RDS Rheumatologic Dermatology Society Logo
RDS Rheumatologic Dermatology Society Logo

RDS 2026 ANNUAL MEETING

November 7th, 2026

Orlando, FL

Day(s)

:

Hour(s)

:

Minute(s)

:

Second(s)

Details

RDS

Privacy Policy

GDPR Privacy Notice

General Data Protection Regulation (GDPR)

Article 13 of Regulation EU 2016/679

GDPR Privacy Notice

1. Purpose of this Notice

This Privacy Notice provides mandatory information as required under Articles 13 and 14 of the European General Data Protection Regulation (GDPR) regarding the transparency of personal data processing. Definitions of certain terms within this notice are explained in the appendix.

2. Data Controller for Personal Data

The Data Controller for the personal data processed by us is The Rheumatologic Dermatology Society (RDS). It is this contract which forms the “Legal Basis” for the processing of personal data carried out by RDS in these circumstances.

RDS will also become a Data Controller if it collects additional personal data directly from a Data Subject. In these circumstances, RDS will be acting under a “Legitimate Interest” to legally process the data for the management of the Data Subject.

RDS also acts as a Data Controller for any personal data held regarding its own employees.

3. Your Rights

As a Data Subject you have rights under the GDPR. These rights are outlined below. RDS will always fully respect your rights regarding the processing of your personal data.
If you have any concerns or questions regarding how we process your data, or if you wish to exercise your rights, please contact the Data Protection Officer listed below.

4. Contact Details

Data Protection Officer
Carolyn Bangert
Rheumatologic Dermatology Society
carbangert@gmail.com

5. Data Protection Principles

  • RDS has adopted the following principles to govern its collection and processing of Personal Data:
  • Personal Data shall be processed lawfully, fairly, and in a transparent manner.
  • The Personal Data collected will only be those specifically required to provide membership to our organization. Such data may be collected directly from the Data Subject via our website. Such data will only be processed for that purpose.
  • Personal Data shall only be retained for as long as it is required to fulfill contractual requirements.
  • Personal Data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are collected and/or processed.
  • Personal Data shall be accurate and, where necessary, kept up to date.

The Data Subject has the right to:

  • Request access to their personal data
  • Request rectification or erasure of their personal data
  • Object to or request restriction of processing
  • Request data portability

In each case, such a request must be put in writing as noted in Section 3 above.

Personal Data shall only be processed based on the legal basis explained in Section 2 above, except where such interests are overridden by the fundamental rights and freedoms of the Data Subject.

If the Data Subject has provided specific additional consent to processing, such consent may be withdrawn at any time (but may then result in an inability to fulfill certain requirements).

RDS will not use personal data for any monitoring or profiling activity or process and will not adopt any automated decision-making processes.

6. Transfers to Third Parties

RDS will not transfer any Personal Data to any Third Parties without consent.

Personal Data shall not be transferred to a country or territory outside the European Economic Area (EEA) unless:

  • The transfer is made to a country recognized by the EU as having an adequate level of data security
  • The transfer is made with the consent of the Data Subject
  • The transfer is made to satisfy the Legitimate Interest of RDS in regard to its contractual arrangements

 

Doctor in the lab double checking her research on clipboard to the computer findings.

Appendix – Definitions

Personal Data

(Article 4 of the GDPR)
: “Personal data” means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, by reference to identifiers such as a name, identification number, location data, online identifier, or other factors specific to their identity.

Processing

(Article 4 of the GDPR)
: Processing means any operation performed on personal data, including collection, recording, organization, storage, use, disclosure, alignment, restriction, erasure, or destruction.

Legal Basis for Processing

(Article 6 of the GDPR): At least one of the following must apply whenever personal data is processed:

  • Consent: The individual has given clear consent
  • Contract: Processing is necessary for a contract
  • Legal obligation: Required to comply with law
  • Vital interests: Necessary to protect life
  • Public task: Necessary for public interest tasks
  • Legitimate interests: Necessary for the Data Controller unless overridden by individual rights

Data Controller

(Article 4 of the GDPR)
: The person or organization that determines the purposes and means of processing personal data.

Data Processor

(Article 4 of the GDPR)
: A person or organization that processes personal data on behalf of the Data Controller.

Data Subject Rights

(Chapter 3 of the GDPR): Each Data Subject has the following rights:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure (“Right to be Forgotten”)
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights related to automated decision-making and profiling

350+ members

JOIN RDS

Become part of a collaborative community advancing research, education, and patient care in rheumatologic dermatology.

JOIN RDS TODAY

Membership

RDS Member Login