Privacy Policy

Introduction: This Privacy Policy explains how MB Keyz study (referred to as “we”, “us”, or “our”) collects, uses, and protects your personal data when you use our Sports Medicine Conference website and services. We are committed to safeguarding your privacy in compliance with the EU General Data Protection Regulation (GDPR) and applicable Lithuanian data protection laws (such as the Law on Legal Protection of Personal Data of the Republic of Lithuania). By registering for our conference or purchasing a ticket, you agree to the collection and use of your information as outlined in this policy.

Data Controller: The data controller responsible for your personal data is MB Keyz study, a company registered in the Republic of Lithuania. If you have any questions about your data, you can contact us using the details provided at the end of this policy.

Personal Data We Collect

We only collect personal information that is necessary for organizing the conference, processing ticket purchases, and providing our services to you. This may include:

  • Contact Details: Your first name, last name, email address, phone number, and country of residence (for communication and ticket registration purposes).
  • Payment Information: When you purchase a ticket, payment details (such as credit card or bank account information) are handled by our third-party payment processor. We do not collect or store your full payment card numbers or bank credentials on our servers – these are processed securely by our payment partner Montonio.
  • Ticket and Event Information: Information related to your ticket purchase, such as ticket type, purchase date, and any attendance preferences (if applicable).
  • Transactional Data: Records of payments and confirmations (e.g. transaction ID, amount, payment status) which are needed for accounting and to confirm your purchase.
  • Communications: If you contact us or provide feedback, we may keep a record of that correspondence.

We do not collect any sensitive personal data (such as health information, etc.) as part of the ticket purchase process, except as required for processing payments or if you voluntarily provide it to us for specific purposes.

How We Use Your Data

We will use your personal data only for legitimate purposes in connection with the conference and our services, including:

  • Ticket Purchase & Service Delivery: To process your ticket order and payment, register you for the conference, and provide you with entry to the event (performance of a contract with you).
  • Communication: To send you important announcements about the event (e.g. confirmation emails, tickets, event updates, schedule changes) and to respond to your inquiries or support requests. We may also use your contact information to send you reminders or useful information before the event.
  • Payment Processing: Your payment details are used to charge for the conference tickets. Payments on our site are processed by UAB Montonio Finance, a secure third-party payment service provider licensed by the Bank of Lithuania. Montonio processes your payment (via credit card or bank transfer) on our behalf. We do not personally store or see your bank or card numbers; these are handled by Montonio in a secure manner. Montonio may collect certain personal data (e.g. your name and payment account details) to complete the transaction, and such data is processed under Montonio’s privacy policy and applicable financial regulations.
  • Legal Obligations: To comply with legal and accounting requirements. For example, we may use and retain transaction records and personal details on invoices for taxation, financial reporting, and auditing as required by Lithuanian law.
  • Security and Fraud Prevention: To protect our website, services, and you as a user. We may process data to verify transactions and prevent fraudulent purchases or misuse of our services (our legitimate interest in maintaining security).

We will not use your personal data for any purposes incompatible with the above. Specifically, we do not sell, rent, or share your personal information for marketing outside of MB Keyz study. If we ever plan to use your data for direct marketing (e.g. to inform you about future conferences or related educational events), we will obtain your consent where required, or provide you an easy opt-out option.

Legal Bases for Processing

Under GDPR, we process your personal data on one or more of the following legal bases:

  • Performance of a Contract: Most data we collect (name, contact, etc.) is processed because it is necessary to fulfill our contract with you – i.e. to provide the conference ticket and allow you to attend the event.
  • Legal Obligation: Some data processing is required for us to comply with laws (for example, retaining transaction records for accounting and tax compliance).
  • Legitimate Interests: We may process certain data for our legitimate business interests, such as ensuring the security of our website, preventing fraud, or improving our services – but only where these interests are not overridden by your rights and freedoms. For instance, using your email to send event updates or minor changes is in our legitimate interest to ensure a good attendee experience.
  • Consent: If we ever ask for information or use that requires consent (for example, subscribing to an optional newsletter), we will specifically ask for your consent, and you can withdraw consent at any time. (Note: Purchasing a ticket and providing personal data for that is generally not based on consent but on contract necessity.)

Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not disclose or share your data with third parties except in the following circumstances:

  • Service Providers: We share necessary information with trusted third-party service providers that help us run our business. This includes payment processing by Montonio as mentioned (Montonio will receive your payment details to process the transaction). UAB Montonio Finance is a licensed payment institution in Lithuania (License No. LB002007, issued by the Bank of Lithuania), and they are bound by strict data protection and financial laws. We may also share data with our website hosting provider or IT support services that ensure the website operates securely. In all cases, these service providers only get the information necessary to perform their functions, and they must handle your data in compliance with privacy laws and our instructions (they act as data processors on our behalf).
  • Event Partners: If the conference involves partners or co-organizers, we will only share attendee information with them if it is necessary for organizing the event (for example, if an event co-organizer needs to verify registrations at the venue). Any such partners will also be required to protect your data. (At present, MB Keyz study is the primary organizer; we will update this policy if any data sharing with co-organizers or sponsors is anticipated.)
  • Legal Requirements: We may disclose your information if required by law or valid legal process. For instance, if government authorities or regulators (e.g. tax authorities or law enforcement) lawfully require access to certain records, or if needed to establish, exercise, or defend legal claims. We will only release the data to the extent necessary and in accordance with applicable laws.
  • Business Transfers: In the unlikely event that our organization undergoes a major business transaction (such as a merger, reorganization, or transfer of assets related to the conference), personal data might be part of that process. If so, we will ensure the confidentiality of your personal data and provide notice before any data is transferred and becomes subject to a different privacy policy.

Importantly, we do not share your personal data with any third parties for their own marketing purposes.

We also do not transfer your personal data outside the European Union/European Economic Area (EU/EEA). All our main service providers (including our web host and Montonio) are EU-based, so your data remains within jurisdictions covered by EU data protection laws. In the event we need to transfer data outside the EEA (for example, using an international service provider), we will ensure appropriate safeguards (such as Standard Contractual Clauses) are in place and update this policy accordingly. (Currently, there are no such transfers.)

Data Retention

We will retain your personal data only for as long as necessary to fulfill the purposes outlined in this policy or to meet legal requirements. This means:

  • Registration and Ticket Data: Information you provide when buying a ticket (name, contact info, etc.) will be kept until the conference event has concluded and for a reasonable period thereafter. This allows us to handle any post-event issues (such as providing attendance certificates, addressing complaints, or processing permitted refunds).
  • Financial/Transaction Records: We are required by Lithuanian law to retain certain transactional data (invoices, payment records, etc.) for a longer period (such as 5-10 years depending on accounting regulations) for tax and financial auditing purposes. During this period, your data will be stored securely and only used if necessary for those compliance reasons.
  • Communications: Any communications or support emails you send us may be kept for up to 1-2 years to help us manage any follow-up issues or improve our services.
  • Marketing Data: If you have opted in to receive future updates about our events (e.g. a newsletter), we will retain your contact details for that purpose until you unsubscribe or withdraw consent. If you do not opt in, we will not retain your details for marketing after the conference beyond what’s necessary.
  • Web Analytics/Cookies: If our website uses cookies or analytics, any data collected via cookies is typically kept only as long as necessary for the function (and subject to our Cookie Policy). [See Cookies section below.]

After the applicable retention period ends, or upon your valid request, we will either securely delete or anonymize your personal data so that it can no longer be linked to you.

Your Rights Under GDPR

As an individual in the EU (or otherwise under GDPR protection), you have the following rights regarding your personal data that we hold:

