Privacy Policy
1. Controller
Unless otherwise expressly stated in a specific registration form, contract or supplementary notice, the controller for the processing of personal data described in this Privacy Policy is SWISS SCC, PO Box, 9425 Thal, Switzerland, e-mail: pp@swissscc.ch.
As its EU representative under Article 27 GDPR for the congress project, SWISS SCC has designated Verlag für chemische Industrie H. Ziolkowsky GmbH, Dorfstrasse 40, 86470 Thannhausen, Germany, e-mail: vci@sofw.com.
2. Scope and purposes of processing
This Privacy Policy applies to the website www.ifscc2027.com. This website is used to provide information and to organise, administer and communicate in connection with the IFSCC Congress Basel 2027.
Depending on the user interaction, we process personal data for the following purposes: to respond to enquiries; to administer congress registrations; to receive and evaluate abstract submissions; to manage speaker, sponsor and exhibitor relationships; to process payments and accounting; to send congress-related information and newsletters; to ensure the security, stability and functionality of the website; to document and communicate about the event by means of photographs and video recordings; to comply with legal obligations; and, where permitted, to analyse the use of the website and improve our services.
3. Categories of personal data
Depending on the context, the categories of personal data processed may include identification and contact data, professional affiliation data, billing and payment data, correspondence data, registration data, travel or attendance-related data, abstract and manuscript data, technical usage data, cookie and consent data, images and audiovisual recordings, and any other information voluntarily provided to us.
4. Legal bases under the GDPR
Where the GDPR applies, we process personal data only where there is a valid legal basis. We process data on the basis of Article 6(1)(b) GDPR where processing is necessary to take steps at the request of the data subject prior to entering into a contract or to perform a contract, in particular for congress registrations, abstract administration, exhibitor arrangements and related participant services.
We process data on the basis of Article 6(1)(a) GDPR where consent is required or has been obtained, in particular for optional newsletters, non-essential cookies, analytics tools, and, where appropriate, for certain uses of photographs or video recordings. Consent may be withdrawn at any time with effect for the future.
We process data on the basis of Article 6(1)(c) GDPR where processing is necessary to comply with legal obligations, including accounting, tax, record-keeping and regulatory obligations.
We process data on the basis of Article 6(1)(f) GDPR where this is necessary for our legitimate interests, provided such interests are not overridden by the interests, fundamental rights or freedoms of the data subject. Our legitimate interests include the secure and efficient operation of the website, the handling of enquiries, the defence of legal claims, event administration, fraud prevention, information security, and proportionate communication about the congress.
If special categories of personal data within the meaning of Article 9(1) GDPR are exceptionally processed, for example where dietary, accessibility or health-related information is voluntarily provided for participation management, we will do so only on the basis of an applicable exception under Article 9(2) GDPR, in particular explicit consent or where processing is necessary for substantial public-interest or legal-compliance reasons as applicable.
5. Recipients and processors
Personal data may be disclosed to service providers and partners to the extent necessary for the purposes described above. Depending on the project setup, this may include hosting providers, consent-management providers, registration and abstract-management platform providers, payment service providers, IT support providers, e-mail delivery providers, event app providers, professional congress organisers, venue and logistics partners, auditors, legal advisers and public authorities.
Where third parties process personal data on our behalf, we enter into data processing agreements where required by Article 28 GDPR. Where two parties jointly determine the purposes and means of processing, an arrangement on joint controllership under Article 26 GDPR must be put in place.
Abstract data may be shared with reviewers, members of the scientific or programme committee, moderators, session chairs, publishers of congress materials or proceedings, and technical providers strictly to the extent necessary for the scientific review, programme selection, publication and congress administration.
6. International transfers
Personal data may be transferred to recipients in countries outside Switzerland, the United Kingdom or the European Economic Area where this is necessary for the operation of the website, the congress infrastructure or the services used in connection with the event. Where the GDPR applies and personal data are transferred to a third country that is not the subject of an adequacy decision, we will implement appropriate safeguards, in particular the European Commission’s Standard Contractual Clauses, and assess whether supplementary measures are required.
