Contact

Tel.: 089 2488 153-00

Privacy Information

As of March 18, 2021

doo is an event management platform that enables event organizers to organize events, sell tickets for their events and carry out the associated communication and administration.

We at doo take the protection of your personal data very seriously. We always treat your personal data in accordance with the statutory data protection regulations and this data protection declaration.

With this data protection information, we would like to inform you about which personal data is collected and processed for which purposes via our website and via our event management platform.

We distinguish between the following areas:

VISIT OUR WEBSITE CREATION OF EVENTS WITH THE DOO EVENT MANAGEMENT PLATFORM REGISTRATION FOR AN EVENT OFFERS AND APPLICATIONSVIDEO CONFERENCES AND WEBINARSGENERAL PRIVACY INFORMATION

RESPONSIBLE

doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany, telephone: 49 (0)89 2488 153-0, e-mail: kontakt@doo.net is responsible.

DATA PRIVACY OFFICER

Our data protection officer is Christian Schmoll, attorney at law, Kaiserplatz 2, 80803 Munich, telephone 49 (89) 4622 7322, email: schmoll@dp.institute

If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly.

1. VISIT OUR WEBSITE

1.1 LOG FILES

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the end device you are using must be processed. There is also further information about the browser of your end device.

We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.

The following data is logged for this purpose:

· IP address of the calling computer

· Operating system of the calling computer

· Browser version of the calling computer

· Name of retrieved file

· Date and time of retrieval

· Amount of data transferred

· Referring URL

The data is also used to correct errors on the website.

Our website is hosted by a service provider in the European Economic Area. There is an order processing agreement in accordance with Art. 28 GDPR.

The legal basis for this data processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.

1.2 CONTACTING AND REQUESTING INFORMATION AND OFFERS

If you contact us via e-mail, contact forms or our live chat, for example to request information or an offer or for other inquiries in connection with the doo event management platform, the information you provide will be used for the purpose of processing the Request saved. We need the information requested in the contact form on the website in order to process your request, address you correctly and send you an answer.

The legal basis for this data processing is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest is communication with customers and prospects.

If contact is aimed at concluding a contract, the additional legal basis for processing is the necessity of processing for the performance of a contract in accordance with Article 6 (1) (b) GDPR.

For our contact form and our chat function on the website, we use an external service provider as a processor on the basis of an order processing agreement in accordance with Art. 28 GDPR. Personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.3 CUSTOMER DATABASE AND DIRECT ADVERTISING

Inquiries and orders are usually stored in our CRM system. This data can be used by us for direct advertising measures. You can object to such use for direct marketing at any time. Details on your right to object can be found below under “Your rights”.

The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or prospective customer relationship or if the customer's conflicting interests prevail, we will delete the data in question, provided that there are no legal storage obligations to the contrary.

The legal basis for this storage and processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the maintenance of our customer relationships and the implementation of direct marketing measures.

1.4 NEWSLETTER

1.4.1 NEWSLETTER REGISTRATION

On our website you can register to receive a newsletter by email. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. Your consent will be obtained for the processing of the data during registration and reference will be made to this data protection information.

In order to check that the actual owner of an e-mail address has registered for the sending of a newsletter, we use the so-called "double opt-in" procedure. After registering an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time the confirmation link was activated are also transmitted to us.

Registration for the newsletter can be terminated at any time. by using the unsubscribe link contained in each newsletter or by contacting us using the contact details given for the responsible body.

The legal basis for processing the data after registering for the newsletter is your consent in accordance with Article 6 (1) (a) GDPR.

1.4.2 E-MAIL NEWSLETTER AS PART OF AN EXISTING CUSTOMER RELATIONSHIP

If you register as a user of the doo event management platform and enter your e-mail address, it can subsequently be used by us to send an e-mail newsletter, provided you have not objected to such use . In such a case, only direct advertising for similar goods or services will be sent via the e-mail newsletter. You can object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates by using the unsubscribe link contained in every newsletter or by contacting us using the contact details given for the responsible body.

