Data protection

GHM attaches great importance to the protection of privacy and observes the statutory data protection regulations. In the following, we would like to explain how we handle your personal data.

This privacy policy applies to all websites operated by GHM and the associated processes and services.

Which data is processed in detail and how it is used depends largely on the services requested or agreed and the GHM websites visited. Therefore, not all parts of this information will apply to you. Details are provided for each individual processing activity.

1. Information on data security

We only handle personal data to the extent that this is possible in accordance with data protection regulations. We endeavour to take all necessary technical and organisational security measures and implement these in order to protect your personal data appropriately against unauthorised access and misuse at all times.

Insofar as we store and process personal data, this takes place within our own data centre or on servers of service providers commissioned by us. To protect the security of your data during transmission, we use encryption methods (e.g. SSL) via HTTPS. Our servers are protected by a firewall and virus protection. Back-up as well as role and authorisation concepts are a matter of course for us. Our service providers guarantee us the same, which is described and documented in the concluded order processing agreements.

Our employees are obliged to comply with data protection regulations and all relevant laws and internal guidelines when handling personal data.

Information on links used

The GHM website contains links or connections to other websites. These direct links are checked by us with reasonable care. GHM is not responsible for the content of websites to which we link. GHM is also not responsible for the content of websites that refer to us.

2. Who is the controller within the meaning of Art. 4 No. 1 GDPR?

The controller within the meaning of data protection law for our websites is

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5
81829 Munich Germany
T +49 (0)89 189 149-0
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

Management:
Dieter Dohr (Chairman of the Management Board)
Klaus Plaschka
Commercial Register Munich HRB 40217
VAT identification number: DE 129358691

If you have any questions about data protection in connection with our services and the use of our website, you can also contact our data protection officer at any time. He can be contacted at the above postal address and by e-mail at
Address datenschutz@ghm.de with the keyword: “For the attention of the data protection officer”.

3. What data protection rights do you have?

Every data subject has the right to

Information in accordance with Article 15 GDPR
The right to rectification in accordance with Article 16 GDPR
The right to erasure in accordance with Article 17 GDPR
The right to restriction of processing in accordance with Article 18 GDPR
The right to object under Article 21 GDPR and
The right to data portability under Article 20 GDPR.

You can withdraw your consent to the processing of personal data at any time. Please note that the revocation is only effective for the future. Processing that took place before the revocation is not affected.

In addition, you have the right to lodge a complaint with a competent data protection supervisory authority (Article 77 GDPR in conjunction with Section 19 BDSG). A list of supervisory authorities (for the non-public sector) with addresses can be found
at: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html

3.1. Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR)

In the following, we inform you about your right to object, to which you are legally entitled. Nevertheless, we make separate reference to the right to object in individual cases and situations in connection with the process descriptions.

You have the right t o object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which i s based on Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests); this also applies to profiling based on this provision within the meaning of Article 4(4) GDPR. GHM makes separate reference to your right to object in the course of this privacy policy for each procedure described.

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing. processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

Recipient of a cancellation

The revocation can be made informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5
81829 Munich Germany
F +49 (0)89 189 149-239
E-Mail datenschutz@ghm.de

4. Which processing activities are carried out?

In the following section, we set out the procedures that GHM uses to communicate with exhibitors, visitors and other event participants, as well as with service partners and other stakeholders, in order to organise trade fairs, special shows and digital or hybrid events.

This privacy policy describes all procedures and individual activities that are applied depending on the event. In each case, the purpose and legal basis, the categories of personal data processed, the form of provision, possible recipients and the possible storage period as well as the possibility of objection are discussed.

4.1 Calling up our website

Purpose, categories of data, legal basis

When you access our website, for technical reasons your terminal device automatically transmits data to GHM, which stores it for security purposes:

Date, time and duration of your visit to our website
IP number assigned to you by your Internet provider
the selected website
the user tool (i.e. web browser, operating system) with which you accessed the website
the action carried out on our website
the search term used in the search engines and in the site search as well as the search result
whether the access was successful or not
retrieved information incl. downloads
which server you came from and the website from which you came to the current website
Files that you have downloaded from our site (e.g. PDF or Word documents)

This data is stored solely for technical reasons and is not assigned to a specific person at any time.

The data is stored temporarily in the log files of our system. Log files are used to store short-term connection information, in particular in order to be able to react to anomalies such as attacks on websites and servers with the help of stored information. This data is not stored together with other personal data of the user. The processing takes place on the legal basis of Art. 6 para. 1 sentence 1 lit. f GDPR. The handling of your personal data for the provision of this website and for communication via this website is based on our legitimate interest, Art. 6 para. 1 sentence 1 lit. f) GDPR. In order to provide this website, it is technically necessary for us to process certain personal data (e.g. B. the IP address). For your communication with us, it is necessary that we handle the respective personal data.

As part of the necessary balancing of interests, we have weighed up your interest in the respective confidentiality of your personal data and our interests in providing this website and contacting you. Your interest in confidentiality takes second place in both cases.
Otherwise, we would not be able to provide you with this website or respond to your contact request.

Recipient of the data

We host your data on servers in Germany. For this purpose, we use technical service providers with whom we have concluded order processing agreements for the operation and maintenance of our website.

Storage duration

The data is deleted immediately after the end of use of the website (end of session), as there is no legal basis for further storage. Personal data is deleted at the same time as the end of use of the website.

There is only a legal basis for further use (storage) if this is necessary to ensure the integrity, confidentiality and availability of our websites in the event of incorrect login attempts.
However, we will delete personal data immediately after all errors have been corrected.

Provision prescribed or required

The provision of your personal data is voluntary when you visit our website. However, the provision of the aforementioned personal data is neither legally nor contractually required. Without the IP address, however, the service and functionality of our website cannot be guaranteed.

Contradiction

You have the right to object at any time to the processing of personal data concerning you that is carried out on the basis of Article 6(1)(f) GDPR (data processing on the basis of a balancing of interests).

If you object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the establishment, exercise or defence of legal claims.

The objection can be made informally with the subject “Objection”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.2 Registration as an exhibitor (application)

Purpose, categories of data and legal basis

In the following, we describe which personal data we collect and for which purposes we use it when you use our exhibitor portal to register for or contact a trade fair.

To take part in a trade fair, you must register with us via the trade fair website.

If you register with us as an exhibitor, a customer account will be created for you. With the data stored in your customer account, you can use other trade fair services or (more easily) register for other services. Mandatory details for registration are gender, title, first and last name, company, address, e-mail and telephone number.

In order to create a qualified exhibitor profile and to be able to communicate with you accordingly, we require additional information:

Position in the company
Country
Time zone

Before saving, you consent to us processing your data and passing it on to authorised GHM service providers. These are in a contractual relationship with us. We have concluded order processing agreements with commissioned service providers.

Immediately after saving your details, we will send you a dial-in link to the trade fair’s exhibitor portal. You can complete your details with a self-generated password. The data will be used for the mandatory use of the exhibitor portal.

Further information is voluntary. In order to prove that your company is an exhibition organiser, further data on the company and/or the exhibits will be collected and suitable proof may be requested. In this context, the processing of further personal information, e.g. further responsible contact persons or company representatives, is necessary. If you register with different e-mail addresses, several customer accounts will be created for you.

The data you provide us with will be used to fulfil your requests (e.g. to register an exhibition stand or co-exhibitor(s)) and to process your orders (e.g. order security, cleaning). If necessary, we will pass on your data to our service partners to process your orders.

The legal basis for these processing activities is Art. 6 para. 1 sentence 1 lit. f GDPR.

Use of your data

The data you provide will be used by us for exhibitor communication (exhibitor information), for marketing purposes (e-mail campaigns, e.g. notification of the new registration start date) and for billing purposes as well as for the organisation of the trade fair by GHM or its service partners.

If all the requirements of the exemption provision of Section 7 (3) UWG are met, the legal basis for sending the visitor mailing as a result of your visitor registration is Art. 6 (1) (f) GDPR.

You can object to receiving marketing communications by email at any time. This can be done by sending an e-mail to datenschutz@ghm.de or by clicking on the corresponding link at the end of each e-mail.

This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de.

Recipients of the data

GHM will only pass on your collected data to commissioned service providers
(processors) and service partners who have a contractual relationship with GHM within the meaning of the GDPR.

In addition, we only pass on your data to third parties if we are legally obliged to do so, e.g. to law enforcement authorities or in the prosecution of legal offences.

Storage duration

Your data will only be used by GHM or our partners for the purpose of the respective trade fair. Of course, GHM will delete your data if the purpose of use no longer requires it or if contractual regulations with our customers or legal deadlines (retention period) no longer exist. The purpose of use ends with the completion of all follow-up work following a trade fair, usually no later than three months after the trade fair. In any case, GHM or our partners will only process data in this context as long as you have given your consent.

Provision prescribed or required

The provision of your personal data is voluntary. It is required in order to register as an exhibitor in our portal and to complete the registration process.

Revocation of consent

You can revoke your consent to participate in customer surveys at any time in the future.

The cancellation can be made informally with the subject “Objection” or “Cancellation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.3 E-mail contact form/recording and registration of additional trade fair services

Purpose, categories of data and legal basis

The personal data you enter in the contact form on the respective website or by contacting us by e-mail will be stored and processed by us for the purpose of individual communication with you. This includes your first and last name, address, company, e-mail address, telephone number and fax number.

This data is processed on the basis of a legitimate interest in accordance with Art. 6 para. 1 sentence 1 lit. f GDPR.

Our interest is to make it easy for you to contact us. The information you provide will be processed for the purpose of handling your enquiry and for possible follow-up questions.

At some of our trade fairs, you can also register as a non-registered participant for additional trade fair services, such as a (trade fair) guided tour or a seminar offered as part of the trade fair.

The legal basis for the storage of your data for the additional services described above is Art. 6 para. 1 sentence 1 lit b GDPR.

If a third party organiser of the additional services concludes its own contract with you, we will only forward the data to this third party with your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR (see also “Recipients of the data”).

Recipient of the data

Service providers who support us in the processing of your data (order processing)

Storage duration

Your data will be processed by GHM for the purpose of answering your enquiry or processing the additional service. Of course, GHM will delete your data if the purpose of use no longer requires it or if contractual regulations with our customers or legal deadlines (retention period) no longer exist.

The intended use ends with the completion of all follow-up work following a trade fair, usually three months after the trade fair. In any case, GHM or our partners will only process data in this context as long as the corresponding consent has been given.

Provision prescribed or required

The provision of your personal data is voluntary. However, we can only process your enquiry if you provide us with your data and the reason for the enquiry.

