doo Privacy Policy

1.1 CONTROLLER AND DATA PROTECTION OFFICER

Controller is doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany, phone: +49 (89) 2488 153-0, email: kontakt@doo.net

Data protection officer is Rechtsanwalt Christian Schmoll, Kaiserplatz 2, 80803 Munich, Germany, telephone +49 (89) 4622 7322, email: schmoll@dp.institute

If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly.

1.2 LOGFILES

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device.

We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.

The following data is logged for this purpose:

• IP address of the calling computer

• Operating system of the calling computer

• Browser version of the calling computer

• Name of the retrieved file

• Date and time of retrieval

• Transferred amount of data

• Referring URL

The data will also be used to correct errors on the website.

Our website is hosted by a service provider in the European Economic Area. An agreement on order processing pursuant to Art. 28 GDPR exists.

The legal basis for this data processing is Art. 6 para. 1 f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection objectives of confidentiality, integrity and availability of the data.

1.3 HOW TO CONTACT US AND REQUEST INFORMATION AND OFFERS

If you contact us by email, via contact forms or our live chat, for example to request information or an offer or for other enquiries in connection with the doo Event Management Platform, the information you provide will be stored for the purpose of processing the enquiry. We need the information requested in the contact form on the website in order to process your enquiry, address you correctly and send you an answer.

The legal basis for this data processing is Art. 6 Para. 1 f) GDPR. Our legitimate interest is communication with customers and interested parties.

If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is Art. 6 para. 1 b) GDPR.

We use an external service provider (Zendesk, Inc.) for our live chat system. Personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. This agreement on order processing contains the EU standard contract clauses. The service provider also holds a Privacy Shield certification. Accordingly, there are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. A copy of the EU standard contract clauses and/or proof of the Privacy Shield certification of the service provider will be made available to you on request at any time. To do so, please contact us using the contact details provided for the Controller.

1.4 CUSTOMER DATABASE AND DIRECT ADVERTISING

Inquiries and orders are usually stored in our CRM system. These data can be used by us for direct marketing measures. You can object to such use for direct advertising at any time. Details about your right of objection can be found below under 'Your rights'.

The CRM system is regularly checked to see whether data can be deleted. If data in the context of a customer or prospective customer relationship is no longer necessary or an opposing interest of the customer outweighs, we will delete the relevant data, unless there are any legal storage obligations.

The legal basis for this storage and processing is Art. 6 para. 1 f) GDPR. Our legitimate interest is the maintenance of our customer relations and the implementation of direct marketing measures.

1.5 NEWSLETTER

1.5.1 NEWSLETTER REGISTRATION

On our website, you can register to receive a newsletter by email. During registration, the data from the input mask, the IP address of the respective computer and the date and time of registration are transmitted to us. Your consent will be obtained for the processing of the data during registration and reference will be made to this data protection information.

In order to check that the actual owner of an email address has registered to receive a newsletter, we use the so-called 'double opt-in' procedure. After registering an email address, a confirmation email is sent to the registered email address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation email is activated. The IP address of the computer and the date and time of activation of the confirmation link are also transmitted to us.

Registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the contact details provided for the Controller.

Legal basis for the processing of the data after registration for the newsletter is your consent according to art. 6 para. 1 a) GDPR.

1.5.2 EMAIL NEWSLETTER AS PART OF AN EXISTING CUSTOMER RELATIONSHIP

If you register as a user of the doo Event Management Platform and enter your email address, we may subsequently use this to send you an email newsletter, provided that you have not objected to such use. In such a case, only direct advertising for our own similar goods or services will be sent via the email newsletter. You can object to the use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates by using the unsubscribe link contained in each newsletter or by contacting us at the contact details provided for the Controller.

The legal basis for the dispatch of the newsletter as a result of the sale of goods or services is Art. 6 Para. 1 f) GDPR in conjunction with § 7 Para. 3 UWG.

