ADVOCACY FOR CHILDREN
Privacy Policy European Academy of Paediatrics (EAP)
Last updated: November 2025
1. Introduction
This Privacy Policy explains how the European Academy of Paediatrics (“EAP”, “we”, “our”, “us”) collects, uses, stores, and protects personal data when you visit our website eapaediatrics.eu or interact with us online.
We are committed to protecting your privacy and ensuring that your personal information is handled in accordance with the General Data Protection Regulation (GDPR) and all applicable European data-protection laws.
By using this website, you agree to the practices described in this Privacy Policy.
2. Data Controller
The Data Controller responsible for processing your personal data on this website is:
European Academy of Paediatrics (EAP)
A Section of the European Union of Medical Specialists (UEMS)
Rue de l’Industrie 24
1040 Brussels
Belgium
Questions regarding this Privacy Policy or privacy rights may be sent to:
3. What Personal Data We Collect
3.1 Data You Provide Directly
This includes personal data submitted when:
Contacting us through a form or email
Subscribing to newsletters
Accessing the National Delegate Area (see below)
For users of the National Delegate Area, we collect additional profile information:
Name, title, and institution
City and country
Professional contact details (email, phone)
Society representation and membership type
Term start and end dates
Working Group assignments
UEMS status (visible to the member; editable only by Administrators)
Profile photo (optional)
Biography and languages (optional)
Per-field visibility settings chosen by the user
Access to the Delegate Area is by invitation only. All accounts are created by EAP Administrators. All profile fields default to the most private setting (“Only me”) to ensure data protection by design and by default.
3.2 Data Collected Automatically
When you use our website, we may automatically collect:
IP address
Browser type and version
Device type and operating system
Pages visited, time spent, and navigation patterns
Date, time, and referring website
This information helps us secure and improve our website.
3.3 Cookies and Tracking Technologies
We use cookies to support essential website functionality, improve user experience, and analyse site performance.
You can manage or disable cookies through your browser settings. Disabling non-essential cookies may affect functionality.
3.4 Google Analytics
We use Google Analytics, a service provided by Google LLC, to understand how visitors interact with our website. Google Analytics collects information such as:
Pages viewed
Time spent on each page
Browser and device details
General geographic region (non-identifying)
We have implemented:
IP anonymisation
No advertising features or profiling
Limited data retention settings
You may opt out by adjusting your cookie preferences, disabling cookies in your browser, or using the Google Analytics Opt-Out Browser Add-on:
https://tools.google.com/dlpage/gaoptout
Where relevant, data may be transferred outside the EU, with safeguards such as Standard Contractual Clauses in place.
4. How We Use Your Personal Data
We process personal data to operate our website, communicate with users, and support the activities of the European Academy of Paediatrics (EAP). The purposes for which we use your information include:
4.1 General Website Use
Responding to enquiries submitted through our contact forms or by email
Managing newsletter subscriptions and sending updates (where consent has been given)
Maintaining, improving, and securing our website and digital services
Generating anonymised statistics for website performance and usage analysis
Ensuring compliance with our legal obligations
Protecting the website from misuse, fraud, or security threats
Providing access to member-only documents or materials where relevant
Personal data collected through general website use is not shared for commercial purposes.
4.2 Additional Purposes for the National Delegate Area
For users invited to access the secure National Delegate Area, we process personal data for the following additional purposes:
Providing secure, role-based access to the Delegates Directory, Working Group materials, and meeting archives
Allowing each delegate or representative to update and manage their own professional profile
Supporting internal governance processes, including verification of UEMS status and managing membership roles and terms
Facilitating communication and collaboration within Working Groups, councils, and committees
Respecting the user-selected visibility settings that determine who may view each profile field
Maintaining system security, including audit logs of login activity, profile updates, administrative actions, and permission changes
Data collected within the National Delegate Area is used exclusively for internal organisational purposes and is never used for external marketing.
All profile fields in the Delegate Area default to the most private setting (“Only me”) to ensure data protection by design and by default.
5. Legal Basis for Processing (GDPR)
The following GDPR legal bases apply to processing personal data in the National Delegate Area:
Legitimate Interests
We process personal data to operate a secure internal member portal, maintain accurate delegate information, support Working Group collaboration, manage terms of service, and fulfil EAP’s governance responsibilities. This processing is necessary for the functioning of EAP as a professional medical organisation.