Objection and revocation of consent

You have the right to object to the processing of your requests in accordance with Art. 6 para. 1 sentence 1 lit. f DSGVO (i.e. not for bookings of additional services, as we must store your data for this purpose in accordance with Art. 6 Para. 1 S.1 lit. b DSGVO). You can find information on this here:

Information about your right to object in accordance with Article 21 of the General Data Protection Regulation (GDPR).

If you have consented to us forwarding your data to third party organisers for the purpose of concluding your own contract when registering for additional services, you can revoke this consent for the future. The objection can be made informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.4 Registrations

The following section deals with the procedures “Online purchase of a trade fair admission ticket” and “Redeeming a voucher”. By registering, both procedures imply consent to receive information as part of visitor mailings (campaigns).

Purpose, categories of data, legal basis

If you wish to purchase a ticket in advance (PDF ticket), your contact details (first name, surname, company, department, address, e-mail address) and credit card information will be required and processed.

The processing of the data entered by you during registration takes place for the conclusion of the ticket purchase and related pre-contractual measures in accordance with Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of your data for marketing purposes / visitor mailings

We use your contact details after visitor registration has been completed to inform you about similar events by email and for marketing and optimisation purposes that enable us to offer you better services and customer service and to further optimise our offers (visitor mailing). This is done on the basis of Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.

You can object to receiving the visitor mailing at any time. This can be done by sending an e-mail to datenschutz@ghm.de or by clicking on the corresponding link at the end of the visitor mailing.

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

For the forwarding of visitor/buyer data to exhibitors, please see. When purchasing tickets, it is possible to pay with a voucher code from an exhibitor. This voucher enables buyers to acquire a free ticket. When the voucher is redeemed, the following data is collected in addition to the personal data required when purchasing a ticket: Voucher code This personal data and the personal data collected when the ticket is purchased will be forwarded to the exhibitors whose voucher has been redeemed for statistical purposes. The legal basis for your data processing is consent pursuant to Art. 6 para. 1 lit. a GDPR. This is obtained when the voucher is redeemed/ticket is purchased. The exhibitor is independently responsible for further data processing by the respective exhibitor.
We would like to point out that some exhibitors are located outside the EU in a third country. By using the voucher and consenting to the forwarding of your data to the exhibitors, you agree to the possible transfer of data to third countries. If the voucher is also used to pay for other or additional visitors as part of the booking, the data of the other visitors will also be transmitted to the respective exhibitor who issued the voucher or made available in a portal. This would include the following personal data:
Master data (if applicable, salutation and title (optional), first name, surname),
e- mail address (however, the buyer’s e-mail address can also be entered here), if applicable, company, position in the company, address (street, house number, postcode, city, country),
The legal basis for forwarding the data of other visitors who have not booked independently to the respective exhibitor is Art. 6 para. 1 lit. a GDPR.
Exhibitors are free to use a “lead management” process at our trade fairs to scan their visitor badge or business card. This scanning process is basically voluntary for you, unless there is an official requirement. Only when your visitor badge is scanned does the exhibitor receive direct access to your data from the registration. It is important to note that no bank account or credit card details will be passed on. Only the data you provided during registration (structural data) will be made available. To ensure that not every barcode reader can read your data, special software is also provided in conjunction with the reading of your visitor badge.
For events that are only accessible to a closed group of trade visitors, GHM requires the necessary contact and structural data to determine your trade visitor status. The company SIX Payment Service (Europe S.A.) or American Express handles the secure processing of electronic payment transactions by credit card. Payments with PayPal. Your credit card information or bank details will not be transmitted to GHM and will therefore not be stored by GHM.
As part of its comprehensive services, GHM also utilises other service providers within the European Union, e.g. for the maintenance and administration of the data processing system or the servers.
We use a German service provider with whom we have concluded an order processing contract to send the visitor mailing.
Due to the highly international nature of our trade fair events, data (particularly in connection with the use of vouchers) is transmitted to the foreign representatives of GHM in cooperation with Messe München, as well as to exhibitors from countries outside the EU and the EEA, in order to cover the costs for trade fair visitors from the respective country. A list of foreign representatives can be found here

GHM does not pass on any other information to third parties, such as information voluntarily provided on focal points of interest. Personal data will only be transmitted to state institutions and authorities within the scope of legal or judicial obligations.

Data security

GHM and contracted service providers use state-of-the-art data processing techniques to ensure data security. Your data is stored in a visitor database at an external service provider.

The security of your data and transactions is a top priority at GHM. We therefore encrypt all information transmitted during a session using SSL encryption.

Storage duration

Your data will be used by GHM to issue a ticket and to advertise our events as part of visitor mailings. Of course, GHM will delete or block your data if the purpose of use no longer requires it, if you have objected to the processing, or if contractual regulations with our customers or legal deadlines (retention periods) no longer exist. If you have objected to the processing, we will block your data to ensure that we do not send you any further visitor mailings.

Provision prescribed or required

The provision of your personal data is always voluntary, unless there is an official requirement. It is required in order to complete online registration of the ticket.

Revocation

You can cancel the receipt of visitor mailings at any time.

Please inform us of your cancellation informally with the subject “Objection” or
“Cancellation”, stating your name, address and e-mail address, and send it to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

Alternatively, you can use the link provided in every visitor mailing to unsubscribe.

4.5 Online list of exhibitors

Purpose, categories of data and legal basis

In the following, we describe which personal data we collect and for which purposes we use it if you use our exhibitor directory.

You have the opportunity to register as an exhibitor via our trade fair website. As part of the registration process, you will be asked to provide the necessary information about your company. This includes company and company contact information such as

Title, salutation
First name, surname
Gender
Telephone number/fax
E-mail address
Company/Company
Position
Postcode, town, street (full address)
Country
Time zone

For the processing of personal data in connection with your registration as an exhibitor, the relevant data protection information from the current Conditions of Participation and the trade fair media of our trade fairs apply. These can be viewed at any time.

If you have registered as an exhibitor, we will create or use new or existing customer accounts and publish the content of your company profile already known to us (e.g. company name, address, contact details, contact person) as well as other company details (e.g. name, address, contact details) in the online exhibitor directory. product category). If necessary, we will request customer data again. If you log in or register with different e-mail addresses, several customer accounts will be created for you. All content changed or added by the exhibitor via the exhibitor portal will also be made publicly visible to everyone.

Part of the online exhibitor directory for some of our trade fairs is the hall plan, which is generated from the order processing software and published on the trade fair website in addition to the exhibitor profile. Or other fee-based media services commissioned by you.

The legal basis for these processing activities, which are carried out exclusively on the basis and for the fulfillment of concluded and valid contracts, is Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of your data for marketing purposes

We use the contact details you provide when you register to inform you about the respective event or similar services and events by e-mail (exhibitor information).

The legal basis for our contacting you by email following your exhibitor registration is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. You can object to receiving promotional communications by email at any time. This can be done by sending an e-mail to datenschutz@ghm.de or by using the links at the end of every e-mail we send.

GHM will use your data, if you have registered as an exhibitor, to contact you by e-mail to ask you to participate voluntarily in customer surveys and to contact you by telephone or fax for advertising purposes, subject to your express consent, which you give us when you register. This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de.

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

The online exhibitor directory is provided by an external service provider in Europe, which processes the data you enter for this purpose. An order processing contract has been concluded between the service provider and GHM in accordance with Art. 28 GDPR.

The service provider processes personal data exclusively to provide the commissioned services for the operation of the online exhibitor directory and not for its own purposes. The web analysis, tracking and remarketing tools used by the service provider are carried out on our instructions.

In addition, we only pass on your data in individual cases – if we are legally obliged to do so – to third parties who use the data on their own responsibility: Financial and tax authorities, police and investigating authorities (with existing legal basis), official reporting centres (if transmission is required by law), insurance companies, banks and credit institutions (payment processing), market partners, sales representatives, auditors, lawyers, auditors or similar third parties.

Storage duration

Your data will only be used by GHM or our service provider for the purpose of using the online exhibitor directory. Of course, GHM will delete your data if the purpose of use no longer requires further use or if contractual regulations with our customers object to further use or if there are no longer any legal deadlines for data storage. Your data will not be stored for longer than four weeks following a request for deletion.

Provision prescribed or required

The provision of your personal data is voluntary. It is required in order to register as an exhibitor in our exhibitor portals, to make further bookings and be listed in the online exhibitor directory.

Revocation of consent

You can revoke your consent to participate in customer surveys at any time in the future. Please inform us of your cancellation informally with the subject line “Objection” or “Cancellation”, stating your name, address and e-mail address, and send it to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
T +49 (0) 89 189 149-0
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.6 Trade fair media and other media services: marketing and booking processing

Purpose, categories of data and legal basis

In the following, we describe which personal data we collect and for which purposes we use this data if you are our exhibitor.

For further advice and processing of your entry in the trade fair media and for other media services, you will be contacted by third parties as part of your registration. The data provided in the registration form will be used to contact you:

Title, salutation
First name, surname
Telephone number/fax
E-mail address
Company/Company
Position
Postcode, town, street (full address)
Country
Time zone

If you have registered as an exhibitor, we will use your existing customer accounts to inform you about your presentation opportunities in the trade fair media and other media services.

The legal basis for these processing activities is Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of your data for marketing purposes

We use the contact details you provide when you register to inform you about the respective event or similar services and events by e-mail (exhibitor information).

GHM will use your data, if you have registered as an exhibitor and have given us your express consent when registering, to contact you by e-mail to ask you to participate voluntarily in customer surveys and to contact you by telephone or fax for advertising purposes. This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de.

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

The further consultation and processing of your entry in the trade fair media and for other media services is carried out by external service providers in Europe who process the data you have entered for this purpose. An order processing contract has been concluded between the respective service provider and GHM in accordance with Art. 28 GDPR.

Storage duration

Your data will only be used by GHM or our service provider for marketing and consulting on trade fair media and other media services. Of course, GHM will delete your data if the purpose of use no longer requires further use or if contractual regulations with our customers object to further use or if there are no longer any legal deadlines for data storage. Your data will not be stored for longer than four weeks following a request for deletion.

Provision prescribed or required

The provision of your personal data is voluntary. It is necessary in order to inform you about your presentation options in the trade fair media and other media services and to make further bookings.

Revocation of consent

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
T +49 (0)89 189 149-0
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.7 As an exhibitor: Booking services for digital/hybrid events

Preliminary remark: GHM develops contemporary concepts for events in the digital space. These change depending on customer interest, industry requirements and technical possibilities.

