Privacy Policy

1. General Information

The LP(a) Congress is an event organized by
Deutsche Gesellschaft für Lipidologie e.V. – Lipid-Liga (DGFL),
Kuhgasse 9, 63571 Gelnhausen, Germany.DGFL, as the event organizer, has commissioned KWHC GmbH, Mönckebergstraße 17, 20095 Hamburg, Germany, with the organization and execution of the event.

2. Controller

The controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable national data protection laws of the EU Member States, as well as other data protection regulations, is:

KWHC GmbH
Mönckebergstraße 17
20095 Hamburg
Germany
Phone: +49 (0)40 572540
Email: info@kwhc.de
Website: www.kwhc.de

3. Data Protection Officer

The Data Protection Officer of KWHC GmbH is:

Andreas Kortmann
netCo.privacy GmbH
Braaker Grund 7
22145 Braak
Germany

Email: datenschutz@kwhc.de

4. General Information on Data Processing

4.1 Scope of the Processing of Personal Data

We generally process personal data of our users only to the extent necessary to provide a functional website as well as our content and services. As a rule, personal data is processed only with the user’s consent.

An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by statutory provisions.

4.2 Legal Basis for the Processing of Personal Data

Where we obtain the consent of the data subject for processing operations involving personal data, Article 6(1)(a) GDPR serves as the legal basis.

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, or for the implementation of pre-contractual measures, Article 6(1)(b) GDPR serves as the legal basis.

Where processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Article 6(1)(c) GDPR serves as the legal basis.

Where processing is necessary in order to protect the vital interests of the data subject or another natural person, Article 6(1)(d) GDPR serves as the legal basis.

Where processing is necessary for the purposes of legitimate interests pursued by our company or by a third party, and such interests are not overridden by the interests, fundamental rights and freedoms of the data subject, Article 6(1)(f) GDPR serves as the legal basis.

4.3 Data Deletion and Storage Period

Personal data of the data subject is deleted or restricted as soon as the purpose of storage no longer applies. Storage beyond this period may occur where required by European or national legislators in EU regulations, laws or other provisions to which the controller is subject. Data will also be restricted or deleted when a statutory retention period expires, unless further storage of the data is necessary for the conclusion or performance of a contract.

5. Information on Processing by Processors

This website uses the conference management software Converia, which is provided by Converia GmbH. Converia GmbH hosts the software and provides additional services such as software maintenance and support for the event organizer. In the course of performing these services, Converia GmbH may have access to personal data stored in the software and is therefore considered a processor.

A data processing agreement pursuant to Article 28 GDPR has been concluded with Converia GmbH. Details can be found in the section “List of Processors” of this Privacy Policy.

6. Provision of the Website and Creation of Log Files

6.1 Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing device.

The following data is collected:

  • Information about the browser type and version used

  • The user’s operating system

  • The user’s internet service provider

  • The user’s IP address

  • Date and time of access

6.2 Legal Basis for Data Processing

The legal basis for the temporary storage of data and log files is Article 6(1)(f) GDPR.

6.3 Purpose of Data Processing

Temporary storage of the IP address by the system is necessary to enable delivery of the website to the user’s device. For this purpose, the user’s IP address must remain stored for the duration of the session.

The storage of log files is carried out to ensure the functionality of the website. In addition, the data is used to optimize the website and to ensure the security of our information technology systems.

The data is not evaluated for marketing purposes.

These purposes also constitute our legitimate interest in processing data pursuant to Article 6(1)(f) GDPR.

6.4 Duration of Storage

The data is deleted as soon as it is no longer required for the purpose for which it was collected.

In the case of data collected to provide the website, this is the case when the respective session ends.

In the case of data stored in log files, deletion occurs no later than ten days after collection. Longer storage is possible. In such cases, users’ IP addresses are deleted or anonymized so that attribution to a specific client is no longer possible.

6.5 Right to Object

The collection of data for the provision of the website and the storage of data in log files is absolutely necessary for the operation of the website. Therefore, users have no right to object.

7. Use of Cookies

7.1 Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in or by the internet browser on the user’s computer system.