The legal basis for sending the newsletter as a result of the sale of goods or services is our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR (in Germany in connection with Section 7 Para. 3 UWG).

1.4.3 NEWSLETTER-ANALYSE

A statistical evaluation of usage data can be carried out for our newsletters. For this purpose, we may record both the opening of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the content of the newsletter more relevant to our target group.

The legal basis for this analysis is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the evaluation and optimization of communication with customers and interested parties.

1.4.4 NEWSLETTER SERVICE PROVIDER

For the sending and analysis of our newsletter, we use an external service provider as a processor on the basis of an order processing agreement in accordance with Art. 28 GDPR.

Personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.5 BLOG

You can comment on articles on our blog. We use the comment system of the external provider DISQUS, Inc., USA.

To comment on an article on the blog, you must be logged in. DISQUS enables such registration either via a DISQUS account or via an account on Facebook, Twitter or Google Plus ("social media networks"). If you register with your account on a social media network for the comment function, the social media network will also collect and process information about your use of the DISQUS function. For detailed information on this data collection and processing, please refer to the data protection information of the respective social media network.

When you register for the DISQUS comment function, we receive your e-mail address and your IP address, which was used when entering a comment. We need and process this information exclusively for the purpose of establishing contact in connection with your use of DISQUS, for example if we have questions about your user comment and for security reasons in the event that a comment violates the rights of third parties or illegal content is posted.

If you comment on an article in our blog, information about the time of the comment and, if applicable, the user name (pseudonym) you have chosen will be stored and published in addition to your comment.

The legal basis for data collection as part of the comment function is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is, on the one hand, the evaluation and optimization of communication with customers and interested parties within the framework of the blog and, on the other hand, the protection of our rights and the enabling of our legal defense in the event of abusive or illegal use of the comment function.

1.6 CUSTOMER SERVICE REGISTRATION

You can register with our customer service portal. You can then access your requests made to customer service at any time and check their status. The data provided during registration will be used for the purpose of using the customer service portal. The mandatory information requested during registration must be provided in full; all other information in your profile, for example uploading a profile picture, is voluntary. The e-mail address you provided during registration will be verified by sending a confirmation e-mail in which you must confirm your e-mail address by clicking on a link.

The legal basis for this storage and processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is maintaining our customer relationships. If contact is made with the aim of concluding a contract or within the framework of an existing contractual relationship, the additional legal basis for processing is the necessity of processing for the fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.

You can have the data you provided when registering for the customer service portal deleted at any time. If you delete your registration, the data relating to the respective account will be deleted, subject to their storage being necessary for commercial or tax reasons. Please contact us to delete your account using the contact details given for the responsible body.

1.7 COOKIES

Our website uses cookies. Cookies are information that is transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Information is stored in cookies that arises in connection with the specific end device used. Cookies contain a characteristic character string that enables the browser to be clearly identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we are immediately informed of your identity.

On the one hand, cookies are set when you visit our website, which are absolutely necessary for the operation of the website. These essential cookies can, for example, be cookies that are required to display the website with a content management system (e.g. TYPO3), which are used to recognize language settings or to document whether you have consented to the setting of further (not -essential) cookies have consented or whether you have rejected them.

The legal basis for the processing of personal data using essential cookies is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our overriding legitimate interest is the operation of our website.

We also use non-essential cookies, for example to collect additional information about the interests of visitors to our website or their usage behavior in order to analyze and optimize our website and our customer interactions in general on this basis.

The legal basis for the processing of personal data using such non-essential cookies is your express consent, which we ask you to give when you visit our website before non-essential cookies are set.

1.8 RETARGETING-/REMARKETING-SERVICES

These marketing services make it possible to target advertisements for our website and on our website in order to only show you advertisements that potentially match your interests. A cookie is used to record in your browser which websites on which such marketing services are active you have visited and what content you were interested in there. In addition, additional information such as IP address, browser, operating system, time stamp, referring website is collected. If you subsequently visit other websites where such marketing services are active, you may be shown advertisements tailored to your interests.

