Privacy Information

As of March 18, 2021

doo is an event management platform that enables event organizers to organize events, sell tickets for their events and carry out the associated communication and administration.


We at doo take the protection of your personal data very seriously. We always treat your personal data in accordance with the statutory data protection regulations and this data protection declaration.

With this data protection information, we would like to inform you about which personal data is collected and processed for which purposes via our website and via our event management platform.


We distinguish between the following areas:

  1. VISIT OUR WEBSITE CREATION OF EVENTS WITH THE DOO EVENT MANAGEMENT PLATFORM REGISTRATION FOR AN EVENT OFFERS AND APPLICATIONSVIDEO CONFERENCES AND WEBINARSGENERAL PRIVACY INFORMATION

RESPONSIBLE

doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany, telephone: 49 (0)89 2488 153-0, e-mail: kontakt@doo.net is responsible.


DATA PRIVACY OFFICER

Our data protection officer is Christian Schmoll, attorney at law, Kaiserplatz 2, 80803 Munich, telephone 49 (89) 4622 7322, email: schmoll@dp.institute

If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly.

1. VISIT OUR WEBSITE


1.1 LOG FILES

Each time our website is accessed, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the end device you are using must be processed. There is also further information about the browser of your end device.


We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.


The following data is logged for this purpose:

· IP address of the calling computer

· Operating system of the calling computer

· Browser version of the calling computer

· Name of retrieved file

· Date and time of retrieval

· Amount of data transferred

· Referring URL


The data is also used to correct errors on the website.


Our website is hosted by a service provider in the European Economic Area. There is an order processing agreement in accordance with Art. 28 GDPR.

The legal basis for this data processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection goals of confidentiality, integrity and availability of the data.


1.2 CONTACTING AND REQUESTING INFORMATION AND OFFERS

If you contact us via e-mail, contact forms or our live chat, for example to request information or an offer or for other inquiries in connection with the doo event management platform, the information you provide will be used for the purpose of processing the Request saved. We need the information requested in the contact form on the website in order to process your request, address you correctly and send you an answer.


The legal basis for this data processing is our legitimate interest in accordance with Article 6 Paragraph 1 Letter f) GDPR. Our legitimate interest is communication with customers and prospects.


If contact is aimed at concluding a contract, the additional legal basis for processing is the necessity of processing for the performance of a contract in accordance with Article 6 (1) (b) GDPR.


For our contact form and our chat function on the website, we use an external service provider as a processor on the basis of an order processing agreement in accordance with Art. 28 GDPR. Personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.


1.3 CUSTOMER DATABASE AND DIRECT ADVERTISING

Inquiries and orders are usually stored in our CRM system. This data can be used by us for direct advertising measures. You can object to such use for direct marketing at any time. Details on your right to object can be found below under “Your rights”.


The CRM system is regularly checked to see whether data can be deleted. If data is no longer required in the context of a customer or prospective customer relationship or if the customer's conflicting interests prevail, we will delete the data in question, provided that there are no legal storage obligations to the contrary.


The legal basis for this storage and processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the maintenance of our customer relationships and the implementation of direct marketing measures.


1.4 NEWSLETTER

1.4.1 NEWSLETTER REGISTRATION

On our website you can register to receive a newsletter by email. During registration, the data from the input mask, the IP address of the calling computer and the date and time of registration are transmitted to us. Your consent will be obtained for the processing of the data during registration and reference will be made to this data protection information.

In order to check that the actual owner of an e-mail address has registered for the sending of a newsletter, we use the so-called "double opt-in" procedure. After registering an e-mail address, a confirmation e-mail is sent to the registered e-mail address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation e-mail is activated. The IP address of the calling computer and the date and time the confirmation link was activated are also transmitted to us.

Registration for the newsletter can be terminated at any time. by using the unsubscribe link contained in each newsletter or by contacting us using the contact details given for the responsible body.

The legal basis for processing the data after registering for the newsletter is your consent in accordance with Article 6 (1) (a) GDPR.


1.4.2 E-MAIL NEWSLETTER AS PART OF AN EXISTING CUSTOMER RELATIONSHIP

If you register as a user of the doo event management platform and enter your e-mail address, it can subsequently be used by us to send an e-mail newsletter, provided you have not objected to such use . In such a case, only direct advertising for similar goods or services will be sent via the e-mail newsletter. You can object to the use of your e-mail address at any time without incurring any costs other than the transmission costs according to the basic rates by using the unsubscribe link contained in every newsletter or by contacting us using the contact details given for the responsible body.