1.5.3 NEWSLETTER ANALYSIS

With our newsletters, a statistical evaluation of usage data can be carried out. For this purpose, we may record both the openings of the email and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the contents of the newsletter more relevant to our target group.

The legal basis for this analysis is Art. 6 para. 1 f) GDPR. Our legitimate interest is the evaluation and optimization of communication with customers and interested parties.

1.5.4 NEWSLETTER SERVICE PROVIDER

We use an external service provider (Mailchimp) for the dispatch and analysis of our newsletter. This involves the transfer of personal data to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. The service provider has a Privacy Shield certification. Accordingly, there are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the Controller.

1.6 BLOG

You can comment on articles in our blog. We use the comment system of the external provider DISQUS, Inc., 301 Howard St, Floor 3 San Francisco, California- 94105, USA. The DISQUS data protection information can be found here. The service provider has a Privacy Shield certification. Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the responsible office.

In order to comment on an article in the blog, you must register. DISQUS enables you to register either via a DISQUS account or via an account on Facebook, Twitter or Google Plus ('Social Media Networks'). If you register your account with a social media network for the comment function, the social media network will also collect and process information about your use of the DISQUS function. For detailed information on this data collection and processing, please refer to the data protection information of the respective social media network.

When you register for the comment function of DISQUS, we receive your email address and your IP address, which was used during the entry of a comment. We need and process this information solely for the purpose of contacting you in connection with your use of DISQUS, for example if we have questions about your user comment and for security reasons in the event that a comment violates the rights of third parties or illegal content is posted.

If you comment on an article in our blog, we will save and publish not only your comment but also information about the time of the comment and, if applicable, your chosen user name (pseudonym).

The legal basis for data collection within the commentary function is Art. 6 para. 1 f) GDPR. Our legitimate interest is on the one hand the evaluation and optimization of communication with customers and interested parties within the context of the blog and on the other hand the protection of our rights and the facilitation of our legal defense in the event of an abusive or illegal use of the commentary function.

1.7 REGISTRATION CUSTOMER SERVICE

You can register at our customer service portal. You will then be able to access your customer service enquiries at any time and check their status. The data provided during registration will be used for the purpose of using the customer service portal. The mandatory information requested during registration must be provided in full; all other information in your profile, for example the upload of a profile picture, is optional and voluntary. Your email address provided during registration will be verified by sending a confirmation email in which you must confirm your email address by clicking on a link.

The legal basis for this storage and processing is Art. 6 para. 1 f) GDPR. Our legitimate interest is the maintenance of our customer relations. If the establishment of contact is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the additional legal basis for the processing is Art. 6 Para. 1 b) GDPR.

You can have the data you entered when registering for the customer service portal deleted at any time. If you delete your registration, the data will be deleted with regard to the respective account, subject to their retention is necessary for commercial or tax reasons. Please contact us for the deletion of your account under the contact data specified for the Controller.

1.8 COOKIES

Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.

We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change.

We use so-called session cookies, which are only stored for the duration of the respective visit to our website (e.g. to enable the storage of your shopping basket contents). In a session cookie, a randomly generated unique identification number is stored, a so-called session ID. In addition, a cookie contains information about its origin and the storage period. These cookies cannot store any other data. Session cookies are deleted when you have finished using our online service and log out or close your browser.

You have the option of preventing the setting of cookies by making the appropriate settings in your browser. However, we would like to point out that the use of our Internet pages may then only be possible to a limited extent. Cookies do not install or start any programs or other applications on your computer.

You can object to the use of cookies, which are used for range measurement and advertising purposes, via the deactivation page of the Network Advertising Initiative (http://optout.networkadvertising.org/) and additionally the US website (http://www.aboutads.info/choices) or the European website (http://www.youronlinechoices.com/uk/your-ad-choices/).

The legal basis for the processing of personal data using cookies is Art. 6 para. 1 f) GDPR. Our legitimate interest is the operation, analysis and optimization of our website and our customer interactions.

