Privacy Policy

doo

Privacy Policy


March 18th, 2021

Deutsche Version Datenschutzinformationen


This English version is not binding and for convenience only. In case of any legal dispute, the German version is authoritative.


doo is an event management platform that enables event organizers to organize events, sell tickets for their events, and perform the associated communication and administration.


We at doo take the protection of your personal data very seriously. We always treat your personal data according to the legal data protection regulations as well as this data protection declaration.


With this data protection information, we would like to inform you which personal data is collected and processed for which purposes via our website and our event management platform.


We distinguish between the following areas:


  1. VISIT TO OUR WEBSITE
  2. CREATION OF EVENTS WITH THE DOO EVENT MANAGEMENT PLATFORM
  3. REGISTRATION FOR AN EVENT
  4. JOB OFFERS AND APPLICATIONS
  5. VIDEO CONFERNECES AND WEBINARS
  6. GENERAL INFORMATION ON DATA PROTECTION


CONTROLLER

Controller is doo GmbH, Hultschiner Straße 8, 81677 Munich, Germany, phone: +49 (0)89 2488 153-0, email: kontakt@doo.net


DATA PROTECTION OFFICER

Our data protection officer is Rechtsanwalt Christian Schmoll, Kaiserplatz 2, 80803 Munich, Germany, telephone +49 (89) 4622 7322, email: schmoll@dp.institute

If you have any questions or suggestions regarding data protection, you can contact our data protection officer directly.

1. VISIT TO OUR WEBSITE

1.1 LOGFILES

Each time you access our website, our system automatically collects data and information from the computer system of the accessing computer. In order for the pages to be displayed in your browser, the IP address of the terminal device you are using must be processed. In addition, there is further information about the browser of your terminal device.


We are obliged under data protection law to also guarantee the confidentiality and integrity of the personal data processed with our IT systems.


The following data is logged for this purpose:

·           IP address of the calling computer

·           Operating system of the calling computer

·           Browser version of the calling computer

·           Name of the retrieved file

·           Date and time of retrieval

·           Transferred amount of data

·           Referring URL


The data will also be used to correct errors on the website.

Our websites are hosted by a service provider on the basis of a data processing agreement pursuant to Art. 28 GDPR.


The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of this website and the implementation of the protection objectives of confidentiality, integrity and availability of the data.


1.2 CONTACTING US AND REQUESTING INFORMATION AND OFFERS

If you contact us by email, via contact forms or our live chat, for example to request information or an offer or for other enquiries in connection with the doo Event Management Platform, the information you provide will be stored for the purpose of processing the enquiry. We need the information requested in the contact form on the website in order to process your enquiry, address you correctly and send you an answer.


The legal basis for this data processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is our communication with customers and interested parties.


If the purpose of the contact is to conclude a contract, the additional legal basis for the processing is the necessity of the processing for the performance of a contract pursuant to Art. 6 (1) lit. b) GDPR.


For our contact form or chat function on the website, we use an external service provider as a data processor on the basis of a data processing agreement pursuant to Art. 28 GDPR.


This may involve the transfer of personal data to a third country outside the EU. We provide appropriate safeguards for the data transfer in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.3 CUSTOMER DATABASE AND DIRECT ADVERTISING

Inquiries and orders are usually stored in our CRM system. These data can be used by us for direct marketing measures. You can object to such use for direct advertising at any time. Details about your right of objection can be found below under 'Your rights'.


The CRM system is regularly checked to see whether data can be deleted. If data in the context of a customer or prospective customer relationship is no longer necessary or an opposing interest of the customer outweighs, we will delete the relevant data, unless there are any legal storage obligations.


The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the maintenance of our customer relations and the implementation of direct marketing measures.


1.4 NEWSLETTER

1.4.1 NEWSLETTER REGISTRATION

On our website, you can register to receive a newsletter by email. During registration, the data from the input mask, the IP address of the respective computer and the date and time of registration are transmitted to us. Your consent will be obtained for the processing of the data during registration and reference will be made to this data protection information.


In order to check that the actual owner of an email address has registered to receive a newsletter, we use the so-called 'double opt-in' procedure. After registering an email address, a confirmation email is sent to the registered email address. Registration for the newsletter is only completed when a confirmation link contained in the confirmation email is activated. The IP address of the computer and the date and time of activation of the confirmation link are also transmitted to us.


Registration for the newsletter can be terminated at any time by using the unsubscribe link contained in each newsletter or by contacting us at the contact details provided for the Controller.


Legal basis for the processing of the data after registration for the newsletter is your consent pursuant to Art. 6 (1) lit. a) GDPR.


