ESCRS Privacy Policy

The European Society of Cataract and Refractive Surgeons (“the Society”, "ESCRS", "we", "our", or "us") is committed to protecting and respecting your privacy.

  1. This Privacy Policy

    This Privacy Policy sets out how we collect, store, process, transfer, share and use data that identifies or is associated with you (your "personal information") when you use our website at www.escrs.org (the "Site"), use our services or otherwise interact with the Society.

    This policy also explains your rights in relation to your personal information and how to contact us or the relevant regulator in the event you have a query or complaint. Our collection, storage, use and sharing of your information is regulated by law, including under the EU General Data Protection Regulation (EU GDPR) and the UK General Data Protection Regulation (UK GDPR) (as applicable).

  2. About us

    The European Society of Cataract and Refractive Surgeons is the controller of the personal information we hold about you, meaning we are the organisation legally responsible for deciding how and for what purposes it is used.

    We are a private limited company by guarantee without share capital company registered in England and Wales under no. 03153785. Our registered office is at 5th Floor, 10 Finsbury Square, London EC2A 1AF.

    ESCRS is also a UK registered charity with the Charity Commission under the number 1066532.

    We are registered as a controller with the Information Commissioner’s Office under registration number ZA423474.

    ESCRS Trading Limited (“ETL”) is a wholly owned subsidiary of ESCRS. ETL is a private limited company registered in England and Wales under no. 07521602. Its registered office is at 5th Floor, 10 Finsbury Square, London EC2A 1AF.  ETL is registered as a controller with the Information Commissioner’s Office under registration number ZC081394. Where ETL processes personal information in connection with ESCRS activities or services (for example, in relation to events, exhibitions, or commercial arrangements), that processing is carried out in accordance with this Privacy Policy and applicable data protection laws. References in this Privacy Policy to “ESCRS”, “we”, “our” or “us” include ETL where appropriate.

  3. Information we collect about you

    We may collect, use, store and transfer different kinds of personal information about you which we have grouped together as follows:

    • Personal and contact details: as a member of the Society or when applying for membership, registering for an event, or accessing a product or service on our Site, you may be asked to provide details such as your name, email address, membership status, postal address, telephone number and date of birth.
    • Transaction Data: includes details of Congress, Meetings or Courses you have booked and details about payments made.
    • Financial Data: includes payment card details.
    • Professional information: such as your present and/or past profession, institution with which you are associated, and your main field(s) of practice, research, or study.
    • Submissions and speaking engagements: if you choose to submit an abstract for consideration, you will be asked for details including financial interests and the names of any co-authors. If you are invited to speak at an event, we may photograph, film, or otherwise record and use your name, likeness, image, voice, comments and any other material you provide to us.
    • Exams: when you apply to sit an ESCRS exam you will be asked to provide full application details, including a CV and letter of recommendation. We will also record your exam results and issue certificates where applicable.
    • Feedback, correspondence and surveys: any information you provide when you correspond with us, provide feedback to the Society, respond to surveys or make a complaint.
    • Marketing and communications preferences (including industry-sponsored communications): includes your preferences in receiving marketing from us and our third parties and your communication preferences. These may include newsletters, event promotions, and industry-sponsored updates.
    • Technical information: information collected automatically through our Site including technical information, such as your IP address, browser type and version, time zone setting, operating system, device type and model, and other technical identifiers that are needed to help us deliver the Site securely and effectively; usage information, such as the pages you visit, how you navigate through the Site, and the length of your visit; information collected through cookies, pixels and similar technologies (see section on Cookies and our Cookies Policy for more details).
    • Virtual event data: such as log-in details, metadata, uploaded content, or recordings created when you participate in online conferences.
    • Educational tools data: including your use of ESCRS Digital Platforms, CME progress, results, and (where enabled) updates to mentors.
    • Special category personal information: we do not routinely collect “special category” personal information (such as information about health, racial or ethnic origin, religious beliefs). However, such information may be collected, where you voluntarily provide it, for example to accommodate dietary preferences or accessibility needs.

      We also collect, use and share aggregated data such as statistical or demographic data which is not personal information as it does not directly (or indirectly) reveal your identity.

      It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during your relationship with us, for example a new mailing address or email address.

    • Performance of a contract with you: Where we need to perform the contract we are about to enter into or have entered into with you.
    • Legitimate interests: We may use your personal information where it is necessary to pursue our, or a third party’s, legitimate interests. We make sure we consider and balance any potential impact on you and your rights (both positive and negative) before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
    • Legal obligation: We may use your personal information where it is necessary for compliance with a legal obligation that we are subject to.
    • Consent: We rely on consent only where we have obtained your active agreement to use your personal information for a specified purpose, for example if you subscribe to an email newsletter.

