General
La Asociación Española de Microinmunoterapia, L’Institut IFMi, Institut Français de Micro-immunothérapie and MEGEMIT – Medizinische Gesellschaft für Mikroimmuntherapie (hereinafter, “the Associations”, “We”, or “Our”) are committed to ensuring the confidentiality and data protection rights of users and visitors to the website. We process personal data in accordance with all applicable data protection laws and regulations, including but not limited to the EU General Data Protection Regulation 2016/679 (GDPR).
This data protection information explains how the Associations process personal data.
What is personal data?
Personal data is any information relating to an identified or identifiable natural person (“data subject”), such as names, addresses, phone numbers, email addresses, dates of birth, gender, health-related data, or location data (“personal data”).
Data controllers
For GDPR purposes, the data controllers determining the purposes and means of processing, and who may act as joint controllers for certain activities, are:
- Asociación Española de Microinmunoterapia (hereinafter, AEMI) with registered office at Portal de l’Àngel 36, 08002 Barcelona, Spain.
- Institut IFMi, Institut Français de Micro-immunothérapie with registered office at 49 Rue de Ponthieu, 75008 Paris, Francia.
- MEGEMIT – Medizinische Gesellschaft für Mikroimmuntherapie with registered office at SPACES/Gertrude-Fröhlich-Sandner-Str. 2, Tower 9, 1100 Vienna, Austria
Data Protection Officer (DPO) and Data Protection Manager
AEMI has appointed a Data Protection Officers (DPOs). There are communication channels with the other associations to address questions about implemented data protection measures and to manage data subject rights. Contact details are as follows:
The DPO for AEMI is registro.dpd@conversia.es.
The Data Protection Manager of iFMi can be contacted at: ifmi@microimmuno.fr.
The email address of MegeMIT’s data manager is: datenschutz@megemit.org.
Personal data we may proces
- Identity data, including name(s) and surname(s).
- Contact data, including email address, home or business postal address, phone number, and fax number.
- Professional data (of healthcare professionals), including title, specialty, and registration number or association membership.
- Financial data, such as bank details (IBAN) and payment information.
- Usage and device-related data, including IP address, browser plugin types and versions, operating system, and user platform.
Purposes, legal basis for processing, and retention periods
| Purposes | Legal basis | Storage |
| Response to users and visitors contacting via the website | Users and visitors consent. Legitimate interest of the Associations | The time needed for the purpose of the processing and depending on the applicable prescription period and the consent given |
| Collection of personal data (cookies) to improve our website | Users and visitors of the website consent | 13 months as per the Cookie Policy |
| Newsletter subscriptions and communications | Users and visitors consent. Legitimate interest of the Associations | The time needed for the purpose of the processing and depending on the applicable prescription period and the consent given |
| Collection and registration of healthcare professionals’ data in the professional area | Healthcare professional consent. Legitimate interest of the Associations | The time needed for the purpose of the processing and depending on the applicable prescription period and the consent given |
| Administrative management of partners, invoicing, accounting and compliance with legal and fiscal obligations | Healthcare professional consent. The performance of a contract. Legal obligation. | The time needed for the purpose of the processing and depending on the applicable prescription period and the consent given |
| Sharing health professionals’ data with patients | Healthcare professional consent | The time needed for the purpose of the processing and depending on the applicable |
| Publication of testimonials | Consent of the person who sends the testimonial through the website form. The performance of a contract | The time needed for the purpose of the processing and depending on the applicable prescription period and the consent given |
| Management of the association’s social media (LinkedIn, Facebook, Instagram, etc.) | Legitimate interest of the Associations | The time needed for the purpose of the processing and depending on the applicable prescription periodFinally, we inform you that we do not collect health data or any other special categories of personal data without the corresponding data subject’s consent. Additionally, we do not collect or process personal data of minors. |
Finally, we inform you that we do not collect health data or any other special categories of personal data without the corresponding data subject’s consent. Additionally, we do not collect or process personal data of minors.
Communication of personal data
Personal data received through this website may be shared between the associations and communicated to collaborators, in accordance with the purposes and legal basis detailed in this notice. The Associations may require the assistance of suppliers to perform certain activities, and therefore may need to share personal data with collaborators with whom processing agreements are in place.
Transfers of your personal data outside the European Economic Area (EEA)
There will be no transfers of personal data outside the EEA.
Security of personal data
The Associations adopt appropriate technical and organizational measures to ensure a level of security adapted to the risk posed by personal data processing, protecting the rights and freedoms of individuals. These measures are designed to protect personal data from destruction, loss, alteration, accidental or unlawful disclosure, or access by unauthorised third parties.
Your rights
Data subjects can exercise the following rights:
- Right of access: they have the right to obtain confirmation of whether their personal data has been processed and, if so, to receive precise information on the processing of their data. They also have the right to request a copy of the information we hold on data subjects.
- Right to rectification: they have the right to request that we rectify any inaccurate personal data, including completing or correcting any information we hold.
- Right to erasure (right to be forgotten): they can request the deletion of their personal data, if applicable.
- Right to restrict processing: they can request that some of their data not be processed.
- Right to data portability: they can request to retrieve their information in a structured, commonly used, and machine-readable format and transfer it to other data controllers.
- Right to object: they can object to the processing of their personal data.
The application of these rights is not absolute. Requests to exercise rights will be evaluated by the DPO or the Associations Data Protection Manager.
When the processing of your data is based on consent, you may withdraw it at any time, without justification.
To obtain more information or exercise your rights, contact the DPO or Data Protection Manager of the Associations.
You also have the right to lodge a complaint with the Data Protection Authority of the EU Member State where you reside, work, or where the alleged infringement occurred, if you believe your personal data is not being processed in accordance with the GDPR.
You can find contact details of the various European Data Protection Authorities at this link: https://ec.europa.eu/justice/article-29/structure/data-protection-authorities/index_en.htm
Revised version dated 24th October 2024.