For this purpose, GHM provides platforms that are operated by contracted technology partners with whom corresponding order processing agreements have been concluded. For digital or hybrid events – in combination with face-to-face events – personal data is processed in additional procedures in some cases.

Purpose, categories of data and legal basis

Below we describe what personal data we collect for online events and for what purposes we use it if you book a stand or a service package at our virtual event:

Title, salutation
First name, surname
E-mail address
Telephone number
Company

Your personal data is processed for the purpose of initiating, implementing and processing the respective user contract. In order to be able to identify and virtually meet participants who are interested in you via the portal, you must give GHM revocable consent in addition to your booking(s) to publish personal data for the presentation of your company or products or services or to pass them on to interested parties.

The data you provide us with will be used for the virtual event and will enable us to provide the services you have booked (e.g. ordering a stand, presenting your products and/or services or organising presentations).

The legal basis for these processing activities is Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of your data for marketing purposes

We use your contact details to inform you about the respective event or similar services and events by e-mail (exhibitor information). In addition, your data helps us to support you with a smooth trade fair presentation, to send you individually tailore services and to present products, services and marketing services of GHM and its partners.

The legal basis for our contacting you by email following your exhibitor registration is Art. 6 para. 1 lit. f GDPR in conjunction with Section 7 para. 3 UWG. You can object to receiving promotional communications by email at any time. This can be done by sending an e-mail to datenschutz@ghm.de or by clicking on the corresponding link at the end of each e-mail.

With the aim of monitoring success and improving our events and services, GHM will use your data to contact you by telephone or e-mail with a request for voluntary participation in customer surveys and to contact you by telephone or fax for advertising purposes if you have registered and have given us your express consent to do so. This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

The platform and associated services are provided by external service providers based in Europe and the data you enter is therefore processed by them. This includes service providers that create the platform and content that is explicitly requested, marketed and processed.

In addition, we pass on your data to business partners who support you in the realisation of your participation (e.g. in your trade fair communication). Data processing agreements are concluded between the service providers and GHM in accordance with Art. 28 GDPR.

This also includes partners who enable digital or hybrid events with special contracts and corresponding commitment and have a legitimate interest. Legally compliant data processing agreements are also in place with these partners in accordance with the GDPR.

The platform that GHM uses to organise digital and hybrid events processes personal data exclusively for the provision of its services in the operation of these events and not for its own purposes. The web analysis tracking and remarketing tools used by the service providers are carried out on our instructions and pursue the above-mentioned objectives. When you register as an exhibitor or active participant, you give us your consent to forward the data to our service partners for this purpose. The consent is based on Art. 6 para. 1 sentence 1 a GDPR and can be revoked by you at any time for the future.

Due to the high level of internationality, GHM may transfer personal data from the respective country to foreign representatives working for GHM so that they can take over sales and market and opinion research for exhibitors whose registered office is located within the corresponding representation area of the respective foreign representative. The forwarding of contact data is based on the legitimate interest of GHM pursuant to Art. 6 para. 1 lit. f GDPR to ensure the best possible support for exhibitors, taking into account local particularities.

In addition, we only pass on your data to third parties if we are legally obliged to do so, e.g. to law enforcement authorities or in the prosecution of legal offences.

Storage duration

Your data will be used by GHM or its service providers for the processing and follow-up of your trade fair participation and preparation for the next two trade fairs as well as for the use of the portal. Of course, GHM will delete your data if the purpose of use no longer requires it or if contractual regulations with our customers or legal deadlines no longer apply.

Provision prescribed or required

The provision of your personal data is voluntary. It is necessary in order to register as an exhibitor or active participant in our portals and to operate the exhibition stand and/or give presentations.

Revocation of consent

You can revoke your consent at any time with effect for the future. Please inform us of your cancellation informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and send it to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.8 Registration as a visitor for digital/hybrid events

GHM develops contemporary concepts for events in the digital space. To this end, GHM provides platforms that are operated by contracted technology partners with whom corresponding order processing agreements have been concluded.

For digital or hybrid events – in combination with face-to-face events – personal data is collected from visitors (hereinafter referred to as participants) and in some cases processed in further procedures.

Purpose, categories of data and legal basis

Below we describe what personal data we collect and for what purposes we use it when you use our online events on virtual networking platforms:

Title, salutation
First name, surname
E-mail address
Company
Position
Postcode, city
Country
Time zone
Professional group
Centre of interest

The legal basis for these processing activities is Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of your data for marketing purposes

We use your contact details to inform you about the respective event or similar services and future events by e-mail.

The legal basis for our contacting you by e-mail following your registration is Section 7 (3) UWG. You can object to receiving advertising by e-mail at any time. This can be done by sending an e-mail to datenschutz@ghm.de or via the corresponding link at the end of each e-mail.

If you have registered, GHM will use your data with your express consent, which you give us when you register, to send you e-mails asking you to participate voluntarily in customer surveys and to contact you by telephone or fax for advertising purposes. This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de.

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

Lead generation for exhibitors at digital and hybrid events
Personal live communication during the digital or hybrid events
Analyses to measure the success of digital and hybrid events
Free lectures for visitors. They cover the costs of the speakers and knowledge transfer and are therefore entitled to the contact details you provide (such as title, first name, surname, address and communication

Your data will be passed on to partner companies that enable digital or hybrid events with special contracts and corresponding commitment (sponsoring) and have a legitimate interest. Legally compliant data processing agreements are also in place with these partners in accordance with the GDPR.

In addition, we only pass on your data to third parties if we are legally obliged to do so, e.g. to law enforcement authorities or in the prosecution of legal offences.

Storage duration

Your data will only be used by GHM or our service providers for the purpose of the digital or hybrid event you have booked.
Of course, GHM will block your data if the purpose of use does not allow it or contractual arrangements with our customers or statutory deadlines no longer exist.

Provision prescribed or required

The provision of your personal data is voluntary. It is necessary in order to register as a visitor for one of our digital or hybrid events that you have booked and to use their services for the duration of the event.

Revocation of consent

You can revoke your consent to the processing of your data, including for participation in customer surveys for the future, at any time. The revocation can be made informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.9 Participation in visitor and content matching at digital and hybrid events

In the following, we describe which personal data we collect and for which purposes we use it when you use the visitor and content matching of our digital or hybrid events:

Topic interests

Preliminary remark: The GHM digital platform sees itself as a networking and knowledge platform for the skilled crafts sector. Your data is u s e d to familiarise you with the skilled crafts sector as a whole and the sectors we serve via our platforms and the trade fairs and digital/hybrid events we operate. Based on your data, access to the topics on the platform will be made easier for you and you can organise your visit to the trade fair or event.
Plan your event participation better. Your data will be used to recommend exhibitors, presentations and products that offer information in which you are interested. In addition, we use your data to identify topics relevant to the participants and to enable recommendations on these topics (exhibitors, presentations, products and visitors) independently of personal recommendations.

The legal basis for these processing activities is Art. 6 para. 1 sentence 1 lit b GDPR.

Use of your data for marketing purposes

We use your contact details to inform you about the respective event or similar services and future events by e-mail. In addition, your data helps us to support you in ensuring a smooth trade fair appearance or successful participation in the digital/hybrid events, to offer you customised services and to present products, services and marketing services of GHM and its partners.

The legal basis for our contacting you by e-mail following your exhibitor registration is Section 7 (3) UWG. You can object to receiving the advertising to be contacted by e-mail at any time. This can be done by sending an e-mail to datenschutz@ghm.de or via the corresponding link at the end of each e-mail.

With the aim of monitoring success and improving our events and services, GHM will use your data to contact you by telephone or email with a request for voluntary participation in customer surveys and to contact you by telephone or fax for advertising purposes if you have registered and have given us your express consent to do so. This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de.

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

The digital/virtual platform and associated services (e.g. recommendation management) are provided by external service providers based in Europe and your entered data is therefore processed by them. This includes service providers who create the platform and request, market and process content. An order processing contract has been concluded between the service providers and GHM in accordance with Art. 28 GDPR.

The digital/virtual platform processes personal data exclusively for the provision of its services in the operation of virtual events and not for its own purposes. The web analysis, tracking and remarketing tools used by the service providers are carried out on our instructions and pursue the above-mentioned objectives. When you register as a visitor, you give us your consent to forward the data to the service partners for this purpose. The consent is based on Art. 6 para. 1 sentence 1 a GDPR and can be revoked by you at any time for the future.

Due to the highly international nature of our events, GHM may transfer personal data to foreign representatives working for GHM so that they can carry out sales and market and opinion research for visitors whose registered office is located within the respective foreign representative’s territory. The forwarding of contact data is carried out on the one hand for the fulfillment of the contract in accordance with Art. 6 para. 1 lit. b GDPR and on the other hand on the basis of the legitimate interest of GHM in accordance with Art. 6 para. 1 lit. f GDPR to ensure the best possible support for exhibitors, taking into account local particularities.

Storage duration

Your data will only be used by GHM or our service providers for the purpose of the digital or hybrid event you have booked (purpose of use), limited by the duration of the procedure.

Of course, GHM will delete your data if the purpose of use no longer requires it or if contractual regulations with our customers or legal deadlines no longer exist.

Provision prescribed or required

The provision of your personal data is voluntary. It is required in order to participate in visitor and content matching on the digital platform and to be listed as a recommendation.

Revocation of consent

You can revoke your consent at any time with effect for the future. The revocation can be made informally with the subject “Objection” or “Revocation” stating your name, address and e-mail address and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.10 Addressing participants at digital/hybrid events

Purpose, categories of data and legal basis

Below we describe what personal data we collect and for what purposes we use it when you write a message to other participants via our digital event platform:

Username / Nickname
e-mail

Preliminary remark: GHM’s digital platform sees itself as a networking and knowledge platform for the skilled crafts sector. Your data is u s e d to familiarise you with the skilled crafts sector as a whole and the sectors we serve via our platforms and the trade fairs and digital/hybrid events we operate. Based on your data, access to the topics on the platform will be made easier for you and you can organise your visit to the trade fair or event. Plan your event participation better. Your data will be used to recommend exhibitors, presentations and products that offer information you are interested in.

The legal basis for these processing activities is Art. 6 para. 1 sentence 1 lit. b GDPR.

Use of your data for marketing purposes

We use your contact details to inform you about the respective event or similar services and events by e-mail. Your data also helps us to support you with a smooth trade fair appearance, to offer you customised services and to present GHM products, services and marketing services.

