1. Introduction

This Privacy Policy explains how [Your Organization Name] (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information when you use our website, webinar platform, and related services (the “Services”) for the Global Online Research Afternoon series.

We are committed to protecting your privacy and complying with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

Data Controller Information:

• Organization: [Your Organization Name]
• Registered Address: [Full Address]
• Registration Number: [Company/Organization Number]
• Email: [Contact Email]
• Phone: [Contact Phone]

Data Protection Officer:

• Name: [DPO Name]
• Email: [DPO Email]
• Phone: [DPO Phone]

2. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

2.1 Consent (Article 6(1)(a) GDPR)

When you explicitly agree to our processing of your data, such as:

• Subscribing to our newsletter
• Opting in to marketing communications
• Allowing optional cookies

2.2 Contract Performance (Article 6(1)(b) GDPR)

When processing is necessary to provide our Services, including:

• Processing your registration for webinars
• Providing access to webinar content
• Managing your account

2.3 Legal Obligation (Article 6(1)(c) GDPR)

When we must process your data to comply with legal requirements, such as:

• Tax reporting obligations
• Responding to lawful requests from authorities

2.4 Legitimate Interests (Article 6(1)(f) GDPR)

When processing is necessary for our legitimate interests, such as:

• Improving our Services
• Preventing fraud and ensuring security
• Analyzing Service usage and performance
• Internal research and analytics

We always balance our legitimate interests against your rights and freedoms.

3. Information We Collect

3.1 Information You Provide Directly

Registration Information:

• Full name
• Email address
• Professional title and specialty
• Institution or organization name
• Country of practice/residence
• Professional registration number (optional)
• Areas of research interest

Communication Information:

• Questions submitted during webinars
• Emails you send us
• Survey responses
• Feedback and comments

Sponsorship Information (for sponsors):

• Company name and contact details
• Billing information
• Contract and agreement details

3.2 Information We Collect Automatically

Technical Information:

• IP address
• Browser type and version
• Operating system
• Device information
• Time zone setting

Usage Information:

• Pages visited on our website
• Webinar attendance and duration
• Features used during webinars (polls, Q&A participation)
• Referring website
• Date and time of access

Cookies and Similar Technologies:

• Session cookies
• Preference cookies
• Analytics cookies
• Marketing cookies (with consent)

See Section 8 for detailed information about cookies.

3.3 Information from Third Parties

Webinar Platform Data:

We use third-party webinar platforms that may collect:

• Attendance data
• Engagement metrics
• Technical performance data

This data is processed in accordance with our agreements with these providers and applicable data protection laws.

4. How We Use Your Information

We use your personal information for the following purposes:

4.1 Service Delivery

• Process your webinar registrations
• Provide access to live and recorded sessions
• Send webinar reminders and access links
• Manage your account
• Respond to your inquiries and requests
• Provide technical support

4.2 Communication

• Send you updates about upcoming webinars
• Share relevant research and educational content
• Notify you of changes to our Services or policies
• Send administrative messages

4.3 Improvement and Analytics

• Analyze Service usage and performance
• Understand user preferences and behavior
• Improve content quality and relevance
• Develop new features and services
• Conduct research and statistical analysis

4.4 Marketing (with consent)

• Send promotional materials about our Services
• Share information about sponsor products (anonymized)
• Conduct market research

4.5 Legal and Security

• Comply with legal obligations
• Protect against fraud and abuse
• Enforce our Terms of Service
• Protect the rights and safety of our users
• Resolve disputes

4.6 Sponsor Reporting

• Provide anonymized aggregate statistics to sponsors
• Generate attendance and engagement reports (no personal data shared without consent)

5. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

5.1 Service Providers

We share data with third-party service providers who assist us in operating our Services, including:

• Webinar platform providers (e.g., Zoom, WebEx)
• Email service providers
• Website hosting providers
• Analytics services
• Payment processors (if applicable)

All service providers are contractually obligated to protect your data and use it only for the purposes we specify, in compliance with GDPR requirements (Article 28).

5.2 Sponsors (Limited and Controlled)

• Aggregate, anonymized attendance and engagement statistics
• With your explicit opt-in consent only: contact information for lead generation
• We never share personal data with sponsors without your explicit consent

5.3 Speakers and Presenters

• Your questions submitted during webinars (may include your name if provided)
• Feedback relevant to their presentations (anonymized where possible)

5.4 Legal Requirements

We may disclose your information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal obligations, court orders, or government requests
• Enforce our Terms of Service
• Protect the rights, property, or safety of us, our users, or others
• Prevent fraud or security threats

5.5 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred. We will notify you via email and/or prominent notice on our website before your data is transferred and becomes subject to a different privacy policy.

5.6 With Your Consent

We may share your information with third parties when you give us explicit consent to do so.

