This Privacy Policy explains how the European Board for Accreditation of Continuing Education for Health Professionals (EBAC) collects, holds and uses your personal information in accordance with applicable data privacy legislation including the General Data Protection Regulation, and applicable German law. By providing your personal information, you acknowledge that we will only use it in accordance with this Policy.

About EBAC

---

The European Board for Accreditation of Continuing Education for Health Professionals (EBAC) is a limited liability company, registered under German law and located in

Schanzenstr. 36, building 31A
D-51063 Köln
Germany.

EBAC is owned by European Cardiology Section Foundation (ECSF), an independent, professional-political non-profit, charitable foundation under German law, and located in Hahnenstr. 57, c/o Sparkasse KoelnBonn, Stiftungs-und Vereinsmanagement, D- 50667 Koeln.

ECSF is not involved in EBAC affairs and has no access to personal data handled by EBAC.

EBAC is an independent non-governmental accreditor of Continuing Medical Education (CME)/ Continuing Professional Development (CPD) for health professionals.

EBAC stimulates, coordinates and facilitates high quality CME/CPD in medicine, both for individuals and institutions, in order to provide the highest possible standard of care for patients and populations. EBAC awards CME points as a sign of quality and independence for participation in CME/CPD activities. Definitions of learning objectives, targeting the audience, and assuring objectively presented scientific content are among the key features that will be considered by EBAC when accrediting a programme.

In order to be awarded with CME points CME/CPD activities must

• comply with the principles and rules of procedure as outlined in relevant EBAC documents
• be open to all medical community
• be free of commercial interests regarding the presentation of content
• present a declaration of conflict of interest for each speaker/author to the 
participants
• be evaluated, either by the EBAC evaluation form or by a monitor, whom the 
organiser(s) have to guarantee free access, or both.

To achieve these objectives EBAC needs to ask for personalised information as part of the accreditation process, while evaluation always uses anonymised data.

EBAC will accredit

• International CME/CPD activities in medicine
• national CME/CPD activities in medicine, for which international 
participation can be expected. In this case EBAC accreditation is not competitive but rather subsidiary to national accreditation systems, targeting the participants from foreign countries,
• national CME/CPD activities in case that a national accreditation authority does not exist or does not provide accreditation services.

Furthermore, EBAC certificates are automatically recognised in several European countries. Since EBAC holds agreements on mutual recognition of substantial equivalency of accreditation systems with the US Accreditation Council for CME (ACCME), and the Royal College of Physicians and Surgeons of Canada, EBAC offers to ACCME or Royal College accredited providers to convert their certificates for European participants into EBAC certificates. This includes handling and storage of personal data, as agreed by the individual physician.

EBAC also runs the platform EUCARDIA™, which allows cardiologists to document all activities relevant to their professional practice after having been licensed. Access to EUCARDIA™ is granted upon application, for which proof of legitimation as a physician is mandatory. Upload of documents as well as deletion is then handled by and under control of the individual physician (please find more information incl. EUCARDIA™ Privacy Policy under www.eucardia.org).

General Principles

---

EBAC will only use your data in ways in which the laws allow, and the data that we hold will be:

• Used lawfully, fairly and in a transparent way
• Collected only for valid and compatible purposes aligned with the service you access
• Kept accurate and up to date
• Kept secure and confidential
• Kept only for so long as we are necessarily bound to do so

We will not pass on or sell your details to any third party.
On rare occasions, we may also use your personal data where we need to protect our or your interests, e.g. in the instance of legal claims, or where it is needed in the pubic interest, e.g. for the investigation, detection and prevention of crime.

EBAC has security measures in place to ensure that personal data provided by you is not accidentally lost, used or accessed in an unauthorised way, altered or disclosed. However, transmission of information via the internet is never entirely secure, and we ask that where we have provided (or you have chosen) a password to access our services, you maintain the confidentiality of this password at all times.
As part of our internal data security measures, all EBAC staff is required to undertake regular and appropriate training in data protection policies to support our compliance with all laws relating to this Policy.

EBAC requires personal data, such as outlined below, in order to provide its services to you. If you choose not to provide your person data for such use, or choose to delete your information (what you may request at any time) this may impede our ability to deliver our services, or to fulfil our legal obligations. In this case EBAC will not accept any legal liability for material or immaterial damages caused by non-provision, or deletion of personal data.

You have the right to ask us not to process your data in the ways we have outlined below. You can exert this right by ensuring any “opt-in” checkboxes contained within all of our email communications remain unchecked, or by clicking the “unsubscribe” link at any time. You can also contact us and ask directly through any of the contact methods listed in the section at the end of this Policy.