The legal basis for sending the newsletter as a result of the sale of goods or services is our legitimate interest in accordance with Art. 6 Para. 1 lit. f) GDPR (in Germany in connection with Section 7 Para. 3 UWG).


1.4.3 NEWSLETTER-ANALYSE

A statistical evaluation of usage data can be carried out for our newsletters. For this purpose, we may record both the opening of the e-mail and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the content of the newsletter more relevant to our target group.

The legal basis for this analysis is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is the evaluation and optimization of communication with customers and interested parties.


1.4.4 NEWSLETTER SERVICE PROVIDER

For the sending and analysis of our newsletter, we use an external service provider as a processor on the basis of an order processing agreement in accordance with Art. 28 GDPR.

Personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.


1.5 BLOG

You can comment on articles on our blog. We use the comment system of the external provider DISQUS, Inc., USA.


Personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.


To comment on an article on the blog, you must be logged in. DISQUS enables such registration either via a DISQUS account or via an account on Facebook, Twitter or Google Plus ("social media networks"). If you register with your account on a social media network for the comment function, the social media network will also collect and process information about your use of the DISQUS function. For detailed information on this data collection and processing, please refer to the data protection information of the respective social media network.


When you register for the DISQUS comment function, we receive your e-mail address and your IP address, which was used when entering a comment. We need and process this information exclusively for the purpose of establishing contact in connection with your use of DISQUS, for example if we have questions about your user comment and for security reasons in the event that a comment violates the rights of third parties or illegal content is posted.


If you comment on an article in our blog, information about the time of the comment and, if applicable, the user name (pseudonym) you have chosen will be stored and published in addition to your comment.


The legal basis for data collection as part of the comment function is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is, on the one hand, the evaluation and optimization of communication with customers and interested parties within the framework of the blog and, on the other hand, the protection of our rights and the enabling of our legal defense in the event of abusive or illegal use of the comment function.


1.6 CUSTOMER SERVICE REGISTRATION

You can register with our customer service portal. You can then access your requests made to customer service at any time and check their status. The data provided during registration will be used for the purpose of using the customer service portal. The mandatory information requested during registration must be provided in full; all other information in your profile, for example uploading a profile picture, is voluntary. The e-mail address you provided during registration will be verified by sending a confirmation e-mail in which you must confirm your e-mail address by clicking on a link.


The legal basis for this storage and processing is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our legitimate interest is maintaining our customer relationships. If contact is made with the aim of concluding a contract or within the framework of an existing contractual relationship, the additional legal basis for processing is the necessity of processing for the fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.


You can have the data you provided when registering for the customer service portal deleted at any time. If you delete your registration, the data relating to the respective account will be deleted, subject to their storage being necessary for commercial or tax reasons. Please contact us to delete your account using the contact details given for the responsible body.


1.7 COOKIES

Our website uses cookies. Cookies are information that is transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies can be small files or other types of information storage. Information is stored in cookies that arises in connection with the specific end device used. Cookies contain a characteristic character string that enables the browser to be clearly identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we are immediately informed of your identity.


On the one hand, cookies are set when you visit our website, which are absolutely necessary for the operation of the website. These essential cookies can, for example, be cookies that are required to display the website with a content management system (e.g. TYPO3), which are used to recognize language settings or to document whether you have consented to the setting of further (not -essential) cookies have consented or whether you have rejected them.


The legal basis for the processing of personal data using essential cookies is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our overriding legitimate interest is the operation of our website.


We also use non-essential cookies, for example to collect additional information about the interests of visitors to our website or their usage behavior in order to analyze and optimize our website and our customer interactions in general on this basis.


The legal basis for the processing of personal data using such non-essential cookies is your express consent, which we ask you to give when you visit our website before non-essential cookies are set.



1.8 RETARGETING-/REMARKETING-SERVICES

These marketing services make it possible to target advertisements for our website and on our website in order to only show you advertisements that potentially match your interests. A cookie is used to record in your browser which websites on which such marketing services are active you have visited and what content you were interested in there. In addition, additional information such as IP address, browser, operating system, time stamp, referring website is collected. If you subsequently visit other websites where such marketing services are active, you may be shown advertisements tailored to your interests.


