and erasure of your data and the limitation or objection to their processing.
- The right to file a claim with the Spanish Supervisory Authority if you consider that the processing does not comply with the current legislation.
Contact information for exercising rights:
Rue d’Egmont 11
1000 Brusels (Belgium)
2. COMPULSORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED BY THE USER
The USERS, by marking the corresponding boxes and entering data in the fields, marked with an asterisk (*) in the contact form or download forms, accept expressly and in a free and unequivocal way that their data are necessary for EMHA to meet their request, voluntarily providing their data in the remaining fields. The USER ensures that the personal data provided to the CONTROLLER are true and is responsible for communicating any changes to them.
The CONTROLLER informs that all data requested through the website are mandatory, as they are necessary for purposes expressed above. In the event that not all of the data is provided, EMHA will not processed them.
3. SECURITY MEASURES
That in accordance with the provisions of the current regulations on the protection of personal data, the CONTROLLER is complying with all the provisions of the GDPR regulations for processing the personal data for which they are responsible, and is manifestly complying with the principles described in Article 5 of the GDPR, by which they are processed in a lawful, fair and transparent manner in relation to the data subject and appropriate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The CONTROLLER guarantees that all appropriate technical and organisational policies have been implemented to apply the security measures established by the GDPR in order to protect the rights and freedoms of USERS and has communicated the appropriate information for them to be able to exercise them.
For further information about privacy guarantees, you can contact the CONTROLLER through:
Rue d’Egmont 111000