1.4.2 EMAIL NEWSLETTER AS PART OF AN EXISTING CUSTOMER RELATIONSHIP

If you register as a user of the doo Event Management Platform and enter your email address, we may subsequently use this to send you an email newsletter, provided that you have not objected to such use. In such a case, only direct advertising for our own similar goods or services will be sent via the email newsletter. You can object to the use of your email address at any time without incurring any costs other than the transmission costs according to the basic rates by using the unsubscribe link contained in each newsletter or by contacting us at the contact details provided for the Controller.


The legal basis for the dispatch of the newsletter as a result of the sale of goods or services is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR (in Germany in conjunction with § 7 (3) UWG).


1.4.3 NEWSLETTER ANALYSIS

With our newsletters, a statistical evaluation of usage data can be carried out. For this purpose, we may record both the openings of the email and the internal clicks. This information serves the purpose of measuring and optimizing the success of our newsletter campaigns by making the contents of the newsletter more relevant to our target group.


The legal basis for this analysis is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the evaluation and optimization of communication with customers and interested parties.


1.4.4 NEWSLETTER SERVICE PROVIDER

We use an external service provider as a processor for sending and analyzing our newsletter on the basis of a data processing agreement pursuant to Art. 28 GDPR.


This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.5 BLOG

You can comment on articles in our blog. We use a comment system provided by the external service provider DISQUS, Inc., USA.


This may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


In order to comment on an article in the blog, you must register. DISQUS enables you to register either via a DISQUS account or via an account on a social media network. If you register your account with a social media network for the comment function, the social media network will also collect and process information about your use of the DISQUS function. For detailed information on this data collection and processing, please refer to the privacy policy of the respective social media network.


When you register for the comment function of DISQUS, we receive your email address and your IP address, which was used during the entry of a comment. We need and process this information solely for the purpose of contacting you in connection with your use of DISQUS, for example if we have questions about your user comment and for security reasons in the event that a comment violates the rights of third parties or illegal content is posted.


If you comment on an article in our blog, we will save and publish not only your comment but also information about the time of the comment and, if applicable, your chosen user name (pseudonym).


The legal basis for data collection within the commentary function is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is on the one hand the evaluation and optimization of communication with customers and interested parties within the context of the blog and on the other hand the protection of our rights and the facilitation of our legal defense in the event of an abusive or illegal use of the commentary function.


1.6 REGISTRATION CUSTOMER SERVICE

You can register at our customer service portal. You will then be able to access your customer service enquiries at any time and check their status. The data provided during registration will be used for the purpose of using the customer service portal. The mandatory information requested during registration must be provided in full; all other information in your profile, for example the upload of a profile picture, is optional and voluntary. Your email address provided during registration will be verified by sending a confirmation email in which you must confirm your email address by clicking on a link.


The legal basis for this storage and processing is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the maintenance of our customer relations. If the establishment of contact is aimed at the conclusion of a contract or takes place within the context of an existing contractual relationship, the additional legal basis for the processing is the necessity oft he processing for the performance of a contract pursuant to Art. 6 (1) lit. b) GDPR.


You can have the data you entered when registering for the customer service portal deleted at any time. If you delete your registration, the data will be deleted with regard to the respective account, subject to their retention is necessary for commercial or tax reasons. Please contact us for the deletion of your account under the contact data specified for the Controller.


1.7 COOKIES

Our website uses cookies. Cookies are pieces of information that are transferred from our web server or third-party web servers to your browser and stored there for later retrieval. Cookies may be small files or other types of information storage. Information is stored in cookies that is related to the specific end device used. Cookies contain a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again. A cookie also contains information about its origin and the storage period. However, this does not mean that we gain immediate knowledge of your identity.


When you visit our website, cookies are set that are absolutely necessary for the operation of the website. These essential cookies may be, for example, cookies that are necessary for the display of the website with a content management system (e.g., TYPO3), which are used to recognize language settings, or which are used to document whether you have consented to the setting of further (non-essential) cookies or whether you have rejected them.


The legal basis for the processing of personal data using essential cookies is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the operation of our website.


We also use non-essential cookies, for example, to collect additional information about the interests of visitors to our websites or about their usage behavior, in order to analyze and optimize our website and generally our customer interactions on this basis.


The legal basis for the processing of personal data using such non-essential cookies is your express consent, which we ask you to give when you visit our website before non-essential cookies are set.


