According to article 14 of the EMBL Internal Policy No. 68 on General Data Protection.

EMBL’s course and conference office is the data controller of personal data you provide to the European Molecular Biology Laboratory (EMBL) upon registering for or expressing interest in attending a course or a conference as a member of the audience or as an invited speaker. Your data will be processed for the purposes of participation management, for documenting these events through public communication and promotion of EMBL activities (for example: if you are a speaker, we may publish your name and your organisation’s name on our blogs, websites and social media), for provision of additional event services, for reports and surveys and to provide relevant information to your emergency contacts (for example: if you participate in an event, we may ask you to provide us with details of your emergency contact so we can notify the contact in case of any accident).

EMBL runs paid and unpaid social media campaigns to increase the visibility and participation of its courses and conferences. Note that EMBL does not directly process personal data for these campaigns. They are run by the Social Media platforms independently. However, to assess the effectiveness of these campaigns, EMBL collects information via Google Analytics on its website. I.e. in practice, when clicking on a Social Media / Google ad promoting EMBL’s events, you will be re-directed to EMBL’s website where some information will be processed. Additionally, data will also be collected when traffic reaches our website organically.

EMBL’s course and conference office maintains your data in systems described in ‘recipients’ section below and in our registration system. Some of this data is provided by the European Molecular Biology Organization (EMBO), some is provided by you, while others are produced through our interactions with you or collected from publicly accessible sources.

We collect various categories of your personal data, depending on the recipients (service providers) we use. Those categories include (where known):

1. Personal details (e.g. name, last name, phone number, email address, picture if it was taken during the event or if you provide it, job function, organization/department name, name and details of your employer/institutional affiliation, gender, nationality)
2. Address details (e.g. city, postcode, country)
3. Dietary and/or medical requirements in connection with your registration for an on-site event
4. EMBL alumni information
5. Areas of scientific interest
6. Subscription preferences (e.g. quarterly events newsletter, event topic announcements, latest blog posts, sponsorship newsletter)
7. Contact details (name, phone number, email) of an emergency contact
8. Information about relevant skills, experience and qualifications in connection with your application for an event or a course
9. Information about how you heard about the event you are registering for
10. Our communications with you (including date, content of formal messages and engagement statistics)
11. Survey responses and feedback on various items / topics
12. Information on event attendance (including dates and event name)
13. To assess the effectiveness of social media campaigns, the following data will be collected by Google Analytics via EMBL’s website: unique Google ID (i.e. Google provides an ID number to EMBL enabling us to link the user to the specific campaign), platform of origin (e.g. Google ad or Social Media ad), city, country, type of device, browser, EMBL website visits, and if the user registers to an event (Google Analytics indicates whether the specific Google ID has registered or not, without providing additional information). Note that Google Analytics does not log or store IP addresses. However, it may process additional information about you (e.g. gender, age, etc. if available to Google), but EMBL only uses the information mentioned above. For more information on the processing of personal data in Google Ads, see this link.

We rely on the following legal basis while processing your data:

• achievement of the aims laid down in EMBL’s establishing agreement of 1973 (Article 6(1)(a) of IP 68), i.e. provision of advanced training and teaching in molecular biology
• legitimate interest of EMBL (Article 6(1)(c) of IP68), i.e. promoting EMBL’s activities or conducting surveys
• when it’s necessary to process your personal data to enter into or execute a contract with EMBL (Article 6(2) of IP68)
• your consent (Article 6(3) of IP68), i.e. to use pictures of you we took during our courses or events.

Some of your personal data may be disclosed to the following external data processing recipients from various categories. Those categories are:

1. customer relationship management (CRM)
2. virtual conference platform
3. payment services (credit or debit cards)
4. EMBL’s conferences app system, EMBL mediasite service, EMBL archive 
5. workspace services if you take part in a training course or a conference
6. personalised mailing services (newsletters)
7. survey services to collect your feedback after attending a course or conference
8. EMBO – for EMBO practical course or EMBO workshop
9. virtual learning services
10. networking services
11. provider of Q&A, polling and quizzes services
12. catering, accommodation, security, transport and travel services or quality improvement services (eg. iPosters)
13. Additional community resources in which you may choose to provide personal data during training events (you will not be obliged to do so but if you choose to do so you should be aware that your personal data will be shared with other course participants)
14. external committees – if you submit an abstract to present at a conference or apply for financial assistance, your abstract and personal data will be shared with a committee of scientists, some of whom will be external to EMBL, for an evaluation and selection process
15. WordPress to provide EMBL events blog (https://www.embl.org/about/info/course-and-conference-office/blog/) and the EMBL.org event websites, press releases, printed materials or published materials on EMBL`s website or intranet site, EMBL Events Blog and EMBL mediasite, social network channels, social media fan pages
16. virtual and graphic art
17. Google Ads and Google Analytics (for the campaign statistics).

If you want to obtain a list of all the names of the recipients, please contact us.

Personal data of your emergency contacts will be shared only with the events software providers under point 1 above. Your data may also be processed internally by EMBL’s departments other than EMBL’s course and conference office.

Your personal data will be stored for as long as you may have an account on the controller’s registration system, however the data of your emergency contacts will be deleted after the event. Your published data on EMBL website, EMBL intranet site, EMBL social media accounts, EMBL Mediasite and EMBL Blog will be kept for as long as the controller has the account open. Photos and video recordings will be stored for as long as it is necessary for the purpose of the CCO activity.

You can also exercise following rights, granted under the Article 16 of the EMBL Internal Policy No 68:

• a right not to be subject to a decision made by automated means (i.e., without any human intervention)
• a right to request access to your personal data
• right to request information on the reasoning underlying data processing
• a right to object to the processing of personal data
• a right to request erasure or rectification of your personal data.

Please note that those rights can be subject to limitations, as described in Article 16 (2) of the EMBL Internal Policy No 68.

If you wish to exercise your rights or wish to contact the data controller regarding any other data protection related matters, you can contact us by email or by sending a letter to:

EMBL Heidelberg

Course and Conference Office

Meyerhofstraße 1

69117 Heidelberg

Germany

Advice on data protection matters can also be obtained from the EMBL Data Protection Officer (DPO), under Article 20(2) of the EMBL Internal Policy No 68. The DPO can be reached by email at dpo@embl.org.

If you wish to complain under Article 25(1) of the EMBL Internal Policy No 68, you may do so with the DPO by email at dpo@embl.org. 

If you believe that the response of the DPO is unsatisfactory or if the DPO has failed to respond within three months from receipt of the complaint, you may complain in writing to the Data Protection Committee. It can be reached by email at dpc@embl.org or by post at:

EMBL Heidelberg

Data Protection Committee

Meyerhofstraße 1

69117 Heidelberg

Germany