The legal basis for the processing of personal data when using retargeting/remarketing services is your express consent in accordance with Article 6 (1) (a) GDPR.

1.8.1 LINKEDIN ADS

We use the LinkedIn Ads retargeting service from LinkedIn Ireland Unlimited Company in Ireland. LinkedIn sets cookies.

Further information on data protection at LinkedIn can be found in the LinkedIn Privacy Policy here:

https://www.linkedin.com/legal/privacy-policy

You can prevent the storage of cookies by setting your browser accordingly. You can object to the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations here:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

When using LinkedIn Ads, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.8.2 FACEBOOK CUSTOM AUDIENCES

We also use the retargeting service Facebook Custom Audiences from Facebook, Inc. in the USA. Facebook Custom Audiences uses a so-called tracking pixel. When our website is accessed, this pixel is retrieved from a Facebook URL that has certain parameters and transmits information to Facebook, which Facebook uses to display targeted advertising. However, no individual persons are addressed, only groups of users who exhibit similar behavior. Facebook uses a so-called hashing process for this, in which personal data is encrypted in such a way that Facebook can no longer assign it to individual users.

Further information on this can be found in Facebook's data protection declaration at https://www.facebook.com/about/privacy

When using Facebook Custom Audiences, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.8.3 GOOGLE-MARKETING-SERVICES

We also use marketing services from Google Ireland Limited, e.g. AdWords, Conversion Tracking, AdSense and Google Marketing Platform, Google uses cookies and so-called web beacons.

You can prevent the storage of cookies by setting your browser accordingly. If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences

Further information on the use of data by Google, setting and objection options can be found here:

Google's data protection declaration: https://www.google.com/policies/privacyData use by Google when using websites or apps on which Google services are used: https://www.google.com/intl/de/policies /privacy/partnersUse of data for advertising purposes: http://www.google.com/policies/technologies/adsManagement of information used by Google to display personalized advertising: http://www.google.de/settings/ads

When using Google Marketing Services, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.9 WEBANALYTICS

We use web analytics services on our website or parts of the website to record how our website is used by its visitors and to optimize the website as a whole and its presentation.

The legal basis for this data processing when using web analytics is your express consent in accordance with Article 6 (1) (a) GDPR.

1.9.1 GOOGLE ANALYTICS

We use the web analysis service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited. Cookies are set as part of Google Analytics.

As part of IP anonymization, the IP address collected by Google within the European Economic Area is shortened before it is sent to the USA. Only in exceptional cases will the unabridged IP address be sent to Google in the USA and shortened there. The transmitted IP addresses are not merged with other Google data.

You can prevent the storage of cookies by setting your browser accordingly. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link, which Google Analytics communicates via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics:

http://tools.google.com/dlpage/gaoptout?hl=de

When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.9.2 LINKEDIN ANALYTICS

We also use the web analytics service LinkedIn Analytics from LinkedIn Ireland Unlimited Company in Ireland. LinkedIn Analytics uses cookies.

Further information on data protection at LinkedIn can be found in the LinkedIn Privacy Policy at https://www.linkedin.com/legal/privacy-policy. It also describes how you can object to the collection and storage of data by LinkedIn for the purpose of web analysis at any time with effect for the future. You can also prevent the storage of cookies by setting your browser accordingly.

When using the LinkedIn Analytics service, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

1.10 SOCIAL MEDIA-BUTTONS

Social media buttons from the social media networks Facebook, Twitter, LinkedIn and Xing are integrated on our website.

If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the respective social media network page, the information transmitted can be assigned to your account with the social media network.

Information on the purpose and scope of the data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection can be found in the respective data protection information of the providers of the social media networks.

The legal basis for the integration and use of the social media buttons is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

1.11 SOCIAL MEDIA-PAGES

We maintain a publicly accessible profile on the social media networks Facebook, Twitter, LinkedIn and Xing (“social media pages”).