Where data are transferred to providers in the United States, such providers may additionally rely on an adequacy mechanism recognised by the European Commission, such as participation in the EU-US Data Privacy Framework, where applicable. Irrespective of the transfer mechanism used, data transferred to third countries may in certain cases be subject to access by foreign authorities. Residual transfer risks cannot be fully excluded.
7. Retention periods
Unless a longer retention period is required by law or is necessary for the establishment, exercise or defence of legal claims, personal data are retained only for as long as necessary for the purpose for which they were collected. Enquiry data are generally retained for the duration of the handling of the request and for an appropriate follow-up period. Registration, contractual and billing data are retained for the duration of the contractual relationship and thereafter for the applicable statutory retention periods. Abstract and programme-related data may be retained for the duration necessary for scientific review, speaker coordination, publication, documentation and archiving of the congress. Consent records are retained for as long as necessary to demonstrate compliance.
Photo and video material may be retained for documentation, historical archive and communication purposes for as long as there is a legitimate need, unless deletion is required by law or a successful objection applies in the specific case.
8. Data subjects’ rights
Where the GDPR applies, data subjects have the right to request access to their personal data, rectification of inaccurate data, erasure, restriction of processing, data portability where applicable, and to object to processing based on Article 6(1)(e) or (f) GDPR on grounds relating to their particular situation. Where processing is based on consent, consent may be withdrawn at any time with effect for the future.
Data subjects also have the right to lodge a complaint with a competent supervisory authority, in particular in the Member State of their habitual residence, place of work or the place of the alleged infringement.
We do not carry out automated decision-making, including profiling, that produces legal effects concerning data subjects or similarly significantly affects them, unless this is expressly disclosed in a supplementary notice.
9. Security
We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access restrictions, role-based permissions, encrypted transmission, logging, contractual controls over service providers and need-to-know principles. No internet-based transmission is, however, entirely risk free.
10. Hosting
This website is hosted by Mittwald CM Service GmbH & Co. KG, Königsberger Straße 4–6, 32339 Espelkamp, Germany. The hosting provider processes technical data required for the operation and security of the website, including server log data, on our behalf. The legal basis is Article 6(1)(f) GDPR for the secure and reliable provision of the website and, where access to information on the user’s terminal device requires consent, Article 6(1)(a) GDPR.
A data processing agreement has been concluded with the hosting provider.
11. Server log files
When you access the website, the hosting provider and we automatically collect technical information transmitted by your browser or device, including the IP address, date and time of access, requested page, referrer URL, browser type and version, operating system, hostname and status codes. We process these data to ensure the stability, security and integrity of the website, to prevent misuse and to troubleshoot incidents. The legal basis is Article 6(1)(f) GDPR. Server log data are not merged with other data sources except where this is necessary to investigate abuse or security incidents.
12. Cookies and consent management
The website uses cookies and comparable technologies. Strictly necessary technologies may be used without consent where they are essential for the secure and functional operation of the website. All non-essential cookies and comparable technologies, including analytics or marketing technologies, will only be activated after the user has given valid consent through the consent-management platform.
We currently use the Borlabs Cookie consent-management tool of Borlabs GmbH, Rübenkamp 32, 22305 Hamburg, Germany, to record and manage users’ consent preferences. The legal basis for the use of the consent-management tool is Article 6(1)(c) GDPR insofar it is necessary to document and manage consent obligations, and Article 6(1)(f) GDPR for the legally compliant administration of user preferences.
Consent records are retained for evidentiary purposes. Users can withdraw or amend their consent preferences at any time with effect for the future.
13. Contact forms and general enquiries
If you contact us via a form, by e-mail or by telephone, we process the data provided in order to handle and answer the request and, if necessary, to prepare, perform or document a contractual relationship. The legal basis is Article 6(1)(b) GDPR where the enquiry relates to pre-contractual steps or a contract, and otherwise Article 6(1)(f) GDPR. We do not disclose such data to unrelated third parties without a valid legal basis.