1.8 RETARGETING/REMARKETING SERVICES

Retargeting/remarketing services allow us to target advertisements on our site and on our site to only show you ads that potentially match your interests. A cookie is used in your browser to indicate which websites on which such marketing services are active have visited you and what content you have been interested in. In addition, additional information such as IP address, browser, operating system time stamp, referring website are collected. If you subsequently visit other websites on which such marketing services are active, advertisements tailored to your interests may be displayed.


The legal basis for the data processing in the context of the usage of retargeting/remarketing services is your express consent pursuant to Art. 6 (1) lit. a) GDPR.


1.8.1 LINKEDIN ADS

We use the retargeting service LinkedIn Ads of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn uses cookies.

For more information about LinkedIn's privacy policy, please see the LinkedIn Privacy Policy here:

https://www.linkedin.com/legal/privacy-policy


You can prevent the storage of cookies by setting your browser accordingly. You can object to LinkedIn's analysis of your usage behaviour and the display of interest-based recommendations here:

https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out


In the context of the usage of LinkedIn Ads personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.8.2 FACEBOOK CUSTOM AUDIENCES

We also use the retargeting service Facebook Custom Audiences of Facebook, Inc., USA. Facebook Custom Audiences uses a so-called tracking pixel. This pixel is retrieved from a Facebook URL with certain parameters when you visit our website and transmits information to Facebook, which uses Facebook for targeted advertising. However, this does not address individual persons, but only groups of users who exhibit similar behavior. Facebook uses a so-called hashing process, in which personal data is encrypted in such a way that Facebook can no longer assign it to individual users.


Further information on this can be found in Facebook's Privacy Policy:

https://www.facebook.com/about/privacy

In the context of the usage of Facebook Custom Audiences personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.8.3 GOOGLE MARKETING SERVICES

We also use marketing services from Google Ireland Limited, such as AdWords, Conversion Tracking, AdSense and Google Marketing Platform. Google uses cookies and web beacons.

You can prevent cookies from being saved by changing the settings on your browser. If you wish to opt out of receiving interest-based advertising through Google marketing services, you can use the setting and opt-out options provided by Google: http://www.google.com/ads/preferences

Further information on the use of data by Google, setting and opposition possibilities can be found here:


In the context of the usage of the Google marketing services personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.9 WEB ANALYTICS

We use web analytics services on our website or parts of our website to understand how our website is used by its visitors and to improve the overall look and feel of the website.

The legal basis for the data processing in the context of the usage of web analytics services is your express consent pursuant to Art. 6 (1) lit. a) GDPR.


1.9.1 GOOGLE ANALYTICS

We use the web analytics service Google Analytics with IP anonymization. Google Analytics is a web analytics service provided by Google Ireland Limited. Google Analytics sets cookies.


Google Analytics anonymizes IP addresses. IP addresses collected by Google from users within the European Economic Area is shortened before they are transmitted to the USA. Only in exceptional cases will the unabridged IP address be transmitted to Google in the USA and abbreviated there. The transmitted IP addresses are not combined with other data from Google.


You can prevent the storage of cookies by setting your browser accordingly. In addition, you can prevent Google from collecting the data generated by the cookie and relating to your use of the website and from processing this data by Google by downloading and installing the browser plugin available at the following link, which Google Analytics uses JavaScript to notify Google Analytics that no data and information relating to visits to Internet pages may be transmitted to Google Analytics:

http://tools.google.com/dlpage/gaoptout?hl=en


When Google Analytics is used, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.9.2 LINKEDIN ANALYTICS

We also use the LinkedIn Analytics web analytics service of the LinkedIn Ireland Unlimited Company in Ireland. LinkedIn Analytics uses cookies.


For more information about LinkedIn's privacy practices, please see the LinkedIn Privacy Policy at https://www.linkedin.com/legal/privacy-policy. It also describes how you can opt out of LinkedIn's collection and storage of data for the purpose of web analytics at any time in the future. You may also refuse the use of cookies by selecting the appropriate settings on your browser.


In the context of the usage of LinkedIn Analytics, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.


1.10 SOCIAL MEDIA BUTTONS

On our website social media buttons of the social media networks Facebook, Twitter, LinkedIn and Xing are integrated.


If you click on one of these social media buttons, you will be redirected to our pages at the respective social media network. In this case, the provider of the respective social media network receives the information that your browser has called the corresponding page on our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider. If you click on a social media button and are either logged in to the respective social media network or then log in to the page of the respective social media network, the transmitted information can be assigned to your account at the social media network.

For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the respective data protection information of the providers of the social media networks.


The legal basis for the integration and use of the social media buttons is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the marketing of our offers and our website.


