Back

Privacy policy

in accordance with the General Data Protection Regulation (GDPR)

Protecting your data is important to us. It goes without saying that we collect, store and use your data only in accordance with legal requirements. Below you will find information regarding the way in which we collect, store and process your data.

I. Name and Address of the Controller

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the Member States as well as other provisions of data protection law is:

AFAG Messen und Ausstellungen GmbH
Johann-Höllfritsch-Straße 20-22
90530 Wendelstein
Send email
Website: www.afag.de

II. Name and address of the Data Protection Officer

The Data Protection Officer of the controller is:

Frank A. Keller
Glöckner Keller Solicitors

Johannisstr. 5
90419 Nuremberg
Germany
Tel.: 0911/2550990
Send email

III. General Remarks on Data Processing

1. Scope of processing of personal data

As a matter of principle, we collect and use the personal data of our users only to the extent necessary for the provision of an operational website and our content and services. The routine collection and use of our users’ personal data takes place only after the user has given their consent. An exception applies in those cases in which a prior obtaining of consent is not possible for practical reasons and legal regulations permit the processing of the data.

2. Legal basis for the processing of personal data

Provided that we obtain the informed consent of the data subject for the processing of personal data, Art. 6 (1) (a) of the EU’s General Data Protection Regulation (DSGVO) serves as the legal basis.

In the case of the processing of personal data required for the fulfilment of a contract whose contracting party is the data subject, Art. 6 (1) (b) DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

Insofar as a processing of personal data is necessary in order to comply with a legal obligation that our company is subject to, Art. 6 (1) (c) DSGVO serves as the legal basis.
In the event that the vital interests of the data subject, or of another natural person, make it necessary to process personal data, Art. 6 (1) (d) DSGVO serves as the legal basis.

If the processing is necessary to maintain a legitimate interest of our company, or of a third party, and that interest does not outweigh the interests, fundamental rights and freedoms of the affected party, then Art. 6 (1) (f) DSGVO serves as the legal basis for the processing.

3. Data deletion and storage period

The personal data of the data subject will be deleted or blocked as soon as the purpose for storage is no longer applicable. In addition, storage can take place if this has been provided for by European or national legislators in EU legal regulations, statutes or other provisions to which the controller is subject. Blocking or deletion of the data also takes place when the storage period stipulated by the aforementioned standards expires, unless there is a need to prolong the storage of the data for the purpose of concluding or fulfilling the respective contract.

IV. Website Provision and Log File Creation

1. Description and scope of the data processing

Every time our website is visited, our system automatically captures data and information from the system of the computer involved.

The following data is collected in the process:

  1. Information about the browser type and version used
  2. The user’s operating system
  3. The user’s IP address
  4. The date and time of access

The data is also stored in the log files of our system. Storage of this data, together with other personal data of the user, does not take place.

2. Legal basis for the processing of data

The legal basis for the temporary storage of the data and log files is Art. 6 (1) (f) DSGVO.

3. Purpose of the data processing

A temporary storage of the IP address by the system is necessary to enable the delivery of the website to the user’s computer. This requires the user’s IP address to remain saved for the duration of the session.

Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used by us for website optimisation and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.

In these purposes is also our legitimate interest in the processing of the data according to Art. 6 (1) (f) DSGVO.

4. Storage period

The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the session in question is concluded.

In the case of data storage in log files, this is the case after no later than 90 days. Storage exceeding this is possible. In this case, users’ IP addresses are altered so that it is no longer possible to match the visiting client.

5. Opting out and deletion option

The collection of data for website provision and the storage of data in log files is absolutely necessary for the operation of our website. Thus, there is no opportunity for opting out on the part of the user.

Integration of Third-Party Providers to Display the Website

Globalsign’s Data Privacy Notice

Globalsign is a provider that issues SSL certificates. Our websites use such certificates issued by Globalsign in order to safeguard the authenticity of the website, among other things. To this end, we integrate the Globalsign seal into the footer of the website. The browser that you use needs to connect to Globalsign’s servers for this purpose. As a result, Globalsign will be informed that your IP address has been used to access our website. Globalsign is used in the interest of the security of the processing and the transparency of our online services. This constitutes a legitimate interest within the meaning of Section 6 (1) (f) GDPR.

The provider is

GMO GlobalSign Ltd.,
Springfield House
Sandling Road
Maidstone
ME14 2LP
United Kingdom

You can find Globalsign’s Data Privacy Notice at downloads.globalsign.com/acton/attachment/2674/f-089a/1/-/-/-/-/GlobalSign-Privacy-Policy-Jun-15-2017-v206.pdf

Google CDN’s Data Privacy Notice

Google CDN is a service for the delivery of static content such as frequently used script libraries, graphics and styling definitions. This mechanism serves to distribute the load and ensures accelerated page set-up overall. Specifically, we use Google CDN for the delivery of frequently used script libraries (“Angular”, “JQuery”) necessary for the proper functioning of this website. The browser you use needs to connect to Google CDN’s servers for this purpose. As a result, Google CDN will be informed that your IP address has been used to access our website. Google CDN is used in the interest of presenting our online services. This constitutes a legitimate interest within the meaning of Section 6 (1) (f) GDPR.