You also have the right, at any time, to request the following:

• Ask us which information we hold about you
• Request inaccurate information to be reviewed and corrected
• Request additional restrictions to the processing of personal information
• Request personal information to be erased, in certain circumstances

Should you wish to make a request to exercise any of the above rights you should contact us via email at secretariat@ebac-cme.org or write to us at:

EBAC GmbH
Schanzenstr. 36, building 31A
D-51063 Köln
Germany

In case of any complaint please contact the competent authority:
Die Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Helga Block
Kavalleriestr. 2-4
D-40213 Düsseldorf
Germany

EBAC Accreditation Procedure

---

EBAC is an independent non-governmental accreditor of Continuing Medical Education (CME)/ Continuing Professional Development (CPD) in medicine, and grants accreditation on a voluntary basis for a wide variety of educational activities.

Providers need to register before they are eligible to apply for accreditation. Registration includes description of the organisation and contact data, which will be stored until a provider wants to delete them.

EBAC runs a fully electronic application system (services.ebac-cme.org) for processing of the entire accreditation procedure. Application form includes contact data of the administrative contact, course director, invoicing contact, and professional congress organiser (PCO, if applicable). In addition, the program of the activity, and members of the organising committee as well as all faculty need to be listed (title, first/last name, affiliation).

Before the EBAC office grants accreditation, all data will be reviewed by a group of dedicated reviewers, who have been appointed by the ECSF Board, and have signed a confidentiality agreement.

Data including the votes of the reviewers will be stored in a database for at least 5 years. This ensures high reproducibility of accreditation decisions, since many activities will be offered on a regular basis. Furthermore, although EBAC is not legally legitimated, it nevertheless strives to be accountable to national regulators to achieve recognition of EBAC certificates by European national authorities.

Once accredited, all activities are listed on the EBAC events calendar, where also the name of the course director is displayed. This information will be deleted at regular intervals.

EBAC does not get or store any personal data of participants in EBAC accredited CME-CPD activities. EBAC recommends to providers to keep participants lists according to applicable regulations in the countries of origin of their participants (e.g. Germany: 5 years).

In general, in all electronic communication IP addresses and logfiles will be stored for 2 months (according to applicable German law), and then deleted.

EBAC Bulletins

---

EBAC accreditation policy and rules can be found in the relevant documents on the EBAC website (www.ebac-cme.org). In the time between revision of the documents EBAC issues so called Bulletins, which

• make announcements relevant for the conduct of accredited CME/CPD activities
• publish new accreditation rules
• publish specifications and/ or interpretations of accreditation rules pertinent to all providers in the process of accreditation of CME/CPD activities.

EBAC Bulletins will be sent to all providers, who have granted opt in.

EBAC Newsletters

---

EBAC issues Newsletter at irregular intervals to inform its clients on important new developments. EBAC Newsletters will be sent to all clients who have granted opt in.

Conversion of certificates of non-European accreditors

---

EBAC holds agreements on mutual recognition of substantial equivalency of accreditation systems with the US Accreditation Council for CME (ACCME), and the Royal College of Physicians and Surgeons of Canada. EBAC offers to ACCME or Royal College accredited providers to directly issue EBAC certificates to European participants in their educational activities. This occurs upon request of the participant, to be documented by the American/Canadian provider, who then passes personal data of those participants, who wanted to get an EBAC certificate directly, to EBAC. Data (title, first/last name, affiliation) will be stored for at least 5 years, to be accountable to national regulators.

EBAC website

---

On our website we use cookies.

“Cookies” are small files that enable us to store specific information related to you, the User, on your PC or other end device while using the EBAC website. Cookies help to analyse usage frequency, the number of people who use our website, user behaviour on our website, advertising effectiveness, and to increased security and tailor our service according to your needs.

We use so-called “session cookies” in order to identify you during the course of your session. Upon the termination of your session, the session cookie will be automatically deleted. You can save session cookies on your computer to enable automatic login for subsequent sessions by activating the function: “Login automatically on this computer”. Session cookies will then store parts of your login data in encrypted form. If you select automatic login, please be aware that this will then only be possible on the same computer on which the cookie was first saved, i.e. an automatic login on two (2) different computers is not possible.

We also use “permanent cookies” to record information about visitors to the website www.ebac-cme.org who repeatedly visit the EBAC website. Permanent cookies are designed to help us continually improve the services we offer to you. Permanent cookies do not contain personal information such as your name, IP address, etc., meaning that we do not generate profiles based on user behaviour.

You can edit the settings of your browser to prevent cookies from being stored, to limit the storage of cookies to certain websites, or such that your browser informs you every time a cookie is sent. You can also delete cookies from your PC’s hard drive at any time. However, please note that you will not be able to take advantage of the EBAC website, if session cookies are deactivated.
Furthermore, in all electronic communication IP addresses and logfiles will be stored for 2 months (according to applicable German law), and then deleted.

---

This version is dated 01 July 2021. From time to time we may update this Policy, the most recent version will be available at our website on this website.