The legal basis for the processing of personal data when using retargeting/remarketing services is your express consent in accordance with Article 6 (1) (a) GDPR.



1.8.1 LINKEDIN ADS

We use the LinkedIn Ads retargeting service from LinkedIn Ireland Unlimited Company in Ireland. LinkedIn sets cookies.

Further information on data protection at LinkedIn can be found in the LinkedIn Privacy Policy here:

https://www.linkedin.com/legal/privacy-policy

You can prevent the storage of cookies by setting your browser accordingly. You can object to the analysis of your usage behavior by LinkedIn and the display of interest-based recommendations here:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

When using LinkedIn Ads, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.



1.8.2 FACEBOOK CUSTOM AUDIENCES

We also use the retargeting service Facebook Custom Audiences from Facebook, Inc. in the USA. Facebook Custom Audiences uses a so-called tracking pixel. When our website is accessed, this pixel is retrieved from a Facebook URL that has certain parameters and transmits information to Facebook, which Facebook uses to display targeted advertising. However, no individual persons are addressed, only groups of users who exhibit similar behavior. Facebook uses a so-called hashing process for this, in which personal data is encrypted in such a way that Facebook can no longer assign it to individual users.


Further information on this can be found in Facebook's data protection declaration at https://www.facebook.com/about/privacy


When using Facebook Custom Audiences, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.



1.8.3 GOOGLE-MARKETING-SERVICES

We also use marketing services from Google Ireland Limited, e.g. AdWords, Conversion Tracking, AdSense and Google Marketing Platform, Google uses cookies and so-called web beacons.

You can prevent the storage of cookies by setting your browser accordingly. If you wish to object to interest-based advertising by Google Marketing Services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences

Further information on the use of data by Google, setting and objection options can be found here:

  • Google's data protection declaration: https://www.google.com/policies/privacyData use by Google when using websites or apps on which Google services are used: https://www.google.com/intl/de/policies /privacy/partnersUse of data for advertising purposes: http://www.google.com/policies/technologies/adsManagement of information used by Google to display personalized advertising: http://www.google.de/settings/ads


When using Google Marketing Services, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for this data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.



1.9 WEBANALYTICS

We use web analytics services on our website or parts of the website to record how our website is used by its visitors and to optimize the website as a whole and its presentation.

The legal basis for this data processing when using web analytics is your express consent in accordance with Article 6 (1) (a) GDPR.



1.9.1 GOOGLE ANALYTICS

We use the web analysis service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited. Cookies are set as part of Google Analytics.


As part of IP anonymization, the IP address collected by Google within the European Economic Area is shortened before it is sent to the USA. Only in exceptional cases will the unabridged IP address be sent to Google in the USA and shortened there. The transmitted IP addresses are not merged with other Google data.


You can prevent the storage of cookies by setting your browser accordingly. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the online offer and from processing this data by Google by downloading and installing the browser plug-in available under the following link, which Google Analytics communicates via JavaScript that no data and information on visits to websites may be transmitted to Google Analytics:

http://tools.google.com/dlpage/gaoptout?hl=de


When using Google Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.



1.9.2 LINKEDIN ANALYTICS

We also use the web analytics service LinkedIn Analytics from LinkedIn Ireland Unlimited Company in Ireland. LinkedIn Analytics uses cookies.

Further information on data protection at LinkedIn can be found in the LinkedIn Privacy Policy at https://www.linkedin.com/legal/privacy-policy. It also describes how you can object to the collection and storage of data by LinkedIn for the purpose of web analysis at any time with effect for the future. You can also prevent the storage of cookies by setting your browser accordingly.

When using the LinkedIn Analytics service, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.



1.10 SOCIAL MEDIA-BUTTONS

Social media buttons from the social media networks Facebook, Twitter, LinkedIn and Xing are integrated on our website.

If you click on one of these social media buttons, you will be redirected to our pages on the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the respective social media network page, the information transmitted can be assigned to your account with the social media network.

Information on the purpose and scope of the data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection can be found in the respective data protection information of the providers of the social media networks.

The legal basis for the integration and use of the social media buttons is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our overriding legitimate interest is the marketing of our offers and our website.



1.11 SOCIAL MEDIA-PAGES

We maintain a publicly accessible profile on the social media networks Facebook, Twitter, LinkedIn and Xing (“social media pages”).