With the aim of monitoring our success and improving our events and services, GHM will use your data to contact you by telephone or email with a request for voluntary participation in customer surveys and to contact you by telephone or fax for advertising purposes if you have registered and have given us your express consent to do so. This consent is given on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR and can be revoked by you at any time for the future at datenschutz@ghm.de.

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

The GHM digital platform and associated services or services booked by you, including additional services, are provided by external service providers based in Europe and the data you enter is therefore processed by them.
These include service providers who create the platform and request, market and prepare content. Data processing agreements have been concluded between the service providers and GHM in accordance with Art. 28 GDPR.

The virtual platform processes personal data exclusively for the provision of its services in the operation of the virtual events and not for its own purposes. The web analysis, tracking and remarketing tools used by the service providers are carried out on our instructions and follow the above-mentioned objectives.

When you register as a participant, you give us your consent to process the data for this purpose. The consent is based on Art. 6 para. 1 sentence 1 a GDPR and can be revoked by you at any time for the future.

In addition, we only pass on your data to third parties if we are legally obliged to do so, e.g. to law enforcement authorities or in the prosecution of legal offences.

Storage duration

Your data will only be used by GHM or our service providers for the purpose of the digital event you have booked.
Of course, GHM will delete your data if the purpose of use no longer requires it or if contractual regulations with our customers or legal deadlines no longer exist.

Provision prescribed or required

The provision of your personal data is voluntary. It is necessary in order to register as a visitor on our digital platform and to use its services relating to the event you have booked for the duration of the event.

Revocation of consent

You can revoke your consent at any time with effect for the future. The revocation can be made informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.11 ZUKUNFT HANDWERK App

In the following, we describe and inform you about the processing of personal data when using the “ZUKUNFT HANDWERK App” (hereinafter: app). Personal data is information that relates to an identified or identifiable person. This primarily includes information that allows direct conclusions to be drawn about your identity, such as your name or email address. However, personal data also includes certain identifiers such as your IP address or the Firebase installation ID, which can only be used to indirectly identify you.

1. Data processing before and during use of the app

1.1 Terms of use and data protection information for participants of the ZUKUNFT HANDWERK trade fair

Participation in the ZUKUNFT HANDWERK trade fair and use of the ZUKUNFT HANDWERK app is subject to the General Terms and Conditions (“GTC”) of GHM Gesellschaft für Handwerksmessen mbH (“GHM”), which apply between you and GHM. These GTC form the contractual basis for most data processing within the scope of the ZUKUNFT HANDWERK app. In addition, please refer to the data protection information on the website of GHM Gesellschaft für Handwerksmessen mbH: https://www.ghm.de/datenschutz/.

The content of the ZUKUNFT HANDWERK app is partly native and partly integrated or mirrored via the web view. If the content is integrated natively, the content is only loaded in the app. The content of the app is linked to the website via the web view and the content of the app is loaded via the website. For the content and tools loaded via the web view, please refer to the GHM privacy policy on our website.

Only the processing of your data with regard to the use of the ZUKUNFT HANDWERK app is described below.

1.2 Installing the app

In order to download and install our app from an app store, you must first register with the provider of the respective app store (e.g. Apple App Store or Google Play) with an account and conclude a corresponding licence agreement. We have no influence on this; in particular, we are not a party to such a licence agreement.

When you download and install the app, the necessary information is transmitted to the respective app store, in particular your name, email address and account number, the time of download, payment information and the individual device ID.

We have no influence on this data collection and are not responsible for it. We only process the data provided to the extent necessary for downloading and installing the app on your mobile device (e.g. smartphone, tablet). This data is not stored beyond this.

The legal basis for data processing in our area of responsibility is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable the provision of the app. For data processing, which is the sole responsibility of the app store operator, please refer to their privacy policy:

Google Play: https://play.google.com/intl/de/about/privacy-security-deception/ and https://policies.google.com/privacy?hl=de;
Apple App Store: https://support.apple.com/de-de/HT208477 and https://www.apple.com/legal/privacy/de-ww/.

1.3 Connection data

When you use the app, we process connection data that your app automatically transmits to enable you to use the app. This connection data comprises the so-called HTTP header information, including the user agent, and includes in particular

IP address of the requesting end device;
Method (e.g. GET, POST) and date and time of the request;
Time zone difference to Greenwich Mean Time (GMT);
Address and path of the requested files;
previously accessed addresses (HTTP referrer), if applicable;
Information about the operating system (name and version, e.g. “Android 11” or “iOS 15”);
Information about the end device used (name, build number, model) and the operating system (name and version);
Information about the app (name, version, app ID);
Version of the HTTP protocol, HTTP status code, size of the delivered file;
Request information such as language, type of content, encoding of content, character sets.

The processing of this connection data is absolutely necessary to enable the use of the app, to ensure the permanent functionality and security of our systems and for the general administrative maintenance of our app.

The connection data is also stored in internal server log files for the purposes described above, temporarily and limited in content to what is necessary, in order to find the cause and take action in the event of repeated or criminal calls that jeopardise the stability and security of our app or our internal systems and servers.

In addition, log files are sometimes automatically created on your device by your mobile device, which may contain various technical information (such as the type of message, date and time of the message, trigger of the message (e.g. an error, an app call), app used, information on the content of the message). This is necessary for technical reasons so that the app functions properly and you can use the desired services.

The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, the fulfilment of the GTC concluded with you (see section 2.1), and otherwise Art. 6 para. 1 lit. f GDPR due to our legitimate interest in enabling the content to be accessed and the permanent functionality and security of our systems.

1.4 App authorisations

When installing or using our app, authorisations of the end device may be requested at a technical level, for example for sending push notifications, for using the camera and the address book.

In principle, these app authorisations are necessary in order to provide our app. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive. Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG. The legal basis for the processing of personal data is then Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1), or Art. 6 para. 1 lit. f GDPR, our legitimate interests in enabling the provision and basic functions of the app.

These authorisations do not constitute consent in the sense of data protection law. If, on the basis of the authorisations granted, information is stored or read out in the end device that is not absolutely necessary for the provision of the app, or personal data is processed that cannot be based on the contractual basis or our legitimate interests, we may obtain your consent separately. This is then done on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG, or for the processing of personal data according to Art. 6 para. 1 lit. a GDPR.

1.5 Hosting

We use the service provider Corussoft GmbH, Kurfürstendamm 56, 10707 Berlin
(“Corussoft”) to provide the ZUKUNFT HANDWERK app and to process the event and app-specific data. Corussoft stores and processes the data in its own event cloud database. An order processing agreement has been concluded with Corussoft, which ensures that the personal data is processed exclusively on our behalf and not for other purposes when the app is used. In addition, the implementation of the technical and organisational measures has been and is regularly reviewed. The storage of personal data is encrypted.

2. Basic functions of the app

2.1 Registration for use and login in the app

Use of the app is voluntary. You can register in the app after installation with your e-mail address and your first name and surname (mandatory information). An e-mail with a numerical code will then be automatically sent to this e-mail address, which you can use to log in and create a profile. A profile is automatically created when you log in. There you can enter further optional information about yourself. The token or numerical code is resent each time you log out and log in again.

The following data can be processed:

First name and surname (mandatory)
E-mail address (mandatory)
Title
Company name
Company address
Telephone number
Fields of interest
Function

The legal basis for the data processing described is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1) and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interests consist in carrying out secure registration and enabling the use of the app.

2.2 Profile / Management of your personal data

When you log in to the app, a personal profile is automatically created for you with the data from the ticket shop registration. In the app, you can manage your profile and change the data you entered during login/registration, such as your name or e-mail address. Mandatory information is labelled. You also have the optional and voluntary option of uploading a profile picture. The information from your profile is generally also used to display you in the list of participants and to enable chat with you. You can prevent this information from being shared by deactivating the networking function in the app. If you have deactivated the networking function, your entire profile will no longer be visible to others. In principle, every contact requires mutual consent to share your own contact information.

The legal basis for the display and customisation of the profile and the uploading of the image is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1) and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable you to customise and supplement your personal data so that you can describe your own interests to other users or exhibitors as part of your self-presentation, making it easier to establish and maintain contact.

2.3 Contact us

You have the option of contacting us. In this context, we process your data exclusively for the purpose of communicating with you. The legal basis for this processing is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1), and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest is that you contact us and we can answer your enquiry.

The data collected by us when you contact us will be automatically deleted after your enquiry has been fully processed, unless we still need your enquiry to fulfill contractual or legal obligations (see section 5 “Storage period”).

2.4 Push notifications

When using our app, you may receive push notifications from us if these are intended for the event and you have granted your app authorisation for this. We will also send you these notifications if you are not currently using the app. These are exclusively notifications relating to the ZUKUNFT HANDWERK trade fair.

You can deactivate push notifications at any time via the settings on your mobile device. You can find instructions on how to do this at the following addresses, for example:

We use the Firebase Cloud Messaging (FCM SDK) service offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) to send push notifications. This enables push notifications using the Firebase installation ID and an authentication token

for exactly your mobile device. The Firebase installation ID is assigned as an identifier for the specific app installation on your end device. It differs from app to app and does not allow any direct conclusions to be drawn about your person. The authentication token is used to ensure that the notification is only sent and received securely to the addressed end device. It is reassigned for each notification. The notification itself does not contain any personal data. The participant ID does not reach Google either. Instead, our app service provider (see 2.8 Hosting) matches the subscriber ID with the authentication token and then forwards this token for the delivery of the notification. With Firebase Cloud Messaging, the data at rest and the transport of the data is encrypted (for Android: point-to-point encryption).

The legal basis is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1) and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to provide you with important event-related information. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG. In the event that personal data is transferred from Google Ireland Limited to the USA, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Implementing Decision (EU) 2021/914, Module 3) in accordance with Art. 46 para. 2 lit. c GDPR. As described above, data processing and the possible transfer of data have been reduced to the necessary minimum and are always pseudonymised.

2.5 Display of event information

The app can be used to obtain an overview of booked events and information about a selected event, such as the day, agenda and venue. An assignment to the events you have booked is made via your account.

The legal basis for the processing of this data is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1) and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interests are to show you the information relevant to the event from your account.

3. Additional functions of the app

In addition to the basic functions of the app, we also enable the use of additional functions. The legal basis is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1) and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to provide you with additional functions within the app. The list of participants and the chat are only available as functions if you have actively confirmed them when registering to use the app.

3.1 List of participating exhibitors

You will be displayed in the list of participating exhibitors as the contact person for an exhibitor with your profile information. This allows other participants to find out that you are at the event. This enables participants to meet and arrange meetings. Participants can always see each other in the directory, unless the networking function has been deactivated. The data will be mirrored from our website on which you registered for the event, i.e. the data you entered when registering on the website will also be displayed in the app. No further data is collected, transmitted to our website or to third parties as part of this function.

