The protection of your data is important to us. We only collect, store and use your data in accordance with legal requirements. Below you will be informed about the way we collect, store and process your data.
I. Name and address of the party responsible
The party responsible for the purposes of the General Data Protection Regulation, other EU countries’ national data protection statutes as well as other data protection provisions, is the:
II. Name and address of the Data Protection Officer
The Data Protection Officer of the party responsible is:
Frank A. Keller
Glöckner Keller Rechtsanwälte
III. General remarks on data processing
1. Scope of processing of personal data
As a matter of principle, we collect and use the personal data of our users only to the extent necessary for the provision of an operational website and our content and services. The routine collection and use of our users’ personal data takes place only after the user has given their consent. An exception applies in those cases in which a prior obtaining of consent is not possible for practical reasons and legal regulations permit the processing of the data.
2. Legal basis for the processing of personal data
Provided that we obtain the informed consent of the person concerned for the processing of personal data, Art. 6, para. 1, sub-para. a of the EU’s General Data Protection Regulation (DSGVO) serves as the legal basis.
In the case of the processing of personal data required for the fulfilment of a contract whose contracting party is the person concerned, Art. 6, para. 1, sub-para. b of the DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.
Insofar as a processing of personal data is necessary in order to comply with a legal obligation that our company is subject to, Art. 6, para. 1, sub-para c of the DSGVO serves as the legal basis.
In the event that the vital interests of the person concerned, or of another natural person, make a processing of personal data necessary, Art. 6, para. 1, sub-para. d of the DSGVO serves as the legal basis.
If the processing is necessary to maintain a legitimate interest of our company, or of a third party, and that interest does not outweigh the interests, fundamental rights and freedoms of the affected party, then Art. 6, para. 1, sub-para. f of the DSGVO serves as the legal basis for the processing.
3. Data deletion and retention period
The personal data of the person concerned will be deleted or blocked as soon as the purpose for retention is no longer applicable. In addition, retention can take place if this has been provided for by European or national legislators in EU legal regulations, statutes or other provisions to which the responsible party is subject. A blocking or deletion of data shall also take place when the retention period mandated in the stated guidelines expires, unless further data retention is necessary for the conclusion or fulfilment of a contract.
IV. Website provision and log file creation
1. Description and scope of data processing
Every time our website is visited, our system automatically captures data and information from the system of the computer involved.
The following data is collected in the process:
- (1) Information about the browser type and version used
- (2) The user’s operating system
- (3) The user’s IP address
- (4) The date and time of access
The data is also stored in the log files of our system. Retention of this data, together with other personal data of the user, does not take place.
2. Legal basis for the processing of data
The legal basis for the temporary storage of the data and log files is Art. 6, para. 1, sub-para. f of the DSGVO.
3. Purpose of the data processing
A temporary retention of the IP address by the system is necessary to enable the delivery of the website to the user's computer. This requires the user’s IP address to remain saved for the duration of the session.
Storage in log files is carried out to ensure the functionality of the website. In addition, the data is used by us for website optimisation and to ensure the security of our information technology systems. An analysis of the data for marketing purposes does not take place in this context.
In these purposes is also our legitimate interest in the processing of the data according to Art. 6, para. 1, sub-para. f of the DSGVO.
4. Retention period
The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. In the case of data collection for the provision of the website, this is the case when the session in question is concluded.
In the case of data retention in log files, this is the case after no later than 90 days. Retention exceeding this is possible. In this case, users’ IP addresses are altered so that it is no longer possible to match the visiting client.
5. Opting out and deletion option
The collection of data for website provision and the retention of data in log files is absolutely necessary for the operation of our website. Thus, there is no opportunity for opting out on the part of the user.
Description and scope of the data processing
Cookies are small text files which are saved in the internet browser or by the internet browser on the user's computer. If a user visits a web site, a cookie may be saved on the user's operating system. This cookie contains a distinctive character string which enables a unique identification of the browser when you revisit the website.