1.9 RETARGETING/REMARKETING SERVICES

Retargeting/remarketing services allow us to target advertisements on our site and on our site to only show you ads that potentially match your interests. A cookie is used in your browser to indicate which websites on which such marketing services are active have visited you and what content you have been interested in. In addition, additional information such as IP address, browser, operating system time stamp, referring website are collected. If you subsequently visit other websites on which such marketing services are active, advertisements tailored to your interests may be displayed.

The legal basis for this data processing within the scope of marketing services is Art. 6 Para. 1 f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

1.9.1 LINKEDIN ADS

We use the retargeting service LinkedIn Ads of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn uses cookies.

For more information about LinkedIn's privacy policy, please see the LinkedIn Privacy Policy here: https://www.linkedin.com/legal/privacy-policy

You can prevent the storage of cookies by setting your browser accordingly. You can object to LinkedIn's analysis of your usage behaviour and the display of interest-based recommendations here: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

When using the service provider LinkedIn Ads, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. The service provider has a Privacy Shield certification. Accordingly, there are suitable guarantees for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the Controller.

1.9.2 FACEBOOK CUSTOM AUDIENCE

We also use the retargeting service Facebook Custom Audiences of Facebook, Inc. in the USA. Facebook Custom Audiences uses a so-called tracking pixel. This pixel is retrieved from a Facebook URL with certain parameters when you visit our website and transmits information to Facebook, which uses Facebook for targeted advertising. However, this does not address individual persons, but only groups of users who exhibit similar behavior. Facebook uses a so-called hashing process, in which personal data is encrypted in such a way that Facebook can no longer assign it to individual users.

Further information on this can be found in Facebook's privacy policy at https://www.facebook.com/about/privacy

We use the LinkedIn Ads retargeting service of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn uses cookies.

For more information about LinkedIn's privacy practices, please see the LinkedIn Privacy Policy here: https://www.linkedin.com/legal/privacy-policy

1.9.3 GOOGLE MARKETING SERVICES

We also use marketing services from Google Ireland Limited, such as AdWords Conversion Tracking, AdSense and DoubleClick. Google uses cookies and web beacons.

You can prevent cookies from being saved by changing the settings on your browser. If you wish to opt out of receiving interest-based advertising through Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences

Further information on the use of data by Google, setting and opposition possibilities can be found here:

• Privacy policy of Google: https://www.google.com/policies/privacy

• Google's use of data when you use the websites or apps of our partners: https://www.google.com/intl/de/policies/privacy/partners

• Use of data for advertising purposes: http://www.google.com/policies/technologies/ads

• Manage information Google uses to display advertisements to you: http://www.google.de/settings/ads

When Google Marketing Services are used, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active.

Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR.

1.10 WEBANALYTICS

We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.

The legal basis for this data processing when using web analytics is Art. 6 Para. 1 f) DSGVO. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

1.10.1 GOOGLE ANALYTICS

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited. Google Analytics sets cookies. Within the framework of IP anonymisation, the IP address collected by Google from users within the European Economic Area is shortened before it is transmitted to the USA. Only in exceptional cases will the unabridged IP address be transmitted to Google in the USA and abbreviated there. The transmitted IP addresses are not combined with other data from Google.

You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plugin available at the following link, which Google Analytics uses JavaScript to notify Google Analytics that no data and information relating to visits to Internet pages may be transmitted to Google Analytics: http://tools.google.com/dlpage/gaoptout?hl=en

When Google Analytics is used, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 GDPR.

1.10.2 LINKEDIN ANALYTICS

We also use the LinkedIn Analytics web analytics service of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn Analytics uses cookies.

For more information about LinkedIn's privacy practices, please see the LinkedIn Privacy Policy here: https://www.linkedin.com/legal/privacy-policy. It also describes how you can opt out of LinkedIn's collection and storage of data for the purpose of web analytics at any time in the future. You may also refuse the use of cookies by selecting the appropriate settings on your browser.

