Privacy & cookies

Privacy policy

Last Updated May 2020

Your privacy is important to us so we want to you know exactly what kind of information we collect about you and how to use it.

Introduction / About us

For the purposes of the General Data Protection Regulation (GDPR) – and all other laws relating to the use of your data we are the ‘data controller’ of the information you provide to us. This means that we control the way the information is used and processed whilst keeping your personal data safe and only using it for legitimate reasons. In this Privacy Policy notice any reference to “ELPA”, “we”, “us”, “our” is to European Liver Patients’ Association (ELPA) whose registered office is in Rue de la Loi 235, 1040 Brussels, Belgium, EU Transparency ID 89292219623-93, AISBL Registration Number 0875.568.916. Online you can find us here:

What Personal Data do we collect?

ELPA knows how much data security matters to its members, partners and stakeholders. With this in mind, we will treat your data with the utmost care and take all appropriate steps to protect it.

You may provide us with the following types of personal data when you interact with us:

Identity – first name, family name, gender, date of birth, ID/passport details

Contact – email address, home address, phone number, social media accounts/names

Financial – bank details

Health – medical information and dietary needs

ELPA website uses cookies. We use cookies to provide social media features (Facebook, Twitter, YouTube) and to analyse our traffic (Google analytics). You consent to our cookies if you continue to use our website. Popup banner will be displayed on the top of our website if cookies policy is not accepted.

How do we use your Personal Data?

To provide you with products and services. ELPA uses the information collected from you for purposes including the following:

To process payments.

For internal administration and record keeping.

To notify you of changes to this Privacy Policy.

To answer your enquiries which may involve contacting you by post, e-mail or phone.

To manage compliance/ regulatory issues.

To verify identity (to, amongst others, detect and prevent fraud).

To give you the opportunity to provide us with feedback through reviews, questionnaires and surveys.

To process job applications.

To register for external and internal events.

We use your personal data on the following bases:

To perform a contract, such as providing products and services to you.

To comply with legal and regulatory obligations.

For legitimate business purposes.

In other cases, if necessary, with your consent.

We will only use your Personal Data when the applicable laws allow us to.

Who do we share your Personal Data with?

We will not pass on your Personal Data to any third party unless we have obtained your consent. ELPA may on occasions pass your Personal Data to third party suppliers who provide services to us (e.g. Hotels for meetings and events and service providers for flight bookings). ELPA requires these parties to agree to process the information based on our instructions and requirements consistent with this Privacy Policy and GDPR.

Do we send your Personal Data outside the EEA?

If there is a time where our service providers are based outside of the EEA, we will make sure that your Personal Data is still treated fairly and lawfully in all respects (including making sure we have a legal ground for sending your data outside the EEA and putting in place necessary safeguards for such arrangement).

What is our Personal Information retention policy?

To make sure ELPA meets its legal data protection and privacy obligations we only hold on to your information for as long as we actually need it for the purposes it was acquired in the first place.

In most cases, this means that we will keep your information for as long as you continue to i) be a member of ELPA ii) be a partner in a project iii) be an ELPA stakeholder.

After that, we will either delete it or anonymise it so it cannot be linked back to you.

Your rights as a data subject

Your duty to inform us of changes:

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes by keeping your details up to date.

Your rights in connection with personal data we hold

Under certain circumstances, by law you have the right to:

Rights of access – You have the right to request a copy of the Personal data that we hold about you.

Right of correction – You have the right to correct Personal Data that we hold about you that is inaccurate or incomplete.

Right to erase – You have the right to ask ELPA to delete or remove Personal Data from our records.

Right to restrict – You have the right to restrict the processing of your Personal Data.

Right to transfer – You have the right to have the Personal Data we hold about you transferred to another organisation.

Right to object – You have the right to object to certain types of processing such as direct marketing, as well as processing we undertake based on our legitimate interests.

If you want to exercise these rights, please contact

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee or refuse to comply with your request if it is unfounded, repetitive or excessive.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it.

Time limit to respond: ELPA will try to respond to all legitimate requests within one month. Occasionally it may take longer than a month if a request is particularly complex or a number of requests have been made. In this case, ELPA will notify you and keep you updated.

Data Security / Protection

ELPA adopts industry standard processes to ensure your data is kept safe and secure and to prevent unauthorised access or use or loss of your data.

ELPA will ensure the compliance of this Privacy Policy. If you have any questions or concerns about this Privacy Policy notice or how we handle your information, please contact ELPA at

You have the right to make a complaint at any time to the Belgian Data Protection Authority (in Dutch: ‘Gegevensbeschermingsautoriteit’, in French: ‘L’Autorité de protection des données’).

Changes to this Privacy Policy

ELPA reserves the right to update this Privacy Policy at any time, and we will provide you with the new Privacy Policy whenever we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.