  • Right of Access: You have the right to request a copy of the personal data we hold about you and to obtain information about how we process it.
  • Right to Rectification: If any of your information is incorrect or incomplete, you have the right to have it corrected or updated.
  • Right to Erasure: You can request that we delete your personal data if it is no longer necessary for the purposes collected, or if you believe it is being processed unlawfully. This is sometimes called the “right to be forgotten”. Please note, for legal or contractual reasons (e.g. financial records), we might not be able to delete certain data immediately, but we will inform you if that is the case.
  • Right to Restrict Processing: You can ask us to pause or restrict the processing of your data in certain circumstances – for example, if you contest the accuracy of the data or object to our processing, we will restrict use while your request is being reviewed.
  • Right to Data Portability: For data you provided to us and which we process by automated means based on your consent or contract, you have the right to request a copy in a structured, commonly used, machine-readable format (e.g. CSV file) and/or to have that data transmitted to another service provider where technically feasible.
  • Right to Object: You have the right to object to certain processing activities. For instance, if we were to process your data for direct marketing, you can object and we will stop such processing. You can also object if you feel our processing is not justified by our legitimate interests, and we will re-evaluate our grounds.
  • Right not to be subject to Automated Decisions: We do not use your personal data for any fully automated decision-making that has legal or similarly significant effects. In the event we ever implement automated decision systems, you would have the right to human intervention and to contest the decision.
  • Right to Withdraw Consent: If we process any of your data based on your consent, you have the right to withdraw that consent at any time. For example, if you consented to receive a newsletter, you can unsubscribe at any time (withdrawal will not affect the lawfulness of processing done before you withdrew).

To exercise any of these rights, please contact us at the email or address provided in the “Contact Us” section below. We will respond to your request within the timeframes required by law (generally within one month, extendable by another two months for complex requests). We may need to verify your identity to ensure we do not disclose data to the wrong person, so please be prepared to provide reasonable identification information. Exercising your rights is free of charge, except in rare cases of excessive or unfounded requests, where we might charge a reasonable administrative fee as allowed by law.

Data Security

We take data security seriously and implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data transmissions (our website is secured via HTTPS/TLS), access controls to databases, and limiting access to personal data only to those in our team or partners who need it for the purposes described. We also ensure that our third-party service providers (like Montonio and web hosting) employ industry-standard security practices.

Please note that while we strive to protect your data, no method of electronic storage or internet transmission is 100% secure. However, we continually update and monitor our security practices to mitigate risks. If we detect any personal data breach that poses a high risk to your rights (for example, a cybersecurity incident resulting in loss or theft of your personal data), we will inform both you and the relevant authorities as required by law.

Cookies and Tracking Technologies

Our conference website may use “cookies” and similar technologies to enhance user experience and gather information about usage of our site. Cookies are small data files stored on your browser. For example, we might use cookies to remember your language preferences or to keep you logged in to your account, or to collect anonymous analytics about how many people visited a page. We do not use cookies to identify you for advertising purposes. You will be prompted to consent to non-essential cookies where required. You can also set your browser to refuse cookies or alert you when cookies are being used. For more details, please see our Cookie Policy (if available) or contact us with any questions about our use of cookies.

(Note: If a separate Cookie Policy page exists on the site, we would refer to it here. If not, the above gives a general disclosure.)

Children’s Privacy

Our services and conference are generally aimed at adult professionals or students in the field of sports medicine and physiotherapy. We do not knowingly collect personal data from children under the age of 16. If you are under 16, you should not register on our site or provide any personal information without verifiable parental consent. If we learn that we have inadvertently collected personal data from a child under 16 without proper consent, we will delete that information as soon as possible. Parents or guardians who believe their child may have provided us data can contact us to request deletion.

Updates to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for legal reasons. When we make changes, we will revise the “last updated” date at the bottom of this policy. If changes are significant, we may also notify you directly (for example by email, if you have an account or via a notice on our website). We encourage you to review this policy periodically to stay informed about how we are protecting your information.

Your continued use of our website or services after any modifications to this Privacy Policy will constitute your acknowledgment of the changes and consent to abide by the updated policy.

Contact Us and Complaints

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us at:

MB Keyz study

Email: info@skima.academy
Address: Vilnius, T. Vrublevskio g. 4-9
Phone: +37061867325

We will do our best to address and resolve any issues or concerns you have about your privacy. If you feel that we have not adequately dealt with your data protection question or request, you have the right to lodge a complaint with a supervisory authority.

In Lithuania, the supervisory authority for data protection is the State Data Protection Inspectorate (SDPI). You have the right to contact the SDPI if you believe your personal data has been handled improperly. The SDPI’s contact details are: State Data Protection Inspectorate, L. Sapiegos str. 17, 10312 Vilnius, Lithuania, email: ada@ada.lt.

If you reside in another EU country, you may also contact your local Data Protection Authority. We would, however, appreciate the chance to address your concerns before you approach a DPA, so please consider reaching out to us first.

Last updated: 2025-10-09