Logo

Privacy Policy

Last updated: May 28, 2026

This Privacy Policy explains how the European Ovary Workshop (EOW) platform processes personal data in connection with event management, attendee registration, abstract submission, payment tracking, invoicing, and sponsorship workflows.

1. Data Controller

The data controller for personal data processed through this platform is the organising team of the active event. For questions or requests related to your personal data, contact the event organisers via the contact details published on the active event page, or email [email protected].

2. Data We Collect

  • Account data: username, email address, and authentication details.
  • Profile data: avatar, title, job title, institution, city, country, phone number, and optional demographic fields (date of birth, gender, nationality) — collected only with your explicit consent.
  • Registration data: attendance preferences, dietary and accessibility requirements, accommodation dates, and consent choices.
  • Payment and invoice data: payment status, amount due, VAT number, billing name, and address details.
  • Abstract data: authorship, scientific text, themes, keywords, peer-review scores and comments, and decisions.
  • Sponsorship data: company profile, package choice, logo, and contact information.
  • Grant data: application justification narratives and childcare descriptions.
  • Technical data: cookie preferences and session data required for core site functionality.

3. Legal Bases for Processing

  • Contract performance (Article 6(1)(b)): processing necessary to manage your event registration, process payments, and issue invoices.
  • Consent (Article 6(1)(a)): optional communications, photo use, and demographic reporting. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): retention of invoice and financial records required by EU VAT law.
  • Legitimate interest (Article 6(1)(f)): fraud prevention, platform security, and abuse detection (including bot-protection via Google reCAPTCHA).

4. Cookies and Similar Technologies

We use two categories of cookies:

  • Essential: session cookie (sessionid), CSRF protection (csrftoken), and cookie-consent preference (cookie_consent). These are required for the site to function and cannot be declined.
  • Security: Google reCAPTCHA v3 (_GRECAPTCHA). Used on sign-up and sponsorship forms to distinguish humans from bots. This service is operated by Google LLC (USA); data may be transferred outside the EU under Google's Standard Contractual Clauses. See Google's Privacy Policy.

Manage your cookie choices in our Cookies Policy.

5. Data Processors

We share personal data with the following processors, each bound by a Data Processing Agreement:

  • DigitalOcean, LLC — cloud infrastructure and media file storage (Amsterdam region, EU). DPA.
  • Email provider (SMTP) — transactional email delivery. The specific provider is configured per deployment; please contact the organisers for details.
  • Google LLC — reCAPTCHA v3 bot-protection service (USA, SCCs in place). Privacy Policy.

6. Who Can Access Data

Access is role-based. Event organisers and authorised reviewers can access the data required to operate events and evaluate abstracts. Platform maintainers have administrative access. Organiser data exports are recorded in an audit log.

7. Data Retention

  • Registration sensitive fields (dietary details, accessibility details): anonymised 1 year after the event ends.
  • Grant application narratives: anonymised 1 year after the event ends.
  • Invoice and payment records: retained for 7 years from the invoice date, as required by EU VAT law.
  • Account and profile data: retained until you delete your account. You can delete your account at any time from your profile settings.
  • Audit logs: retained indefinitely for operational integrity (no personal data is stored in log output beyond user IDs).

8. Your Rights

Under GDPR you have the right to:

  • Accessdownload a copy of your data at any time.
  • Rectification — update your data in your profile.
  • Erasuredelete your account and all associated data.
  • Portability — your data export is provided in machine-readable JSON format.
  • Withdraw consent — update your consent choices in your event registration at any time.
  • Object or restrict processing — contact the event organisers using the details in Section 1.
  • Lodge a complaint — with your national supervisory authority (e.g. Autoriteit Persoonsgegevens in the Netherlands).

9. Security

We apply technical and organisational safeguards including encrypted HTTPS transmission, CSRF protection, role-based access control, and regular security reviews to protect data against unauthorised access, alteration, loss, or disclosure.

10. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and, where required, notify affected individuals without undue delay.

11. Contact

For any privacy-related questions, requests, or concerns, contact the event organisers at [email protected].