1.11 SOCIAL MEDIA PAGES

We maintain a publicly accessible profile on the social media networks Facebook, Twitter, LinkedIn and Xing („Social Media Pages“).


If you visit one of our social media pages and are logged in to the respective social media network, the provider of the respective social media network can analyze your usage behavior and assign the information collected to your account at the social media network and enrich it there. Even if you are not logged in or if you do not have an account at the respective social media network, personal data may be collected by the provider of the respective social media network, for example your IP address or data collected via a cookie.


The operators of the social media networks can use this data to create user profiles. Your user profile can then be used to display interest-based ads both on social media network websites and on other websites.


If you visit one of our social media pages, we are jointly responsible with the social media network provider for the collection and processing of your personal data there. With regard to information about the collection and processing of your personal data that takes place there, we refer you to the data protection information of the respective social media network. We do not have any further information in this respect.


We will be happy to provide you with information on appropriate safeguards for data transfer to third countries in accordance with Art. 46 GDPR at any time on request.


You can assert your rights of data subjects in accordance with Chapter III of GDPR (right to information, correction, deletion, restriction of processing, data transferability, etc.) both against us and against the provider of the respective social media network. In this context, we would like to point out that we can only influence the processing of personal data and the implementation of the rights affected within the framework of our social media pages within the scope of the possibilities made available to us by the respective provider.


The legal basis for our use of social media pages is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest is the presence and marketing of our products and services on the Internet.


1.12 SOCIAL SHARING

Social sharing buttons enable you to publish a link to certain content on our website, for example an article in our blog, directly on your respective page on the social media networks (Facebook, Twitter, LinkedIn, Xing). The social sharing buttons are provided by the provider of the respective social media network. Each time you visit a website where such a social sharing button is integrated, the social sharing button is downloaded by the provider of the respective social media network. By integrating the plugins, the providers receive the information that your browser has called the corresponding page of our website, even if you do not have a profile on the respective social media network or are not logged in there. This information (including your IP address) is transmitted directly from your browser to a server of the respective provider.


If you click on a social sharing button and are either logged in to the respective social media network or then log in to the opening window, the transmitted information can be assigned to your account at the social media network.


For information on the purpose and scope of data collection and processing by the providers of the respective social media network, the provider identification, a contact option and your rights and settings regarding data protection, please refer to the data protection information of the providers of the social media networks:

The legal basis for this data processing in the integration and use of the social sharing buttons is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the marketing of our offers and our website.


1.13 FONTS

In order to display the content of our website correctly and in a graphically appealing manner across all browsers, we use font and script libraries on this website, e.g. the font library of MyFonts, Inc. The call of font and font libraries automatically triggers a connection to the operator of the respective library. It is possible that your personal data, in particular your IP address, will be collected.


You can prevent the use of such libraries and the associated data transmission by installing a Java script blocker (e.g. www.noscript.net).


Due to the license terms of MyFonts, Inc. we use the MyFonts Counter, a web analysis service that performs page view tracking, in which the number of visits to the website is counted for statistical purposes and transmitted to MyFonts. For more information about MyFonts Counter, please see the MyFonts Privacy Notice: http://www.myfonts.com/info/terms-and-conditions/#Privacy.


The legal basis for this data processing when using such libraries is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the analysis, optimization and economic operation of our website and our customer interactions.


1.14 RECAPTCHA

We use the reCAPTCHA service of Google Ireland Limited. This service is used to differentiate whether the input into a form is made by a natural person or is abused by mechanical and automated processing. As part of the reCAPTCHA process, your IP address and other data required by Google for the reCAPTCHA service will be transmitted to Google. For more information about Google Inc.'s privacy policy, please visit https://www.google.com/intl/de/policies/privacy/.


The legal basis for this data processing when using reCAPTCHA is Art. 6 (1) lit. f) GDPR. Our legitimate interest is the security of our website and protection against spam.


In the context of the usage of reCAPTCHA, personal data may be transferred to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.

2. CREATION OF EVENTS WITH THE DOO EVENT MANAGEMENT PLATFORM

In the following, we will inform you which personal data is collected and processed when using the doo Event Management Platform to create events as an organizer.


2.1 ACCOUNT

If you create an account for the use of the doo Event Management Platform as an organizer, we will collect and process your personal data as the controller. We do not collect and process this data on your behalf and on your instructions, but to enable you to use the doo Event Management Platform.


In addition to the data categories described under Section 1 above, we collect and process your data requested during registration (surname, first name, email address, telephone number). This information is mandatory, as it is necessary for the performance of the contract.