When a user accesses a website, a cookie may be stored on the user’s operating system. This cookie contains a characteristic string that allows the browser to be uniquely identified when the website is accessed again.

7.2 Categories of Cookies

We classify cookies into the following categories:

Essential Cookies (Type 1)
These cookies are strictly necessary for websites and their functions to operate properly. Without these cookies, services such as participant registration cannot be provided.

Functional Cookies (Type 2)
These cookies enable enhanced comfort and performance of websites and provide various functions. For example, language settings can be stored in functional cookies.

Performance Cookies (Type 3)
These cookies collect information about how websites are used. Performance cookies help us identify particularly popular areas of our website so that we can better tailor content to users’ needs. The information collected by these cookies is not personal data. Further information can be found in the section “Analysis of Usage Data”.

Third-Party Cookies (Type 4)
These cookies are set by third parties, such as social networks. They are primarily used to integrate social media content such as social plugins. Further information can be found in the section “Social Plugins”.

7.3 Legal Basis for Data Processing

The legal basis for processing personal data using cookies is Article 6(1)(f) GDPR.

7.4 Cookies Used on This Website

Cookie Name Purpose Type
PHPSESSID Identification of a user session 1
Converia_SID Identification of a frontend user 1

 

7.5 Storage Duration, Right to Object and Removal

Cookies are stored on the user’s device and transmitted to our website by the user.

Users have full control over the use of cookies. By changing the settings in their internet browser, users can disable or restrict the transmission of cookies. Cookies that have already been stored can be deleted at any time, including automatically.

If cookies are disabled for our website, some functions of the website may no longer be fully available.

8. Registration and Use of the Conference Management Software

8.1 Description and Scope of Data Processing

The conference management software offers users the opportunity to register by providing personal data. The data is entered into an input form and transmitted to and stored by us.

Mandatory fields may be required during registration and must be completed fully and correctly. If this is not the case, registration will be rejected.

Registration is generally required for the following activities:

  • Registration as a participant for an event

  • Submission of a scientific contribution

  • Review of scientific contributions

  • Activities as a speaker or session chair

  • Use of the favorites function of the conference planner

The following data may be collected and stored during registration and use of the software:

  • Access data (username, password)

  • Address data

  • Email address

  • Shopping cart data

  • Billing information

  • Information on submitted contributions

  • Temporal and spatial scheduling data (conference schedule)

  • Uniform Continuing Education Number (EFN) and CME participation data

8.2 Payment Processing

Various payment options are offered for event registration (e.g. invoice/bank transfer, credit card, PayPal).

Sensitive payment information is not stored in the conference management system. Certified payment service providers process and store payment data. Users are redirected directly to the websites of the respective providers.

Further information on data protection can be found on the websites of the respective service providers.

The following data is processed as part of payment handling:

  • Selected payment method

  • Invoice amount

  • Amounts paid

  • Billing data

Additional information on payment service providers can be found at the end of this Privacy Policy under “Data Protection Information”.

8.3 Legal Basis for Data Processing

Where user consent is given, Article 6(1)(a) GDPR serves as the legal basis.

Where registration serves the performance of a contract to which the user is a party or the implementation of pre-contractual measures, Article 6(1)(b) GDPR serves as the additional legal basis.

8.4 Purpose of Data Processing

User registration is required for the performance of a contract with the user or for the implementation of pre-contractual measures.

8.5 Duration of Storage

Data is deleted as soon as it is no longer necessary for the purpose for which it was collected.

This is the case for data collected during the registration process for contract performance or pre-contractual measures when the data is no longer required for contract execution.

Even after conclusion of the contract, it may be necessary to store personal data of the contractual partner in order to comply with contractual or statutory obligations.

As access data including address data may be reused for future events, such data is generally deleted from the system within two years after the last login.

8.6 Right to Object and Deletion

Users may cancel their registration at any time and have their stored data amended. To do so, please contact the controller by email or telephone (see contact details above).

If data is required for the performance of a contract or pre-contractual measures, early deletion is only possible insofar as contractual or statutory obligations do not prevent deletion.

