Privacy Policy
Site: eafps.org
Last updated: 03 June 2026This privacy policy informs users of the website https://eafps.org (hereinafter “the Site”) of how the European Academy of Facial Plastic Surgery (EAFPS) collects, uses and protects their personal data, in accordance with Regulation (EU) 2016/679, known as the General Data Protection Regulation (GDPR), and applicable national data protection laws.
This policy may be amended at any time to reflect legal, regulatory, case-law or technical developments. The applicable version is the one in force on the date the Site is consulted.
1. Identity of the Data Controller
The data controller is:
European Academy of Facial Plastic Surgery (EAFPS)
Nibelungenstrasse 87, D-23562 Lübeck, Germany
EAFPS Secretary
Email: eafps@eafps.org
The full contact details of the data controller are also set out in the Legal Notice of the Site.
2. Personal Data Collected
In general, the Site may be browsed without providing any personal data.
However, certain data may be collected when the user:
- completes a contact form,
- applies for EAFPS membership,
- subscribes to the newsletter or to a journal,
- registers for or submits an event, examination or programme,
- purchases merchandise from the EAFPS shop,
- creates or updates a surgeon profile,
- leaves a comment on the Site.
The data likely to be collected includes:
- identity (first name, last name, date and country of birth),
- contact details (postal address, email, telephone),
- professional information (specialty, hospital appointment, qualifications, CV),
- profile photograph for the Find a Surgeon directory,
- payment details for memberships, subscriptions and merchandise,
- technical data such as IP address and browser information (e.g. for comments and spam detection),
- any information voluntarily submitted through the forms.
Data marked as mandatory is necessary to process the request. Without it, certain services cannot be provided.
3. Purposes and Legal Bases of Processing
Personal data is processed for the following purposes:
| Purpose | Legal basis |
|---|---|
| Responding to enquiries submitted via the forms | Legitimate interest |
| Processing membership applications and providing member benefits | Performance of a contract |
| Managing journal subscriptions and merchandise orders | Performance of a contract |
| Processing payments | Performance of a contract / legal obligation |
| Listing surgeons in the Find a Surgeon directory | Consent |
| Sending newsletters, event reminders and annual notifications | Consent |
| Producing statistical reports (e.g. by country or specialty) | Legitimate interest |
| Improving the Site and analysing traffic | Consent (cookies) |
Consent may be withdrawn at any time.
4. Recipients of the Data
Personal data is intended exclusively for the European Academy of Facial Plastic Surgery and is used only for membership management, member communications, notifications, annual reminders and the services described above.
Data may be accessible to technical service providers acting as processors (hosting, payment processing, emailing, analytics tools), strictly within the limits necessary for their tasks.
Data is not sold, rented or transferred to any third party for commercial purposes. Surgeon profiles are, however, publicly visible in the Find a Surgeon directory; each member can enable or disable the visibility of their profile from their account settings.
5. Retention Period
Personal data is retained for a limited and proportionate period:
- Member and customer data: for the duration of the relationship with EAFPS, plus applicable legal obligations
- Prospect and enquiry data: until consent is withdrawn or the purpose is fulfilled
- Comments and their metadata: retained to recognise and approve follow-up comments
- Cookie data: 13 months maximum
6. Rights of Data Subjects
In accordance with the GDPR, you have the following rights:
- right of access,
- right to rectification,
- right to erasure (“right to be forgotten”),
- right to restriction of processing,
- right to object,
- right to data portability,
- right to withdraw your consent at any time.
Registered members can access, edit, download or delete their personal information at any time from the “My Account” area of the Site (the username cannot be changed). You may also exercise your rights via the contact page or by writing to the address set out in the Legal Notice.
Proof of identity may be requested in the event of reasonable doubt as to the identity of the requester.
7. Response Times
EAFPS undertakes to respond to any request within a maximum of one (1) month from receipt, a period that may be extended by two months for complex requests, in accordance with the GDPR.
8. Data Security
EAFPS implements appropriate technical and organisational measures to ensure the security, confidentiality and integrity of personal data and to prevent unauthorised access, alteration or disclosure. Access is protected by firewalls and continuous monitoring, and user passwords must meet complexity requirements and must not be shared.
9. Transfers Outside the European Union
As a principle, data is hosted within the European Union. Where certain tools involve a transfer outside the EU, such transfers are governed by appropriate safeguards (European Commission standard contractual clauses or mechanisms recognised by the GDPR).
10. Cookies
The Site uses cookies and trackers. For more information on their use, configuration and consent management, please refer to the Cookies Policy available on the Site.
11. Lodging a Complaint
If, after contacting us, you consider that your rights have not been respected, you may lodge a complaint with the competent data protection supervisory authority in your country of residence. The list of European authorities is available on the European Data Protection Board website: www.edpb.europa.eu.