      Purposes for which we will use your personal information:

      We set out below a description of all the ways we use the various categories of your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

      Category of Data Purpose / Use of the Data Legal Basis
      Personal and contact details (name, email, address, membership status, phone, date of birth) - Registering and managing membership records
      - Providing access to products/services
      - Sending event information, newsletters, Society updates      		 - Performance of a contract (membership/event registration)
      - Legitimate interests (keeping members informed, running Society efficiently)
      - Consent (for optional newsletters and sponsored communications)
      Transaction Data (bookings, payment details of events/courses) - Process event registrations, orders, and payments
      - Issue receipts and confirmations      		 - Performance of a contract
      - Legal obligation (financial/tax reporting)
      Financial Data (payment card details) - Collecting payments for membership, events, products - Performance of a contract
      - Legal obligation (e.g., tax, accounting rules)
      Professional Information (profession, institution, practice/research area) - Assess eligibility for membership and events
      - Manage professional engagement and recognition      		 - Performance of a contract
      - Legitimate interests (ensuring appropriate professional standards in the Society)
      Submissions & Speaking Engagements (abstracts, co-authors, financial interests; recordings of speakers) - Process abstracts and keep you updated on status
      - Organise speaking slots at events
      - Record, publish, and share presentations      		 - Performance of a contract (abstract submission, speaking agreement)
      - Legitimate interests (scientific exchange, event promotion)
      - Consent (where recording/distribution goes beyond legitimate expectations)
      Journal publishing data (member details, contributor details) - To administer access to the Journal of Cataract and Refractive Surgery and EuroTimes
      - To manage publishing arrangements with Wolters Kluwer and ASCRS
      - To share with the Audit Bureau of Circulation Limited for the purpose of verifying aggregated statistics about circulation and usage of our products      		 - Performance of a contract (membership benefit: journal and magazine access)
      - Legitimate interests (academic collaboration and publishing)
      Exams (CV, recommendation letters, results) - Assess eligibility and register candidates
      - Process payments
      - Record results and issue certificates      		 - Performance of a contract
      - Legitimate interests (ensuring examination integrity and accreditation)
      Feedback, Correspondence & Surveys - Respond to queries and complaints
      - Conduct surveys and gather views
      - Improve services and events      		 - Legitimate interests (service improvement and member engagement)
      - Consent (for optional surveys)
      Marketing and Communications Preferences (including industry-sponsored communications) - Send newsletters, event promotions, Society news, and industry-sponsored updates - Consent (marketing communications, especially industry-sponsored)
      - Legitimate interests (updates essential to membership/registration)
      Technical Information (IP, browser/device details, usage analytics, cookies) - Ensure secure and effective Site operation
      - Improve website performance and user experience
      - Provide virtual conferences and online platforms      		 - Legitimate interests (site functionality, service improvement)
      - Consent (cookies for non-essential tracking/analytics)
      Special Category Data (dietary/accessibility needs, health data) - Accommodate dietary requirements, accessibility, or other needs - Explicit consent (provided voluntarily by the user)
      Virtual Event Data (conference tool log-in details, metadata, uploaded content, recordings) - Provide virtual events and enable participation
      - Store and share session recordings and related materials      		 - Performance of a contract
      - Legitimate interests (ensuring smooth event delivery and access)
      - Consent (for recording distribution if not necessary to the service)
      Educational Tools (online learning activity, CME credits, mentor updates) - Track learning progress
      - Issue certificates and CME credits
      - Provide mentor updates (if enabled)      		 - Performance of a contract
      - Legitimate interests (maintaining professional development standards)
      Aggregated/Statistical Data (anonymised) - Research, reporting, and improving Society services - Not personal data (outside GDPR scope)

       

  4. How we use your personal information

    Legal basis:

    The law requires that there be a legal basis for the Society to process your personal information. In general, this will be one, or a combination, of the following:

  5. Marketing

    We may use the personal information we hold about you to tailor our marketing and make it more relevant to your interests.

    In most cases, we rely on our legitimate interests to process your personal information for marketing purposes. This means that we do not usually need your consent to send you marketing communications about Society activities and events, provided that you have not opted out.

    However, where consent is required under applicable law (for example, for certain types of electronic marketing or for industry-sponsored newsletters and updates), we will only send you marketing messages if we have your consent.

    You can opt out of receiving marketing communications, or withdraw your consent where given, at any time by contacting us using the details set out at the end of this Privacy Policy, or by clicking the ‘unsubscribe’ link in any of our marketing emails or email or other electronic messaging.