9. Rights of the Data Subject

If personal data relating to you is processed, you are a data subject within the meaning of the GDPR and have the following rights vis-à-vis the controller:

9.1 Right of Access

You have the right to request confirmation as to whether personal data concerning you is being processed.

If such processing is taking place, you have the right to obtain information about:

  1. the purposes of the processing;

  2. the categories of personal data processed;

  3. the recipients or categories of recipients to whom the personal data has been or will be disclosed;

  4. the envisaged storage period or, if not possible, the criteria used to determine that period;

  5. the existence of rights to rectification, erasure, restriction of processing or objection;

  6. the existence of a right to lodge a complaint with a supervisory authority;

  7. available information about the origin of the data if the data was not collected from the data subject;

  8. the existence of automated decision-making, including profiling, pursuant to Article 22(1) and (4) GDPR, and meaningful information about the logic involved and the envisaged consequences.

You also have the right to be informed whether personal data is transferred to a third country or an international organization and about appropriate safeguards pursuant to Article 46 GDPR.

9.2 Right to Rectification

You have the right to obtain the rectification or completion of inaccurate or incomplete personal data without undue delay.

9.3 Right to Restriction of Processing

You have the right to request restriction of processing under the conditions set out in Article 18 GDPR, including disputes regarding data accuracy, unlawful processing, or objections under Article 21 GDPR.

Restricted data may only be processed with consent or for legal claims, protection of rights, or important public interest.

You will be informed before the restriction is lifted.

9.4 Right to Erasure (“Right to be Forgotten”)

You have the right to request erasure of personal data without undue delay where one of the grounds set out in Article 17 GDPR applies.

This includes withdrawal of consent, unlawful processing, or successful objection.

Exceptions apply where processing is necessary for legal obligations, public interest, scientific or statistical purposes, or legal claims.

9.5 Right to Notification

If you exercise your rights to rectification, erasure or restriction, the controller shall inform all recipients of the data unless this proves impossible or involves disproportionate effort.

You have the right to be informed of those recipients.

9.6 Right to Data Portability

You have the right to receive personal data you have provided in a structured, commonly used and machine-readable format and to transmit that data to another controller where processing is based on consent or contract and carried out by automated means.

9.7 Right to Object

You have the right to object at any time to processing based on Article 6(1)(e) or (f) GDPR, including profiling.

If personal data is processed for direct marketing purposes, you have the right to object at any time.

9.8 Right to Withdraw Consent

You have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal.

9.9 Right to Lodge a Complaint with a Supervisory Authority

You have the right to lodge a complaint with a supervisory authority if you believe that the processing of personal data relating to you infringes the GDPR.

10. List of Processors

Converia GmbH
Kaufstr. 2–4
99423 Weimar
Germany

Type of Processing:

  • Hosting and operation of the Converia conference management software

  • Maintenance and support

11. Data Protection Information – Payment Services

For payment processing, we use secupay AG, Goethestraße 6, 01896 Pulsnitz, Germany. Secupay AG is a payment institution authorized by the German Federal Financial Supervisory Authority (BaFin).

Secupay acts as an independent controller under data protection law and processes personal data exclusively for the execution and settlement of payment transactions.

The following data is processed in particular:

  • Payment information (e.g. IBAN, credit card number, security code, payment amount)

  • Transaction data (e.g. time, reference number, purpose of payment)

  • Contact data where applicable (e.g. name, address, email address)

Processing is carried out for secure payment handling and to comply with statutory obligations relating to fraud prevention, anti-money laundering and record-keeping.

Legal bases for processing:

  • Article 6(1)(b) GDPR (performance of a contract)

  • Article 6(1)(c) GDPR (legal obligation)

  • Article 6(1)(f) GDPR (legitimate interest in secure payment processing)

Data is transmitted only to recipients required for payment processing, in particular banks, credit institutions and commissioned IT service providers.

Data is stored only for as long as necessary for the processing purpose. Secupay deletes or anonymizes data in accordance with statutory requirements once the purpose no longer applies.

Status: 2 February 2026