Privacy Policy

Controller & Contact

The data controller responsible for this website is:

eyecre.at GmbH is registered under Austrian company law and operates LidSUMMIT Tirol and LidSUMMIT Europe as part of its group activities. For any data protection enquiry, please contact us at the address above with the subject line "Data Protection Request".

Data We Collect

When you visit this website

Our web server (Squarespace, Inc.) automatically records standard log data for every request: IP address (anonymised after 24 h), browser type and version, operating system, referring URL, pages visited, date and time of access, and HTTP status codes. This data is used solely for security monitoring and aggregate performance analysis.

When you use the contact form

We collect your name, e-mail address, and any information you voluntarily include in your message. This data is used exclusively to respond to your enquiry.

When you apply for a seat (registration)

The application form collects: full name, professional title, medical speciality, institution / hospital, country, e-mail address, phone number, and any additional information you provide. We also process payment information through Squarespace Commerce; card details are handled by Stripe, Inc. and are never stored on our servers.

Newsletter subscription

If you subscribe to our newsletter we collect your e-mail address and, optionally, your first name. Subscription is confirmed via double opt-in.

Legal Basis for Processing

Cookies & Tracking Technologies

We use a consent management platform (Cookiebot / Usercentrics) to obtain your consent before placing non-essential cookies. You can review and change your preferences at any time by clicking the "Cookie Settings" link in the footer.

Strictly necessary cookies

These are required for the website to function (e.g. shopping cart, session management) and are placed without consent. They are deleted when you close your browser or after a short fixed period.

Statistics cookies (require consent)

We use Google Analytics 4 to understand how visitors interact with the site. All data is collected with IP anonymisation enabled and processed under a Data Processing Agreement. No data is used for personalised advertising.

Marketing cookies (require consent)

Only activated with your explicit consent. May include tools such as Meta Pixel or LinkedIn Insight Tag for measuring the effectiveness of our event marketing campaigns. These cookies may transfer data to servers in the United States (see Section 9).

Third-Party Services & Processors

All processors have entered into a Data Processing Agreement (DPA) with us as required by Art. 28 GDPR.

Marketing & Newsletter

With your consent we send newsletters about upcoming LidSUMMIT events, surgical training updates, and programme announcements. Each e-mail contains an unsubscribe link. You may also withdraw consent at any time by contacting info@lidsummit.com.

Withdrawal of consent does not affect the lawfulness of processing carried out before the withdrawal. Your e-mail address will be removed from the mailing list within 10 business days of your request.

Data Retention

• Server logs: 30 days, then automatically deleted.
• Contact form data: 3 years after last correspondence, unless a contractual relationship arises.
• Registration & event data: 7 years (Austrian statutory accounting retention period, § 132 BAO).
• Newsletter subscriber data: Until unsubscription or withdrawal of consent.
• Consent records (Cookiebot): 12 months per consent event.
• Cookie consent preferences: 12 months (re-requested at renewal).

Your Rights Under GDPR

As a data subject you have the following rights, exercisable at any time by contacting info@lidsummit.com:

• Right of access (Art. 15 GDPR): Obtain confirmation of whether we process your personal data and receive a copy.
• Right to rectification (Art. 16 GDPR): Request correction of inaccurate data.
• Right to erasure (Art. 17 GDPR): Request deletion of your data where no legal obligation to retain it exists.
• Right to restriction of processing (Art. 18 GDPR): Request that we limit processing in certain circumstances.
• Right to data portability (Art. 20 GDPR): Receive your data in a structured, machine-readable format.
• Right to object (Art. 21 GDPR): Object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent (Art. 7(3) GDPR): Withdraw any consent you have given at any time without affecting prior processing.

We will respond to your request within 30 days. If you believe your rights have been violated, you have the right to lodge a complaint with the Austrian Data Protection Authority:

International Data Transfers

Some of our service providers (including Squarespace, Stripe, and Google) are located in or transfer data to the United States. Where such transfers occur, we rely on one or more of the following safeguards:

• The EU–US Data Privacy Framework (adequacy decision by the European Commission, July 2023);
• Standard Contractual Clauses (SCCs) as approved by the European Commission (Decision 2021/914); or
• The provider's binding corporate rules.

Details of the applicable transfer mechanism for each provider are available upon request.

Changes to this Policy

We may update this Privacy Policy to reflect changes in our data practices or applicable law. The date at the top of this page indicates when the policy was last revised. We recommend reviewing this page periodically. For material changes affecting consent-based processing we will notify registered participants by e-mail.

This Privacy Policy was written in accordance with the EU General Data Protection Regulation (GDPR – Regulation (EU) 2016/679) and the Austrian Data Protection Act (Datenschutzgesetz, DSG 2018).