The Parenteral Drug Association (hereinafter “PDA,” “we,” “us,” or similar) is an organization with its main office at 4350 East West Highway, Suite 600, Bethesda, MD 20814. We collect and process several categories of personal data from you as a registrant or attendee to our event in connection with which this Privacy Notice is issued (the “event”) and, in the event your registration is made online, as a user of the PDA website you used for such registration (hereinafter the “Website”).
Please read this Privacy Notice carefully to understand how we handle your personal information.
2. PERSONAL DATA WE PROCESS ABOUT YOU
2.1 Event registrations
We use our registration process, including through our Website, to collect personal data that you directly input into the registration forms, as well as in any other form or page we set up as an event organizer, such as your name, email address, payment information, and other information. We collect this data, and we process it in the performance of a contract with you (the purchase of event registration) as well as in our legitimate interest to manage our events and contact you, as follows:
(a) Manage our event attendees;
(b) Contact you about the event you have registered for;
(c) Contact you about other events that we organize and think may be of interest to you, from you which you can opt out at any time by using the unsubscribe link in the email, or by contacting us as indicated in section 7;
(d) Run statistics about our event attendees; and
(e) Improve our future events.
2.2 Event registration, participation and related matters
To participate in our events in person, you may be issued a name tag that identifies the level of access that your ticket grants you. You will be asked to show this name tag at the entry in the various areas of our events, as this is in our legitimate interest to manage the access to our events.
Where we provide food at our events, we may ask you about food allergies or other conditions, so that we adapt our menu accordingly. Providing this information is optional, and we will only process it if you update your profile with such information.
The information above is stored and processed by us only for as long as it is reasonably necessary to offer the event to you and then maintain records of your attendance of the event, including your payment for the event (such as for statute of limitations purposes or sales or other tax reporting purposes).
2.3 Photos and videos
We may be taking pictures and record video footage of our events. Given that our events are public areas with controlled access, and that we do not intend to photograph you directly but rather groups (unless you are a speaker or a special guest), we do this based on our legitimate interest to document our events and market their success, etc.) We will not use photos or videos for marketing purposes if they identify you unless we obtain your prior consent. PDA stores these photos and videos for the entire period PDA (or its legal successor) exists.
If you are a speaker in our events, we will be processing your name, title, company, professional bio, education, as well as your presentation slides (if applicable), photos and videos of you at our events. The presentation slides (if applicable), photos and videos may be made public through the channels we consider appropriate (our website, third party websites, social media).
We do ask for your consent to take photos and videos of you and share them publicly, however, given that our interest is to publicize our events. If you do not agree to the usage of your data as described in the role as a speaker, we may refuse to appoint you as an orator.
This processing is made in our legitimate interest to promote our events, and we store the data for up to the entire period PDA (or its legal successor) exists.
2.5 Related services
2.6 Partner marketing
When you attend our events, you may receive promotional goods or a conference bag with various items, some provided by us and some provided by our event partners or sponsors. This product placement is made without providing your personal data to our partners, therefore if you are interested in any of their products, please contact them directly.
2.7 Use of the Website
3. HOW WE SHARE INFORMATION
We will disclose your personal data only for the purposes and to those third parties, as described below. We will take appropriate steps to ensure that your personal data are processed, secured, and transferred according to applicable law.
3.1 Disclosure to third parties
We will share the strictly necessary parts of your personal data, on a need-to-know basis with the following categories of third parties:
(b) Hotels where we book accommodation in your name, if you request us to;
(c) Companies that provide products and services to us (processors), such as:
(i) Third parties involved in organizing our events, client support, or sales activities;
(ii) Information technology systems suppliers and support, including email archiving, telecommunication suppliers, back-up and disaster recovery and cybersecurity services.
(d) Other parties such as public authorities and institutions, accountants, auditors, lawyers and other outside professional advisors, where their activity requires such knowledge or where we are required by law to make such a disclosure.
We will also disclose your personal information to third parties:
(i) If you request or authorize so, such as with other event Attendees solely for networking purposes by placing your contact information on the event Attendee List, or with Exhibitors or Sponsors to contact you about their offerings of goods and services;
(ii) To persons demonstrating legal authority to act on your behalf;
(iv) If we are under a duty to disclose or share your personal information to comply with any legal obligation, any lawful request from government officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
(v) To respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
(vi) To protect the rights, property or safety of PDA, our employees, customers, suppliers, visitors, or other persons.
