Privacy Notice for Participants to the 2nd European Health Data Protection Congress
Paris – October 18-20, 2024

This privacy notice applies to the processing of data related to the 1st European Health Data Protection Congress, taking place in Paris on October 18-20, 2024 (“the Event”).

“EHPDC”, as the Controller of the personal data, has committed to comply with the General Data Protection Regulation (“GDPR”) and all applicable laws and regulations regarding data protection. EHDPC wants to make sure that you understand what personal information is collected about you in the context of your participation in the Event, how your personal information is used and how it is kept safe.

Please note that, if you are a speaker intervening during the Event, you have already received a dedicated information form to get your authorization for your presentation/round table recording.

1 .What personal data do we process?

General information collected: name, surname, title, email address, country, signature, bank information if necessary for the fee payment;
Photographs taken during the Event;
Recording (which may include faces and/or voices) of the persons asking questions during the different presentations/Round table that are recorded.

2. How and why do we use your personal information?

To organize your participation in the Event: allow you to register to the Event, confirm your registration, communicate on the Event organization, check that you are properly registered upon your arrival to the Event, …
To communicate about the Event follow-up, including by the way of communications on EHDPC and partners’ websites and social networks (e.g LinkedIn) about the Event;
To provide the attendees with a recording of the presentation, during a limited amount of time, after the Event.

3. On what basis do we use your personal data?

The legal basis for data processing to organize your participation in the Event is the contractual obligations of EHDPC, in the context of your registration in the Event. If you do not provide us with the necessary data in this context, it will not be possible to manage properly your registration to the Event.
The legal basis for processing the photographs and recording taken during the Event (where you may appear), in order to communicate on the Event follow-up and provide attendees with a recording is your consent.

4. How long will we keep your personal information?

EHDPC will keep your personal data for no longer than necessary for the above-mentioned purposes.
In relation to the recording made during the Event, EHDPC will put it at the disposal of the Summit participants and EHDPC staff & partners only. Recording will then be archived internally at EHDPC for 1 year, in case an attendee would lately require having access to it.

5. Data sharing

We do not sell, trade, or otherwise transfer to outside parties your personal data. However, if you agree for your photographs to be used for communication about the Event after it took place, you have to be aware that these photographs may appear on EHDPC and partners’ websites and/or social media.
Recording of the Event will be provided to the attendees, for a limited period of time after the Event.
Your personal data may only be processed by WordPress (hosting the website and payment provider). To have more information about the data processing made by, you can consult the privacy notice available on their website.

6. How do we protect your information?

EHDPC and partners’ treats your personal data in a confidential manner and uses at least the same level of care in safeguarding your personal data that it uses with its own confidential information of similar nature.
Your personal data are contained behind secured networks and are only accessible by a limited number of persons who have special access rights to such systems and are required to keep the information confidential.

7. Your rights

According to the GDPR, you have the following rights:

Information: You have the right to be informed about the processing of your personal data;
Access: You have the right to obtain confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, all necessary information to make the process transparent;
Rectification: You have the right to require rectification of inaccurate or incomplete data about you;
Erasure: You have the right to request the deletion of your personal data under certain circumstances;
Restrict processing: You have the right to restrict processing of data under certain specified circumstances;
Data portability: You have the right to request for the receipt or the transfer to another organization, in a machine-readable form, of your personal data;
Object to processing: You have the right to object, on grounds relating to your particular situation, at any time to the processing of your data;
Right not to be subject to automated-decision making: You have the right not to be subject to a decision based solely on automated processing, including profiling; and
Right to withdraw consent: When you have given your consent for the processing of your data, you can withdraw it at any time without justification.

If you would like to exercise your rights, please let us know by contacting our Data Protection Officer at

You also have the right to lodge a complaint with your local Data Protection Authority in the Member State of the European Union of your habitual residence, place of work or place of the alleged infringement if you consider that your personal data is not processed in accordance with the GDPR.

8. Contacts

Michael Bia

EHDPC Data Protection Officer

Commission nationale de l’informatique et des libertés:
+33 1 53 73 22 22
3 Pl. de Fontenoy,
75007 Paris,

For other Supervisory Authorities contact details, see

Document created with the support of MyData-TRUST, company specialized in Data Protection, exclusively dedicated to the Life Sciences Industry