6. International Data Transfers

6.1 Transfer Mechanisms

Your personal information may be transferred to and processed in countries outside the European Economic Area (EEA) where our service providers are located. When we transfer data outside the EEA, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent data protection
• Binding Corporate Rules
• Appropriate certifications (e.g., EU-U.S. Data Privacy Framework where applicable)

6.2 Specific Transfers

Our webinar platforms may process data in the following locations: [List specific countries/regions where data is processed, e.g., United States, United Kingdom]

We ensure all such transfers comply with GDPR Chapter V requirements.

7. Data Retention

7.1 Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected:

Account Information:

• Active accounts: Duration of account plus 2 years after last activity
• Deleted accounts: 30 days (to allow recovery), then permanently deleted

Webinar Attendance Data:

• Attendance records: 3 years for reporting and analysis purposes
• Engagement data (polls, Q&A): 2 years

Communications:

• Newsletter subscriptions: Until you unsubscribe, then immediately deleted
• Email correspondence: 3 years for support purposes

Financial Records (if applicable):

• 7 years to comply with tax and accounting regulations

Anonymous Analytics Data:

• Indefinitely (as it cannot identify individuals)

7.2 Deletion Requests

You may request deletion of your data at any time (see Section 10). Some data may be retained longer when required by law or legitimate business purposes, but will be securely stored and access restricted.

8. Cookies and Tracking Technologies

8.1 What Are Cookies

Cookies are small text files stored on your device when you visit our website. We use cookies and similar technologies to enhance your experience and analyze how our Services are used.

8.2 Types of Cookies We Use

Strictly Necessary Cookies (No consent required):

• Essential for the website to function
• Enable core features like security and accessibility
• Cannot be disabled
• Duration: Session or up to 1 year

Functional Cookies (Optional):

• Remember your preferences and settings
• Provide enhanced features
• Improve user experience
• Duration: Up to 2 years

Analytics Cookies (Optional):

• Help us understand how visitors use our Services
• Collect anonymous statistics
• Examples: Google Analytics, Matomo
• Duration: Up to 2 years

Marketing Cookies (Requires consent):

• Track visitors across websites
• Display relevant advertisements
• Measure campaign effectiveness
• Examples: LinkedIn Insights, Facebook Pixel
• Duration: Up to 2 years

8.3 Managing Cookies

You can control and manage cookies through:

• Our cookie consent banner (when you first visit)
• Cookie settings page [link to cookie settings]
• Your browser settings

Please note that disabling certain cookies may affect the functionality of our Services.

8.4 Third-Party Cookies

Some cookies are placed by third-party services we use. These are subject to the respective privacy policies of those providers:

• Google Analytics: https://policies.google.com/privacy
• [Add other third-party services you use]

8.5 Do Not Track

Some browsers support a “Do Not Track” feature. Our website currently does not respond to Do Not Track signals, but you can control cookies through our cookie settings.

9. Data Security

9.1 Security Measures

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction, including:

Technical Measures:

• SSL/TLS encryption for data transmission
• Encrypted data storage
• Regular security assessments and penetration testing
• Secure authentication mechanisms
• Firewall protection and intrusion detection
• Regular software updates and security patches

Organizational Measures:

• Access controls and authentication
• Staff training on data protection
• Confidentiality agreements with employees and contractors
• Data protection impact assessments (DPIAs)
• Incident response procedures
• Regular policy reviews

9.2 Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

• Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
• Notify affected individuals without undue delay (GDPR Article 34)
• Provide information about the breach and measures taken

9.3 Your Responsibility

You are responsible for:

• Keeping your account credentials confidential
• Using strong, unique passwords
• Logging out after using shared devices
• Reporting any suspected security breaches to us immediately

10. Your Rights Under GDPR

As a data subject in the EU/EEA, you have the following rights:

10.1 Right of Access (Article 15)

You have the right to obtain:

• Confirmation that we process your personal data
• A copy of your personal data
• Information about how we use your data

10.2 Right to Rectification (Article 16)

You have the right to correct inaccurate or incomplete personal data.

10.3 Right to Erasure / “Right to be Forgotten” (Article 17)

You have the right to request deletion of your personal data when:

• The data is no longer necessary for the purposes collected
• You withdraw consent and no other legal basis exists
• You object to processing and no overriding legitimate grounds exist
• The data has been unlawfully processed
• Deletion is required to comply with a legal obligation

Note: We may retain some data where required by law or for legitimate purposes.

10.4 Right to Restriction of Processing (Article 18)

You have the right to request restriction of processing when:

• You contest the accuracy of the personal data
• Processing is unlawful but you prefer restriction over deletion
• We no longer need the data but you need it for legal claims
• You have objected to processing pending verification of legitimate grounds

10.5 Right to Data Portability (Article 20)

You have the right to:

• Receive your personal data in a structured, commonly used, machine-readable format
• Transmit your data to another controller where technically feasible

This applies to data processed based on consent or contract, and by automated means.