Contractual Necessity
Certain processing is required to provide access to the portal and enable representatives to perform their official roles within EAP structures.
Consent
Consent applies to optional profile fields, profile photographs, and any field for which the user chooses a visibility setting broader than “Only me.”
Users may withdraw consent at any time by adjusting their profile visibility settings or contacting us.
6. How We Share Your Data
We may share your data only with:
Technical service providers (e.g., website hosting, email platforms, analytics tools) who process data strictly on our behalf and under confidentiality agreements
Email newsletter providers (if used), solely for sending communications you have opted into
UEMS or EAP-affiliated bodies, only where necessary for fulfilling organisational obligations
We do not sell, rent, or disclose your data to unrelated third parties for marketing or commercial purposes.
Where third-country transfers occur (e.g., a US-based email service), appropriate safeguards such as EU Standard Contractual Clauses (SCCs) are applied.
Within the secure National Delegate Area, visibility of each profile field is determined by the user’s chosen settings. Users may select:
Only me / Delegates only / Admin only / Everyone in portal
UEMS status is visible to the account holder and, depending on internal policy, may be visible to other authenticated users. Only Administrators may edit this field. Personal data from the Delegate Area is not shared externally, publicly, or commercially.
7. Data Retention
We retain personal data only as long as necessary for the purposes for which it was collected.
Typical retention periods:
Contact form submissions: up to 12–24 months
Newsletter subscriber data: until you unsubscribe
Technical logs: typically 30–180 days for security monitoring
Member-account information: for the duration of membership or service provision
When data is no longer required, it is securely deleted or anonymised.
Data stored in the National Delegate Area is retained for the duration of the delegate’s term, representation period, or active involvement with EAP.
Member area:
After a role concludes, the account may be:
Deactivated – hidden from the directory but retained for governance records, or
Deleted – optional profile data, photos, and visibility settings are removed; minimal records may be retained as required for organisational documentation.
Security and audit log data (such as login history or profile-change logs) may be retained for up to 24 months for compliance and security purposes.
8. Your Rights under GDPR
If you are located in the EU or EEA, you have the following rights regarding your personal data:
Right of access – to request a copy of your data
Right to rectification – to correct inaccurate information
Right to erasure (“right to be forgotten”)
Right to restrict processing
Right to object to processing based on legitimate interests
Right to withdraw consent at any time
Right to data portability – to receive your data in a structured format
Right to lodge a complaint with your national Data Protection Authority
Users of the National Delegate Area may:
Download their own profile data in a structured, machine-readable format
Update or restrict visibility of individual fields at any time
Request correction or deletion of their data
Request deactivation or removal of their account following the end of their term
Object to processing based on legitimate interests where applicable
EAP Administrators will respond promptly to rights-related requests using internal tools designed for GDPR compliance.
To exercise these rights, email [email protected]
9. Security Measures
We implement technical and organisational measures to protect your data, including:
Encrypted website connections (HTTPS)
Access controls and password protection
Secure hosting infrastructure
Regular website updates and security monitoring
Restricted access to personal data within EAP operations
The National Delegate Area is protected by multiple security measures, including:
Password-protected access using individual accounts
Optional multi-factor authentication
Encrypted sessions and secure cookies
Privacy-by-default settings for all profile fields
Role-based access controls ensuring users see only what they are permitted to see
Audit logging of key events, such as profile updates and administrative changes
Regular security monitoring, backups, and vulnerability mitigation
A defined incident-response procedure that includes GDPR-compliant breach notification
All data is hosted on secure systems using encryption at rest and in transit.
No system is completely risk-free, but we are committed to maintaining a high level of security.
10. International Data Transfers
If data is processed or stored outside the European Economic Area (EEA), we ensure that adequate safeguards are in place, such as:
Standard Contractual Clauses (SCCs)
Equivalent privacy protections
Transfers only to trusted service providers
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect legal or organisational changes.
Any updates will be posted on this page with a revised “Last updated” date.
European Academy of Paediatrics (EAP)
Rue de l’Industrie 24
1040 Brussels
Belgium
Email: [email protected]