    For further information on your right to object at any time to your personal information being used for direct marketing, please see the section “Your rights” below.

  6. Email marketing and tracking

    When we send you marketing emails through our service provider, we may use technologies such as tracking pixels (also known as web beacons or clear GIFs). These are small image files which are embedded in our emails and allow us to understand whether you have opened an email, how you have interacted with it, and whether you have clicked on any links. This helps us measure the effectiveness of our campaigns and improve the content we send to you.

    We will only use tracking technologies in our marketing emails where we have your consent to do so. You can withdraw your consent at any time by using the unsubscribe link in our emails or email or other electronic messaging, or by contacting us using the details below.

  7. Who we share your personal information with

    We may share your personal information with the following:

    • ESCRS Trading Limited: we may disclose your personal information to our wholly-owned subsidiary company, ESCRS Trading Limited (ETL), insofar as reasonably necessary for the purposes and on the legal bases set out in this Privacy Policy. Where ETL processes such personal information, it does so in accordance with this Privacy Policy and applicable data protection laws.
    • Service providers: we rely on third-party service providers to perform a variety of services on our behalf, such as Congress and Exhibition registration and management, website hosting, virtual event management, electronic message delivery, payment processing, data analytics and research. Your information will only be shared with selected service providers, contracted by ESCRS, to the extent necessary for the purpose of providing our services to you. We do not allow our service providers to use your personal information for their own purposes and we require them to process your information only for specified purposes and in accordance with our instructions.
    • Exhibitors and Sponsors: we may share your personal information with exhibitors or sponsors where you have given your permission. This may occur, for example, where you indicate during event registration that you agree to your details being shared with exhibitors or sponsors, and/or where you attend an exhibition or industry-sponsored event at an ESCRS event and allow your badge to be scanned (for example, at an exhibitor’s booth or on entry to a sponsored event). This also applies in the context of virtual exhibitions. In each case, your consent enables the exhibitor or sponsor concerned to follow up with you directly. If you do not provide such consent, including by choosing not to allow your badge to be scanned, your personal information will not be shared.
    • EuroTimes: if you receive EuroTimes, we may share your personal information with third parties involved in the production, distribution and auditing of the publication. This includes sharing limited personal information with the Audit Bureau of Circulation Limited for the purpose of verifying aggregated statistics about circulation and usage, and with service providers responsible for printing and dispatching EuroTimes in order to deliver the publication to you.
    • Publisher and ASCRS: if you receive or contribute to the Journal of Cataract and Refractive Surgery, we may share your personal information with our publisher, Wolters Kluwer Health, Inc., and with the American Society of Cataract and Refractive Surgery (ASCRS) so that you can receive or access copies of the Journal of Cataract and Refractive Surgery. ESCRS and ASCRS act as independent controllers in relation to any shared personal data and each party is responsible for its own compliance with applicable data protection laws.
    • Professional advisors: our professional advisors (such as accountants, insurance brokers and lawyers) in which case the recipient of the information will be bound by confidentiality obligations.
    • As required by law: your personal information may be disclosed to law enforcement agencies, courts, tribunals and regulatory bodies where necessary to comply with our legal and regulatory obligations.

      We may also provide non-personally identifiable, aggregated information to other parties for marketing, advertising, or other uses. For example, we may disclose the total number of visits to our Site. This information does not identify any individual and therefore falls outside the scope of data protection law.

  8. Keeping your information secure

    We are committed to protecting your personal information. We use a combination of technical, organisational, and procedural measures designed to keep your information safe and to prevent it from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed unlawfully.

    We use a secure server so that all supplied sensitive/payment information is transmitted via Secure Socket Layer (SSL) technology and then encrypted into the database of our payment processing providers. We do not see or store your full card details when you make an online transaction. 

    Where we engage third parties to process personal information on our behalf, we carry out checks and put in place contracts requiring them to keep your information secure and to use it only in accordance with our instructions and the law.

    Although we take appropriate steps to protect your personal information, no method of transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security, but we regularly review and update our security measures to provide appropriate protection for your information.

  9. How long we keep your information

    We will only retain your personal information for as long as reasonably necessary to fulfil the purposes we collected it for, to administer the charity in an effective manner and to comply with our statutory obligations.

    The data retention periods we use are set out in a data retention policy which is reviewed and updated from time to time, taking into account the amount, nature and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information, as well as the applicable legal, regulatory, tax, accounting or other requirements.

    In some circumstances we will anonymise your personal information (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.

  10. Transferring your information out of the UK

    The personal information we collect may be transferred to, and stored in, countries outside the UK and the European Economic Area (EEA). In particular, certain personal information is transferred to the American Society of Cataract and Refractive Surgery (ASCRS) in the United States in connection with the joint administration of the Journal of Cataract and Refractive Surgery.