If you visit one of our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account on the social media network and enrich it there . Even if you are not logged in or if you do not have an account with the respective social media network, data about you can be collected by the provider of the respective social media network, for example your IP address or data via a cookie be collected.

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. With regard to information about the collection and processing of your personal data taking place there, we refer you to the data protection information of the respective social media network. We do not have any further information on this.

We will be happy to provide you with information on suitable guarantees for data transmission to third countries in accordance with Art. 46 GDPR at any time upon request.

Your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) you can assert against us as well as against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights of those affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.

1.12 SOCIAL SHARING

Social sharing buttons make it possible to publish a link to certain content on our website, for example to an article in our blog, directly on your respective page on the social media networks (Facebook, Twitter, LinkedIn, Xing). The social sharing buttons are provided by the provider of the respective social media network. Every time you visit a website on which such a social sharing button is integrated, the social sharing button is downloaded from the provider of the respective social media network. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider.

If you click on a social sharing button and are either logged in to the respective social media network or then log in in the window that opens, the information transmitted can be assigned to your account on the social media network.

Information on the purpose and scope of the data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection can be found in the data protection information of the providers of the social media networks:

Facebook: http://www.facebook.com/policy.phpTwitter: https://twitter.com/privacyLinkedIn: https://www.linkedin.com/legal/privacy-policyXing: https://www.xing.com/privacy

The legal basis for this data processing when integrating and using the social sharing buttons is Article 6 (1) (f) GDPR. Our legitimate interest is the marketing of our offers and our website.

1.13 WRITINGS

In order to display the content of our website correctly and graphically appealing across browsers, we use font and script libraries on this website, e.g. the font library of MyFonts, Inc. Calling up font and font libraries automatically triggers a connection to the operator of the respective library. It is possible that your personal data, in particular your IP address, will be collected.

You can prevent the use of such libraries and the associated data transmission by installing a Java Script blocker (e.g. www.noscript.net).

Due to the license terms of MyFonts, Inc., we use the MyFonts Counter, a web analysis service that carries out page view tracking, in which the number of visits to the website is counted for statistical purposes and transmitted to MyFonts. For more information about MyFonts Counter, see the MyFonts privacy policy:

http://www.myfonts.com/info/terms-and-conditions/#Privacy.

The legal basis for this data processing when using such libraries is Article 6 (1) (f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

1.14 RECAPTCHA

We use the reCAPTCHA service from Google Ireland Limited. This service is used to distinguish whether the input in a form is made by a natural person or abusively by machine and automated processing. As part of reCAPTCHA, your IP address and other data required by Google for the reCAPTCHA service will be transmitted to Google. For more information about Google Inc.'s privacy policy, visit https://www.google.com/intl/de/policies/privacy/.

The legal basis for this data processing when using reCAPTCHA is Article 6 (1) (f) GDPR. Our legitimate interest is the security of our website and protection against spam.

When using reCAPTCHA, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

2. CREATION OF EVENTS WITH THE DOO EVENT MANAGEMENT PLATFORM

In the following we will inform you about which personal data is collected and processed when using the doo event management platform to create events as an organizer ("organizer").

2.1 ACCOUNT

If you create an account for using the doo event management platform as an organizer, we collect and process your personal data as the person responsible. We do not collect and process this data on your behalf and on your instructions, but to enable you to use the doo event management platform.

In addition to the data categories shown under point 1, we collect and process the data you requested during registration (surname, first name, e-mail address, telephone number). This is mandatory information because we need this data to fulfill the contract.

You can delete your customer account at any time. To do this, please contact us using the contact details given for the responsible body.

2.2 PAYMENT INFORMATION

If you use paid services, your data and payment information will be processed by the payment service provider NovalNet AG in Germany, which we use to process the payment. doo is not involved in the processing of data when processing payments.

Detailed information on data processing and data protection at NovalNet AG can be found here: https://www.novalnet.de/datenschutz

2.3 PARTICIPANT AND INVITEE DATA

The data of the participants in your events who register for your event via the doo event management platform or whose data is processed in another form using the doo event management platform (e.g. data that is stored "onsite" at an event were collected), and the data of the addressees of your marketing campaigns, for example the list of addressees of your e-mail marketing campaigns that you send via the doo event management platform, and other data that you need for processing in the doo event management platform (“invitee data”), doo processes as a processor on your behalf and on your instructions.