The legal basis for inclusion in the list of participants is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to provide you with this additional function, to inform you about the presence of other participants and to give you the opportunity to meet at the event.

3.2 Sharing contact details and images with other end users/exhibitors and saving contact details in the address book

After granting camera authorisation, you can use the QR code scan function to pass on your own contact details to other end users or exhibitors or receive the contact details of other end users or exhibitors using the same function. By scanning “Exhibitor and product QR codes”, the contact details provided when purchasing tickets or the contact details stored in the app can be passed on to an exhibitor in the form of a lead report. The same applies to the digital exchange of business cards between participants. This personal data includes, for example, first and last name, email address, company, job title, telephone number/mobile number. The contact and connectivity function facilitates communication between trade fair participants and exhibitors by enabling communication channels to be opened quickly and easily and maintained for the time after the trade fair. In order to save the contact data received in your address book, we require access authorisation to your address book. We will not read any data from the address book or store it with us. You can revoke the access authorisation in the settings of your operating system at any time.

If you have authorised access to the camera, you can also use the integrated selfie camera function to take pictures and post them on your channels for other event participants to see. The app provides a frame branded in the event colours that you can use for this purpose.

The legal basis for the processing of this data is Art. 6 para. 1 lit. b GDPR, the fulfillment of the terms of use concluded with you (see section 2.1), insofar as the processing is necessary for the initiation or execution of a contractual relationship. Otherwise, the legal basis for inclusion in the list of participants is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to provide you with this additional function and to give you the opportunity to communicate and get in touch with other participants.

3.3 Chat / Network

You can also communicate with other participants via the app in 1:1 chat. The content of the communication and your login details are processed to enable the mutual exchange of messages. You can select other participants from the list of participants and write to them in a private chat room or call up and continue existing conversations so that the communication is only visible to participants you have expressly selected beforehand.
Before starting a conversation, you will be asked whether you really want to start a chat. You can also be contacted individually by other users via a private channel. If you take part in the networking function, we use an algorithm for matchmaking that checks whether your interests match those of other users. interests of other users and exhibitors and displays them to you in the order in which they match. In the context of networking and matchmaking, we create profiles based on the interests you have indicated. We match your interests with the interests of other networking participants and create a list of other networking participants with whom you share the most interests in descending order. These participants are suggested to you as possible contacts. This function can be used for processing:

First name and surname,
The company
Job title
Position
Profile picture
Photos (selfies and picture notes)
Country

The legal basis for the use of the chat is Art. 6 para. 1 lit. b GDPR, the fulfillment of the terms of use concluded with you (see section 2.1), insofar as the processing is necessary for the initiation or execution of a contractual relationship. Otherwise, the legal basis is 6 para. 1 lit. f GDPR. Our legitimate interest is to provide you with this additional function and to give you the opportunity to communicate with other participants.

3.4 Ticket / Ticketshop

The app can show you the tickets for your booked events when you call up the respective event. To do this, the event ticket or exhibitor pass can be uploaded to the ticket wallet for digital storage in the app using a code. A ticket consists of a personalised QR code that you can show at the entrance. This function is currently still under development. A link will take you to our ticket shop on our website.
Information about processing on the GHM website can be found in our website privacy policy.

The legal basis for the creation of the QR code and the reading of the QR code is Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1) and otherwise Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to enable registration and participation in the event.

3.5 Google Firebase Crashlytics

We also use Firebase Crashlytics, which is offered by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland for users from the European Economic Area and Switzerland and by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”) for all other users. In the event of an app crash, Firebase Crashlytics sends crash reports to us. These are used to ensurte he stability, functionality and reliability of our app. Crash reports are activated by default.

On our behalf, Google Firebase analyses the data in connection with the crash of our app. This includes information about the device used and the use of the app. our app, which enables us to diagnose problems, solve errors and improve our app.

In particular, the following information may be transmitted, which does not allow any direct conclusions to be drawn about you:

Device data: Type, manufacturer, hardware data, operating system version;
Diagnostic data: Time of the crash, state of the app and position in the source code at the time of the crash, last log messages;
the instance ID assigned to the app on your end device during app installation.

Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG. The legal basis for the processing of personal data is then Art. 6 para. 1 lit. b GDPR, the fulfilment of the terms of use concluded with you (see section 2.1), or Art. 6 para. 1 lit. f GDPR, our legitimate interests in the correction of errors or the enabling of access to the content as well as the permanent functionality and security of our systems.

If the app crashes, this information is transmitted to Google and stored there for up to 90 days for analysis.

You can deactivate the crash reports by changing the settings in your operating system (Android / iOS). You can find instructions on how to do this here:

Google Android: https://support.google.com/accounts/answer/6078260?hl=de
Apple iOS: https://support.apple.com/de-de/HT202100

Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR. In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Module 3) in the event that personal data is transferred from Google Ireland Limited to the USA.

You can find more information on data protection at Google and Firebase here:

3.6 User statistics (Google Analytics for Firebase)

In order to improve our app, we use Google Analytics for Firebase to recognise users and to statistically record and analyse general user behaviour based on access data. Google Analytics for Firebase is operated for users from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other users by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”) is offered. With the help of Google Analytics for Firebase, information about the use of our app is collected and transmitted to Google and stored there. Google uses the instance ID of your app installation, the device ID and the advertising ID of the end device.

The following data is processed as part of the use of Google Analytics for Firebase:

IP address;
Number of users and sessions, including date, time and session duration;
Device ID, advertising ID, instance ID;
Events (such as interactions and events), including the areas/modules accessed within the app, the content viewed, the clicks on buttons;
First start of the app, app version, app versions, app updates;
In-app purchases;
Technical information: Operating system; device type, make, model and resolution;
Approximate location (region, country);
Age group, gender, interests;
Language.

Data linked to the advertising ID is stored for 60 days, user conversions for 14 months. Aggregated reports that do not allow any conclusions to be drawn about individual users are also stored.

You can restrict the use of the advertising ID in the settings of your end device:

Android: Settings / Privacy / Advertising: Delete advertising ID; or for older versions: Settings / Privacy / Advanced / Advertising: Disable personalised advertising -more information at: https://support.google.com/googleplay/android-developer/answer/6048248?hl=de;
iOS: Settings / Security / Tracking: Allow apps to request tracking (deactivate); or for older versions: Settings / Privacy / Tracking: Allow apps to request tracking (disable) -more information at: https://support.apple.com/de-de/HT212025

We have concluded a data processing agreement with Google Ireland Limited for the use of Google Analytics for Firebase. Your personal data may also be transferred by Google Ireland Limited to Google LLC in the USA. Google LLC has joined the EU-US Data Privacy Framework, which is why the transfer in this case is based on the adequacy decision for the USA in accordance with Art. 45 GDPR.
In addition, Google Ireland Limited and Google LLC have concluded standard contractual clauses (Module 3) in the event that personal data is transferred from Google Ireland Limited to the USA.

4. Forwarding of data

The data collected by us will only be passed on if there is a legal basis for this under data protection law in the specific case, in particular if:

you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official enquiries, court orders and legal proceedings, or
this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, data centres that store our app and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

5. Storage duration

In principle, we only store personal data for as long as necessary to fulfil the purposes for which we collected the data. We then delete the data immediately, unless we still need the data until the statutory limitation period expires for evidence purposes for civil law claims, due to statutory retention obligations or there is another legal basis under data protection law for the continued processing of your data in the specific individual case.

For evidence purposes, we must retain contract data in particular for three years from the end of the year in which the business relationship with you ends. Any claims expire at the earliest at this time in accordance with the statutory limitation period.

Even after this, we still have to store some of your data for accounting reasons. We are obliged to do so due to statutory documentation obligations that may arise from the
German Commercial Code, the German Fiscal Code, the German Banking Act, the German Money Laundering Act and the German Securities Trading Act. The periods specified there for the retention of documents are two to ten years.

6. Your rights, in particular cancellation and objection

You are entitled to the data subject rights formulated in Art. 7 para. 3, Art. 15 – 21, Art. 77 GDPR at any time if the respective legal requirements are met:

Right to withdraw your consent (Art. 7 (3) GDPR);
Right to object to the processing of your personal data (Art. 21 GDPR);
Right to information about your personal data processed by us (Art. 15 GDPR);
Right to rectification of your incorrect personal data stored by us (Art. 16 GDPR);
Right to erasure of your personal data (Art. 17 GDPR);
Right to restriction of processing of your personal data (Art. 18 GDPR);
Right to data portability of your personal data (Art. 20 GDPR);
Right to lodge a complaint with a supervisory authority (Art. 77 GDPR).

To assert your rights described here, you can contact us at any time using the contact details given above. This also applies if you wish to receive copies of guarantees to demonstrate an adequate level of data protection. Provided that the relevant legal requirements are met, we will comply with your data protection request.

Your requests for the assertion of data protection rights and our responses to them will be stored for documentation purposes for a period of up to three years and, in individual cases, for the assertion, exercise or defence of legal claims beyond this period. The legal basis is Art. 6 para. 1 lit. f GDPR, based on our interest in the defence against any civil law claims pursuant to Art. 82 GDPR, the avoidance of fines pursuant to Art. 83 GDPR and the fulfilment of our accountability obligations arising from
Art. 5 para. 2 GDPR.

You have the right to withdraw your consent at any time. As a result, we will no longer continue the data processing that was based on this consent in the future. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

If we process your data on the basis of legitimate interests, you have the right to object to the processing of your data at any time on grounds relating to your particular situation. If it concerns an objection to data processing for direct marketing purposes, you have a general right to object, which we will also implement without you having to give reasons.

If you would like to exercise your right of cancellation or objection, simply send an informal message to the contact details above.

Finally, you have the right to lodge a complaint with a data protection supervisory authority. You can assert this right, for example, with a supervisory authority in the member state of your place of residence, your place of work or the place of the alleged infringement. In Munich, our registered office, the competent supervisory authority is Bayerische Landesamt für Datenschutzaufsicht, Postfach 1349, 91504 Ansbach.

4.12 Newsletter (registration and newsletter tracking)

Purpose, categories of data and legal basis
In the following, we describe which personal data we collect and for which purposes we use it when you use our newsletter registration.

Data collected:

Salutation
First name
Surname
E-mail address
Department
Function
Company name
Postcode / City
Country
IP address
Time of registration

If you register for a newsletter, you will receive e-mails with offers, information and surveys on the respective trade fair.