1. Description and scope of the data processing
On our website and Facebook page there is the option of subscribing to a free newsletter. In registering for the newsletter, the data from the input form is shared with MailChimp and ourselves (see point 2):
- Email address
- First name
- Last Name
- Title (gender)
Entering your first and last names as well as your gender is only used by us to optimise and personalise the content of our newsletter. If necessary, we may ask you to provide further details. These details will only be used for the customisation of the content to readers.
In addition, the following data is collected:
- Time of registration and confirmation
- IP address
The registration for the newsletter is logged by this data in order to be able to verify that the registration is in accordance with legal requirements.
In the same way, changes made to your profile are logged by MailChimp.
Registration is carried out using a so-called double opt-in procedure. After entering your email address you receive from us an email asking once more for your consent to receiving our newsletter.
This second confirmation helps to protect your email address from misuse.
The data collected is used solely for sending the newsletter.
If you purchase goods or services (tickets) on our website and in doing so provide your email address, this may subsequently be used by us for sending newsletters. In such a case, we will only send you direct marketing for our own similar goods or services.
2. Use of the mailing service provider “MailChimp”
Newsletter distribution takes place via the newsletter mailing platform “MailChimp” from the U.S. provider Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA.
MailChimp is a service which, among other things, allows the sending of newsletters to be organised and analysed. MailChimp has certification in accordance with the “EU-US Privacy Shield”. The “Privacy Shield” is an agreement between the European Union (EU) and the US which is intended to ensure compliance with European data protection standards in the US. The data collected in accordance with this advice is stored by MailChimp on servers in the US. MailChimp uses this data for the following purposes:
- The distribution of newsletters on our behalf
- Newsletter analysis on our behalf (e.g. to determine the recipients’ residential location)
- According to their own statements, MailChimp is able to use this information to improve its services (e.g. for the technical optimisation of newsletter distribution and display)
MailChimp does not use the data collected itself for making contact or for disclosure to third parties.
3. Statistical collection and analysis
Mailed newsletters contain a so-called “web beacon”. This is a pixel-sized file which is activated when the newsletter is opened from MailChimp’s server. This file collects the following technical information:
- Opening of the newsletter
- Time of accessing
- Links clicked on
In addition, technical information is retrieved which is not able to be matched to a particular user:
- IP address
- Browser type
- Operating system
4. Purpose of the data processing
This information is used to improve our service on the basis of technical data or the determination of the target group and their reading behaviour on the basis of their retrieval location (identifiable by their IP address) and access times. Individual users are not monitored or in any way analysed, either by us or by MailChimp. An analysis is only done to identify users’ reading habits and adapt the content to them, or to send differing content corresponding to users’ interests.
The user’s email address is collected for the purposes of mailing the newsletter. The collection of other personal data as part of the registration process is done to prevent the misuse of our services or the email address used.
5. Conclusion of a data processing agreement
We have entered into a so-called “data processing agreement” with MailChimp, in which we oblige MailChimp to protect our customers’ details and not to pass them on to third parties. This agreement may be viewed at the following link: https://mailchimp.com/legal/forms/data-processing-agreement/sample-agreement/
6. Online retrieval and data management
7. Legal basis for the processing of data
The legal basis for the processing of the data after registration for the newsletter by the user is the presence of the user’s consent (Art. 6, para. 1, sub-para. a of the DSGVO).
The legal basis for the distribution of the newsletter resulting from the sale of goods or services is Section 7, para. 3 of the Protection against Unfair Competition Act (UWG).
8. Retention period
The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. The user’s email address and their other above-mentioned details are therefore retained for as long as the newsletter subscription is active. After cancellation of the newsletter, the data is deleted both from our servers and from those of MailChimp.
9. Information about stored data
You can apply for information about your stored data at any time, free of charge.
You can access your profile using the link included at the bottom of every newsletter. There you can review, change or delete the details you have provided.
In addition, you can contact datenschutz(at)afag.de by email free of charge to receive information about your stored data.
10. Opting out and deletion option
The newsletter subscription can be cancelled at any time by the user concerned, free of charge. There is a corresponding link in every newsletter for this purpose. In addition, the link to your profile can be used to unsubscribe, which is also included in each newsletter.
