Article 3 – Categories of Personal Data We Process

Depending on how you use the RiMS Digital Platform, we may process the following categories of personal data:

• Identification data: first name, last name, professional title/role, organisation/affiliation, profile picture.
• Contact data: email address, postal address, country, phone (if provided).
• Account data: username, account status, membership type, SIG membership(s), preferences, two-factor authentication status (not the codes themselves).
• Participation data: event registrations, attendance, workshop selections, abstract or application submissions where applicable.
• Transaction references: confirmation of payments or invoices linked to registrations or membership administration (payment details are processed by accredited payment providers; RiMS does not store full card data).
• Communication data: messages sent via forms, support requests, email interaction preferences, survey responses.
• Technical & log data: IP address, device/browser type, log timestamps, cookie identifiers and consent choices, strictly for security, fraud-prevention and platform integrity.

Article 4 – Purposes and Legal Bases

We process your personal data for the purposes below and on the corresponding legal bases under the GDPR:

• Account creation and administration (managing your user profile, membership, SIG participation)
  Legal basis: performance of a contract and/or pre-contractual steps.
• Event registration and delivery of services (congresses, workshops, online education, certificates)
  Legal basis: performance of a contract.
• Service communications (operational emails about your account, events, invoices, policy updates)
  Legal basis: performance of a contract and/or legitimate interests.
• Newsletters and updates (when you subscribe or are a member)
  Legal basis: consent (you can withdraw at any time) and/or legitimate interests for relevant member communications.
• Security, fraud-prevention and platform integrity (access logs, 2FA status, abuse detection)
  Legal basis: legitimate interests.
• Analytics and service improvement (aggregated usage statistics; cookies subject to your consent)
  Legal basis: legitimate interests and/or consent where required.
• Legal and regulatory obligations (tax/accounting retention, handling official requests)
  Legal basis: legal obligation.

Article 5 – Retention of Your Data

We retain personal data only for as long as necessary to fulfil the purposes described above, to comply with legal obligations, to resolve disputes, and to enforce agreements. In practice:

• Account & membership data are kept while your account is active and for a limited period afterwards if required for administration, legal or audit purposes.
• Event & participation records are retained to document attendance, certificates and compliance needs.
• Financial records (invoices, payment confirmations) are retained in accordance with applicable accounting laws.
• Marketing preferences are kept until you withdraw consent or object to such processing.
• Backups & logs are stored for limited, rolling periods solely for security and continuity.

Article 6 – Cookies and Similar Technologies

Our website and digital services use cookies and similar technologies. Some cookies are essential for the website to function, while others are used—only with your consent—for analytics or to improve your experience. You can manage your preferences at any time through our cookie settings banner.

• Strictly necessary cookies: enable core functionality such as secure login and page navigation.
• Functional cookies: remember your choices (e.g., language, preferences) to enhance usability.
• Analytics cookies: help us understand usage and improve the platform (set only with your consent).
• Marketing/third-party cookies: used by embedded services or social media (set only with your consent).

For more details on specific cookies used and their lifetimes, please consult the cookie banner or settings presented on your first visit and available via the footer of our site.

Article 7 – Sharing of Personal Data

Your personal data may be shared with the following categories of recipients, always limited to what is necessary:

• Service providers who support the operation of the RiMS Digital Platform (e.g., hosting, IT maintenance, payment processing, email delivery).
• Event partners involved in organising or delivering specific programmes or services you register for.
• Authorities or regulators when legally required to comply with applicable laws or respond to lawful requests.
• RiMS committees, boards, or SIG leaders for member administration and engagement purposes.

We do not sell or rent your personal data to third parties for marketing purposes.

Article 8 – International Data Transfers

If your personal data is transferred outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place to protect it, in compliance with the GDPR. This may include:

• Transfers to countries recognised by the European Commission as providing an adequate level of data protection.
• Use of Standard Contractual Clauses approved by the European Commission.
• Implementation of supplementary measures where necessary to ensure equivalent protection.

Article 9 – Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access – to know what data we hold about you and to request a copy.
• Right to rectification – to request corrections to inaccurate or incomplete data.
• Right to erasure – to request deletion of your personal data, subject to legal or contractual restrictions.
• Right to restrict processing – to limit how your data is used in certain circumstances.
• Right to data portability – to receive your personal data in a structured, commonly used format and transmit it to another controller.
• Right to object – to object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent – when processing is based on consent, without affecting the lawfulness of prior processing.

To exercise these rights, please contact us using the details provided in Article 1. You also have the right to lodge a complaint with your local data protection authority.

Article 10 – Security of Your Data

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These include secure hosting, encryption where appropriate, access controls, and regular monitoring of our systems. While we strive to protect your data, no transmission or storage method can be guaranteed 100% secure.

Article 11 – Changes to This Policy

We may update this Privacy & Cookie Policy from time to time to reflect changes in our practices, legal requirements, or other factors. The updated version will be posted on the RiMS Digital Platform with a new “last updated” date. We encourage you to review this page periodically.

Article 12 – Contact and Complaints

If you have any questions, concerns, or requests regarding this Privacy & Cookie Policy or your personal data, please contact us using the details in Article 1. You have the right to lodge a complaint with the Belgian Data Protection Authority (www.gegevensbeschermingsautoriteit.be) or your local supervisory authority.