The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

You can find Google CDN’s Data Privacy Notice at www.google.com/policies/privacy/

Bootstrap CDN’s Data Privacy Notice

Bootstrap CDN is a service for the delivery of static content such as frequently used script libraries, graphics and styling definitions. This mechanism serves to distribute the load and ensures accelerated page set-up overall.Specifically, the Bootstrap CDN is used here for delivery of the Bootstrap library as well as static fonts used by this website for the front-end design. The browser you use needs to connect to Bootstrap’s servers for this purpose. As a result, Bootstrap will be informed that your IP address has been used to access our website. Bootstrap is used in the interest of presenting our online services. This constitutes a legitimate interest within the meaning of Section 6 (1) (f) GDPR.

The provider of Bootstrap CDN is MaxCDN DBA StackPath, privacy@stackpath.com.

You can find Bootstrap’s Data Privacy Notice at www.bootstrapcdn.com/privacy-policy/

Amazon CDN’s Data Privacy Notice

Amazon CDN is a service for the delivery of static content such as frequently used script libraries, graphics and styling definitions. This mechanism serves to distribute the load and ensures accelerated page set-up overall. Specifically, the Amazon CDN is used here for delivery of the PCI-DSS seal in the footer of the website.

The browser that you use needs to connect to Amazon’s servers for this purpose. As a result, Amazon will be informed that your IP address has been used to access our website. Amazon is used in the interest of presenting our online services as well as in the interest of transparency. This constitutes a legitimate interest within the meaning of Section 6 (1) (f) GDPR.

The provider is

Amazon Web Services, Inc.
410 Terry Avenue North
Seattle WA 98109
United States

You can find Amazon’s Data Privacy Notice at aws.amazon.com/de/privacy/

Cloudflare CDN’s Data Privacy Notice

Cloudflare CDN is a service for the delivery of static content such as frequently used script libraries, graphics and styling definitions. This mechanism serves to distribute the load and ensures accelerated page set-up overall.Specifically, we use Google CDN for the delivery of frequently used script libraries (“UnderscoreJS”, “Angular-filter.js”) necessary for the proper functioning of this website.The browser you use needs to connect to Cloudflare’s servers for this purpose. As a result, Cloudflare will be informed that your IP address has been used to access our website. Cloudflare is used in the interest of presenting our online services. This constitutes a legitimate interest within the meaning of Section 6 (1) (f) GDPR.

The provider is

Cloudflare, Inc.
101 Townsend St.
San Francisco, CA 94107

You can find Cloudflare’s Data Privacy Notice at www.cloudflare.com/security-policy/

Activated Google address completion

This website uses the Google Places API web service and Google’s automatic place completion.

To enable us to receive this information from Google, your IP address and your content entered will be transferred to Google.

The browser you use needs to connect to Google’s servers for this purpose. As a result, Google will be informed that your IP address has been used to access our website. Google is used in the interest of making it easier to fill in the input fields for place entry in our online service. This constitutes a legitimate interest within the meaning of Section 6 (1) (f) GDPR.

The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Further information on Google Places Api web services can be found in Google’s Data Privacy Statement:www.google.com/policies/privacy/

VI. Use of Cookies

Description and scope of the data processing

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses what are referred to as “cookies” that are saved on your computer and which make an analysis of your use of our website possible.

In addition, this site uses Google APIs, a programme interface provided by Google. As part of this use, data can also be shared with Google, such as the IP address in particular. (See point VIII for further information)

Our website does not use cookies.

Cookies are small text files which are saved in the internet browser or by the internet browser on the user’s computer. If a user visits a web site, a cookie may be saved on the user’s operating system. This cookie contains a distinctive character string which enables a unique identification of the browser when you revisit the website.

VII. Newsletter

1. Description and scope of the data processing

On our website and Facebook page there is the option of subscribing to a free newsletter. In registering for the newsletter, the data from the input form is shared with MailChimp and ourselves (see point 2):

  • Email address
  • First name
  • Surname
  • Title (gender)

Entering your first and last names as well as your gender is only used by us to optimise and personalise the content of our newsletter. If necessary, we may ask you to provide further details. These details will only be used for the customisation of the content to readers.

In addition, the following data is collected:

  • Time of registration and confirmation
  • IP address

The registration for the newsletter is logged by this data in order to be able to verify that the registration is in accordance with legal requirements.

In the same way, changes made to your profile are logged by MailChimp.

As part of the registration process, your consent for the processing of the data is obtained and this privacy policy referred to.

