Latest update: 15 January 2019
In relation with its business activities, the French Dental Association (ADF) may collect and process personal data as described in EU Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of natural persons with regard to the processing of personal data (General Data Protection Regulation, hereafter referred to as "the GDPR") and in French act n°78-17 of 6 January 1978 on Information technology, data files and civil liberties (Loi Informatique et Libertés, hereafter "French act on IT").
1. Who is responsible for the collection and processing of the data?
2. When is personal data collected and processed by the ADF?
The ADF may collect and process personal data as defined in the GDPR and the French act on IT in several situations:
• for the organisation and running of its annual dental meeting (Congrès de l'ADF): the ADF receives registration applications from the meeting participants, processes invitations, organises the speakers' lectures, manages the exhibitors' requests for exhibition spaces and stands;
• when the ADF manages its internal, associative and union activities, in particular when it organises meetings for its members. The ADF may also use practitioners' personal data obtained from professional directories;
• when the ADF sells a publication or training module via its websites, it collects information on the person who places the order;
• when you browse the websites, independently from buying a publication or training module, the ADF may collect several technical personal data;
• when the ADF enters into a contract with a service provider, it may collect several personal data concerning the provider or the provider's representative.
3. Which personal data is collected and processed by the ADF?
The ADF applies the principle of data minimization, which means that it collects and processes only the personal data that is strictly necessary to accomplish its purposes.
The ADF does not trade personal data. The ADF collects and processes data only to be able to correctly conduct its association activities, including the organisation of its annual dental meeting.
The ADF collects and processes the following data:
• when you register to take part as visitor or conference delegate in the ADF annual dental meeting (Congrès de l'ADF), you are required to provide information about your identity (first name, last name, gender, date of birth, passport number), your postal address, information about your occupation (ADELI and RPPS numbers for dentists practising in France, graduation year, dental faculty, academic titles, type of practice, specialisation, SIRET number for French companies), your contact details (email address, phone number) as well as your bank details should you need to be reimbursed;
• when you register to take part as speaker in the ADF annual dental meeting, to deliver lectures during the training sessions organised for the event, you are required to provide information about your identity (title, first name, last name, date of birth), your address, your contact details (email address, phone number) and your bank details for the reimbursement of expenses;
• when you register to take part in the ADF annual meeting as exhibitor, you are required to provide information about your identity (first name, last name), your address, your contact details (phone number, fax number, email address) as well as bank details;
• when the ADF manages its internal activities, it keeps records of its members and of its committee members, with data about their identity (first and last names) and their contact details (postal address, telephone and fax numbers, email address).
• data concerning dental practitioners. The ADF obtains personal data about you from professional directories. This data relates only to your professional practice;
• when you browse the websites, several personal data about you are collected and processed by the ADF. This data, collected automatically, is: the Internet Protocol (IP) address of the computer you are using, your connection date and time, the kind of computer you are using, the operating system and browser you are using, your screen's resolution, and the name of your internet provider. We also keep a record of the pages you visit. This data enables us to customise your navigation of the website, to guarantee a good connection, to assess the safety of the system and to obtain statistics. The data is collected using cookies, i.e. text files that are stored on your computer.
4. On which legal basis is personal data collected and processed?
The ADF does not conduct any illegal collection or processing of personal data. All personal data is collected and processed by the ADF on the basis of well-established legal grounds:
• for the most part, the data we collect is necessary for the execution of a contract between you and us, for example because you have wished to take part in the ADF annual dental meeting as conference delegate, visitor, speaker or exhibitor, or because you are a service provider appointed by the ADF;
• part of the data collected automatically is necessary for us to correctly achieve our legitimate purposes, in particular our association activities, with the understanding that neither the collection nor the processing of this data is likely to affect your interests or fundamental freedoms;
• We collect other personal data on the basis of your consent. In this respect, we invite you to give us only the information that is strictly necessary.
If "sensitive" data as defined by the GDPR and the French act on IT is collected, it concerns only your membership in a professional union, in relation with the legitimate activities of the ADF, which itself emanates from professional unions. The data is collected and processed with the appropriate guarantees: it concerns only the members or former members of the ADF or persons who are in regular contact with the ADF, in connection with the ADF's purposes. This data is not disclosed outside of the ADF without your consent.
5. How do we use the data we collect?
The ADF uses the personal data collected in the situations described above only for specific and legitimate aims, which are strictly within the scope of its activities, in accordance with its purposes.
