This Privacy Policy pertains to our website (, mailing lists, and surveys/data collection done through our domain. Policies regarding data collection for our exchanges may be found in a separate document (here).

1. Who We Are

The International Federation of Medical Students’ Associations (IFMSA) is a Non-Governmental Organization founded in 1951. It is the world’s oldest and largest independent organization representing associations of medical students internationally, and it currently represents more than 1.3 million students worldwide.

IFMSA envisions a world in which all medical students unite for Global Health and are equipped with the knowledge, skills, and values to take on health leadership roles locally and globally. This is achieved by leading initiatives that impact positively the communities we serve, and by building capacity through training, project and exchanges opportunities while embracing cultural diversity so as to shape a sustainable and healthy future.

2. Purpose

This privacy policy is made to explain to you when, why, and how we collect personal information about our members, within and outside this site and our mailing lists. This explanation includes how we use, store, and the conditions under which we may disclose it to others, and how we keep it secure.

Under the General Data Protection Regulation (GDPR), IFMSA qualifies as a “data controller”. This means that we are fully or partly responsible for determining the purpose and means for the processing of personal data. We are required under this law to inform you of the information contained within this privacy policy.

3. Our Commitment

In line with the core principles of the GDPR, we are committed to the following, in regards to our use of your personal data:

  1. Lawful, Fair, and Transparent data collection: we are committed to ensuring that your data is collected and stored in such a manner.
  2. Purpose Limitation: we are committed to ensuring the data we collect serves a purpose that is clearly informed to you.
  3. Data Minimization: In line with the previous item, we are also committed to limiting our collection to data that are strictly necessary for our purpose.
  4. Truth and Accuracy: we commit to ensuring that your data is kept as accurately and as up-to-date as possible.
  5. Storage Limitation: we will not be keeping your data longer than we need it for a specific purpose.
  6. Integrity and Confidentiality: we commit to ensuring or enacting measures that will ensure your data is afforded an appropriate level of security.

Whether it is through this privacy policy or otherwise, in the spirit of ensuring a higher level of transparency, we will strive our best to ensure that you understand the purpose of each data collection that we do, how we process it, and how you can correct or remove it, should you wish.

4. How Do We Collect Personal Information

The Federation collects personal information through several means:

  • Email and Written Correspondence
  • Application Forms / Enrollment Forms
  • Exchange Database
  • Direct contact at our office, events and elsewhere.
  • Social Media
  • Surveys and Research Forms

In nearly all instances, it will be apparent and clear to you when we are collecting your data.

5. What Personal Information do we collect

We collect information about you when you engage with us through one of the several activities detailed in the list below:  

  1. IFMSA Professional and Research Exchanges
  2. IFMSA (Pre) General Assembly and (Pre) Regional Meeting Training Events
  3. Enrollment in IFMSA Programs
  4. Working Groups and/or Volunteering Opportunities within IFMSA
  5. External Representation Opportunities
  6. Surveys and/or research activities through the IFMSA network

In these cases, we may collect the information detailed below:

  1. Name, Date of Birth, Place of Birth, and Country of Origin
  2. Contact Information: Email Address, Passport Data, Phone Numbers, postal or other physical addresses
  3. Physical Data: Gender, Health Requirements (for provision of suitable services)
  4. Curriculum Vitae, including current employment, past employment, education, and experience within a specific field related to the purpose of the data collection
  5. Additional information that may be necessary based on a case-by-case basis.

Any additional need for information in any particular cases will be communicated clearly to you, including the reasons for its collection and duration of its retention. Regarding information collected for the purpose of our student exchange program, please refer to the IFMSA Exchanges Privacy Policy.

6. How is your information used

As we have mentioned, the personal data we actively collect from you is almost always related to one of the five activities listed under section five “What personal information do we collect”. At this moment, IFMSA does not engage in targeted advertising, and thus we do not share any data with external parties for marketing or advertising purposes. The personal, identifiable data that we collect from you may be used for the following purposes:

  • Selection of participants to an IFMSA activity
  • Provision of related data to one / multiple IFMSA member organizations for the purpose of professional or research exchange
  • Selection of participants to represent IFMSA in an event
  • Provision of service or information about our activities
  • Impact Assessment of IFMSA Activities
  • Conveyance of information about opportunities and call for inputs to improve our service
  • Archived for a specific duration of time to ensure legal liability of related parties based on a specific, previously agreed upon terms that are amicable to both IFMSA and the related parties

We will regularly review the necessity of these personal data for our activities and adhere to any storage period that we have detailed when requesting these data or until such time when the data is no longer necessary for the originally stated purpose, whichever comes first. Please note that in some cases, specific information items are indispensable to the related activity, and IFMSA may not be able to select, provide, or convey the application for consideration without them. We would also like to stress that we do not currently engage in automated decision-making, including profiling, based on the personal data we obtain from you.

7. What is the lawful basis of IFMSA Data Collection

Based on the GDPR, there are six lawful bases on data collection, as outlined in article 6 of EU law. At least one of these must apply whenever a party is processing personal data:

  1. Consent: The individual has given an organization clear consent for processing personal data for a specific purpose.
  2. Contract: The data processing is necessary for a contract that exists with the individual, or because they have asked to take specific steps before entering into a contract.
  3. Legal obligation: The data processing is necessary for the organization to comply with the law, not including contractual obligations.
  4. Vital interests: The data processing is necessary for the organization to protect an individual’s life.
  5. Public task: The data processing is necessary in order to perform a task in the public’s interest or for the organization’s official functions, and the task or function has a clear basis in law.
  6. Legitimate interests: The data processing is necessary for the legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests.