We use the so-called double opt-in procedure to subscribe to our newsletter, i.e. we will only send you newsletters by e-mail if you confirm in our notification e-mail by clicking on a link that you are the owner of the e-mail address provided.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Newsletter tracking

We want to share content that is as relevant as possible for our customers via our newsletter and better understand what they are actually interested in. We therefore use standard market technologies in our newsletters to measure interactions with the newsletters (e.g. opening of the email, links clicked on). We use this data for anonymised general statistical evaluations and to optimise and further develop our content and customer communication. On the one hand, this is done with the help of small graphics that are embedded in the newsletter (so-called pixels) and establish a connection to the server of the images when the email is opened. On the other hand, we use links where we first register a click on this link and only then forward it to the desired target page.

The legal basis for this is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to the information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

Recipient of the data

The data collected by us will only be passed on if t h e r e i s a legal basis for this under data protection law in the specific case, in particular if:

you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official enquiries, court orders and legal proceedings, or
this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Some of the data processing may be carried out by our service providers. In addition to the service providers mentioned in this privacy policy, these may include, in particular, computer centres that store our website and databases, software providers, IT service providers that maintain our systems, agencies, market research companies, group companies and consulting firms. If we pass on data to our service providers, they may only use the data to fulfil their tasks. The service providers have been carefully selected and commissioned by us. They are contractually bound by our instructions, have suitable technical and organisational measures in place to protect the rights of the data subjects and are regularly monitored by us.

Storage duration

Newsletter registration: We store the data collected in connection with the newsletter registration until you unsubscribe from the newsletter.

Newsletter tracking: The data on the interaction with our newsletters is stored pseudonymously and then completely anonymised.

Provision prescribed or required

The provision of your personal data is voluntary. It is necessary in order to register as an interested party for our newsletter.

Revocation of consent

You can revoke your consent to receive the newsletter and for the analysis of user behaviour as part of newsletter tracking at any time with effect for the future. To do so, use the link contained in each of our emails or send your cancellation to datenschutz@ghm.de.

4.13 Advertising by e-mail

Purpose, categories of data and legal basis

In the following, we describe which personal data we collect and for what purposes
we use it in connection with advertising by e-mail.

Data collected:

Salutation
First name
Surname
E-mail address
Department*
Function*
Company name*
Postcode City*
Country*
IP address
Time of registration

*optional query

If you register for our newsletter and have given your express consent in this context, we will use your contact details to send you further information about our products and services that is relevant to you by e-mail.

The legal basis for processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

Recipient of the data

The data collected by us will only be passed on if t h e r e i s a legal basis for this under data protection law in the specific case, in particular if:

you have given your express consent to this in accordance with Art. 6 para. 1 lit. a GDPR,
the disclosure pursuant to Art. 6 para. 1 lit. f GDPR is necessary for the assertion, exercise or defence of legal claims and there is no reason to assume that you have an overriding interest worthy of protection in not disclosing your data,
we are legally obliged to disclose data in accordance with Art. 6 para. 1 lit. c GDPR, in particular if this is necessary for legal prosecution or enforcement due to official enquiries, court orders and legal proceedings, or
this is legally permissible and required in accordance with Art. 6 para. 1 lit. b GDPR for the processing of contractual relationships with you or for the implementation of pre-contractual measures that are carried out at your request.

Storage duration

We store the data collected in connection with registration for the newsletter, which we also use for advertising purposes, until you unsubscribe from the newsletter or revoke your consent.

Provision prescribed or required

The provision of your personal data is voluntary. It is necessary in order to register as an interested party for our newsletter.

Revocation of consent

4.14 Press accreditation

Purpose, categories of data and legal basis

As a member of the press, you can obtain accreditation from us in accordance with our accreditation guidelines. For this purpose, we store your first and last name, your company and your contact details (incl. e-mail address) in our press database. As an accredited member of the press, you will receive a press ticket and access to our press centre and press parking spaces.

If all the requirements of the exemption provision of Section 7 (3) UWG are met, the legal basis for sending the visitor mailing as a result of your visitor registration is Art. 6 (1) (f) GDPR.

We will use your contact details to inform you about the respective event or similar services and events by e-mail once you have been accredited.

The legal basis for our contacting you by e-mail as a result of your press accreditation is Section 7 (3) UWG. You can object to being contacted by e-mail at any time. This can be done by sending an e-mail to datenschutz@ghm.de or via the link at the end of each e-mail (press release).

Recipient of the data

Your data will only be passed on under certain conditions and only for precisely defined purposes, which are described in more detail below:

As part of its comprehensive services, GHM also utilises other service providers, e.g. for the maintenance and administration of the data processing system or the servers. The partners are subject to the same strict data protection regulations and are closely integrated into GHM’s data protection concept.
GHM uses state-of-the-art data processing techniques to ensure data security. Your data is stored in a CRM database at an external service provider.
We use a German service provider with whom we have concluded a data processing agreement to send emails.

Storage duration

Your data will be used by GHM to provide information to you as an accredited member of the press. Of course, GHM will delete your data if you object, if the purpose of use no longer requires it or if contractual regulations with our customers or legal deadlines no longer exist.

Provision prescribed or required

The provision of your personal data is voluntary, solely on the basis of your press accreditation. Without this, you will not be able to obtain accreditation.

Revocation

You can unsubscribe from receiving further press releases at any time in the future. Please inform us of your cancellation in text form or use the link provided in the press email to unsubscribe.

The revocation can be made informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail datenschutz@ghm.de

4.15 Applications/application pool and use of the contact form

You can submit your application for advertised positions and unsolicited applications online on our application portal. We will only process the data you provide to assess your professional suitability and to contact you immediately or at a later date.

Purpose, categories of data and legal basis (legitimate interest)

The processing is carried out to establish an employment relationship in the context of the implementation of pre-contractual measures, Art. 6 para. 1 sentence 1 lit. b GDPR, Art. 88 GDPR, § 26 para. 1 BDSG.

Insofar as the data are so-called special categories of personal data, such as data relating to your health, which you provide to us yourself (e.g. information about a severe disability), the processing is carried out on the legal basis of Art. 6 para. 1 sentence 1 lit. b, Art. 9, Art. 88 GDPR, § 26 para. 3 sentence 1 BDSG.

If you have given us your consent for the further storage of your data in our applicant pool, the legal basis for this is your consent in accordance with Art. 6 para. 1 sentence 1 lit. a GDPR, Art. 88 GDPR, § 26 para. 1 sentence 1 BDSG.

Recipient of the data

Within GHM, only those departments that need your data to fulfil contractual, legal and supervisory obligations and to protect legitimate interests will have access to it.

Storage and processing of data

We use the personnel management software from rexx for our application process, which we use to manage the application process and job advertisements. All process information is stored on the service provider’s servers. We have concluded an order processing contract with the service provider for this purpose.

Storage duration and third country transfers

If your application is rejected, the truncated data will be reduced 6 (six) months after notification of the decision (i.e. it will no longer be possible to draw conclusions about the person, but only data for statistical purposes etc. will be available). This means that it is no longer possible to draw conclusions about the person, but only data for statistical purposes etc. is available. After 60 months, the data will be completely deleted. If consent is given for the applicant pool, deletion takes place after 60 months, cancellation or notification by GHM.

If an employment relationship is established, the application documents will be filed with GHM for at least the period of employment.

The processing does not take place outside the European Union (EU) or the European Economic Area (EEA).

Data provision prescribed or required

The provision of personal data is neither legally nor contractually required. However, it is not possible to process the application without the data, as the provision of your data is necessary for the conclusion of a contract with us.

You can revoke your consent at any time. The revocation can be made informally with the subject “Objection” or “Revocation”, stating your name, address and e-mail address, and should be addressed to:

GHM Gesellschaft für Handwerksmessen mbH
Paul-Wassermann-Str. 5,
81829 Munich Germany
F +49 (0)89 189 149-239
E-mail personal@ghm.de

5. Information on the tools used

The GHM website uses various services and applications (collectively “tools”) that are offered either by us or by third parties. are used. In particular, this includes tools that use technologies to store or access information on the end device:

Cookies: Information stored on the end device, consisting in particular of a name, a value, the storing domain and an expiry date. So-called session cookies (e.g. PHPSESSID) are deleted after the session, while so-called persistent cookies are deleted after the specified expiry date. Cookies can also be removed manually.
Web storage (local storage / session storage): Information stored on the end device, consisting of a name and a value. Information in session storage is deleted after the session, while information in local storage has no expiry date and remains stored unless a mechanism for deletion has been set up (e.g. storage of a local storage with a time entry). Information in local and session storage can also be deleted manually.
JavaScript: Programming codes (scripts) embedded or called up in the website that, for example, set cookies and web storage or actively collect information from the end device or about the user behaviour of visitors. JavaScript can be used for “active fingerprinting” and the creation of user profiles. JavaScript can be blocked by a setting in the browser, although most services will then no longer work.
Pixel: tiny graphic automatically loaded by a service, which can make it possible to recognise visitors by automatically transmitting the usual connection data (in particular IP address, information about the browser, operating system, language, address called up and time of the call) and, for example, to determine whether an e-mail has been opened or a website visited. With the help of pixels “passive fingerprinting” and the creation of usage profiles. The use of pixels can be prevented, for example, by blocking images, such as in emails, although the display is then severely restricted.

With the help of these technologies and also by simply establishing a connection on a page, so-called “fingerprints” can be created, i.e. user profiles that do not require the use of cookies or web storage and can still recognise visitors. Fingerprints based on the connection setup cannot be completely prevented manually.

Most browsers are set by default to accept cookies, the execution of scripts and the display of graphics. However, you can usually adjust your browser settings so that all or certain cookies are rejected or scripts and graphics are blocked. If you completely block the storage of cookies, the display of graphics and the execution of scripts, our services may not function properly or at all.

In the following, the tools we use are listed by category, whereby we inform you in particular about the providers of the tools, the storage duration of cookies or information in local storage and session storage as well as the transfer of data to third parties. Furthermore explains in which cases we obtain your voluntary consent to use the tools and how you can revoke this consent.

5.1 Legal basis and cancellation

5.1.1 Legal basis

We use tools necessary for website operation on the basis of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR in order to provide the basic functions of our website. In certain cases, these tools may also be necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, in which case the processing is carried out in accordance with Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

We use all other non-essential (optional) tools that provide additional functions on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. Data processing using these tools only takes place if we have received your consent for this in advance.