Note to individuals located in the EEA: We, as well as some of these other recipients, may use your data in countries which are outside of the EEA. Please see Section 4 below for more detail on this aspect.
Note to Exhibitors and Sponsors: If your representative is an attendee who obtains a copy of the Attendee List, the personal data on that Attendee List may only be used by that representative for his or her personal purposes to network with other attendees. Exhibitors and Sponsors may not use contact information of any attendee unless the attendee consents to such use.
Note to all attendees: If you consent to PDA sharing your contact information with the Exhibitors and/or Sponsors of the event, please check the listing of such Exhibitors and/or Sponsors regularly as it may be updated from time to time.
3.2 Restrictions on use of personal information by recipients
Any third party processors with whom we choose to share your personal information under the above are limited (by law and by contract) in their ability to use your personal information for the specific purposes identified by us. We will always ensure that any third parties with whom we choose to share your personal information are subject to privacy and security obligations consistent with this Privacy Notice and applicable laws. However, for the avoidance of doubt, this cannot be applicable where the disclosure is not our decision, including where you request it.
Save as expressly detailed above; we will never share, sell or rent any of your personal information to any third party without notifying you and, if applicable, obtaining your consent.
4. PROVISIONS APPLICABLE ONLY TO INDIVIDUALS LOCATED IN THE EEA
4.1 Transfers of information outside of the EEA
Since we are an organization headquartered in the USA, we process your personal data outside of the EEA. We do this in the performance of the contract you conclude with us by purchasing a registration for our events.
Where your personal data is transferred to other entities as mentioned in Section 3 above, we will take appropriate measures to ensure that the recipient protects your personal information adequately by this Privacy Notice. These measures include entering into European Commission approved standard contractual arrangements with them, or ensuring they have signed up to the EU-US Privacy Shield (see further https://www.privacyshield.gov/welcome).
Further details on the steps we take to protect your personal information in these cases is available from us on request by contacting our Privacy Officer, firstname.lastname@example.org at any time.
4.2 Your rights
As a data subject, under EU data protection law you have specific legal rights relating to the personal data we collect from you. We will respect your individual rights and will deal with your concerns adequately.
Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
Object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party), and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful, but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
• Response Time: We will try to fulfill your request within 30 days, which may be extended due to specific reasons relating to the specific legal right or the complexity of your request. In all cases, if this period is extended, we will inform you about the term of extension and the reasons that led to it.
• Restriction of access: In certain situations, we may not be able to give you access to all or some of your personal data due to statutory provisions. If we deny your request for access, we will advise you of the reason for the refusal.
• No identification: In some cases, we may not be able to look up your personal data due to the identifiers you provide in your request. In such cases, where we cannot identify you as a data subject, we are not able to comply with your request to execute your legal rights as described in this section, unless you provide additional information enabling your identification. We will inform you and give you the opportunity to provide such additional details.
• Exercise your legal rights: To exercise your legal rights, please contact us in writing (including electronically) at the contact details provided in section 7 below.
Right to complain: You can file a complaint to the data protection authority in your country.
We are committed to protecting personal information from loss, misuse, disclosure, alteration, unavailability, unauthorized access and destruction and take all reasonable precautions to safeguard the confidentiality of personal information, including through the use of appropriate organizational and technical measures. Organizational measures include physical access controls to our premises, staff training, and locking physical files in filing cabinets. Technical measures include the use of encryption, passwords for access to our systems and use of anti-virus software.
In the course of the provision of your personal data to us, your personal information may be communicated via transfer over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information between you and us over the internet is not completely secure. As such, we cannot guarantee the security of your personal information transmitted to us over the internet and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorized access to it.
6. CHANGES TO OUR PRIVACY NOTICE
7. CONTACT INFORMATION
Please direct your questions regarding the subject matter of data protection and any requests in the exercise of your legal rights to the following contact details:
4350 East-West Highway, Ste 600, Bethesda, MD 20814
Phone number: +1 (301) 656-5900
We will investigate and attempt to resolve any request or complaint regarding the use or disclosure of your personal information.