Unsubscribing from the newsletter and the deletion of stored data can also be done free of charge at datenschutz(at)afag.de .
It is necessary to unsubscribe from the newsletter if you do not agree that your details will be shared with MailChimp for analytical purposes, or if you want to revoke your consent.
The legality of the data processing operations that have already taken place remains unaffected by this revocation. Data that we have retained for other purposes (e.g. ticket purchase) remains unaffected by this.
VII. Contact form and email contact
1. Description and scope of the data processing
On our website there is a contact form which can be used for getting in touch electronically. If a user takes up this option, then the details entered in the form will be passed on to us and saved. These details are:
- (1) Title
- (2) First and last name
- (3) Place of residence
- (4) Telephone, fax
- (5) Email
At the time of dispatch of the message, the following data will also be stored:
- (1) First name, surname, phone number, email, the message
- (2) The user’s IP address
- (3) The date and time of registration
- (4) Destination email
Alternatively, making contact via the email address provided is possible. In this case, the user’s personal details which are shared in the email will be stored.
There is no disclosure of data to third parties in this context. The data will be used exclusively for the processing of the conversation.
2. Legal basis for the processing of data
The legal basis for the processing of the data after registering to the newsletter by the user is the presence of the user’s consent (Art. 6, para. 1, sub-para. a of the DSGVO).
The legal basis for the processing of data shared in the course of sending an email shall be Art. 6, para. 1, sub-para. f of the DSGVO. If the aim of the email contact is the conclusion of a contract, then an additional legal basis for the processing is Art. 6 para. 1, sub-para. b of the DSGVO.
3. Purpose of the data processing
The processing of personal data from the form is done solely for dealing with the making of contact. In the event of the making of a first contact via email, there is also here the required legitimate interest in the processing of the data.
The other personal data processed during the sending process is intended to prevent the misuse of the contact form and ensure the safety of our information technology systems.
4. Retention period
The data will be deleted as soon as it is no longer required for the fulfilment of the purpose of its collection. For the personal data from the contact form’s input screen and that data that has been sent by email, this is then the case when the conversation in question with the user has finished. The conversation is considered finished when it can be gathered from the circumstances that the issue in question has been conclusively resolved.
The details additionally collected during the sending process will be deleted at the latest after a period of seven days.
5. Opting out and deletion option
The user has the option at any time to revoke his consent for the processing of personal data. If the user makes contact with us via email, they can opt out of the retention of their personal data at any time. In such a case, the conversation is not able to be continued.The revocation of consent and the opting out of retention can be stated in an email to firstname.lastname@example.org , or by letter to:
AFAG Messen und Ausstellungen GmbH
If you would like to only revoke your consent in part, or wish to only partially opt out of retention, please specify exactly to what area your request is limited, otherwise all data will be deleted which we are not legally obliged to retain. Please understand that we may need to verify your identity before complying with your request.
All personal data that was stored in the course of making contact will in this case be deleted.
VIII. Google Analytics/ Google-APIs
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses so-called “cookies” that are saved on your computer and which make an analysis of your use of our website possible.
In addition, this site uses Google APIs, a programme interface provided by Google. As part of this use, data can also be shared with Google, such as the IP address in particular.
The information on your use of this website generated by the cookie will usually be transferred and stored on a Google server in the US. However, in the case of the activation of IP anonymisation on this website, your IP address will be shortened beforehand by Google within the member states of the European Union or in other signatories to the agreement across the European Economic Area. Only in exceptional cases will the full IP address be transferred to a Google server in the US and shortened there. Google will use this information on behalf of the website owner to evaluate your usage of our website, to compile reports about your activities on the site, and to provide additional services relating to website and internet usage. The IP address transmitted from your browser as part of Google Analytics will not be amalgamated with any other data held by Google. You can prevent cookies from being stored by configuring your browser software accordingly. Please note, however, that you may not be able to fully access all the functions of this website if you choose to do so. Furthermore, you can prevent the data generated by the cookie regarding your use of this website (incl. your IP address) from being transmitted to and processed by Google by downloading and installing the browser plug-in available at the following link [tools.google.com/dlpage/gaoptout]. In view of the discussion about the use of analytic tools with full IP addresses, we would like to point out that this website uses Google Analytics with the extension “_anonymizeIp()” and as a result IP addresses will be further processed only in shortened form to prevent individual identification of a user.