If personal data is transferred to third countries (e.g. the USA), we refer you to Section 6 (“Data transfer to third countries”), also with regard to any associated risks. We will inform you if an adequacy decision exists for the third country in question or if standard contractual clauses or other guarantees have been concluded for the use of certain tools. If you have given your consent to the use of certain tools and the associated transfer of your personal data to third countries, we will (also) transfer the data processed when using the tools to third countries on the basis of this consent in accordance with Art. 49 para. 1 lit. a GDPR.

5.1.2 Obtaining your consent

To obtain and manage your consent, we use the tool CookieFirst by Digital Data Solutions B.V., Plantage Middenlaan 42a, 1018 DH Amsterdam, The Netherlands (“CookieFirst”). This generates a banner that informs you about data processing on our website and gives you the opportunity to consent to all, individual or no data processing using optional tools. This banner appears the first time you visit our website and when you call up the selection of your settings again in order to change them or revoke your consent. The banner will also appear on subsequent visits to our website if you have deactivated the storage of cookies or if the cookies or information in CookieFirst’s local storage have been deleted or have expired.

During your visit to the website, your consent or revocation, your IP address, information about your browser, your end device and the time of your visit are transmitted to CookieFirst. CookieFirst also stores necessary information on your end device in order to document your consents and revocations. For this purpose, the cookie “cookiefirst-consent” (1 year) is set and the scripts “cookiefirst-consent” and “cookiefirst-id” are stored in local storage.

Data processing by CookieFirst is necessary to provide you with the legally required consent management and to fulfil our documentation obligations. The legal basis for the use of CookieFirst is Art. 6 para. 1 lit. f GDPR, justified by our interest in fulfilling the legal requirements for consent management. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

5.1.3 Revoking your consent or changing your selection

You can revoke your consent for certain tools, i.e. for the storage and access to information in the end device, the processing of your personal data and the transfer of your data to third countries, at any time with effect for the future. To do so, click on the fingerprint symbol in the right-hand corner of the website. There you can also change the selection of tools you wish to consent to the use of and obtain additional information on the tools used. Alternatively, you can assert your cancellation directly with the provider for certain tools.

5.2 Necessary tools

We use certain tools to enable the basic functions of our website (“necessary tools”). These include, for example, tools to prepare and display website content, to manage and integrate tools, to provide payment processing services, to detect and prevent fraud and to ensure the security of our website. Without these tools, we would not be able to provide our service. Therefore, necessary tools are used without consent.

The legal basis for necessary tools is the necessity to fulfil our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR in the provision of the respective basic functions and the operation of our website. In cases where the provision of the respective website functions is necessary for the fulfilment of a contract or for the implementation of pre-contractual measures, the legal basis for data processing is Art. 6 para. 1 lit. b GDPR. Access to and storage of information in the end device is absolutely necessary in these cases and is carried out on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 2 TTDSG.

In the event that personal data is transferred to third countries (e.g. Australia), we refer to Section 6 (“Data transfer to third countries”) in addition to the information provided below.

Own tools

We use our own necessary tools that access information in the end device or store information on the end device, in particular

to save your language settings,
to note that information placed on our website has been displayed to you – so that it is not displayed again the next time you visit the website.

5.3 Functional tools

We also use optional tools to improve the user experience on our website and to offer you more functions (“functional tools”). Although these are not absolutely necessary for the basic functions of the website, they can bring considerable benefits to visitors, particularly in terms of user-friendliness and the provision of additional communication, display or payment channels.
This may include, in particular, the integration of external content such as maps and videos as well as logging in via an existing social network account.

The legal basis for the functional tools is your consent in accordance with Art. 6 para.
1 lit. a GDPR, which you give via the consent banner or with the respective tool itself by individually authorising its use via a banner (overlay) placed above it. The access
to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 3.1.3: “Revoking your consent or changing your selection”.

In the event that personal data is transferred to third countries (e.g. Australia), your consent expressly extends to the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 6 (“Data transfer to third countries”) for the associated risks.

5.3.1 Google Tag Manager

Our website uses Google Tag Manager, a service provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”).

The Google Tag Manager is used exclusively to manage website tools by integrating so-called website tags. A tag is an element that is stored in the source code of our website in order to execute a tool, for example through scripts. If these are optional tools, they will only be integrated by Google Tag Manager with your consent. The Google Tag Manager uses JavaScript and does not require the use of cookies.

The legal basis is Art. 6 para. 1 lit. f GDPR, based on our legitimate interest in integrating and managing several tags on our website in an uncomplicated manner.

Google collects information about which tags are integrated through our website in order to ensure stability and functionality when using Google Tag Manager. However, Google Tag Manager does not store any personal data beyond the mere establishment of a connection, in particular no data about user behaviour or the pages visited.

We have concluded a data processing agreement with Google Ireland Limited.
In addition, Google is certified in accordance with the Data Privacy Framework and thus guarantees an appropriate security standard in the event of a third country transfer to the USA.

Further information can be found in Google’s information on the Tag Manager: https://support.google.com/tagmanager/answer/6102821.

5.3.2 Google Maps

Our website uses the map service Google Maps, which is provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC 1600 Amphitheatre Parkway Mountain View, CA 94043, USA (together “Google”). In order for the Google map material used by us t o be integrated and displayed in your web browser, your web browser must establish a connection to a Google server, which may also be located in the USA, when you access our website. In addition, JavaScript is used by Google Maps for the functionality of the map service, which accesses information on your end device.

The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

By integrating the map material, Google receives the information that a page of our website has been accessed from the IP address of your device. If you access the Google map service on our website while you are logged into your Google profile, Google can also link this event to your Google profile. If you do not wish to be associated with your Google profile, you must log out of Google before accessing our contact page. Google also uses your data for the purposes of advertising, market research and personalised presentation of Google Maps.

Further information can be found here:

in the privacy policy of Google: https://policies.google.com/privacy;
the Additional Terms of Use for Google Maps: https://www.google.com/intl/de/help/terms_maps/.

5.4 Analysis tools

In order to improve our website, we use optional tools to recognise visitors and to statistically record and analyse general user behaviour based on access data (“analysis tools”). We also use analysis services to evaluate the use of our various marketing channels. The usage information collected is processed in aggregated form and enables us to track the usage habits of our visitors. This serves to optimise the design to adapt and optimise our website and to make the user experience more pleasant.

The legal basis for the analysis tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see 3.3: “Revoking your consent or changing your selection”.

In the event that personal data is transferred to third countries (e.g. Australia), your consent expressly extends to the transfer of data (Art. 49 para. 1 lit. a GDPR). Please refer to section 5 (“Data transfer to third countries”) for the associated risks.

5.4.1 Google Analytics

Our website uses the service Google Universal Analytics 4 (“Google Analytics”), which is provided for persons from Europe, the Middle East and Africa (EMEA) by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).

Google Analytics uses JavaScript and pixels to read information on your end device, as well as cookies to store information on your end device. This is used to analyse your usage behaviour and improve our website. We will process the information obtained to analyse your use of the website and to compile reports on website activity for the website operator. The data collected in this context may be transmitted by Google to a server in the USA for analysis and stored there.

As part of the evaluation, Google Analytics 4 also uses artificial intelligence such as machine learning to automatically analyse and enrich the data. This is done in particular for forecast metrics on the future behaviour of visitors based on structured event data, such as predicted sales, purchase probability and churn probability. The forecast metrics can also be used for forecasting target groups.

You can find out more about this at:
https://support.google.com/analytics/answer/9846734.

In addition, Google Analytics 4 models conversions if there is not enough data available to optimise the analysis and reports. Information on this can be found at:
https://support.google.com/analytics/answer/1071024 5.

The data analyses are carried out automatically with the help of artificial intelligence or on the basis of specific, individually defined criteria. You can find more information on this at:
https://support.google.com/analytics/answer/9443595.

We have made the following data protection settings for Google Analytics:

IP anonymisation (shortening of the IP address before evaluation);
Automatic deletion of old visit logs by limiting the storage period to 14 months;
No resetting of the storage period for new activity;
Deactivation of the recording of precise location and position data;
Deactivation of the recording of precise device data;
Deactivated advertising function (including target group remarketing by GA Audience);
Deactivated remarketing;
Deactivated cross-device and cross-page tracking;
Deactivated data sharing with other Google products and services, benchmarking, technical support, account manager.

The following data is processed by Google Analytics:

IP address;
Referrer URL (previously visited page);
Pages accessed (date, time, URL, title, duration of visit);
Events (e.g. scrolling activity, downloaded files, clicked links to other websites, interaction with videos and forms, search queries)
if applicable, achievement of certain goals (conversions);
Technical information: Operating system; browser type, version and language; device type, make, model and resolution;
Approximate location (country and, if applicable, city, based on anonymised IP address).

Google Analytics sets the following cookies for the specified purpose with the respective storage duration:

“ga” (2 years), “_gid” (24 hours): Recognises and distinguishes visitors by means of a user ID;
“_ga[GA-ID]” (2 years): Retention of information from the current session
“gac_gb[GA-ID]” (90 days): Storage of campaign-related information and, if applicable, link to Google Ads conversion tracking
IDE” if applicable (390 days): Recognition and differentiation of visitors through a user ID, recording of interaction with advertising, display of personalised advertising

You can find more information about Google Analytics 4 cookies at:
https://support.google.com/analytics/answer/11397207?hl=de.
The legal basis for this data processing is your consent in accordance with Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG.

We have concluded an order processing agreement with Google Ireland Limited for the use of Google Analytics. In the event that personal data is transferred from Google Ireland Limited to the USA, the Data Privacy Framework applies, according to which Google is certified and guarantees an appropriate security standard. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR.

Further information can be found in Google’s privacy policy: https://support.google.com/analytics/answer/6004245.

5.4.2 Pinterest Tag

Our website uses the “Pinterest Tag” service of the social network Pinterest, which is provided for users from the European Economic Area by Pinterest Europe Ltd, Palmerston House, 2nd Floor, Fenian Street, Dublin 2, Ireland and for users from the USA by Pinterest Inc, 651 Brannan Street, San Francisco, CA 94107, USA (together referred to as “Pinterest”).
“Pinterest”) is offered.

We use the Pinterest tag to analyse the general use of our websites and to track the effectiveness of Pinterest advertising and our advertising campaigns (“conversion tracking”). We also use the Pinterest tag to divide you into target groups based on your interest in our products and to play out individualised advertising messages (“retargeting”). For this purpose, Pinterest processes data that the service collects via cookies, web beacons and comparable storage technologies on our websites. The data collected in this context may be transferred by Pinterest to a server in the USA for analysis and stored there.