14. Congress registration and participant administration
If you register for the congress, we process the personal data necessary to manage your registration, participation, invoicing, payment verification, badge production, access management, participant communication, compliance, health and safety logistics, and the fulfilment of organiser obligations. The legal basis is generally Article 6(1)(b) GDPR and, where applicable, Article 6(1)(c) GDPR. Optional information is collected only where there is a legitimate operational need or where you have chosen to provide it.
15. Abstract submissions and scientific review
If you submit an abstract or other scientific contribution, we process the personal data included in the submission, including author details, affiliations, contact information, manuscript or abstract content, disclosures and related correspondence, in order to organise peer review, make selection decisions, prepare the programme, communicate with authors and publish accepted contributions where applicable. The legal basis is Article 6(1)(b) GDPR and, where relevant, Article 6(1)(f) GDPR for the scientific and organisational management of the congress.
Submitters must ensure that personal data contained in submissions are limited to what is necessary. Where submissions include personal data relating to third parties, the submitter is responsible for ensuring that there is an appropriate legal basis for such inclusion.
16. Sponsors, exhibitors and business contacts
If you contact us or are contacted in relation to sponsorship, exhibition, partnership or media cooperation, we process the relevant business contact data and correspondence for the evaluation, negotiation, administration and performance of the respective relationship. The legal basis is Article 6(1)(b) GDPR for pre-contractual and contractual steps and Article 6(1)(f) GDPR for the professional administration of business relationships.
17. Newsletter and congress communications
We may send congress-related service communications where these are necessary for participants, speakers, authors, sponsors or exhibitors in connection with an existing registration or contractual relationship. The legal basis is Article 6(1)(b) GDPR or Article 6(1)(f) GDPR, depending on the context.
18. Photos and video recordings during the congress
Photographs, video recordings and, where applicable, live streams may be produced during the congress for documentation, reporting, historical archive, public relations and communication purposes in print, on websites, in social media channels and in congress materials. The legal basis is Article 6(1)(f) GDPR for the legitimate interest in documenting and communicating about the event and, where required in the specific circumstances, Article 6(1)(a) GDPR.
We will take appropriate measures to inform attendees about recordings in advance and on site. Where recordings focus on identifiable individuals in a way that is not reasonably expected from the event context, or where special risk circumstances exist, separate consent should be obtained. Data subjects may object to future use of images on grounds relating to their particular situation; such objections will be assessed on a case-by-case basis.
19. Analytics tools
Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics processes usage and device data to help us understand how users interact with the website. Google may also receive IP-related and online identifier data and may transfer data to the United States.
Because Google Analytics is not strictly necessary for the operation of the website, it is only activated on the basis of prior consent under Article 6(1)(a) GDPR. IP anonymisation is enabled. A data processing agreement is in place. International transfers are covered by an adequacy decision or appropriate safeguards, such as the EU-US Data Privacy Framework and/or Standard Contractual Clauses, as applicable. Users are able to withdraw consent at any time.
Matomo
This website uses the open-source web analysis service Matomo. Matomo is used solely in a privacy-friendly, cookieless and appropriately de-identified configuration hosted on our own infrastructure, processing may in some circumstances be based on Article 6(1)(f) GDPR. However, for a conservative compliance approach and to avoid conflicts with consent requirements for analytics technologies, we recommend activating Matomo only after user consent unless the final technical configuration is specifically validated as exempt from consent.
We have configured Matomo in such a way that Matomo will not store cookies in your browser.
20. Links to third-party sites
This website may contain links to third-party websites. We are not responsible for the privacy practices of such external websites. Users should consult the respective privacy notices of those third parties.
21. Updates to this Privacy Policy
We may amend this Privacy Policy from time to time if the website, the congress setup, the legal framework or the processing activities change. The version published on the website at the time of access shall apply.