The deletion of your customer account is possible at any time. Please contact us using the contact details provided for the Controller.


The processing of this account data of the organizers is necessary for the performance of the contract, legal basis is Art. 6 (1) lit. b) GDPR.


2.2 PAYMENT INFORMATION

If you make use of chargeable services, your data and payment information will be processed by NovalNet AG in Germany, the payment service provider we use for payment processing, as the controller. doo is not involved in the processing of data during the processing of payments.

Detailed information on the data processing and data protection at NovalNet AG is provided here: https://www.novalnet.com/privacy?auto_toggle=true.


2.2 ATTENDEE AND INVITEE DATA

The data of attendees at your events, who register for your event via the doo Event Management Platform, or whose data is processed in another form by the doo Event Management Platform (e.g. data collected 'onsite' at an event), and the data of the addressees of your marketing campaigns, e.g. the list of addressees of your email marketing campaigns that you send via the doo Event Management Platform, and other data that you store for processing in the doo Event Management Platform ('Invitee Data'), are processed by doo on your behalf and on your instructions as a data processor.


Such data processing is regulated in our Data Processing Agreement (DPA), accessible here:

https://doo.net/de/about/rechtliches/downloads.html

3. REGISTRATION FOR AN EVENT

If you register as a attendee for an event via the doo Event Management Platform, doo will process your personal data as a data processor of the respective organizer within the context of the registration.


In the following it is explained which data will be processed for which purposes during the registration for an event.


If the organizer provides its own privacy policy/data protection information as part of the registration for an event, this privacy policy/data protection information of the organizer takes precedence over this Privacy Policy.


Please address all questions you have about an event and in particular about your personal data (including the assertion of your rights to access, deletion, etc. from Art. 12 - 23 GDPR) directly to the organizer as the controller of your data. Questions about an event directed to doo will be forwarded by doo to the respective organizer.


3.1 CONTROLLER

The controller within the meaning of the applicable data protection law is the organizer named in the registration form for the event. You will also find the contact details of the organizer in the registration form.


If the organizer is legally obliged to appoint a data protection officer or has appointed a data protection officer on a voluntary basis, you can contact the organizer’s data protection officer at the contact details provided for the organizer.

3.2 CONTACT

If you contact the organizer by email, telephone or via a contact form in order to ask questions about the event or request information, the information you provide will be processed and stored for the purpose of processing the respective request. Any information requested during such contact will be required to process your request, to address you correctly and to provide you with an answer.


The legal basis for this data processing is the legitimate interest of the organizer pursuant to Art. 6 (1) lit. f) GDPR in communicating with customers or interested parties or the necessity to process the data to perform a contract or to to take steps at the request of the data subject prior to entering into a contract pursuant to Art. 6 (1) lit. b) GDPR.


3.3 REGISTRATION FOR AN EVENT

If you register to attend an event, the organizer processes the data you provide when you register in order to enable you to attend the event, in particular to send you a confirmation of registration and to identify you when you enter the event, if necessary, and to carry out the payment transaction for paid events, if necessary.


The legal basis for this is Art. 6 (1) lit. b) GDPR, the processing of your data is necessary for the performance of the contract for your participation in the event.


If the organizer collects additional data which is not absolutely necessary for the fulfilment of the contract with you, this data collection serves to optimize the event or your event experience, for example to adapt and optimize the event according to the interests of the participants and the target group, and to prepare, evaluate and analyse the event. The legal basis for this processing is the organizer‘s legitimate interest pursuant to Art. 6 (1) lit. f) GDPR, the organizer’s legitimate interest is the optimization, evaluation and analysis of the event.


If you also give your express consent to the processing of certain data for specific purposes during registration, the legal basis for this processing is your consent, which can be withdrawn at any time in accordance with Art. 6 para. 1 lit. a GDPR.


The organizer uses doo as a data processor for the registration for the event on the basis of a data processing agreement pursuant to article 28 GDPR.


3.4 PAYMENT INFORMATION

If you register for a of paid event, your data and payment information will be processed to perform the payment either by NovalNet AG in Germany as a payment service provider or by a payment service provider chosen by the organizer. The payment service provider is the controller of such payment data and information.

Detailed information on the data processing and data protection at NovalNet AG is provided here: https://www.novalnet.com/privacy?auto_toggle=true.


3.5 PARTICIPATION IN AN EVENT

When participating in an event, data may be collected and processed. During admission control, the data stored on the ticket concerning the person of the ticket holder can be collected and processed. If necessary, data can also be stored at the time of admission and, if necessary, at the time of leaving the event.