This order processing is regulated in our order processing agreement (AVV), which you can access here

3. REGISTRATION FOR AN EVENT

If you register via the doo event management platform as a participant to take part in an event, doo will process your personal data as part of the registration as the processor of the respective organizer.

The following explains which data is processed as part of the registration for an event and for which purposes.

If the organizer provides its own data protection information as part of the registration for an event, the organizer's own data protection information takes precedence over this data protection information.

All questions that you have about an event and in particular about your personal data (including the assertion of your data subject rights to information, deletion, etc. from Art. 12 - 23 GDPR), please address directly to the organizer as the responsible body. Questions addressed to doo about an event will be forwarded to the respective organizer.

3.1 RESPONSIBLE

The organizer named when registering for the event is responsible in terms of data protection law. The contact details of the organizer can also be found in the registration process.

If the organizer is legally obliged to appoint a data protection officer, or has appointed a data protection officer on a voluntary basis, you can reach him using the contact details provided for the organiser.

3.2 CONTACTING US

If you contact the organizer by e-mail, by telephone or via a contact form to ask questions about the event or to request information, the information you provide will be processed and stored for the purpose of processing the respective request. The information that may be requested when contacting us in this way is required in order to process your request, to address you correctly and to send you an answer.

The legal basis for this data processing is the legitimate interest of the organizer in accordance with Art. 6 Para. 1 lit. f) GDPR in communication with customers or interested parties or the necessity of processing the data to fulfill a contract or to carry out a pre-contractual measure in accordance with Art 6 Paragraph 1 lit. b) GDPR.

3.3 EVENT REGISTRATION

If you register to participate in an event, the organizer processes the data you provide when registering in order to enable you to participate in the event, in particular to send you a confirmation of registration and, if necessary, for identification upon admission to the event Event and, if necessary, to carry out the payment process for paid events.

The legal basis for this is Article 6 Paragraph 1 Letter b) GDPR, the processing of your data is necessary for the fulfillment of the contract for your participation in the event.

If the organizer collects additional data that is not absolutely necessary to fulfill the contract with you, this data collection serves to optimize the event or your event experience, for example to adapt and optimize the event according to the interests of the participants and the target group, and for preparation , evaluation and analysis of the event.

The legal basis for this processing is Art. 6 Paragraph 1 lit. f GDPR, the overriding legitimate interest of the organizer in the optimization, evaluation and analysis of the event.

If you also give your express consent to the processing of certain data for specific purposes when registering, the legal basis for this processing is your consent, which can be revoked at any time, in accordance with Article 6 (1) (a) GDPR.

For the registration for the event, the organizer uses doo as a processor on the basis of order processing in accordance with Article 28 GDPR.

3.4 PAYMENT INFORMATION

If you register for an event that is subject to a fee, your data and payment information will be processed either by NovalNet AG in Germany as the payment service provider or by a payment service provider selected by the organizer. The payment service provider is responsible for this payment data and payment information.

Detailed information on data processing and data protection at NovalNet AG can be found here: https://www.novalnet.com/privacy?auto_toggle=true.

3.5 ATTENDANCE AT AN EVENT

When participating in an event, data can be collected and processed. During admission control, the personal data of the ticket holder stored on the ticket can be collected and processed. If necessary, data at the time of admission and, if necessary, at the time of leaving the event can also be stored.

The legal basis for this is Article 6 Paragraph 1 Letter b) GDPR, the processing of your data is necessary for the fulfillment of the contract for your participation in the event.

If you provide your data as part of participation in the event, in particular by reading an RFID tag or scanning the QR code on your name tag at a trade fair stand, this data will be transmitted by the organizer to the respective operator of the trade fair stand where you are submitted your data. In this case, the further processing and use of your data lies with the operator of the exhibition stand as the person responsible.

doo is used by the respective organizer to carry out admission controls and, if necessary, to collect and transmit data to the operators of exhibition stands as a processor in accordance with Article 28 GDPR.