Registration is carried out using what is referred to as a double opt-in procedure. After entering your email address you receive from us an email asking once more for your consent to receiving our newsletter. This second confirmation helps to protect your email address from misuse.

The data collected is used solely for sending the newsletter.

If you purchase goods or services (tickets) on our website and in doing so provide your email address, this may subsequently be used by us for sending newsletters. In such a case, we will only send you direct marketing for our own similar goods or services.

2. Use of the mailing service provider “MailChimp”

Newsletter distribution takes place via the newsletter mailing platform “MailChimp” from the U.S. provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.

MailChimp is a service which, among other things, allows the sending of newsletters to be organised and analysed. MailChimp has certification in accordance with the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the US which is intended to ensure compliance with European data protection standards in the US. The data collected in accordance with this advice is stored by MailChimp on servers in the US. MailChimp uses this data for the following purposes:

  • The distribution of newsletters on our behalf
  • Newsletter analysis on our behalf (e.g. to determine the recipients’ residential location)
  • According to their own statements, MailChimp is able to use this information to improve its services (e.g. for the technical optimisation of newsletter distribution and display)

MailChimp does not use the data collected itself for making contact or for disclosure to third parties.

3. Statistical collection and analysis

Mailed newsletters contain what is referred to as a “web beacon”. This is a pixel-sized file which is activated when the newsletter is opened from MailChimp’s server. This file collects the following technical information:

  • Opening of the newsletter
  • Time of accessing
  • Links clicked on

In addition, technical information is retrieved which is not able to be matched to a particular user:

  • IP address
  • Browser type
  • Operating system

4. Purpose of the data processing

This information is used to improve our service on the basis of technical data or the determination of the target group and their reading behaviour on the basis of their retrieval location (identifiable by their IP address) and access times. Individual users are not monitored or in any way analysed, either by us or by MailChimp. An analysis is only done to identify users’ reading habits and adapt the content to them, or to send differing content corresponding to users’ interests.

The user’s email address is collected for the purposes of mailing the newsletter. The collection of other personal data as part of the registration process is done to prevent the misuse of our services or the email address used.

5. Conclusion of a data processing agreement

We have entered into a what is referred to as a “data processing agreement” with MailChimp, in which we oblige MailChimp to protect our customers’ details and not to pass them on to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/

6. Online retrieval and data management

There are cases in which we direct our newsletter recipients to the websites of MailChimp. For instance, our newsletters contain a link with which newsletter recipients can retrieve newsletters online (e.g. in case of display problems in their email programmes). Furthermore, newsletter recipients are able to amend their personal details at a later date, such as their email address, for instance. MailChimp’s Privacy Policy is likewise only available on their website.

We would like to point out in this regard that cookies are employed on MailChimp websites and thus personal data can be processed by MailChimp, their partners and the service providers they utilise (such as Google Analytics). We have no influence on this data collection. For further information, please refer to MailChimp’s Privacy Policy. We would like to point out as well the opt-out options with regards to data collection for advertising purposes on the websites http://www.aboutads.info/choices/ and http://www.youronlinechoices.com/ (for the European region).

7. Legal basis for the processing of data

The legal basis for the processing of the data after registration for the newsletter by the user is the presence of the user’s consent (Art. 6 (1) (a) DSGVO).

The legal basis for the distribution of the newsletter resulting from the sale of goods or services is Section 7 (3) of the Protection against Unfair Competition Act (UWG).

8. Storage period

The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. The user’s email address and their other above-mentioned details are therefore retained for as long as the newsletter subscription is active. After cancellation of the newsletter, the data is deleted both from our servers and from those of MailChimp.

9. Information about stored data

You can apply for information about your stored data at any time, free of charge.

You can access your profile using the link included at the bottom of every newsletter. There you can review, change or delete the details you have provided.

In addition, you can contact datenschutz(at)afag.de by email free of charge to receive information about your stored data.

10. Opting out and deletion option

The newsletter subscription can be cancelled at any time by the user concerned, free of charge. There is a corresponding link in every newsletter for this purpose. In addition, the link to your profile can be used to unsubscribe, which is also included in each newsletter.

Unsubscribing from the newsletter and the deletion of stored data can also be done free of charge at datenschutz(at)afag.de.

It is necessary to unsubscribe from the newsletter if you do not agree that your details will be shared with MailChimp for analytical purposes, or if you want to revoke your consent.

The legality of the data processing operations that have already taken place remains unaffected by this revocation. Data that we have retained for other purposes (e.g. ticket purchase) remains unaffected by this.

VIII. Contact Form and Email Contact

1. Description and scope of the data processing

On our website there is a contact form which can be used for getting in touch electronically. If a user takes up this option, then the details entered in the form will be passed on to us and saved. These details are:

  1. Title
  2. First and last name
  3. Place of residence
  4. Telephone, fax
  5. Email

At the time of dispatch of the message, the following data will also be stored:

  1. First name, surname, phone number, email, the message
  2. The user’s IP address
  3. The date and time of registration
  4. Destination email

As part of the registration process, your consent for the processing of the data is obtained and this privacy policy referred to.