When using the LinkedIn Analytics service, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. The service provider has a Privacy Shield certification. Accordingly, there are appropriate safeguards for data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the Privacy Shield certification of the service provider at any time on request. Please contact us using the contact details provided for the Controller.

1.11 SOCIAL MEDIA BUTTONS

On our website social media buttons of the social media networks Facebook, Twitter, LinkedIn and Xing are integrated.

If you click on one of these social media buttons, you will be redirected to our pages at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.

The legal basis for the integration and use of the social media buttons is Art. 6 Para. 1 lit. f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.

1.12 SOCIAL MEDIA PAGES

We maintain a publicly accessible profile on the social media networks Facebook, Twitter, LinkedIn and Xing („Social Media Pages“).

If you visit one of our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account at the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.

The operators of the social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network websites and on other websites.

If you visit one of our social media pages, we are jointly responsible with the social media network provider for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information in this respect.

We will be happy to provide you with information on appropriate safeguards for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.

You can assert your rights of data subjects in accordance with Chapter III of GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is Art. 6 Para. 1 lit. f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.

1.13 SOCIAL SHARING

Social sharing buttons enable you to publish a link to certain content on our website, for example an article in our blog, directly on your respective page on the social media networks (Facebook, Twitter, LinkedIn, Xing). The social sharing buttons are provided by the provider of the respective social media network. Each time you visit a website where such a social sharing button is integrated, the social sharing button is downloaded by the provider of the respective social media network. By integrating the plugins, the providers receive the information that your browser has called the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider.

If you click on a social sharing button and are either logged in to the respective social media network or then log in to the opening window, the transmitted information can be assigned to your account at the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the data protection information of the providers of the social media networks:

• Facebook: http://www.facebook.com/policy.php

• Twitter: https://twitter.com/privacy

• LinkedIn: https://www.linkedin.com/legal/privacy-policy

• Xing: https://www.xing.com/privacy

The legal basis for this data processing in the integration and use of the social sharing buttons is Art. 6 para. 1 f) GDPR. Our legitimate interest is the marketing of our offers and our website.

1.14 FONTS

In order to display the contents of our website correctly and graphically appealing across browsers, we use font and script libraries on this website, e.g. the font library of MyFonts, Inc. The call of font and font libraries automatically triggers a connection to the operator of the respective library. It is possible that your personal data, in particular your IP address, will be collected.

You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).

Due to the license terms of MyFonts, Inc. we use the MyFonts Counter, a web analysis service that performs page view tracking, in which the number of visits to the website is counted for statistical purposes and transmitted to MyFonts. For more information about MyFonts Counter, please see the MyFonts Privacy Notice: http://www.myfonts.com/info/terms-and-conditions/#Privacy.

The legal basis for this data processing when using such libraries is Art. 6 para. 1 f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.

1.15 RECAPTCHA

We use the reCAPTCHA service of Google Ireland Limited. This service is used to differentiate whether the input into a form is made by a natural person or is abused by mechanical and automated processing. As part of the reCAPTCHA process, your IP address and other data required by Google for the reCAPTCHA service will be transmitted to Google. For more information about Google Inc.'s privacy policy, please visit https://www.google.com/intl/de/policies/privacy/.

The legal basis for this data processing when using reCAPTCHA is Art. 6 para. 1 f) GDPR. Our legitimate interest is the security of our website and protection against spam.

When using reCAPTCHA, personal data is transferred to a third country outside the EU. There is an agreement on order processing in accordance with Art. 28 GDPR. Google has a Privacy Shield certification, available here: https://www.privacyshield.gov/participant?id=a2zt000000001L5AAI&status=Active. Accordingly, there are appropriate safeguards for the data transfer in accordance with Art. 46 DSGVO.