Basically, these aims are as follows:
• the collected data is mainly used for the proper execution of a contract and its outcomes, as is the case in particular for your contact details. These may be used for your registration to the annual dental meeting, to confirm the attribution of a space in the exhibition, for invoices and/or the reimbursement of expenses, or to issue certificates. The data can also be used to process an order placed on the websites for a training module;
• the collected data may be used to manage our relations with you, in particular through informative emailing campaigns or satisfaction surveys;
• the collected data may be used for internal purposes, e.g. to convene ADF member or committee meetings or to collate attendance statistics for the ADF annual dental meeting.
• some of the collected data helps us manage our websites. We analyse it (either ourselves or through the services of a contractor) to understand how our websites are used (e.g. which pages are most visited) and how we can improve their content and functionalities. The data can also help us improve our product (training) and service offering. We may also use your device's address to fight specific cases of fraud, including identity theft.
6. Who do we share the collected data with?
The personal data we collect is useful before and above all to the ADF itself. It is used by the staff of the relevant ADF departments (annual meeting management team., ADF members management team, ADF Committees management team, administrative staff, information technologies staff,…)
The data may also be shared with specific third parties, as exhaustively listed hereafter:
• our service providers: we may contract third party service providers, in particular to help us with the organisation of the annual dental meeting. These service providers may for example be responsible for controlling access to the exhibition halls and lecture rooms, issuing the meeting passes, etc. We also use the services of the email platform Sarbacane to send out our prospection or information email campaigns.
• the authorities: we may, if necessary, be obliged to cooperate with the authorities – the state, administrative or legal authorities, and more particularly the authorities in charge of enforcing the GDPR and the French act on IT. Consequently, we reserve the right to divulge any information collected in the course of our activities to the competent authorities should we be enjoined to do so, for example as part of investigations into a stolen credit card.
7. How long does the ADF keep your personal data?
The ADF keeps your personal data in an identifiable form only for as long as is strictly necessary to accomplish the purpose of the processing. For example:
• the data relating to the annual dental meeting (including the list of participants or speakers) is kept for a period of three years;
• the data relating to the members of the various ADF bodies (including the ADF committees) is kept for a period of 10 years;
• the data relating to transactions on the websites is kept for a period of three years;
• the automatically-collected data relating to your use of the websites is automatically erased when you log out.
Other data, statistics in particular, are made anonymous by removing all details that identify you.
8. What are your rights with regard to the personal data we hold about you?
The ADF respects your rights as defined in the GPDR and the French act on IT.
You therefore have the right to ask to access the personal data that the ADF holds about you, as well as the right to ask for your personal data to be corrected or erased, or for its use to be restricted. You also have the right to object to the processing of your personal data.
However, should you object to or ask for restricted use of your personal data, it is possible, for example, that the ADF may no longer be able to proceed with your registration to the annual dental meeting. Moreover, should you object to the processing of your personal data or ask for it to be erased, some of the data may be kept in order to enable the ADF to comply with its legal obligations.
You also have the right to give instructions regarding the storage, deleting and disclosure of your personal data after your death. Should no such instructions exist, your personal data shall be kept for the durations specified in the paragraph above, except if your heirs ask for it to be deleted sooner.
Please note that to block unsolicited phone calls, you can register in France to the national "do not call" registry provided at www.bloctel.fr.
You may also at any time file a complaint with the Data Protection Authorities – either with those in charge of data protection in your country of residence or with the French Commission Nationale de l’Informatique et des Libertés (CNIL) at www.cnil.fr.
9. How is your personal data protected?
In its capacity as data controller, the ADF commits to implementing and maintaining, at its own expense, all appropriate technical and organisational measures for the processing and safety of personal data, in conformity with articles 32 to 34 of the GDPR and 70-13 of the French act on IT.
The ADF ensures that these technical and organisational controls remain at all times relevant to the specific risks identified in relation with the nature of the data it may collect and with its processing activities, in order to protect your personal data against destruction, loss, modification, and non-authorised accidental or illegal disclosure.
The technical measures implemented by the ADF are as follows:
• all personal data is stored on servers located in France;
• all information relating to banking transactions is encrypted and transmitted from start to finish via a secure SSL connection. Data relating to bank cards is neither collected nor stored by the ADF.
The organisational measures implemented by the ADF are as follows:
• only specific exhaustively-listed ADF staff members are authorised to have access to your personal data;
• access to your personal data is protected via usernames and passwords;
• the servers that store your personal data are controlled via security groups.
The ADF also commits to keeping, updating and storing complete and accurate records detailing all the personal data processing activities it conducts.
10. Is your personal data transferred internationally?
Your personal data is stored on servers located in France. No international data transfer is authorised.
11. Contact us for more information