The legal basis for this is Art. 6 Para. 1 lit. b GDPR, the processing of your data is necessary for the fulfilment of the contract concerning your participation in the event.


If you provide your data when participating in the event, in particular by reading out an RFID tag or scanning the QR code on your name tag at a trade fair stand, this data will be transmitted by the organizer to the respective operator of the trade fair stand at which you provided your data. In this case, the further processing and use of your data is the responsibility of the stand operator.

doo is used by the organizer for the performance of the access control and, if necessary, for the collection and transmission of the data to the operators of exhibition stands as a data processor pursuant to Article 28 GDPR.


3.6 CONTACT DATA

If you attend a face-to-face event, contact details may be collected. This collection of contact data is used to quickly trace chains of infection with the COVID-19 virus. If an attendee is found to be infected with the COVID-19 virus, the data collected can be used to determine who the attendee potentially came into contact with during the event. These persons can then be informed accordingly and undergo testing. In this way, chains of infection can be quickly identified and interrupted.


Your personal data collected in this context will only be processed for the purposes stated here and for no other purposes. And your data will not be disclosed to third parties, except in the case of infection as described above to the competent authority.


Such contact data will be kept secure and confidential and will be deleted or destroyed after 30 days.


If there is a legal obligation to collect or transmit the data, in particular on the basis of an infection protection law, the legal basis for collecting the residence data and, if applicable, passing it on to the competent health authority is Art. 6 (1) lit. c) GDPR. In this case, the data processing is necessary to fulfil a legal obligation. If there is no compelling legal obligation, the data processing is based on Art. 6 (1) lit. d) DSGVO, i.e. for the protection of vital interests of the attendees and other contact persons of the attendees.


3.7 EVENT PHOTOGRAPHY

Photos and videos can be taken during the event. These photos and videos can be used to show event participants and make them identifiable. These photos and videos can be used for public relations and documentation of the event. The photos and videos can be published offline (in print) or online, especially on the organizer's website or on the organizer's pages on various social media websites (e.g. fan pages on Facebook).


The legal basis for this processing is the organizer’s legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in the documentation of the event and the use of photographs and film recordings of the event for public relations purposes.


If you have consented to photos and videos being taken and published, the legal basis for this processing is your consent, which can be withdrawn at any time in accordance with Art. 6 (1) lit. a) GDPR.


3.8 FEEDBACK AFTER AN EVENT

After attending an event, you can be contacted by email to request your feedback on the event. You can object to this contact at any time by contacting the respective organizer using the contact details provided for the organizer. If you give your feedback on the event on the website, the information you provide will only be used to evaluate the event and optimize future events.


The legal basis for contacting us to request your feedback is Art. 6 (1) lit. f) GDPR. The organizer’s legitimate interest is the evaluation of the event and the optimization of future events.


The organizer uses doo as a data processor in accordance with Article 28 GDPR to send the email requesting your feedback and, if necessary, to record and evaluate your feedback.


3.9 INVITATIONS TO FURTHER EVENTS

If you have registered for an event, the email address you provided when registering may be used by the organizer to send invitations to similar events by email, provided you have not objected to such use. You can object to this use of your email address at any time without incurring any costs other than the transmission costs according to the basic tariffs by using the unsubscribe link contained in each email or by contacting the respective organizer at the contact details provided for the organizer.


The legal basis for this sending of invitations to further events by email is the organizer’s legitimate interest pursuant to Art. 6 (1) lit. f) GDPR (in Germany in conjunction with § 7 para. 3 UWG).


The contact details you provide when registering may also be used to send you postal advertising. You can object to this sending of postal advertising at any time by contacting the respective organizer using the contact details provided for the organizer. The reference to this right of objection will be repeated in every postal letter.


The legal basis for sending postal advertising is the organizer’s legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. The legitimate interest is the implementation of direct marketing measures to market the events and services of the organizer.

4. JOB OFFERS AND APPLICATIONS

We collect and process the personal data transmitted to us by an applicant for the purpose of carrying out the application procedure. The data requested as mandatory fields are required for the application process. All other information is voluntary. Applicant data is only made accessible to those persons and positions in our company who prepare the hiring decision or are involved in it.

If we conclude an employment contract with an applicant, the data provided will be processed for the purpose of implementing the employment relationship in compliance with the statutory provisions.

If an employment relationship is established, we store the applicant data for as long as it is required for the employment relationship and to the extent that legal regulations justify an obligation to store it.