If you visit one of our social media pages and are logged into the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account on the social media network and enrich it there . Even if you are not logged in or if you do not have an account with the respective social media network, data about you can be collected by the provider of the respective social media network, for example your IP address or data via a cookie be collected.

The operators of the social media networks can use this data to create user profiles. Based on your user profile, you can then be shown interest-based advertisements both on the websites of the social media network and on other websites.

If you visit one of our social media pages, we are jointly responsible with the provider of the social media network for the collection and processing of your personal data that takes place there. With regard to information about the collection and processing of your personal data taking place there, we refer you to the data protection information of the respective social media network. We do not have any further information on this.

We will be happy to provide you with information on suitable guarantees for data transmission to third countries in accordance with Art. 46 GDPR at any time upon request.

Your data subject rights in accordance with Chapter III. of the GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) you can assert against us as well as against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights of those affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.

The legal basis for our use of social media pages is our legitimate interest in accordance with Article 6 (1) (f) GDPR. Our overriding legitimate interest is the presence and marketing of our products and services on the Internet.



1.12 SOCIAL SHARING

Social sharing buttons make it possible to publish a link to certain content on our website, for example to an article in our blog, directly on your respective page on the social media networks (Facebook, Twitter, LinkedIn, Xing). The social sharing buttons are provided by the provider of the respective social media network. Every time you visit a website on which such a social sharing button is integrated, the social sharing button is downloaded from the provider of the respective social media network. By integrating the plugins, the providers receive the information that your browser has accessed the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider.

If you click on a social sharing button and are either logged in to the respective social media network or then log in in the window that opens, the information transmitted can be assigned to your account on the social media network.

Information on the purpose and scope of the data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and setting options for data protection can be found in the data protection information of the providers of the social media networks:

  • Facebook: http://www.facebook.com/policy.phpTwitter: https://twitter.com/privacyLinkedIn: https://www.linkedin.com/legal/privacy-policyXing: https://www.xing.com/privacy

The legal basis for this data processing when integrating and using the social sharing buttons is Article 6 (1) (f) GDPR. Our legitimate interest is the marketing of our offers and our website.



1.13 WRITINGS

In order to display the content of our website correctly and graphically appealing across browsers, we use font and script libraries on this website, e.g. the font library of MyFonts, Inc. Calling up font and font libraries automatically triggers a connection to the operator of the respective library. It is possible that your personal data, in particular your IP address, will be collected.

You can prevent the use of such libraries and the associated data transmission by installing a Java Script blocker (e.g. www.noscript.net).

Due to the license terms of MyFonts, Inc., we use the MyFonts Counter, a web analysis service that carries out page view tracking, in which the number of visits to the website is counted for statistical purposes and transmitted to MyFonts. For more information about MyFonts Counter, see the MyFonts privacy policy:

http://www.myfonts.com/info/terms-and-conditions/#Privacy.

The legal basis for this data processing when using such libraries is Article 6 (1) (f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.



1.14 RECAPTCHA

We use the reCAPTCHA service from Google Ireland Limited. This service is used to distinguish whether the input in a form is made by a natural person or abusively by machine and automated processing. As part of reCAPTCHA, your IP address and other data required by Google for the reCAPTCHA service will be transmitted to Google. For more information about Google Inc.'s privacy policy, visit https://www.google.com/intl/de/policies/privacy/.

The legal basis for this data processing when using reCAPTCHA is Article 6 (1) (f) GDPR. Our legitimate interest is the security of our website and protection against spam.

When using reCAPTCHA, personal data may be transferred to a third country outside the EU without an adequate level of data protection. There are suitable guarantees for data transmission in accordance with Art. 46 GDPR. We will be happy to provide you with proof of the appropriate guarantees (standard contractual clauses or standard data protection clauses) on request at any time. To do this, please contact us using the contact details above.

2. CREATING EVENTS WITH THE DOO EVENT MANAGEMENT PLATFORM


Below we inform you about which personal data is collected and processed when using the doo event management platform to create events as an organizer ("Organizer").


2.1 ACCOUNT

When you create an account to use the doo event management platform as an event organizer, we collect and process your personal data as the data controller. We do not collect and process this data on your behalf or at your instruction, but rather to enable you to use the doo event management platform.


In addition to the data categories described in section 1, we collect and process the data you provided during registration (surname, first name, email address, telephone number). This information is mandatory, as we require it to fulfill the contract.


You can delete your customer account at any time. Please contact us using the contact details provided for the responsible department.


2.2 PAYMENT INFORMATION

If you use paid services, your data and payment information will be processed by NovalNet AG in Germany, the payment service provider we use for payment processing. doo is not involved in data processing during payment processing.

Detailed information on data processing and data protection at NovalNet AG can be found here: https://www.novalnet.de/datenschutz


2.3 PARTICIPANT AND INVITEE DATA

doo processes the data of participants in your events who register for your event via the doo event management platform or whose data is processed in other forms using the doo event management platform (for example, data collected "onsite" at an event), and the data of the recipients of your marketing campaigns, for example, the list of recipients of your email marketing campaigns that you send via the doo event management platform, and other data that you store for processing in the doo event management platform ("invitee data"), as a data processor on your behalf and according to your instructions.

This data processing is governed by our Data Processing Agreement (DPA), which you can access here.


2.4 SHARING YOUR DATA WITH SPONSORS

As part of our own doo event, we transmit the following personal data of all registered participants to our event sponsors: first and last name, company/organization, job title, and contact details. This data is shared so that sponsors can contact you for promotional purposes and to present products and services related to the event. The legal basis for this is our legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR, in order to offer you a free or low-cost event and to finance our event through sponsorship contributions. You have the right to object to the transfer of your data to the sponsors at any time ("opt-out"). Such an objection can be made by sending an informal notification via email to marketingdoo.net or directly during your online registration. If you object, your data will not be transferred to the sponsors. If you withdraw your consent after the data has been transferred, your data must be deleted by the sponsors.


3. REGISTRATION FOR AN EVENT


When you register as a participant for an event via the doo event management platform, doo processes your personal data as a data processor for the respective organizer as part of the registration process.


The following explains which data is processed during registration for an event and for what purposes.


If the organizer provides its own data protection information as part of the registration for an event, this own data protection information of the organizer takes precedence over this data protection information.


Please direct all questions you may have regarding an event, and in particular regarding your personal data (including exercising your data subject rights to access, erasure, etc. under Articles 12–23 of the GDPR), to the event organizer as the data controller. Questions addressed to doo regarding an event will be forwarded by doo to the respective event organizer.


3.1 RESPONSIBLE PARTY

The data controller within the meaning of data protection law is the organizer named during registration for the event. The organizer's contact details can also be found during registration.


If the organizer is legally obliged to appoint a data protection officer, or has appointed one on a voluntary basis, you can reach them using the contact details provided for the organizer.

3.2 CONTACT

If you contact the organizer by email, telephone, or via a contact form to ask questions about the event or request information, the information you provide will be processed and stored for the purpose of handling your request. Any information requested during such contact is necessary to process your request, address you correctly, and send you a response.


The legal basis for this data processing is the legitimate interest of the organizer pursuant to Art. 6 para. 1 lit. f) GDPR in communicating with customers or prospective customers, or the necessity of processing the data for the performance of a contract or for the implementation of a pre-contractual measure pursuant to Art. 6 para. 1 lit. b) GDPR.


3.3 REGISTRATION FOR AN EVENT

When you register to participate in an event, the organizer generally processes the data you provide during registration in order to enable you to participate in the event, in particular to send you a confirmation of registration, if necessary for identification at the entrance to the event and if necessary for processing the payment for events that require payment.


The legal basis for this is Art. 6 para. 1 lit. b) GDPR, the processing of your data is necessary for the performance of the contract concerning your participation in the event.


If the organizer collects additional data that is not strictly necessary for fulfilling the contract with you, this data collection serves to optimize the event or your event experience, for example to adapt and optimize the event according to the interests of the participants and the target group, and for the preparation, evaluation and analysis of the event.


The legal basis for this processing is Art. 6 para. 1 lit. f GDPR, the overriding legitimate interest of the organizer in the optimization, evaluation and analysis of the event.


If, during registration, you also give your explicit consent to the processing of certain data for specific purposes, the legal basis for this processing is your consent, which can be revoked at any time, in accordance with Art. 6 para. 1 lit. a) GDPR.


The organizer uses doo as a data processor for registration for the event, based on a data processing agreement pursuant to Article 28 GDPR.


3.4 PAYMENT INFORMATION

When you register for a paid event, your data and payment information will be processed for payment either by NovalNet AG in Germany as a payment service provider or by a payment service provider selected by the event organizer. The payment service provider is responsible for this payment data and information.

Detailed information on data processing and data protection at NovalNet AG can be found here: https://www.novalnet.com/privacy?auto_toggle=true.


3.5 PARTICIPATION IN AN EVENT

When participating in an event, data may be collected and processed. At the entrance, the data stored on the ticket relating to the ticket holder may be collected and processed. Data regarding the time of entry and, if applicable, the time of leaving the event may also be stored.

The legal basis for this is Art. 6 para. 1 lit. b) GDPR, the processing of your data is necessary for the performance of the contract concerning your participation in the event.


If you provide your data as part of your participation in the event, in particular by reading an RFID tag or scanning the QR code on your name badge at an exhibition stand, this data will be transmitted by the organizer to the respective operator of the exhibition stand where you provided your data. The further processing and use of your data is then the responsibility of the exhibition stand operator as the data controller.


doo is used by the respective organizer for the implementation of the admission control and, if necessary, for the collection and transmission of data to the operators of exhibition stands as a data processor in accordance with Article 28 GDPR.


3.6 COLLECTION OF CONTACT DATA

If you attend an in-person event, your contact information may be collected. This collection of contact information serves to quickly trace infection chains of the COVID-19 virus. Should a participant test positive for the COVID-19 virus, the collected data can be used to determine with whom the participant potentially came into contact during the event. These individuals can then be informed and tested. This allows infection chains to be quickly identified and broken.


Your personal data collected in this context will be processed exclusively for the purposes stated here and for no other purposes. Your data will not be shared with third parties, except in the case of an infection, as described above, with the relevant authorities.


The location data is stored securely and confidentially and deleted or destroyed after 30 days.


The legal basis for collecting and, where applicable, forwarding residence data to the responsible health authority is, if there is a legal obligation to collect or transmit the data, in particular based on an infection protection law, Article 6(1)(c) GDPR. In this case, data processing is necessary for compliance with a legal obligation. If no compelling legal obligation exists, data processing is based on Article 6(1)(d) GDPR, i.e., for the protection of the vital interests of the participants and other contacts of the participants.


3.7 EVENT PHOTOGRAPHY

Photographs and videos may be taken during the event. These may show and identify event participants. These photographs and videos may be used for public relations and event documentation purposes. Publication of the photographs and videos may occur both offline (in print) and online, particularly on the organizer's website and/or on the organizer's pages on various social media platforms (e.g., Facebook fan pages).


The legal basis for this processing is Art. 6 para. 1 lit. f) GDPR, the overriding legitimate interest of the organizer in documenting the event and using photo and film recordings of the event for public relations purposes.


If you have consented to the creation and publication of photographs and film recordings, the legal basis for this processing is your consent, which can be revoked at any time, in accordance with Art. 6 para. 1 lit. a) GDPR.


3.8 FEEDBACK AFTER AN EVENT

After participating in an event, you may be contacted by email to request your feedback. You can object to this contact at any time by contacting the respective organizer using the contact details provided. If you provide your feedback on the event via the website, the information you provide will be used solely for evaluating the event and optimizing future events.


The legal basis for contacting you to request your feedback is Article 6(1)(f) GDPR. The organizer's overriding legitimate interest is the evaluation of the event and the optimization of future events.


For the purpose of sending the email requesting your feedback and, if necessary, collecting and evaluating your feedback, the organizer uses doo as a data processor on the basis of a data processing agreement in accordance with Article 28 GDPR.


3.9 INVITATIONS TO FURTHER EVENTS

If you have registered for an event, the organizer may use the email address you provided during registration to send you invitations to similar events organized by the same organizer, unless you have objected to such use. You can object to this use of your email address at any time, without incurring any costs other than the standard transmission fees, by using the unsubscribe link included in every email or by contacting the organizer using the contact details provided.


The legal basis for sending invitations to further events by email is the legitimate interest of the organizer pursuant to Art. 6 para. 1 lit. f) GDPR (in Germany in conjunction with § 7 para. 3 UWG).


The contact details you provided during registration may also be used to send you advertising by post. You can object to receiving this advertising by post at any time by contacting the respective organizer using the contact details provided for the organizer. This right to object will be reiterated in every postal letter.