10.6 Right to Object (Article 21)

You have the right to object to processing based on:

• Legitimate interests (including profiling)
• Direct marketing (including profiling for marketing)

We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, or for legal claims.

10.7 Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects. We do not currently use automated decision-making processes.

10.8 Right to Withdraw Consent

Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing before withdrawal.

10.9 Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, workplace, or where an alleged infringement occurred.

EU Member State Supervisory Authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en

Lead Supervisory Authority for [Your Organization]:

• [Name of your supervisory authority]
• Website: [URL]
• Contact: [Contact information]

10.10 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: [Privacy/DPO Email]
• Subject line: “GDPR Rights Request”

Include in your request:

• Your full name and email address
• The specific right you wish to exercise
• Any relevant details to help us locate your data

We will respond to your request within one month. This may be extended by two months for complex requests, in which case we will inform you.

11. Children’s Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18.

If we become aware that we have collected personal information from a child under 18 without parental consent, we will take steps to delete that information as quickly as possible.

If you believe we have collected information from a child under 18, please contact us immediately at [Privacy Email].

12. Marketing Communications

12.1 Opt-In

We will only send you marketing communications if you have:

• Opted in during registration, or
• Provided separate consent for marketing communications

12.2 Content

Marketing communications may include:

• Information about upcoming webinars
• Educational content related to diabetic foot research
• Updates about our Services
• Relevant research publications and resources

12.3 Unsubscribe

You can opt out of marketing communications at any time by:

• Clicking the “unsubscribe” link in any marketing email
• Updating your preferences in your account settings
• Contacting us at [Email]

Note: You will still receive essential service communications (webinar confirmations, access links, account notifications) even if you opt out of marketing.

12.4 Soft Opt-In

If you register for our webinars, we may send you information about similar educational events and services based on the “soft opt-in” provision. You can opt out at any time.

13. Third-Party Websites and Services

Our Services may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to such third parties.

We are not responsible for the privacy practices of third-party websites or services. We encourage you to review the privacy policies of any third-party sites you visit.

Third-party platforms we use (which have their own privacy policies):

• [Webinar Platform Name]: [Privacy Policy URL]
• [Email Service Provider]: [Privacy Policy URL]
• [Analytics Service]: [Privacy Policy URL]

14. Changes to This Privacy Policy

14.1 Updates

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

14.2 Notification

When we make material changes to this Privacy Policy, we will:

• Update the “Last Updated” date at the top of this policy
• Notify you via email to the address associated with your account
• Display a prominent notice on our website

14.3 Continued Use

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes acceptance of the changes. If you do not agree to the updated policy, please discontinue use of our Services and contact us to delete your account.

14.4 Review

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

15. Special Categories of Data

15.1 Sensitive Data

We generally do not collect special categories of personal data (sensitive data) as defined by GDPR Article 9, such as:

• Health data (beyond your professional specialty in healthcare)
• Racial or ethnic origin
• Political opinions
• Religious or philosophical beliefs
• Trade union membership
• Genetic or biometric data
• Data concerning sexual orientation

15.2 Professional Context

The nature of our Services (professional education in diabetic foot disease) means that participants are healthcare professionals. However, we do not collect or process health data about individuals themselves.

15.3 Explicit Consent

If we ever need to process special categories of data, we will obtain your explicit consent as required by GDPR Article 9(2)(a), unless another lawful exception applies.

16. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) when implementing new technologies or processing activities that may pose high risks to your rights and freedoms, as required by GDPR Article 35.

17. Contact Information

17.1 General Privacy Inquiries

Email: [Privacy Email]

Address: [Full Postal Address]

Phone: [Phone Number]

17.2 Data Protection Officer

• Name: [DPO Name]
• Email: [DPO Email]
• Phone: [DPO Phone]

17.3 Response Time

We aim to respond to all privacy-related inquiries within 5 business days for initial acknowledgment, and within 1 month for full resolution (as required by GDPR).

18. Supervisory Authority

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with your local supervisory authority:

[Your Lead Supervisory Authority Name]

Address: [Address]

Website: [URL]

Phone: [Phone]

Email: [Email]

You can also find contact information for all EU supervisory authorities at: https://edpb.europa.eu/about-edpb/about-edpb/members_en

19. Consent Record

By registering for our Services, you acknowledge that you have read and understood this Privacy Policy and consent to the collection and processing of your personal data as described herein, where such processing is based on consent.

You can withdraw your consent at any time by contacting us or using the unsubscribe mechanisms provided.