    Where we transfer your personal information to a country that is not approved by UK regulations or EU adequacy rulings, we will ensure that appropriate safeguards are in place to protect it. These may include:

    • Standard Contractual Clauses (SCCs) adopted or approved by the European Commission or the UK government (as applicable), often together with the UK Addendum; and/or
    • other appropriate safeguards recognised under data protection law.

    We will also ensure that any such transfer complies with other applicable legal requirements.

    If you would like more information about the safeguards we use when transferring your personal information outside the UK/EEA, please contact us using the details provided at the end of this Privacy Policy.

  11. Your rights

    In accordance with data protection laws, you have the following rights in relation to the personal information we hold about you:

    • Right of access: You can request access to the personal information we hold about you. We will carry out reasonable and proportionate searches to locate this information and provide you with a copy, subject to legal exemptions.
    • Right to data portability: In certain circumstances, you can ask to receive the personal information you have provided to us in a structured, commonly used, machine-readable format, or request that we transfer it directly to another organisation.
    • Right to rectification: You can ask us to correct or complete any inaccurate or incomplete personal information we hold about you.
    • Right to erasure (also known as the “right to be forgotten”):  In some circumstances, you can ask us to delete your personal information, for example where it is no longer needed for the purpose it was collected.
    • Right to restriction of processing In some circumstances, you can ask us to restrict how we use your personal information (for example, where the accuracy of the data is contested).
    • Right to object You can object to our processing of your personal information where we are relying on our legitimate interests (or those of a third party). You can also object to receiving marketing communications at any time by clicking the “unsubscribe” link in our emails or email or other electronic messaging or by contacting us using the details below.
    • Right to withdraw consent If we rely on your consent to process your personal information, you may withdraw that consent at any time.

    These rights are not absolute: there may be legal or regulatory reasons why we cannot fully comply with your request. Where this is the case, we will explain why.

    If you wish to exercise any of these rights, please send a written request to escrs@ESCRS.org.

  12. Community forums and online tools

    You must not disclose any personal information when using ESCRS online services such as forums, calculators, or other interactive tools. In particular, the posting of any sensitive data (including medical data) that could identify a natural person is strictly prohibited.

  13. Links to third party sites

    Our website(s) and communications may, from time to time, direct you to third party sites and services, including those of other societies, advertisers, news publications, partners and affiliates. If you follow a link to any of these websites, please note that ESCRS does not control these third parties or their privacy practices, even when we facilitate your interaction with them. We do not accept any responsibility or liability for these third-party policies. We advise you to review the privacy policies of any third-party services before submitting any information to understand how they handle your data.

  14. Cookies

    Our Site uses cookies and similar technologies. A cookie is a small text file that is placed on your device when you visit our Site. For detailed information about the cookies we use, the purposes for which we use them, and how you can manage your cookie settings, please see our Cookies Policy.

  15. How to complain

    Please contact us if you have any queries or concerns about our use of your information (see below ‘How to contact us’). We hope we will be able to resolve any issues you may have.

    If you believe we have misused your personal information or breached applicable data protection laws, we will investigate and inform you of the outcome within a reasonable timeframe.

    If you are located in the United Kingdom, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK’s data protection regulator. The ICO can be contacted at www.ico.org.uk or by telephone: 0303 123 1113.

    If you are located in the European Economic Area (EEA), you may lodge a complaint with your local supervisory authority for data protection. A list of EEA authorities and their contact details is available here:

    https://edpb.europa.eu/about-edpb/about-edpb/members_en 

  16. Changes to this policy

    We may change this Privacy Policy from time to time and so you should review this page periodically. When we change this Privacy Policy in a material way, we will update the "last modified" date at the end of this Privacy Policy. Changes to this Privacy Policy are effective when they are posted on this page.

  17. How to contact us

    If you have any questions, comments and requests regarding this Privacy Policy, you can contact us:

    ESCRS c/o MCI UK Ltd
    Building 4000, Langstone Park
    Langstone Road
    Havant PO9 1SA
    United Kingdom

    Phone: +44 (0)1730 715 212

    Email: escrs@ESCRS.org

For individuals in the European Union, ESCRS has appointed an EU representative in accordance with Article 27 GDPR. Our EU representative is MCI Benelux SA, Avenue des Arts 47, 1000 Brussels, Belgium.

Email: mariska.vanderveen@wearemci.com 

You may contact our EU representative on all issues related to the processing of your personal information under the EU GDPR.

 

This Privacy Policy was last modified on 15 January 2026.