If no employment contract is concluded with an applicant, we store the applicant data for a maximum of three months on the basis of our legitimate interest in enabling the defense of claims or a function of preserving evidence in accordance with applicable equal treatment and anti-discrimination laws. After expiry of this period, the application documents are deleted unless the applicant has expressly consented to longer storage.

The legal basis for the processing of application documents is Art. 6 (1) lit. b) GDPR.

If the applicant has given us separate consent, we will store the data submitted as part of the application in our applicant pool for a further 2 years after the end of the application process in order to identify future positions of potential interest to the applicant and, if necessary, contact the applicant in this regard. After this period, the data will be deleted.

Such consent to the storage of application data in our applicant pool can be revoked at any time for the future. To do so, please send us an email to the contact details provided above.

The legal basis for the storage of application documents in our applicant pool is, if applicable, the applicant's consent pursuant to Art. 6 (1) lit. a) GDPR.

5. VIDEO CONFERENCES AND WEBINARS

If you participate in a video conference, webinar or online meeting etc. organized by us. (hereinafter "video conferences") organized by us, we process your personal data in the course of your participation.

When you participate in a video conference, various categories of data are processed. The scope of the data also depends on the data you provide before or during participation in a video conference.


If you participate in a video conference organized by us, you usually have to provide at least a name when registering. However, you can also use a pseudonym. Your IP address will also be processed to enable your participation and login information and device/hardware information will be stored. Your email address and profile picture will also be processed, if provided. If you dial in by phone, your phone number and IP address, if any, will be processed.


To enable participation in the video conference, data from your terminal's microphone and any terminal video camera and, if you share your screen, information from this "screenshare" is processed. You can switch off or mute the camera or microphone yourself at any time. You always decide yourself whether and which parts of your screen are shared.


Audio and video recordings of the video conference can be made. In this case, MP4 files of all video, audio and presentation recordings are processed. There will always be an indication of the recording if one is made and, if necessary, the explicit consent of the participants to the recording will always be obtained.


You may have the opportunity to use the chat, question or survey functions in a video conference. In this respect, the text entries you make are processed in order to display them in the video conference and, if necessary, to record them.


Insofar as personal data of our employees is processed, § 26 BDSG (German Federal Data Protection Act) is the legal basis for data processing, insofar as German law is applicable to the processing of employee data.


If German law is not applicable to the processing of employee data or if, in connection with participation in video conferences, the processing of personal data is not necessary for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of participation in a video conference, our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR is the legal basis for the data processing. In these cases, our legitimate interest is in the effective implementation of video conferences.


Furthermore, the legal basis for data processing when conducting video conferences is Art. 6 (1) lit. b) GDPR, insofar as the meetings are conducted in the context of contractual relationships or with a view to initiating a contractual relationship (for example, in the case of video conferences with our clients in the context of the implementation of a project or participation in a webinar).


Furthermore, the legal basis for data processing in the context of your participation in a video conference organized by us is our legitimate interest pursuant to Art. 6 (1) lit. f) GDPR. Our legitimate interest in these cases is the effective implementation of video conferences.


We use one or more service providers as data processors to conduct video conferences on the basis of a daza processing agreement pursuant to Art. 28 GDPR.


The usage of such service providers may involve the transfer of personal data to a third country outside the EU without an adequate level of data protection. We provide appropriate safeguards for such data transfers in accordance with Art. 46 GDPR. We will be happy to provide you with a copy of the appropriate safeguards (Standard Contractual Clauses/Standard Data Protection Clauses) at any time upon request. Please contact us using the contact details provided above.

6. GENERAL INFORMATION ON DATA PROTECTION

In the following we provide some general information on data protection. This applies to visiting our website, using the doo Event Management Platform to create events and, accordingly, registering for an event. For the registration for an event, this general information applies accordingly to the extent that the respective organizer is the controller of the personal data.


6.1 AGE RESTRICTION

This website is not intended or designed for use by children under the age of 16. We do not knowingly collect personally identifiable information from or about anyone under the age of 16.


6.2 RECIPIENTS OF DATA

Within our company, your data will be received by those internal departments or organizational units that need it to fulfil their tasks, where applicable to fulfil contracts with you, to process data with your consent or to protect our (overriding) legitimate interests.


Data will only be passed on to third parties within the framework of legal requirements. We only pass on your data to third parties if this is necessary, e.g., on the basis of Art. 6 (1) lit. b) GDPR for contractual purposes or to protect our legitimate interest in accordance with Art. 6 (1) lit. f) GDPR in the effective performance of our business operations.


Insofar as we use service providers or third-party providers in the context of providing the website and/or providing our services, we take appropriate legal precautions as well as corresponding technical and organizational measures to ensure the protection of your personal data.