1.16 APPLICATIONS

We collect and process personal data of applicants for the purpose of processing the application process. If an applicant submits his or her application documents to us electronically, they are processed electronically.

If we conclude an employment contract with an applicant, the data transmitted will be processed in order to carry out the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be deleted immediately after completion of the application procedure, unless a deletion is opposed by a legitimate interest, such as the defense of claims or a preservation of evidence under the General Equal Treatment Act (AGG).

In the following, we will inform you which personal data is collected and processed when using the doo Event Management Platform to create events as an organizer.

2.1 ACCOUNT

If you create an account for the use of the doo Event Management Platform as an organizer, we will collect and process your personal data as the person responsible. We do not collect and process this data on your behalf and on your instructions, but to enable you to use the doo Event Management Platform.

In addition to the data categories described under section 1 above, we collect and process your data requested during registration (surname, first name, email address, telephone number). This information is mandatory, as we require it to fulfil the contract.

The deletion of your customer account is possible at any time. Please contact us using the contact details provided for the Controller.

If you make use of services subject to a fee, further data will be collected. The scope of the data collection can be seen in the respective form fields. For the collection and processing of payment data, we use the external service providers PayPal and Wirecard.

The provider of the PayPal payment service is PayPal (Europe) S.à.r.l. et Cie, S.C.A., 22-24 Boulevard Royal, L-2449 Luxembourg (hereinafter referred to as 'PayPal'). If you choose to pay via PayPal, the payment details you enter will be sent to PayPal. For detailed information about PayPal's privacy practices, please refer to the EEA Privacy Policy on PayPal's website.

Provider of the Wirecard payment service is Wirecard AG, Einsteinring 35, 85609 Aschheim, Germany. When paying via WireCard, the payment data entered by you is transmitted to Wirecard. Detailed information on data protection at Wirecard can be found here: https://www.wirecard.de/datenschutz/

The collection of the data of the organizers and the transmission of the payment data takes place for the fulfilment of your contract with us, legal basis accordingly is Art. 6 Para. 1 b) GDPR.

2.2 ATTENDEE AND INVITEE DATA

The data of attendees at your events, who register for your event via the doo Event Management Platform, or whose data is processed in another form by the doo Event Management Platform (e.g. data collected 'onsite' at an event), and the data of the addressees of your marketing campaigns, e.g. the list of addressees of your email marketing campaigns that you send via the doo Event Management Platform, and other data that you store for processing in the doo Event Management Platform ('Invitee Data'), are processed by doo on your behalf and on your instructions as a data processor. Details of this data processing can be found in our data processing agreement, which can be downloaded here: https://doo.net/de/about/rechtliches/downloads.html

If you register as a attendee for an event via the doo Event Management Platform, doo will process your personal data as a data processor of the respective organizer within the context of the registration.

In the following it is explained which data will be processed for which purposes during the registration for an event.

If the organizer provides its own privacy policy/data protection information as part of the registration for an event, this privacy policy/data protection information of the organizer takes precedence over this Privacy Policy.

Please address all questions you have about an event and in particular about your personal data (including the assertion of your rights to access, deletion, etc. from Art. 12 - 23 GDPR) directly to the organizer as the controller of your data. Questions about an event directed to doo will be forwarded by doo to the respective organizer.

3.1 CONTROLLER

The controller within the meaning of the applicable data protection law is the organizer named in the registration form for the event. You will also find the contact details of the organizer in the registration form.

If the organizer is legally obliged to appoint a data protection officer or has appointed a data protection officer on a voluntary basis, you can contact the organizer’s data protection officer at the contact details provided for the organizer.

3.2 CONTACT

If you contact the organizer by email, telephone or via a contact form in order to ask questions about the event or request information, the information you provide will be processed and stored for the purpose of processing the respective request. Any information requested during such contact will be required to process your request, to address you correctly and to provide you with an answer.

The legal basis for this data processing is Art. 6 para. 1 lit. f GDPR. The overriding legitimate interest is communication with customers and interested parties.

3.3 REGISTRATION FOR AN EVENT

If you register to attend an event, the organizer processes the data you provide when you register in order to enable you to attend the event, in particular to send you a confirmation of registration, to identify you when you enter the event, if necessary, and to carry out the payment transaction for paid events, if necessary.

The legal basis for this is Art. 6 Para. 1 lit. b GDPR, the processing of your data is necessary for the fulfilment of the contract for your participation in the event.

If the organizer collects additional data which is not absolutely necessary for the fulfilment of the contract with you, this data collection serves to optimize the event or your event experience, for example to adapt and optimize the event according to the interests of the participants and the target group, and to prepare, evaluate and analyse the event.

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, the overriding legitimate interest of the organizer in the optimization, evaluation and analysis of the event.

If you also give your express consent to the processing of certain data for specific purposes during registration, the legal basis for this processing is your consent, which can be revoked at any time in accordance with Art. 6 para. 1 lit. a GDPR.

The organizer uses the service provider doo GmbH from Munich for the registration for the event on the basis of an order processing according to article 28 GDPR.

3.4 PARTICIPATION IN AN EVENT

When participating in an event, data may be collected and processed. During admission control, the data stored on the ticket concerning the person of the ticket holder can be collected and processed. If necessary, data can also be stored at the time of admission and, if necessary, at the time of leaving the event.

The legal basis for this is Art. 6 Para. 1 lit. b GDPR, the processing of your data is necessary for the fulfilment of the contract concerning your participation in the event.

If you provide your data when participating in the event, in particular by reading out an RFID tag or scanning the QR code on your name tag at a trade fair stand, this data will be transmitted by the organizer to the respective operator of the trade fair stand at which you provided your data. In this case, the further processing and use of your data is the responsibility of the stand operator.

The organizer uses the service provider doo GmbH from Munich for the execution of the admission control and, if necessary, for the collection and transmission of the data to the operators of exhibition stands on the basis of a data processing in accordance with Article 28 GDPR.

3.5 EVENT PHOTOGRAPHY

Photos and videos can be taken during the event. These photos and videos can be used to show event participants and make them identifiable. These photos and videos can be used for public relations and documentation of the event. The photos and videos can be published offline (in print) or online, especially on the organizer's website or on the organizer's pages on various social media websites (e.g. fan pages on Facebook).

The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, the overriding legitimate interest of the organizer in the documentation of the event and the use of photographs and film recordings of the event for public relations purposes.

If you have consented to photos and videos being taken and published, the legal basis for this processing is your consent, which can be revoked at any time in accordance with Art. 6 Para. 1 lit. a GDPR.

3.6 FEEDBACK AFTER AN EVENT

After attending an event, you can be contacted by email to request your feedback on the event. You can object to this contact at any time by contacting the respective organizer using the contact details provided for the organizer. If you give your feedback on the event on the website, the information you provide will only be used to evaluate the event and optimize future events.

The legal basis for contacting us to request your feedback is Art. 6 para. 1 lit. f GDPR. The overriding legitimate interest is the evaluation of the event and the optimization of future events.

The organizer uses the service provider doo GmbH from Munich on the basis of data processing in accordance with Article 28 GDPR to send the email requesting your feedback and, if necessary, to record and evaluate your feedback.

3.7 INVITATIONS TO FURTHER EVENTS

If you have registered for an event, the email address you provided when registering may be used by the organizer to send invitations to similar events by email, provided you have not objected to such use. You can object to this use of your email address at any time without incurring any costs other than the transmission costs according to the basic tariffs by using the unsubscribe link contained in each email or by contacting the respective organizer at the contact details provided for the organizer.

The legal basis for this sending of invitations to further events by email is Art. 6 para. 1 lit. f GDPR in conjunction with § 7 para. 3 UWG.