The legal basis for sending postal advertising is the legitimate interest of the organizer pursuant to Art. 6 para. 1 lit. f) GDPR. The overriding legitimate interest is the implementation of direct marketing measures for the promotion of the organizer's events and services.

4. JOB OFFERS AND APPLICATIONS


We collect and process the personal data submitted to us by an applicant for the purpose of carrying out the application process. The data requested as mandatory fields are required for the application process. All other information is voluntary. Applicant data will only be made accessible to those persons and departments within our company who are preparing or involved in the hiring decision.


When we conclude an employment contract with an applicant, the data transmitted will be processed for the purpose of carrying out the employment relationship in compliance with legal regulations.


If an employment relationship is established, we will store the applicant data for as long as it is necessary for the employment relationship and insofar as legal regulations establish an obligation to retain it.


If no employment contract is concluded with an applicant, we store the applicant data for a maximum of three months based on our overriding legitimate interest in enabling the defense against claims or a preservation of evidence function under applicable equal treatment and anti-discrimination laws. After this period, the application documents will be deleted unless the applicant has expressly consented to longer storage.


The legal basis for the processing of application documents is Art. 6 para. 1 lit. b) GDPR.


If the applicant has given us separate consent, we will store the data submitted as part of the application in our applicant pool for a further two years after the application process has ended, in order to identify future positions that may be of interest to the applicant and to contact the applicant if necessary. After this period, the data will be deleted.


You can withdraw your consent to the storage of your application data in our applicant pool at any time for the future. Please send us an email to the contact details provided above.


The legal basis for storing application documents in our applicant pool is, where applicable, the applicant's consent pursuant to Art. 6 para. 1 lit. a) GDPR.

5. VIDEO CONFERENCES AND WEBINARS


When you participate in a video conference, webinar or online meeting etc. organized by us (hereinafter referred to as "video conferences"), we process your personal data in connection with your participation.


When participating in a video conference, various categories of data are processed. The scope of the data also depends on what information you provide before or during your participation in the video conference.


When you participate in a video conference hosted by us, you will generally need to provide at least a name during registration. You can also use a pseudonym. Your IP address will also be processed to enable your participation, and login and device/hardware information will be stored. If provided, your email address and profile picture will also be processed. If you dial in by phone, your phone number and, if applicable, your IP address will be processed.


To enable participation in the video conference, data from your device's microphone, any webcam, and, if you are sharing your screen, information from that screen share will be processed. You can disable or mute your camera or microphone at any time. You always decide whether and which parts of your screen are shared.


Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio, and presentation recordings will be processed. Participants will always be notified if a recording is taking place, and their explicit consent will always be obtained where necessary.


You may have the option to use the chat, question, or survey functions during a video conference. In this case, the text you enter will be processed to display it in the video conference and, if necessary, to record it.


Insofar as personal data of our employees is processed, Section 26 of the German Federal Data Protection Act (BDSG) is the legal basis for the data processing, provided that German law is applicable to the processing of employee data.


If German law is not applicable to the processing of employee data, or if the processing of personal data in connection with participation in video conferences is not necessary for the establishment, execution, or termination of the employment relationship, but is nevertheless an essential component of participation in a video conference, then our overriding legitimate interest pursuant to Article 6(1)(f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest lies in the effective conduct of video conferences.


Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 para. 1 lit. b) GDPR, insofar as the meetings are conducted within the framework of contractual relationships or with a view to initiating a contractual relationship (for example, in video conferences with our clients in the context of carrying out a project or when participating in a webinar).


Furthermore, the legal basis for data processing in connection with your participation in a video conference organized by us is our overriding legitimate interest pursuant to Art. 6 para. 1 lit. f) GDPR. In these cases, our legitimate interest lies in the effective conduct of video conferences.


We use one or more service providers as data processors for conducting video conferences on the basis of a data processing agreement in accordance with Art. 28 GDPR.


This may involve the transfer of personal data to a third country outside the EU. If the EU Commission has not issued an adequacy decision for the respective third country, we ensure that appropriate safeguards are in place for the transfer in accordance with Article 46 of the GDPR. We will gladly provide you with proof of these appropriate safeguards (standard contractual clauses or standard data protection clauses) upon request. Please contact us using the contact details provided above.