3.6 CONTACT DATA COLLECTION

If you take part in a face-to-face event, contact details may be collected. This collection of contact data serves to quickly trace chains of infection with the COVID-19 virus. If a participant is found to be infected with the COVID-19 virus, the data collected can be used to determine who the participant potentially came into contact with during the event. These people can then be informed accordingly and undergo a test. In this way, chains of infection can be quickly identified and broken.

Your personal data collected in this context will only be processed for the purposes stated here and for no other purposes. And your data will not be passed on to third parties, except in the event of an infection as described above to the responsible authority.

The stay data is kept safe and confidential and deleted or destroyed after 30 days.

If there is a legal obligation to collect or transmit the data, in particular on the basis of an Infection Protection Act, the legal basis for collecting the residence data and, if necessary, passing it on to the responsible health authority is Article 6 (1) (c) GDPR. In this case, data processing is necessary to fulfill a legal obligation. Unless there is a mandatory legal obligation, data processing is based on Article 6 Paragraph 1 Letter d) GDPR, i.e. to protect the vital interests of the participants and other contact persons of the participants.

3.7 EVENT PHOTOGRAPHY

Photographs and film recordings can be made during the event. These photo and film recordings can show event participants and make them identifiable. These photos and films may be used for public relations and the documentation of the event. The photo and film recordings can be published both offline (print) and online, in particular on the organiser's website or on the organiser's pages on various social media websites (e.g. fan pages on Facebook).

The legal basis for this processing is Art. 6 Paragraph 1 lit. f) GDPR, the overriding legitimate interest of the organizer in the documentation of the event and the use of photos and film recordings of the event for public relations purposes.

If you have consented to the production and publication of photos and films, the legal basis for this processing is your consent, which can be revoked at any time, in accordance with Article 6(1)(a) GDPR.

3.8 FEEDBACK AFTER AN EVENT

After attending an event, you may be contacted by email to collect your feedback on the event. You can object to this contact at any time by contacting the respective organizer using the contact details provided for the organizer. If you give your feedback about the event on the website, the information you provide will only be used to evaluate the event and to optimize future events.

The legal basis for contacting us with a request for your feedback is Art. 6 (1) (f) GDPR. The overriding legitimate interest of the organizer is the evaluation of the event and the optimization of future events.

For the sending of the e-mail with the request for your feedback and, if necessary, the collection and evaluation of your feedback, the organizer uses doo as a processor on the basis of an order processing agreement in accordance with Article 28 DSGVO.

3.9 INVITATIONS TO OTHER EVENTS

If you have registered for an event, the e-mail address you provided when registering can be used by the organizer to send invitations to similar events organized by the organizer by e-mail, provided you have not objected to such use. You can object to this use of your e-mail address at any time, without incurring any costs other than the transmission costs according to the basic rates, by using the unsubscribe link contained in every e-mail or by using the contact details given for the organizer to get in touch with the respective Contact organizer.

The legal basis for this sending of invitations to other events by e-mail is the legitimate interest of the organizer in accordance with Art. 6 Para. 1 lit. f) GDPR (in Germany in connection with Section 7 Para. 3 UWG).

The contact details you provide when registering can also be used to send postal advertising. You can object to this sending of postal advertising at any time by contacting the respective organizer using the contact details provided for the organizer. The reference to this right of objection is repeated in every postal letter.

The legal basis for sending postal advertising is the legitimate interest of the organizer in accordance with Article 6 (1) (f) GDPR. The overriding legitimate interest is the implementation of direct marketing measures to market the events and services of the organizer.

4. JOB OFFERS AND APPLICATIONS

We collect and process the personal data transmitted to us by an applicant for the purpose of carrying out the application process. The data requested as a mandatory field is required to carry out the application process. All other information is voluntary. Applicant data is only made accessible to those people and positions in our company who prepare the hiring decision or are involved in it.

