Privacy Policy and GDPR
Effective:
03. November 2025
Controller
Pavol Jozef Šafárik University in Košice (UPJŠ)
Šrobárova 2, 041 80 Košice, Slovak Republic
IČO: 00397768
UPJŠ is the controller for personal data processed for this conference (including processing by UPJŠ faculties/units).
Data protection officer (DPO)
Mgr. Gabriela Ciberejová
Šrobárova 2, 041 80 Košice
Tel.: +421 55 234 1586
zodpovedna-osoba@upjs.sk
What data we process
- Identification & contact: name, email, phone, affiliation, role, country.
- Participation details: registration choices, presentation/abstract details, dietary/other preferences if provided.
- Administrative & billing: invoice details, payment confirmations.
- Communications metadata: registration confirmations, service messages.
- Media: photographs/video where you have given consent (see “Event Photography”).
- Technical essentials: session cookie
- We do not create behavioral profiles and we do not log IP addresses to disk (a transient in‑memory check for rate limiting is used).
Purposes & Legal Bases
| Purpose | Examples | Legal basis |
|---|---|---|
| Registration & participation | processing your application, scheduling, on-site check-in, certificates | Contract performance / steps at your request (Art. 6(1)(b) GDPR) |
| Event communications | confirmations, program updates, logistics | Legitimate interests in running the event efficiently (Art. 6(1)(b)) |
| Payments & invoicing | issuing invoices, accounting | Legal obligation (Art. 6(1)(c)) |
| Security & abuse prevention | session management, rate limiting (in‑memory) | Legitimate interests in securing our services (Art. 6(1)(f)) |
| Photography & publicity (optional) | publishing photos/video from the event on website, social media, conference materials | Consent (Art. 6(1)(a)) – revocable |
Recipients & Processors
- PMEA Organising Team - Internal UPJŠ staff who administer the conference.
- Service providers (processors) - strictly for registration, web hosting, email delivery, payment processing, on-site logistics; bound by contracts and security requirements.
- Public authorities - if required by law (e.g., accounting, audits).
We do not sell your data or share it for unrelated marketing.
International Transfers
We store and process data primarily within the EU/EEA. If an essential service provider stores or accesses data outside the EEA, appropriate safeguards will be applied (e.g., EU Standard Contractual Clauses).
Retention
- Registration & participation data: Kept until the end of the conference plus up to 24 months to manage follow‑ups (e.g., certificates, proceedings, audits), then archived/deleted per applicable law and UPJŠ internal regulations/registry plan.
- Accounting/invoicing records: retained for statutory periods required by accounting/tax law.
- Essential cookies: session‑only; no persistent identifiers are used for tracking.
- Photographs: up to 5 years from the end of the event or until you withdraw consent, whichever is earlier.
See the UPJŠ page for general rules on storage/archiving: UPJŠ – Ochrana osobných údajov
Your Rights
You have the rights to access, rectification, erasure, restriction, portability, and to object, and the right to withdraw consent at any time (for consent-based processing).
We do not use automated decision-making producing legal or similar significant effects. See GDPR Art. 13 and UPJŠ guidance for details.
How to use your data protection rights?
To ask for access, correction, deletion, restriction, portability or to object,contact our DPO (see above) or the conference team at info@pmea.eu. We’ll respond within one month as required by GDPR.
Event Photography
We may take photos/video during the event. We will only publish identifiable images with your explicit consent collected during the registration process (purpose: conference promotion; retention up to 5 years unless withdrawn earlier)
Consent to publication of photographs (GDPR Art. 6(1)(a))
Consent by the person concerned within the meaning of Regulation (EC) No. 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive No. 95/46/EC (General Data Protection Regulation) (‘GDPR’).
I consent to UPJŠ processing and publicly sharing my image (photos/video) from the PMEA 2026 Conference for promotional and reporting purposes (website, social media, printed/electronic materials). I understand that consent is voluntary, can be withdrawn at any time by contacting zodpovedna-osoba@upjs.sk or info@pmea.eu, and withdrawal does not affect prior lawful use. Consent lasts up to 5 years from the event end unless withdrawn earlier.
Cookies and similar technologies (essential only)
We use only cookies that are strictly necessary to operate the registration form and secure the service. We do not use analytics or advertising cookies on any of the web pages.
| Name | Purpose | Provider | Legal basis | Expiry | Notes |
|---|---|---|---|---|---|
| Session ID | Maintain your session between pages; required for form processing | PMEA/UPJŠ | Legitimate interests in delivering a secure service (Art. 6(1)(f) GDPR) | Browser session end | Opaque, contains no personal data; flags: Secure, HttpOnly |
| CSRF token | Protects forms against cross‑site request forgery | PMEA/UPJŠ | Legitimate interests in security (Art. 6(1)(f) GDPR) | Browser session end | Essential security token; not used for tracking |
These cookies are essential for the website to function. You can block them in your browser, but the registration form may not work correctly.
Data Security
We apply administrative and technical measures appropriate to the risk to protect your information:
- Encryption in transit: All data transmitted between your browser and our servers uses HTTPS/TLS.
- Access control & least privilege: Administrative access is limited to authorised personnel and protected by strong authentication.
- Secure development & patching: We regularly update software components and remediate known vulnerabilities.
- Data minimisation: We collect only what is necessary for registration and event management, and retain it for limited periods (see Section 4).
Email confirmations are sent from an automated address (no-reply@pmea.eu); this inbox is not monitored.
For complete information on UPJŠ data protection, rights, contacts, cookies and social media notices, visit the University’s Ochrana osobných údajov page.
We may update this notice to reflect changes in our processing or legal requirements. Material changes will be highlighted on this page.