Alternatively, making contact via the email address provided is possible. In this case, the user’s personal details which are shared in the email will be stored.

There is no disclosure of data to third parties in this context. The data will be used exclusively for the processing of the conversation.

2. Legal basis for the processing of data

The legal basis for the processing of the data after registering to the newsletter by the user is the presence of the user’s consent (Art. 6 (1)(a) DSGVO).

The legal basis for the processing of data shared in the course of sending an email shall be Art. 6 (1)(f) DSGVO. If the aim of the email contact is the conclusion of a contract, then an additional legal basis for the processing is Art. 6 (1)(b) DSGVO.

3. Purpose of the data processing

The processing of personal data from the form is done solely for dealing with the making of contact. In the event of the making of a first contact via email, there is also here the required legitimate interest in the processing of the data.

The other personal data processed during the sending process is intended to prevent the misuse of the contact form and ensure the safety of our information technology systems.

4. Storage period

The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. For the personal data from the contact form’s input screen and that data that has been sent by email, this is then the case when the conversation in question with the user has finished. The conversation is considered finished when it can be gathered from the circumstances that the issue in question has been conclusively resolved.

The details additionally collected during the sending process will be deleted at the latest after a period of seven days.

5. Opting out and deletion option

The user has the option at any time to revoke his consent for the processing of personal data. If the user makes contact with us via email, they can opt out of the storage of their personal data at any time. In such a case, the conversation is not able to be continued.

The revocation of consent and the opting out of storage can be stated in an email to datenschutz(at)afag.de,

or by letter to:

AFAG Messen und Ausstellungen GmbH
Johann-Höllfritsch-Straße 20-22
90530 Wendelstein

. If you would like to only revoke your consent in part, or wish to only partially opt out of storage, please specify exactly to what area your request is limited, otherwise all data will be deleted which we are not legally obliged to retain. Please understand that we may need to verify your identity before complying with your request.

All personal data that was stored in the course of making contact will in this case be deleted.

IX. Services from External Providers that are Used on our Website.

Google fonts

Type and scope of processing

We use Google Fonts from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as a service to provide fonts for our online offering. To obtain these fonts, you establish a connection to the servers of Google Ireland Limited, whereby your IP address is transmitted.

Purpose and legal basis

The use of Google Fonts is based on your consent in accordance with Art. 6 (1) (a) GDPR and s. 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), other appropriate safeguards have been agreed with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in their particulars (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage period

We cannot influence the specific storage period of the processed data, for this is determined by Google Ireland Limited. Further information can be found in Google Font’s Privacy Policy: https://policies.google.com/privacy.

Google Tag Manager

Type and scope of processing

We use the Google Tag Manager of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. Google Tag Manager is used to manage website tags via an interface, enabling us to control the precise integration of services on our website.

This allows us to integrate additional services in a flexible manner in order to analyse user access to our website.

Purpose and legal basis

The use of Google Tag Manager is based on your consent in accordance with Art. 6 (1) (a) GDPR and s. 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), other appropriate safeguards have been agreed with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, risks may exist that are unknown in their particulars (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage period

We cannot influence the specific storage period of the processed data, for this is determined by Google Ireland Limited. Further information can be found in Google Tag Manager’s Privacy Policy: https://marketingplatform.google.com/about/analytics/tag-manager/use-policy/.

Google Analytics

Type and scope of processing

We use Google Analytics from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland, as an analysis service for the statistical evaluation of our online offering. This includes, for instance, the number of visits to our online offering, the subpages visited and visitors’ length of stay.

Google Analytics uses cookies and other browser technologies to evaluate user behaviour and recognise users.

This information is used, among other things, to compile reports on website activity.

Purpose and legal basis

The use of Google Analytics is based on your consent in accordance with Art. 6 (1) (a) GDPR and s. 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), other appropriate safeguards have been agreed with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in their particulars (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage period

We cannot influence the specific storage period of the processed data, for this is determined by Google Ireland Limited. Further information can be found in Google Analytics’ Privacy Policy: https://policies.google.com/privacy.

Google Translate

Type and scope of processing

Our website offers the option of using the information provided in a different language. For this purpose, we use Google Translate (operated by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland). In addition to your IP address, the URL of the page you visit is also transmitted to Google. With Google Translate, the translation is displayed directly on the page there.

Purpose and legal basis

The use of Google Translate is based on your consent in accordance with Art. 6 (1) (a) GDPR and s. 25 (1) TTDSG.

We intend to transfer personal data to third countries outside the European Economic Area, in particular the USA. The data transfer to the USA is carried out in accordance with Art. 45 (1) GDPR on the basis of the European Commission’s adequacy decision. The US companies involved and/or their US subcontractors are certified in accordance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF).

In cases where no adequacy decision of the European Commission exists (including US companies that are not certified under the EU-U.S. DPF), other appropriate safeguards have been agreed with the recipients of the data within the meaning of Art. 44 et seq. GDPR. Unless otherwise stated, these are standard contractual clauses of the EU Commission in accordance with the Implementing Decision (EU) 2021/914 of 4 June 2021. A copy of these standard contractual clauses can be viewed at https://eur-lex.europa.eu/legal-content/DE/TXT/HTML/?uri=CELEX:32021D0914&from=DE.

In addition, before such a third country transfer, we obtain your consent in accordance with Art. 49 (1) sentence 1 (a) GDPR, which you give via the consent in the Consent Manager (or other forms, registrations, etc.). We would like to point out that in the case of third country transfers, there may be risks that are unknown in their particulars (e.g. data processing by security authorities in the third country, the exact scope and consequences of which for you we do not know, over which we have no influence and of which you may not become aware).

Storage period

We cannot influence the specific storage period of the processed data, for this is determined by Google Ireland Limited. Further information can be found in Google Translate’s Privacy Policy: https://policies.google.com/privacy.

Google AdSense

Type and scope of processing

This website uses Google AdSense, a service for the integration of Google Inc. ("Google") advertisements. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

Google AdSense uses what is referred to as “cookies”, text files that are stored on your computer and enable your use of the website to be analysed. Google AdSense also uses what is referred to as web beacons (invisible graphics). These web beacons enable information such as the visitor traffic on these websites to be evaluated.

The information generated by cookies and web beacons concerning your use of this website (including your IP address) and concerning the delivery of advertising formats is transferred to a Google server in the USA and stored there. This information may be passed on by Google to contractual partners of Google. However, Google will not merge your IP address with your other stored data.

Purpose and legal basis

The storage of AdSense cookies will take place on the basis of Art. 6 (1) (a) GDPR and only after you have granted us your express consent thereto. Furthermore, you can prevent the installation of cookies by setting your browser software accordingly. Please note however that, if you do so, you may not be able to fully use all the features of this website. By using this website, you agree to the data collected concerning you being processed by Google in the manner described above and for the purpose stated above.

Storage period

We cannot influence the specific storage period of the processed data, for this is determined by Google. Further information can be found in Google’s Privacy Policy: https://policies.google.com/privacy.

Google Analytics Remarketing

Type and scope of processing

Our websites use the Google Analytics Remarketing features in conjunction with the cross-device features of Google AdWords and Google DoubleClick. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

This feature enables the advertising target groups created using Google Analytics Remarketing to be linked to the cross-device features of Google AdWords and Google DoubleClick. In this way, interest-related, personalised advertising messages that have been adapted to you on the basis of your earlier usage and surfing behaviour on a device (e.g. mobile phone) can also be displayed on any of your other devices (e.g. tablet or PC).

Google will link your web and app browser history with your Google account for this purpose, provided that you have granted the relevant consent. In this way, the same personalised advertising messages can be shown on any of your devices that you use to log into your Google account.

To support this feature, Google Analytics collects users’ Google-authenticated IDs and temporarily links them to our Google Analytics data. This enables us to define and create target groups for cross-device advertising.

You can permanently opt out of cross-device remarketing/targeting by deactivating personalised advertising in your Google account. To do so, go to: www.google.com/settings/ads/onweb/.

Purpose and legal basis

The aggregation of the collected data in your Google account will take place exclusively on the legal basis of your consent, which you may grant Google or withdraw from Google (Art. 6 (1) a) GDPR). In the case of data collection operations not merged with your Google account (e.g. because you do not have a Google account, or you have opted out of this merging), the data are collected on the basis of Art. 6 (1) f) GDPR. The legitimate interest ensues from the fact that the website operator has an interest in anonymised analysis of the website visitors for advertising purposes.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in Google’s Privacy Policy: https://policies.google.com/privacy.

Google AdWords and Google Conversion Tracking

Type and scope of processing

This website uses Google AdWords. AdWords is an online advertising programme from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States ("Google").

We use what is referred to as conversion tracking as part of Google AdWords. When you click on an advertisement placed by Google, a cookie for conversion tracking will be placed on your device, provided that you have granted your consent thereto. Cookies are small text files installed by the web browser onto the user’s computer. These cookies become invalid after 30 days and do not serve personal identification of the users. If the user visits certain pages of this website, and the cookie has not yet expired, Google and we will be able to recognise that the user has clicked on the advertisement and has been redirected to this page.

Every Google AdWords customer receives a different cookie. The cookies cannot be tracked via the websites of AdWords customers. The information collected using the conversion cookie serves the purpose of generating conversion statistics for AdWords customers who have opted for conversion tracking. Customers receive information on the total number of users who have clicked on their advertisement and been redirected to a page containing a conversion tracking tag. However, they do not receive information that enables users to be personally identified. If you do not wish to participate in tracking, you can opt out of this use by simply deactivating the Google Conversion Tracking cookie via your web browser under user settings. You will then not be included in the Conversion Tracking statistics.

Purpose and legal basis

The storage of “conversion cookies” takes place on the basis of Art. 6 (1) a) GDPR. More information on Google AdWords and Google Conversion Tracking can be found in Google’s Data Privacy Policy: www.google.de/policies/privacy/.

You can set your browser to inform you about the setting of cookies and to allow cookies only on a case-by-case basis, or to decline the acceptance of cookies in certain cases or generally, and to automatically delete cookies when the browser is closed. If cookies are deactivated, the functionality of this website may be restricted.

Storage period

The specific storage period of the processed data cannot be influenced by us, but is determined by Google. Further information can be found in Google’s Privacy Policy: https://policies.google.com/privacy.

Revive AdServer

We use Revive-AdServer on our website on the basis of our legitimate interests in accordance with Art. 6 (1) (f) GDPR (interest in the cost-efficient operation of our online offering). Revive AdServer is an open source software tool for the integration and anonymised statistical analysis of advertisements (banners). Personal data, such as IP addresses, is neither collected nor processed or stored via the Revive AdServer.

Provider:
Revive Software and Services BV, Jonkersvaart 36, 9366 TC Jonkersvaart, The Netherlands;
Website: https://www.revive-adserver.net/
Privacy Policy: https://www.revive-adserver.net/privacy/
Detailed description of data processing: https://www.revive-adserver.com/privacy/personal-data/

The Revive AdServer stores cookies (text files) on your computer to control and measure the display of advertisements. A fixed, always identical, non-personal ID is stored in these cookies. The cookies (text files) are automatically exchanged between the web server and your web browser and are necessary for technical operation. Personal identification of a visitor does not take place and is not possible.

OAID cookies are stored on your computer for one year; the OAGEO cookie is a session cookie which is deleted when you close your browser. Revive AdServer also uses tracking pixels. These document the display frequency of our advertising material and stores it in our AdServer.

If you do not want Revive AdServer to store cookies, you have the option of preventing the installation of cookies via your browser settings (information on this can be found in your browser’s help function).

X. Usercentrics

Type and scope of processing

We have integrated Usercentrics on our website. Usercentrics is a consent solution from Usercentrics GmbH, Rosental 4, 80331 Munich, Germany, with which consent to the storing of cookies can be obtained and documented. Usercentrics uses cookies or other web technologies in order to recognise users and store the consent they have given or revoked.

Purpose and legal basis

Use of the service is based on the legally required consent to the use of cookies in accordance with Art. 6 (1 (c) GDPR.

Storage period

We are unable to influence the specific storage period of the processed data, for this is determined by Usercentrics GmbH. Further information can be found in the Privacy Policy for Usercentrics: https://usercentrics.com/privacy-policy/.

XI. Social Media

Sharing content via plugins (Facebook, Google+1, Twitter & Co.)

The content on our websites may, in a manner conforming to data protection law, be shared in social networks such as Facebook, Twitter or Google+.

No user data are automatically transferred to the operators of these platforms as a result of this tool. If the user is logged into one of the social networks and uses the social buttons on Facebook, Google+1, Twitter & Co., an information window where the user can confirm the text prior to sending it will appear.

Our users may, in a manner conforming to data protection law, share the content of this website on social networks without complete surfing profiles being created by the network operators.

Facebook plugins (like & share button)

Plugins from the social network Facebook, provider Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA, are integrated on our websites. You can recognise the Facebook plugins by the Facebook logo or the “Like” button on our website. An overview of the Facebook plugins can be found here: developers.facebook.com/docs/plugins/

When you visit our websites, a direct connection between your browser and the Facebook server will be established via the plugin. As a result, Facebook will be informed that you have visited our website from your IP address. If you click on the Facebook “Like” button whilst logged into your Facebook account, you will be able to link the content of our websites to your Facebook profile. As a result, Facebook will be able to associate your visit to our websites with your user account. Please note that we, as the provider of the websites, obtain no knowledge of the content of the data transferred or of how Facebook uses these data. You can find further information about this in Facebook’s data privacy statement at: de-de.facebook.com/policy.php

If you do not want Facebook to associate your visit to our websites with your Facebook user account, please log out of your Facebook user account.

LinkedIn plugin

Our website uses features of the network LinkedIn. The provider is LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

Every time one of our websites containing LinkedIn features is accessed, a connection to LinkedIn servers is established. LinkedIn will be informed that you have visited our website from your IP address. If you click on LinkedIn’s “Recommend” button and are logged into your account with LinkedIn, it will be possible for LinkedIn to associate your visit to our website with your user account. Please note that we, as the provider of the websites, have no knowledge of the content of the data transferred or of how LinkedIn uses these data.

You can find further information about this in LinkedIn’s Data Privacy Statement at: www.linkedin.com/legal/privacy-policy

XING plugin

Our website uses features of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany.

Every time one of our websites containing XING features is accessed, a connection to XING servers is established. As far as we are aware, no personal data are stored in the course thereof. In particular, no IP addresses are stored, and no usage behaviour is evaluated.

Further information relating to data protection and the XING share button can be found in XING’s Data Privacy Statement at: www.xing.com/app/share

XII. Links to other websites

The AFAG Messen und Ausstellungen GmbH makes links available to third party sites in particular areas. We have no influence on whether the operators of other websites comply with data protection regulations. Liability for the content and especially for damages which may result from the use or non-use of such proffered information rests solely with the provider of these websites. The AFAG Messen und Ausstellungen GmbH only reviews these websites at the time of creating the link. All subsequent changes are the responsibility of the provider.

XIII. Visitor registration and passing on of your personal data

So as to comply with the General Data Protection Regulation, your personal data provided during registration will be passed on for marketing purposes, including making contact (also via email), to event exhibitors whose content you have viewed on the website or whose presentations or webinars you have attended. This also applies to the personal data that you voluntarily provide in your profile. It is at the sole discretion and responsibility of the exhibitor how and whether to use the submitted data set for contacting an attendee. The personal data provided will also be collected and processed by AFAGMessen und Ausstellungen GmbH itself for these stated purposes. The legal basis for the sharing of the personal data you provide is based on your consent in accordance with Art. 6 (1) (a) GDPR, which you gave when registering.

XIV. Rights of the data subject

If personal data of yours is processed, then you are the data subject within the meaning of the DSGVO and you have the following rights vis-à-vis the controller:

1. Right to information

You can request confirmation from the controller whether personal data pertaining to you is being processed by us.

If such processing exists, you can then request the controller to disclose the following information:

  1. the purposes for which the personal data is being processed;
  2. the categories of personal data which are being processed;
  3. the recipients, or categories of recipients, to whom the personal data pertaining to you has been disclosed or will still be disclosed;
  4. the proposed period of storage of personal data pertaining to you or, if specific details relating to this are not feasible, the criteria for determining the storage period;
  5. the existence of a right to correction or deletion of personal data pertaining to you, of a right to limitation of processing by the controller, or of a right to opt out of this processing;
  6. the existence of a right of appeal to a regulatory authority;
  7. all available information about the origin of the data, if the personal data was not collected from the data subject;
  8. the existence of an automated decision-making process including profiling under Art. 22, paras. 1 and 4 DSGVO and – at least in these cases – informative information about the logic involved as well as the scope and the desired outcomes for the data subject of such processing.

You have the right to demand information as to whether or not the personal data pertaining to you is being shared with a third country or with an international organization. In this regard, you may request to be informed under Art. 46 DSGVO about appropriate guarantees in connection with this data sharing.

2. Right to correction

You have the right to correction and/or completion vis-à-vis the controller if the processed personal data pertaining to you is inaccurate, or incomplete. The controller shall undertake the correction without delay.

3. Right to limitation of processing

You may request a restriction to the processing of personal data pertaining to you under the following conditions:

  1. if you dispute the accuracy of the personal data pertaining to you for a period that allows the controller to review the accuracy of the personal data;
  2. the processing is unlawful and you decline the deletion of the personal data and you instead request a restricted use of the personal data;
  3. the controller no longer requires the personal data for the purposes of processing, but requires it instead for the raising, exercise or defence of legal claims, or
  4. if you have lodged an objection to processing under Art. 21 (1) DSGVO and it is not yet clear whether the controller’s legitimate reasons will prevail as compared to your reasons.

If the processing of personal data pertaining to you has been limited, this data may – aside from its storage – only be processed with your consent or for the raising, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of the significant public interest of the European Union or of a Member State.

If the processing restriction was on account of the above-mentioned conditions, the controller will inform you before the restriction is lifted.

4. Right of deletion

a) Obligation to delete

You can request of the controller that the personal data pertaining to you be deleted immediately, and the controller is obliged to delete these details at once, unless one of the following reasons applies:

  1. the personal data pertaining to you is, for the purposes for which it was collected or has in other ways been processed, no longer necessary.
  2. you revoke your consent on which the processing was based under Art. 6 (1) (a) or Art. 9 (2) (a) DSGVO, and there is a lack of any legal basis for the processing.
  3. You lodge an objection under Art. 21 (1) DSGVO against the processing and there are no overriding legitimate reasons for processing, or you lodge an objection under Art.21 (2) DSGVO against the processing.
  4. personal data pertaining to you has been processed unlawfully.
  5. the deletion of the personal data pertaining to you is required to comply with a legal obligation in accordance with European Union law or the law of the Member States to which the controller is subject.
  6. personal data pertaining to you has been collected in relation to services offered by the information society under Art. 8 (1) DSGVO.

b) Information to third parties

If the controller has made the personal data pertaining to you public and if under Art. 17 (1) DSGVO it is obliged to delete them, then it shall take appropriate measures, taking into account the available technology and implementation costs, including of a technical kind, to inform the person responsible for data processing who processes the personal data that you as the data subject have requested from them the deletion of all links to this personal data or copies or replicas of this personal data.

c) Exceptions

There is no right to deletion if processing is necessary

  1. for exercising the right to freedom of expression and information;
  2. for the fulfilment of a legal obligation which requires processing in accordance with the law of the European Union or Member States, to which the controller is subject, or for the exercise of a task which is in the public interest or is made in the exercise of public authority which has been delegated to the controller;
  3. on the grounds of public interest in the area of public health under Art. 9 (2) (h) and (i), as well as Art. 9 (3) DSGVO;
  4. for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes under Art. 89 (1) DSGVO, to the extent that the law mentioned in section a) is expected to make the realisation of the objectives of this processing impossible or seriously impaired, or
  5. for the raising, exercise or defence of legal claims.

5. Right to information

If you have asserted to the controller your right to correction, deletion or restriction of processing, it is obligated to communicate to all recipients to whom the personal data pertaining to you was disclosed the correction or deletion of this data or restriction to its processing, unless this proves impossible or would involve disproportionate effort.

You are entitled with respect to the controller to be informed about these recipients.

6. Right to data portability

You have the right to receive the personal data pertaining to you that has been made available by the controller in a structured, common and machine-readable format. You also have the right to share this data with another controller without interference from the controller to which the personal data was provided, if

  1. the processing is based on a consent in line with Art. 6 (1) (a) DSGVO or Art. 9 (2) (a) DSGVO or on a contract in line with Art. 6 (1) (b) DSGVO and
  2. the processing takes place by means of automated procedures.

In exercising this right, you also have the right to effect that the personal data pertaining to you is directly transferred from one controller to another, insofar as this is technically feasible. The liberties and rights of other persons must not be infringed by this.

The right to data portability does not apply to the processing of personal data that is required for the exercise of a task which is in the public interest or is made in the exercise of public authority which has been delegated to the controller.

7. Right to objection

You have the right, for reasons related to your particular situation, to at any time lodge an objection to the processing of personal data pertaining to you which occurs on account of Art. 6 (1) (e) or (f) DSGVO; this also applies to profiling based on these provisions.

The controller shall cease processing the personal data pertaining to you unless it can demonstrate compelling reasons, worthy of protection, for this processing, which outweigh your interests, rights and freedoms, or the processing is used for the raising, exercise or defence of legal claims.

If the personal data pertaining to you is processed in order to conduct direct marketing, then you have the right at any time to lodge an objection to the processing of the personal data pertaining to you for the purposes of advertising of this kind; this also applies to profiling, provided that it is connected to such direct marketing.

If you object to processing for the purposes of direct marketing, personal data pertaining to you will no longer be processed for these purposes.

In connection with the use of information society services, you have the option – regardless of Directive 2002/58/EG – to exercise your right of objection by means of automated processes in which technical specifications are used.

8. Right of revocation of the declaration of consent to data protection

You have the right to revoke your declaration of consent to data protection at any time. By revoking consent, the legality of the processing that took place prior to revocation remains unaffected.

9. Automated decision-making on a case-by-case basis, including profiling

You have the right to not solely be subject to a decision based on automated processing – including profiling – which can take legal effect with respect to yourself or in a similar way make a significant negative impact. This does not apply if the decision

  1. is required for the purpose of concluding or fulfilling a contract between you and the controller,
  2. is permissible on the basis of legal regulations of the EU or the Member States to which the controller is subject, and these legal regulations contain appropriate measures in order to safeguard your rights and freedoms as well as your legitimate interests or
  3. is made with your explicit consent.

However, these decisions may not be based on special categories of personal data under Art. 9 (1) DSGVO, unless Art. 9 (2) (a) or (g) DSGVO applies and adequate measures for the protection of your rights and freedoms, as well as your legitimate interests, have been taken.

With regard to the cases referred to in (1) and (3), the controller shall take appropriate measures in order to safeguard your rights and freedoms as well as your legitimate interests, to which shall belong at a minimum an individual’s right to obtain an intervention on the part of the controller, to present their own point of view and to challenge the decision.

10. Right to lodge a complaint with a regulatory authority

Regardless of any other administrative or legal remedy, you have the right to lodge a complaint with a regulatory authority, in particular in the Member State of your place of residence, place of work or the location of the alleged infringement, if you are of the opinion that the processing of personal data pertaining to you contravenes the DSGVO.

The regulatory authority with whom the complaint has been lodged shall inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy, in accordance with Art. 78 DSGVO.