The following cookies are set by Pinterest:

“_pin_unauth” and “_pinterest_ct_ua” (1 year): Recognition of users, storage of a user ID for unregistered users, usage analysis;
“_pinterest_sess” (1 year): Registration of users, recognition of users, storage of user ID for registered users, usage analysis.

Further information on cookies for the Pinterest tag can be found at:
https://help.pinterest.com/en/business/article/pinterest-tag-parameters-and -cookies.

The legal basis for this data processing is your consent in accordance with
Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

If you are a Pinterest member and have authorised Pinterest via the privacy settings of your account, Pinterest can also link the information collected about your visit to our website to your member account and use it for the targeted placement of Pinterest ads. You can view and change the privacy settings of your Pinterest profile at any time:
https://help.pinterest.com/de/article/edit-personalization-settings.

If you have not consented to the use of the Pinterest tag, Pinterest will only display general Pinterest ads that are not selected based on the information collected about you.

Further information can be found in Pinterest’s privacy policy:
https://policy.pinterest.com/de/privacy-policy.

5.5 Marketing tools

We also use optional tools for advertising purposes (“marketing tools”). Some of the access data collected when you use our website is used to create usage profiles, which in particular store your usage behaviour, the advertisements you have viewed or clicked on and, based on this, the classification into advertising categories, interests and preferences. By analysing and evaluating this access data, we are able to show you personalised advertising, i.e. advertising that corresponds to your actual interests and needs, on our website and on the websites and services of other providers. We also analyse your usage behaviour in order to recognise you on other sites and to address you in a personalised manner based on your use of our site (so-called retargeting). In addition, we analyse the effectiveness and success of our advertising campaigns (in particular so-called conversions and leads).

Marketing tools also include optional social network tools that are used to share posts and content via these networks (“social media plugins”).

The legal basis for the marketing tools is your consent in accordance with Art. 6 para. 1 lit. a GDPR, which you give via the consent banner or with the respective tool itself by individually authorising its use via a banner (overlay) placed above it. The access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. To revoke your consent, see: “Revoking your consent or changing your selection”.

In the following section, we would like to explain the tools and the providers used for this in more detail. The data collected may include in particular

the IP address of the device;
the information of a cookie and in local or session storage;
the device identifier of mobile devices (e.g. device ID, advertising ID);
Referrer URL (previously visited page);
Pages accessed (date, time, URL, title, length of visit);
Downloaded files;
Clicked links to other websites;
If applicable, achievement of certain goals (conversions);
Technical information: Operating system; browser type, version and language; device type, make, model and resolution;
Approximate location (country and city if applicable).

However, the data collected is only stored under a pseudonym, so that no direct conclusions can be drawn about individuals.

5.5.1 Google Ad Manager (formerly Doubleclick)

Our website uses Google Ad Manager, which is provided for persons from the European Economic Area and Switzerland by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland and for all other persons by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (together “Google”).

Google Ad Manager uses pixels and scripts to show you adverts that are relevant to you. The use of the service enables Google and its partner websites to display adverts based on previous visits to our or other websites on the Internet. In addition, this service is u s e d to create and analyse reports on advertising campaigns. The service is also used to avoid multiple displays of the same adverts and to generate commission statements. The data collected in this context may be transferred by Google to a server in the USA for analysis and stored there.

The legal basis for this data processing is your consent in accordance with
Art. 6 para. 1 lit. a GDPR. Access to and storage of information in the end device then takes place on the basis of the implementation laws of the ePrivacy Directive of the EU member states, in Germany according to § 25 para. 1 TTDSG. The transfer of your data to the USA and other third countries is based on your express consent in accordance with Art. 49 para. 1 lit. a GDPR.

If you have not consented to the use of Google Ad Manager, Google will only display general advertising that has not been selected based on the information collected about you on this website. In addition to withdrawing your consent, you also have the option of opting out of personalised advertising in Google’s advertising settings. deactivate: https://adssettings.google.com/notarget.

Further information can be found in Google’s privacy policy: https://policies.google.com/privacy.

5.5.2 LinkedIn Insight

Our website uses the LinkedIn Insight Tag service of LinkedIn Ireland, Wilton Plaza, Wilton Place, Dublin 2, Ireland (“LinkedIn”). This enables us to collect and analyse statistical data about your visit and use of our website. This enables us to show you interest-based and relevant offers, recommendations and advertising on LinkedIn (retargeting). The effectiveness of advertisements i s also analysed in this context (conversion tracking). LinkedIn uses cookies, pixels and JavaScript for this purpose.

The following cookies are set and read by LinkedIn:

“long” (session): Saves the language setting;
“lidc” (24 hours): Optimisation of data centre selection;
“lissc” (1 year): Cookie that allows all cookies in the same browser to use the same SameSite attribute;
“bcookie” (2 years): Prevention of misuse;
“UserMathHistory” (30 days): Usage analysis, synchronisation of IDs with LinkedIn Ads;
“li_gc” (2 years): Storage of the user’s consent;
“AnalyticsSyncHistory” (30 days): Storage for synchronising information on LinkedIn members.

Further information on cookies can be found at:
https://www.linkedin.com/legal/l/cookie-table.

If you are logged in to LinkedIn while you visit our website, LinkedIn may link the information collected to your member account and use it to target advertising on LinkedIn. You can view your privacy settings on LinkedIn at the following link: https://www.linkedin.com/psettings/enhanced-advertising.

We have concluded a data processing agreement with LinkedIn. The data collected in this context may be transmitted by LinkedIn to a server in the USA and stored there. In the event that personal data is transferred to the USA or other third countries, we have concluded standard contractual clauses with LinkedIn (Implementing Decision (EU) 2021/914, Module 2) in accordance with Art. 46 para. 2 lit. c GDPR. In addition, we also obtain your express consent for the transfer of your data to third countries in accordance with Art. 49 para. 1 lit. a GDPR.

For further information, please refer to LinkedIn’s privacy policy: https://www.linkedin.com/legal/privacy-policy.

5.5.3 Meta Pixel (formerly Facebook Pixel)

For marketing purposes, our websites use the “Meta Pixel” service, which is provided for persons outside the USA and Canada by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and for all other persons by Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA (together “Meta Platforms”).

We use meta pixels to analyse the general use of our websites (in particular
“Events”) and to track the effectiveness of advertising (“Conversion Tracking”). We also use meta pixels to display personalised advertising messages in the social networks of meta platforms (such as Facebook and Instagram) based on your interest in our products (“retargeting”). This also involves target group remarketing through Custom Audience. The data collected in this context may be used by Meta Platforms are transmitted to a server in the USA for analysis and stored there.

Meta Platforms processes data that the service collects via JavaScript, cookies and other technologies on our websites. This includes in particular

HTTP header information such as information about the browser used (e.g. user agent, language);
Information on events such as “page view”, other object properties and buttons clicked by visitors to the website;
Online identifiers such as IP addresses and, where provided, Facebook business-related identifiers or device IDs (such as advertising IDs for mobile operating systems) and information on the status of deactivation/restriction of ad tracking.

The following cookies are set and read by Meta-Pixel for the specified purpose with the respective storage duration:

“_fbp” (3 months): Usage analysis and retargeting;
“fr” (3 months): Display of adverts, usage analysis, conversion tracking.

Meta Platforms acts as our processor for matching, measurement and analysis services, in particular for analysing the use of our website, matching user IDs and generating reports on our advertising campaigns. We have therefore concluded an order processing agreement. In addition, Meta is certified according to the Data Privacy Framework and thus guarantees an appropriate security standard in the event of a third country transfer to the USA.

In addition, we and Meta Platforms are jointly responsible for the processing of event data for the targeting of advertisements (through the creation and selection of target groups), the delivery of commercial and transactional messages, the improvement of ad delivery and the personalisation of functions and content in the context of the use of Meta Pixel. The mutual obligations were set out in a joint contract, which can be accessed at the following address can: https://www.facebook.com/legal/controller_addendum.

Meta Platforms also processes the Event Data for the protection and security of Meta Platforms’ products, for research and development purposes and to maintain the integrity of the products and improve them.

If you are a member of Facebook or Instagram and have allowed Meta Platforms to do so via your account’s privacy settings, Facebook or Instagram may also associate the information collected about your visit to our website with your member account and use it for the targeted placement of adverts. You can view and change the privacy settings of your Facebook profile at any time: https://www.facebook.com/settings/?tab=ads.

You can prevent the linking of data collected outside Instagram for the display of personalised advertising in Instagram as follows: https://de-en.facebook.com/help/instagram/2885653514995517?locale=en_DE.

If you have not consented to the use of meta pixels, Meta Platforms will only display generic adverts that are not selected on the basis of the information collected about you on this website.

Further information, in particular on joint responsibility and contact details, can be found in Meta Platforms’ data protection notices, in particular for the social networks Facebook and
Instagram: https://www.facebook.com/about/privacy/.

6. Data transfer to third countries

As explained in this privacy policy, some of the foreign representatives and services we use are based in so-called third countries (outside the European Union or the European Economic Area) or process personal data there, i.e. countries whose level of data protection does not correspond to that of the European Union. If this is the case and the European Commission has not issued an adequacy decision for these countries (Art. 45 GDPR), we have taken appropriate precautions to ensure an adequate level of data protection for any data transfers. These include the standard contractual clauses of the European Union or binding internal data protection regulations.

Where this is not possible, we base the transfer of data on exceptions under Art. 49 GDPR, in particular your express consent or the necessity of the transfer for the fulfilment of the contract or for the implementation of pre-contractual measures. With regard to the transfer of data to foreign representations, the transfer is necessary for the fulfilment of the contract (Art. 49 para. 1 lit. b/c GDPR); otherwise it takes place on the basis of express consent despite the lack of adequate data protection in third countries outside the EU and the associated risks (Art. 49 para. 1 lit. a GDPR).

If a transfer to a third country is planned and no adequacy decision or suitable guarantees exist, it is possible and there is a risk that authorities in the respective third country (e.g. secret services) may gain access to the transferred data in order to collect and analyse it, and that the enforceability of your data subject rights cannot be guaranteed. When obtaining your consent via the consent banner, you will also be informed of this.

7. Changes to our privacy policy

We reserve the right to amend this privacy policy so that it always complies with current legal requirements or to implement changes to our services in the privacy policy, e.g. when introducing new services. The new privacy policy will then apply to your next visit.

8. Translations of our privacy policy

Translations of our privacy policy into other languages are provided solely for the sake of user-friendliness (“for convenience only”). Only the German version is legally binding.

Status: 24 January 2024