The contact details you provide when registering may also be used to send you postal advertising. You can object to this sending of postal advertising at any time by contacting the respective organizer using the contact details provided for the organizer. The reference to this right of objection will be repeated in every postal letter.

The legal basis for sending postal advertising is Art. 6 para. 1 lit. f GDPR. The predominant legitimate interest is the implementation of direct marketing measures to market the events and services of the organizer.

In the following we provide some general information on data protection. This applies to visiting our website, using the doo Event Management Platform to create events and, accordingly, registering for an event. For the registration for an event, this general information applies accordingly to the extent that the respective organizer is the controller of the personal data.

4.1 AGE RESTRICTION

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.

4.2 RECIPIENTS OF DATA

Within our company, those internal departments or organizational units receive your data which they need to fulfil their tasks, to fulfil contracts with you if necessary, for data processing with your consent or to safeguard our overriding legitimate interests.

Data will only be passed on to third parties within the framework of legal requirements. We will only pass on your data to third parties if, for example, this is necessary for contractual purposes on the basis of Art. 6 Para. 1 b) GDPR or to safeguard our overriding legitimate interest pursuant to Art. 6 Para. 1 f) GDPR in the effective performance of our business operations.

Insofar as we use service providers or third party providers within the framework of the provision of the website and/or the provision of our services, we take appropriate legal precautions as well as appropriate technical and organizational measures to ensure the protection of your personal data.

If we use content or tools from service providers or third-party providers in the course of providing the website and/or our services and their registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the DSGVO is not a directly applicable law, i.e. countries outside the EU or the European Economic Area. Data will only be transferred to third countries if there is either an adequate level of data protection, consent or other legal permission, in particular a suitable guarantee pursuant to Art. 46 GDPR.

It is possible that we acquire or sell the company or parts of the company or individual assets. Personal data may be transferred in connection with such a sale, merger, reorganization or similar event. In this case, your personal data will of course continue to be processed in accordance with this data protection information. The legal basis for such a transfer is a legitimate interest pursuant to Art. 6 para. 1 f) GDPR in the effective implementation and further development of our business operations.

4.3 YOUR RIGHTS

You have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to restrict the processing and to object to the processing.

You also have the right to receive your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.

In order to assert your rights, please contact respective controller, using the contact details provided.

You also have the right to lodge a complaint with the competent data protection supervisory authority. The responsible supervisory authority for doo GmbH is the Bavarian Data Protection Supervisory Authority (www.lda.bayern.de).

4.4 REVOCATION OF CONSENT

Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. To do this, simply send an informal email to the respective controller. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.

4.5 RIGHT TO OBJECT

As far as your data are processed to protect our overriding legitimate interests, as explained in this Privacy Policy, you can object to this processing with effect for the future. Please contact the respective controller under the given contact data.

As a matter of principle, you are only entitled to this right to object if there are reasons arising from your particular situation (Art. 21 para. 1 GDPR). After exercising your right to object, your personal data will not be further processed for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the establishment, exercise or defence of legal claims.

If the processing is carried out for the purpose of direct advertising, you can exercise your right to object in this regard at any time (Art. 21 para. 2 GDPR) and your personal data will then no longer be processed for the purpose of direct advertising, irrespective of the reasons for the objection.

4.6 OBLIGATION TO PROVIDE PERSONAL DATA

The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data. However, the provision of personal data is required for the conclusion of a contract to the extent that certain details are mandatory in order to be able to conclude a contract.

4.7 AUTOMATED DECISION-MAKING

We do not perform automated decision-making, including profiling.

4.8 STORAGE AND DELETION

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the storage periods provided for by law.

If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.

4.9 TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data, which you send to us.

4.10 CHANGES TO THIS PRIVACY INFORMATION

We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements or in order to implement changes to our services in this Privacy Policy, e.g. when we are introducing new services. Your renewed visit will then be subject to the updated Privacy Policy.