If we conclude an employment contract with an applicant, the transmitted data will be processed to carry out the employment relationship in compliance with the statutory provisions.

If there is an employment relationship, we store the applicant data for as long as they are necessary for the employment relationship and insofar as statutory regulations justify a storage obligation.

If no employment contract is concluded with an applicant, we will store the applicant data for a maximum of three months on the basis of our overriding legitimate interest in enabling the defense against claims or a function to preserve evidence in accordance with applicable equal treatment and anti-discrimination laws. After this period, the application documents will be deleted deleted unless the applicant has expressly consented to longer storage.

The legal basis for the processing of application documents is Article 6 Paragraph 1 Letter b) GDPR.

If the applicant has given us separate consent, we will store the data transmitted as part of the application in our applicant pool for a further 2 years after the end of the application process in order to identify future positions that may be of interest to the applicant and, if necessary, to notify the applicant in this regard to contact. After this period has expired, the data will be deleted.

Such consent to the storage of application data in our applicant pool can be revoked at any time for the future. To do this, please send us an e-mail to the contact details given above.

The legal basis for storing the application documents in our pool of applicants may be the applicant’s consent in accordance with Article 6 (1) (a) GDPR.

5. VIDEO CONFERENCES AND WEBINARS

If you take part in a video conference, a webinar or an online meeting etc. organized by us (hereinafter "video conferences"), we will process your personal data as part of your participation.

When participating in a video conference, different categories of data are processed. The scope of the data also depends on what information you provide before or when participating in a video conference.

If you participate in a video conference organized by us, you usually have to provide at least one name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and information about login and device/hardware information will be stored. If provided, the email address and profile picture will also be processed. If you dial in by telephone, your telephone number and, if applicable, IP address will be processed.

In order to enable participation in the video conference, the data from the microphone of your device and from any video camera on the device and, if you share your screen, information from this "screen share" is processed. You can turn off or mute the camera or microphone yourself at any time. You always decide for yourself whether and which parts of your screen are shared.

Audio and video recordings of the video conference can be created. In this case, MP4 files of all video, audio and presentation recordings are processed. There is always a reference to the recording, if such is made, and the express consent of the participants to the recording is always obtained, if necessary.

You may have the option to use the chat, question, or survey features in a video conference. In this respect, the text you enter will be processed in order to display it in the video conference and, if necessary, to log it.

As far as personal data of our employees is processed, § 26 BDSG is the legal basis for data processing, provided that German law is applicable to the processing of employee data.

If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not required for the establishment, implementation or termination of the employment relationship, but should nevertheless be an elementary part of participation in a video conference our overriding legitimate interest according to Art. 6 Para. 1 lit. f) GDPR is the legal basis for data processing. In these cases, our legitimate interest is the effective implementation of video conferences.

Otherwise, the legal basis for data processing when conducting video conferences is Art. 6 (1) b) GDPR, insofar as the meetings are held within the framework of contractual relationships or with regard to the initiation of a contractual relationship (e.g. in the case of video conferences with our clients as part of the implementation of a project or when participating in a webinar).

Otherwise, the legal basis for data processing as part of your participation in a video conference organized by us is our overriding legitimate interest in accordance with Article 6 (1) (f) GDPR. In these cases, our legitimate interest is the effective implementation of video conferences.

To conduct video conferences, we use one or more service providers as processors on the basis of an order processing agreement in accordance with Art. 28 GDPR.

Personal data may be transferred to a third country outside the EU. If there is no adequacy decision by the EU Commission for the respective third country, we ensure that suitable guarantees are provided for the transmission in accordance with Art. 46 DSGVO. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

6. GENERAL DATA PROTECTION INFORMATION

Below we provide some general information on data protection. These apply to visiting our website, using the doo event management platform to create events and also to registering for an event. This general information applies accordingly to registration for an event insofar as the respective organizer is responsible.

6.1 AGE RESTRICTION

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.