IFMSA will ensure that at all times the lawful bases are respected, and at least one of the conditions stated above is fulfilled. All personal data collection activities by IFMSA and its officers will be supervised by the IFMSA Executive Board to ensure its compliance with the aforementioned basis.

8. Instances of Data Sharing with a Third Party

IFMSA will not sell, rent, or otherwise share your personal data for marketing and targeted advertising purposes. We also would like to assure you that any instance of active data-sharing will happen only with your consent through a clearly distinguished explanation of the purpose of said sharing either before, during, or after the data collection process.  The following are the entities with whom we may share data with and for what reason:

  • Organizers of our International Events: at some points, we will need to share specific personal data with organizers of our General Assemblies and Regional Meetings to ensure that they will be able to provide adequate and suitable services to the applicants.
  • Agencies, Institutions, or Academics for Research Purposes: we may allow third party organizations to engage with our network for data collection or research purposes. In all cases, we will ensure that the process is compliant with our research policies and that the data collection contains as little identifiable data as possible.
  • Software or Technical Providers: third-party agents that allow us to operate efficient digital processes and render satisfactory service to our members.
  • IFMSA Member Organizations, Secretariat, Officials, International Assistants, Program Coordinators, Task Forces: in such cases where data are indispensable to application and selection processes, or the conveyance of the relevant information to all parties involved.
  • Law Enforcement or Regulatory Bodies: we may have to transfer specific data if we are under the duty to disclose or share your personal data in order to comply with any legal obligations or to protect the rights, property, or safety of our members and users.

This is an indicative and not an exhaustive list. Please note that whenever we share personal data, we take all reasonable steps to ensure that it will be handled appropriately and securely by the third party. In all instances, we will share only information that is absolutely relevant and clearly necessary to deliver the service or fulfill the purpose of the data sharing. Especially with partners that are not directly related to our Federation (i.e., those other than “Members”), we will have a contract in place in place to ensure secure handling of these pieces of information and clearly limit the way they will be able to use the shared data. In the case of Law Enforcement and Regulatory Bodies, where contracts are not applicable, we will continue to make all reasonable efforts to ensure that your privacy remains protected.

9. How Long Do we Retain Personal Information:

We retain personal information only as long as it is necessary for the purpose of the data collection. This purpose will be detailed during the data collection process. In general terms: we will retain personal data for so long as required by law, or as may be required for record keeping and legal claims purposes

10. Where Do We Store Personal Information

We store most of the data we collect in our google suites connected domain and our web hosting service provided by a third-party company based in a non-European Union country. In all cases, we strive or will continue to strive to ensure that the organizations we work with have adequate data-protection and confidentiality clauses on data collection that are compliant with the regulations set out within the GDPR.

11. Security precautions in place to protect the loss, misuse or alteration of your information

We will be putting in place a robust internal guideline on personal data management within our Federation. This will allow us to keep track, limit, and in specific cases: remove access to your personal data from administrators within our Federation. In all cases, personal data are only shared to officers who require it to complete a specific purpose, in line with what will be detailed during the data collection process.

Additionally, to reduce uncontrollable data dissemination and improve our ability to control access to the personal data we collect, we regularly request and strive to ensure that our officers work in a cloud-based environment fully within the domain. We will continuously strive to ensure the storage of these personally identifiable pieces of information is done as securely as possible.

12. Other Websites

Parts of this website may contain links to other sites, such as related agencies with source material that supports our content, or partner organizations that we work with. We would like to clarify that we are not responsible for the content or privacy practices of these other sites and we encourage you to be aware of the privacy policies of these sites before engaging in any actions.

13. Your rights where we are processing your information:

The European Union General Data Protection Regulation highlights certain rights to citizens of states within EU and the EEA whose information is being collected by an organization (as data subjects). The following is a quick summary of your rights pertaining to data collected by IFMSA:

  1. Access: you have the right to request the personal information that we have about you. If you would like a copy of this activity, please contact us at the email address specified below.
  2. Correction: you have the right to request a rectification to incomplete, inaccurate, or false information on your personage within our possession.
  3. Deletion: you have the right to request the deletion of parts or the entirety of your personal data within our possession without undue delay on these grounds:
    1. Where you feel the data is no longer necessary in relation to the purposes for which they were collected or processed
    2. Where you are withdrawing consent for the use of your data
    3. Where you have objected to the use of the data (see point d)
    4. Where you feel the use of the data is contrary to the law
  4. Objecting: you are free to object to our use of your data at any time for marketing, newsletter, or mailing list purposes. Unless there are overriding legitimate grounds, we will cease the usage of these personal data immediately.
  5. Restricting our use of your data: this may happen when you do not believe you want your data removed from our storage, but you no longer give consent to the usage of the data for the purposes detailed during the collection process or that which are dictated within this privacy policy.
  6. Withdrawing Consent of Use: the regulations dictate that withdrawing consent should be as simple as providing it. As such, you are free to withdraw your consent for data that we have collected, and we will cease our use of the information immediately for the purpose(s) that you have consented to in the first place.

Please note that specifically for mailing list purposes, instructions to subscribe or more importantly, unsubscribe from receiving information from IFMSA can be found in here. You may also directly contact us or fill this form to be unsubscribed from one of our mailing lists.

14. Contact Information:

Should you find some infringements that you would like to be rectified or would like to find more information on our privacy policies, please contact us at  [email protected] with the subject
[GDPR INQ] in the subject line.

Moreover, you can directly contact the person responsible for Privacy and Data Protection policies in our organisation, the Vice-President for Public Relations & Communication ([email protected]).