Privacy policy

This page describes how Chronic Infection Pathology Related Education and Science Society (“CiPRESS”, “we”, “us”) handles personal data when you use our website and related services. The following is drafting text for editorial and legal review: replace placeholders, add your legal entity details and jurisdiction specifics, and adjust for your processors and subprocessors.

Data controller

Unless stated otherwise below, CiPRESS acts as controller for personal data processed in connection with membership, events, enquiries, and this site. Identify the registering legal entity, registered office, company number, and a contact address in Payload after review.

Categories of personal data

  • Identifying and contact details you provide when you join, contact us, or sign up (e.g. name, organisation, professional role, email, country).

  • Account and transactional data relating to memberships or purchases processed via our payment or membership partners.

  • Technical data collected when you use the site (e.g. browser type, device type, coarse location from IP — if used).

Purposes and legal bases

  • Operating the association and fulfilling membership and statutory obligations.

  • Responding to enquiries and keeping you informed — typically on legitimate interests or consent, depending on outreach.

  • Securing and improving our website.

Recipients and transfers

We rely on trustworthy service providers (hosting, email, payments, CRM, analytics — list yours in Payload) who process data strictly on documented instructions where required. Describe any transfers outside your primary jurisdiction and safeguards (standard contractual clauses etc.) after contracting.

Cookies and similar technologies

Explain which cookies you use — essential-only vs optional analytics — and align with your cookie banner wording. Visitors should be offered a manageable choice where non-essential tools are switched on.

Retention

  • Keep personal data only as long as needed for the stated purposes and statutory retention.

  • Set concrete periods per data category once your processes are documented.

Your rights

  • Depending on applicable law (e.g. GDPR), you may have rights such as access, rectification, erasure, restriction, objection, portability, and the right to lodge a complaint with a supervisory authority.

  • Insert concrete contact procedures and response times.

Questions

For privacy enquiries, route members and visitors via the controller’s contact channels published on Legal notice.