6.2 RECIPIENTS OF DATA

Within our company, those internal departments or organizational units receive your data that they need to fulfill their tasks, if necessary to fulfill contracts with you, for data processing with your consent or to protect our overriding legitimate interests.

Data will only be passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, for example, on the basis of Article 6 Paragraph 1 Letter b) GDPR for contractual purposes or to safeguard our overriding legitimate interest in accordance with Article 6 Paragraph 1 Letter f) DSGVO in the effective execution of our business operations.

If we use service providers or third parties to provide the website and/or our services, we take appropriate legal precautions and appropriate technical and organizational measures to ensure the protection of your personal data.

If we use content or tools from service providers or third-party providers as part of the provision of the website and/or the provision of our services and their registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable law, i.e. countries outside the EU or the European Economic Area. Data is only transferred to third countries if there is either an appropriate level of data protection, consent or other legal permission, in particular a suitable guarantee in accordance with Art. 46 GDPR.

It is possible that we will buy or sell the company or parts of the company or individual assets. Personal information may be transferred in connection with such divestment, merger, reorganization or similar event. In this case, your personal data will of course continue to be processed in accordance with this data protection information. The legal basis for such a transmission is a legitimate interest in the effective implementation and further development of our business operations in accordance with Article 6 Paragraph 1 f) GDPR.

6.3 YOUR RIGHTS

You have the right to free information about your stored personal data, its origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to restrict processing and to object to processing.

You also have the right to have your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.

To assert your rights, please contact the responsible body using the contact details provided.

You also have the right to lodge a complaint with the competent data protection supervisory authority.

6.4 WITHDRAWAL OF CONSENT

Some data processing operations are only possible with your express consent. You can revoke consent that you have already given at any time. An informal message by e-mail to the responsible person is sufficient for this. The legality of the data processing that took place up until the revocation remains unaffected by the revocation.

6.5 RIGHT TO OBJECT

TO THE EXTENT THAT YOUR DATA WILL BE PROCESSED TO PROTECT OUR OVERRIDING LEGITIMATE INTERESTS AS SET FORTH IN THIS PRIVACY NOTICE, YOU MAY OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE. PLEASE CONTACT THE RESPONSIBLE OFFICE USING THE CONTACT DETAILS PROVIDED.

YOU ARE ONLY ENTITLED TO THIS RIGHT TO OBJECT IF THERE ARE REASONS RESULTING FROM YOUR SPECIAL SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT TO OBJECT, YOUR PERSONAL DATA WILL NO FURTHER BE PROCESSED FOR THESE PURPOSES UNLESS WE CAN PROVE COMPREHENSIVE GROUNDS FOR THE PROCESSING THAT OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS APPLICABLE TO THE LAW OR DEFENSE OF LEGAL CLAIM.

IF THE PROCESSING IS FOR THE PURPOSES OF DIRECT ADVERTISING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN BE PROCESSED NO FURTHER FOR THE PURPOSES OF DIRECT ADVERTISING, REGARDLESS OF THE REASONS OF THE OBJECTION.

6.6 MANDATORY INFORMATION

The provision of personal data is neither legally nor contractually required, you are also not obliged to provide personal data, however, the provision of personal information is necessary for the conclusion of a contract insofar as certain information is mandatory in order to be able to conclude a contract.

6.7 AUTOMATED DECISION MAKING

We do not carry out automated decision-making including profiling.

6.8 RETENTION AND DELETION

We adhere to the principles of data avoidance and data economy. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as provided for by the storage periods stipulated by law.

If the purpose of storage no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted as a matter of routine and in accordance with the statutory provisions.

6.9 TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

We take organizational, contractual and technical security measures according to the state of the art to ensure that the provisions of the data protection laws are observed and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders and inquiries that you send to us.

6.10 CHANGES TO THIS PRIVACY NOTICE

We reserve the right to occasionally adapt this data protection declaration so that it always corresponds to the current legal requirements or to implement changes to our services in the data protection declaration, e.g. B. when introducing new services. The new data protection declaration will then apply to your next visit.