Top Back to top

Data privacy

The EBMT Registry collects data for research and development of new and improved transplant, cell therapy and immunosuppression procedures, and to improve the quality of these procedures through the accreditation of treatment units.

EBMT is strongly committed to protecting the privacy of personal data that we maintain about patients, donors, members and employees. The EBMT ensures that all personal data under its responsibility is processed according to the EU General Data Protection Regulation (GDPR).
The data is stored in an electronic database located in a European country which is protected by safeguards that ensure security, including compliance with ISO27001 certification. The data will only be accessible by the EBMT employees for the performance of their job following a stringent access control policy.

Patient Privacy Statement

This webpage details what personal data EBMT collects from patients, how it is collected and stored and the purposes for which it is used.  There is also information on how to contact the registry and the rights of individual data subjects. It was generated in response to new legislation, the General Data Protection Regulation (Regulation (EU) 2016/679, hereafter “GDPR”).

Privacy policy

This webpage details what personal data EBMT collects from members, how it is collected and stored and the purposes for which it is used.  There is also information on how to contact the registry and the rights of individual data subjects. It was generated in response to new legislation, the General Data Protection Regulation (Regulation (EU) 2016/679, hereafter “GDPR”).

Data Use and Processing Policy

This Policy regulates the management of Personal Data relating to patients reported to the EBMT Registry and provides rules and procedures which apply to all departments and individuals within the EBMT, aimed at ensuring that Patient Personal Data is processed and protected properly in all countries and regions and in accordance with the European General Data Protection Regulation (GDPR).

Joint Controllership Agreement with Centers with full EBMT membership

EBMT is strongly committed to protecting the privacy of personal data that we obtain from patients, members and employees. In this context, EBMT has developed a Joint Controllership agreement with Centers with full EBMT membership which describes the responsibilities concerning data protection of the data reported to EBMT.

At the same time, the agreement includes all the requirements established by the General Data Protection Regulation (EU 2016/679) (GDPR) concerning data processing and controllership obligations for EBMT members and EBMT. This document has been produced by the EBMT GDPR working group, revised and endorsed by the EBMT legal advisors for compliance with GDPR, and finally approved by the EBMT Executive Committee.

It is of great importance that EBMT members who report data to the EBMT Registry sign this document and return it to EBMT. 

If you have any comments or questions about how EBMT processes personal data, please send them to Data.Protection@ebmt.org

Joint Controllership Agreement for Data reporting to SFGM-TC and EBMT

EBMT encourages the use this Joint Controllership Agreement for centres that wish to report to EBMT and SFGM-TC. It is of great importance that an institutional representative of the EBMT/SFGMTC centre member, which reports data to the EBMT and SFGM-TC Registries, signs this document and returns it to data.protection@ebmt.org

This document has been adapted to French speaking SFGM-TC centres located outside of France: Belgium, Switzerland, Lebanon and Algeria.