6. GENERAL INFORMATION ON DATA PROTECTION


Below, we provide some general information regarding data protection. This applies to visiting our website, using the doo event management platform to create events, and also to registering for an event. For event registration, this general information applies accordingly, as the respective event organizer is the data controller.


6.1 AGE RESTRICTION

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personal data from or about individuals under the age of 16.


6.2 RECIPIENTS OF DATA

Within our company, your data will be received by those internal departments or organizational units that need it to fulfill their tasks, to fulfill contracts with you, to process data with your consent, or to protect our overriding legitimate interests.


Data is only transferred to third parties within the framework of legal requirements. We only disclose your data to third parties if this is necessary, for example, for contractual purposes based on Article 6 Paragraph 1 Letter b) GDPR or to protect our overriding legitimate interest in the effective operation of our business pursuant to Article 6 Paragraph 1 Letter f) GDPR.


If we use service providers or third-party providers in connection with the provision of the website and/or the provision of our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data.


If, in providing our website and/or services, we use content or tools from service providers or third-party providers whose registered office is located in a third country, data is regularly transferred to that third country. Third countries are defined as countries where the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. Data is only transferred to third countries if there is either an adequate level of data protection, consent, or other legal authorization, in particular a suitable safeguard pursuant to Article 46 GDPR.


It is possible that we may acquire or sell the company, parts of the company, or individual assets. In connection with such a sale, merger, reorganization, or similar event, personal data may be transferred. In this case, your personal data will, of course, continue to be processed in accordance with this privacy policy. The legal basis for such a transfer is our legitimate interest, pursuant to Article 6(1)(f) GDPR, in the effective operation and further development of our business.


6.3 YOUR RIGHTS

You have the right to receive information free of charge about your stored personal data, its origin and recipients, and the purpose of the data processing, as well as the right to rectification, blocking, or erasure of this data. You also have the right to restrict processing and to object to processing.

You also have the right to have your data, which we process automatically, transferred to yourself or to a third party in a commonly used, machine-readable format.

To assert your rights, please contact the responsible body using the contact details provided.

You also have the right to lodge a complaint with the competent data protection supervisory authority.


6.4 REVOCATION OF CONSENT

Some data processing operations are only possible with your explicit consent. You can revoke your consent at any time. An informal notification by email to the respective responsible party is sufficient. The lawfulness of the data processing carried out before the revocation remains unaffected by the revocation.


6.5 Right of objection

Insofar as your data is processed, as explained in this privacy policy, to protect our overriding legitimate interests, you may object to this processing with effect for the future. Please contact the relevant responsible body using the contact details provided.

You have the right to object only if there are grounds relating to your particular situation (Art. 21 para. 1 GDPR). After you have exercised your right to object, your personal data will no longer be processed for these purposes unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or if the processing serves the purpose of establishing, exercising or defending legal claims.

If processing is carried out for direct marketing purposes, you may exercise your right to object at any time (Art. 21 para. 2 GDPR) and your personal data will then no longer be processed for direct marketing purposes, irrespective of the reasons for the objection.


6.6 MANDATORY INFORMATION

The provision of personal data is neither legally nor contractually required, and you are not obliged to provide personal data; however, the provision of personal information is necessary for the conclusion of a contract insofar as certain information is mandatory in order to be able to conclude a contract.


6.7 AUTOMATED DECISION-MAKING

We do not carry out automated decision-making, including profiling.


6.8 STORAGE AND DELETION

We adhere to the principles of data avoidance and data minimization. Therefore, we only store your personal data for as long as is necessary to achieve the purposes stated here or as required by statutory retention periods.

If the purpose for which the data was stored ceases to exist or if a storage period stipulated by law expires, the personal data will be routinely blocked or deleted in accordance with legal regulations.


6.9 TECHNICAL AND ORGANIZATIONAL MEASURES FOR DATA SECURITY

We implement organizational, contractual and technical security measures in accordance with the state of the art to ensure compliance with data protection laws and to protect the data we process against accidental or intentional manipulation, loss, destruction or access by unauthorized persons.

For security reasons and to protect the transmission of confidential content, such as orders and inquiries that you send to us, our website uses SSL encryption.


6.10 CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this privacy policy from time to time to ensure it always complies with current legal requirements or to reflect changes to our services, such as the introduction of new services. The new privacy policy will then apply to your next visit.