If, in the course of providing the website and/or our services, we use content or tools from service providers or third-party providers whose registered office is in a third country, data is regularly transferred to a third country. Third countries are countries in which the GDPR is not directly applicable law, i.e., countries outside the EU or the European Economic Area. The transfer of data to third countries only takes place if either an adequate level of data protection, consent or other legal permission, in particular an appropriate guarantee in accordance with Art. 46 GDPR, exists.


It is possible that we acquire or sell the company or parts of the company or individual assets. Personal data may be transferred in connection with such a sale, merger, reorganization or similar event. In this case, your personal data will of course continue to be processed in accordance with this data protection information. The legal basis for such a transfer is a legitimate interest pursuant to Art. 6 (1) lit. f) GDPR in the effective implementation and further development of our business operations.


6.3 YOUR RIGHTS

You have the right to free information about your stored personal data, their origin and recipient and the purpose of data processing and a right to correction, blocking or deletion of this data. You also have the right to restrict the processing and to object to the processing.

You also have the right to receive your data, which we process automatically, handed over to you or to a third party in a common, machine-readable format.

In order to assert your rights, please contact respective controller, using the contact details provided.

You also have the right to lodge a complaint with the competent data protection supervisory authority.


6.4 WITHDRAWAL OF CONSENT

Some data processing operations are only possible with your express consent. You can withdraw your consent at any time. To do so, it is sufficient to send us an informal message by e-mail using the contact details provided above. The legality of the data processing carried out until the withdrawal remains unaffected by the withdrawal.


6.5 RIGHT TO OBJECT

INSOFAR AS YOUR DATA IS PROCESSED TO PROTECT OUR LEGITIMATE INTERESTS, AS EXPLAINED IN THIS PRIVACY POLICY, YOU MAY OBJECT TO THIS PROCESSING WITH EFFECT FOR THE FUTURE. TO DO SO, PLEASE CONTACT US USING THE CONTACT DETAILS PROVIDED ABOVE.

IN PRINCIPLE, YOU ONLY HAVE THIS RIGHT TO OBJECT IF THERE ARE GROUNDS ARISING FROM YOUR PARTICULAR SITUATION (ART. 21 (1) GDPR). AFTER EXERCISING YOUR RIGHT TO OBJECT, YOUR PERSONAL DATA WILL NO LONGER BE PROCESSED FOR THESE PURPOSES UNLESS WE CAN DEMONSTRATE COMPELLING LEGITIMATE GROUNDS FOR THE PROCESSING WHICH OVERRIDE YOUR INTERESTS, RIGHTS AND FREEDOMS, OR IF THE PROCESSING IS FOR THE PURPOSE OF ASSERTING, EXERCISING OR DEFENDING LEGAL CLAIMS.

IF THE PROCESSING IS FOR THE PURPOSES OF DIRECT MARKETING, YOU MAY EXERCISE YOUR RIGHT TO OBJECT AT ANY TIME (ART. 21 (2) GDPR) AND YOUR PERSONAL DATA WILL THEN NO LONGER BE PROCESSED FOR THE PURPOSES OF DIRECT MARKETING, REGARDLESS OF THE GROUNDS FOR THE OBJECTION.


6.6 OBLIGATION TO PROVIDE PERSONAL DATA

The provision of personal data is neither required by law nor by contract, and you are not obliged to provide personal data. However, the provision of personal data is required for the conclusion of a contract to the extent that certain details are mandatory in order to be able to conclude a contract.


6.7 AUTOMATED DECISION-MAKING

We do not perform automated decision-making, including profiling.


6.8 RETENTION AND DELETION

We adhere to the principles of data avoidance and data minimization. We therefore only store your personal data for as long as is necessary to achieve the purposes stated here or as required by the storage periods provided for by law.


If the storage purpose no longer applies or if a storage period provided for by law expires, the personal data will be blocked or deleted routinely and in accordance with the statutory provisions.


6.9 TECHNICAL AND ORGANIZATIONAL MEASURES OF DATA SECURITY

We take organizational, contractual and technical security measures in accordance with the state of the art to ensure that the provisions of the data protection laws are complied with and to protect the data processed by us against accidental or intentional manipulation, loss, destruction or against access by unauthorized persons.

Our website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as orders, inquiries or payment data, which you send to us.


6.10 CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend this Privacy Policy from time to time so that it always complies with current legal requirements or in order to implement changes to our services in this Privacy Policy, e.g. when we are introducing new services. Your renewed visit will then be subject to the updated Privacy Policy.



Share by: