Privacy Statement (DRAFT)

This Privacy Statement is a draft and is not yet the final published version. Some operational details, including hosting and storage location, still need to be confirmed and will be updated before final publication.

Who we are

FMUG operates this website and acts as the controller for the personal data described in this statement.

For privacy questions, requests, or concerns, please contact:
chair@fmug.eu

Personal data we collect

Depending on how you use the FMUG website, we may process the following personal data:

• Name, including first name and last name
• Email address
• Role within FMUG
• Company affiliation, where provided
• Whether a user has administrator access
• Conference registration details, including attendance preference
• Agenda preferences and any agenda notes submitted during registration
• Dietary requirements and related notes you choose to provide
• Invitation details, such as the invited first name and email address
• Authentication and account access data, such as Google sign-in identifier data and one-time login or invitation token records
• Technical session information needed to keep you signed in securely

How we use personal data

We use personal data to:

• Create and manage FMUG member accounts
• Let members sign in, including by Google login or email magic link
• Send invitations and login emails
• Manage conference registrations
• Record agenda preferences and attendance choices
• Record dietary requirements where relevant to conference participation
• Allow administrators to manage membership and conference participation
• Maintain the security and operation of the website
• Comply with applicable legal obligations, including GDPR

Legal bases

We process personal data under GDPR on one or more of the following bases:

• Performance of a contract or taking steps at your request before entering into one, for example when creating an account, signing in, or managing conference registration
• Legitimate interests, including operating FMUG, organizing conferences, managing membership, and keeping the website secure
• Compliance with legal obligations, where applicable
• Consent, where this is specifically required

Emails and third parties

FMUG sends transactional emails, such as invitations, login links, and registration confirmations, using Brevo.

Google sign-in may also be used when enabled, in which case Google processes authentication data needed to sign you in.

The members page currently uses robohash.org to generate test avatar images. This is temporary test functionality and is intended to be removed in due course.

We do not sell personal data.

Cookies and sessions

The website uses an essential session cookie to keep users signed in and to operate the authenticated parts of the website. This session cookie is currently configured to expire after 8 hours.

At the time of this draft, no separate advertising or analytics tooling has been identified in the application code.

Data retention

FMUG retains personal data only for as long as needed for the purposes described above.

Current retention approach:

• Inactive member accounts will be removed after 2 years of inactivity
• Invitation and magic link records are time-limited and expire automatically after a short period
• Some technical records may remain in backups or logs for a limited period where necessary for security, integrity, or recovery purposes

This section is part of the draft and may be refined in the final version.

Storage and international transfers

This Privacy Statement is a draft. The final version will specify where the website and database are hosted, where personal data is stored, and whether any international transfers take place.

Your GDPR rights

Under GDPR, you may have the right to request:

• Access to your personal data
• Correction of inaccurate personal data
• Deletion of your personal data
• Restriction of processing
• Objection to processing
• Data portability, where applicable
• Withdrawal of consent, where processing is based on consent
• The right to lodge a complaint with a supervisory authority

FMUG will respect applicable GDPR rights. If you want to exercise your rights, or if you have any privacy concerns, please contact chair@fmug.eu.

It is also possible to remove your own personal data from the database by deleting your own account through the website, where that functionality is available.

Security

FMUG takes reasonable technical and organizational measures to protect personal data. Based on the current application configuration, this includes HTTPS enforcement in production, filtered logging for sensitive parameters such as email addresses and tokens, expiring login links, and access controls for administrative functions.

Changes to this statement

This statement may be updated from time to time. Because this is currently a draft, further changes are expected before publication of the final version.