IX. Links to other websites
The AFAG Messen und Ausstellungen GmbH makes links available to third party sites in particular areas. We have no influence on whether the operators of other websites comply with data protection regulations. Liability for the content and especially for damages which may result from the use or non-use of such proffered information rests solely with the provider of these websites. The AFAG Messen und Ausstellungen GmbH only reviews these websites at the time of creating the link. All subsequent changes are the responsibility of the provider.
X. Rights of the data subject
If personal data of yours is processed, then you are the data subject within the meaning of the DSGVO and you have the following rights vis-à-vis the party responsible:
1. Right to information
You can request confirmation from the party responsible whether personal data pertaining to you is being processed by us.
If such processing exists, you can then request the party responsible to disclose the following information:
- (1) the purposes for which the personal data is being processed;
- (2) the categories of personal data which are being processed;
- (3) the recipients, or categories of recipients, to whom the personal data pertaining to you has been disclosed or will still be disclosed;
- (4) the proposed period of retention of personal data pertaining to you or, if specific details relating to this are not feasible, the criteria for determining the retention period;
- (5) the existence of a right to correction or deletion of personal data pertaining to you, of a right to limitation of processing by the party responsible, or of a right to opt out of this processing;
- (6) the existence of a right of appeal to a regulatory authority;
- (7) all available information about the origin of the data, if the personal data was not collected from the data subject;
- (8) the existence of an automated decision-making process including profiling under Art. 22, paras. 1 and 4 of the DSGVO and - at least in these cases - informative information about the logic involved as well as the scope and the desired outcomes for the data subject of such processing.
You have the right to demand information as to whether or not the personal data pertaining to you is being shared with a third country or with an international organization. In this regard, you may request to be informed under Art. 46 of the DSGVO about appropriate guarantees in connection with this data sharing.
2. Right to correction
You have the right to correction and/or completion vis-à-vis the party responsible if the processed personal data pertaining to you is inaccurate, or incomplete. The party responsible shall undertake the correction without delay.
3. Right to limitation of processing
You may request a restriction to the processing of personal data pertaining to you under the following conditions:
- (1) if you dispute the accuracy of the personal data pertaining to you for a period that allows the party responsible to review the accuracy of the personal data;
- (2) the processing is unlawful and you decline the deletion of the personal data and you instead request a restricted use of the personal data;
- (3) The party responsible no longer requires the personal data for the purposes of processing, but requires it instead for the raising, exercise or defence of legal claims, or
- (4) if you have lodged an objection to processing under Art. 21, para. 1 of the DSGVO and it is not yet clear whether the party responsible’s legitimate reasons will prevail as compared to your reasons.
If the processing of personal data pertaining to you has been limited, this data may – aside from its retention – only be processed with your consent or for the raising, exercise or defence of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of the significant public interest of the European Union or of a Member State.
If the processing restriction was on account of the above-mentioned conditions, the party responsible will inform you before the restriction is lifted.
4. Right of deletion
a) Obligation to delete
You can request of the party responsible that the personal data pertaining to you be deleted immediately, and the party responsible is obliged to delete these details at once, unless one of the following reasons applies:
- (1) the personal data pertaining to you is, for the purposes for which it was collected or has in other ways been processed, no longer necessary.
- (2) you revoke your consent on which the processing was based under Art. 6, para. 1, sub-para. a or Art. 9, para. 2, sub-para. a of the DSGVO, and there is a lack of any legal basis for the processing.
- (3) You lodge an objection under Art. 21, para. 1 of the DSGVO against the processing and there are no overriding legitimate reasons for processing, or you lodge an objection under Art.21, para. 2 of the DSGVO against the processing.
- (4) personal data pertaining to you has been processed unlawfully.
- (5) the deletion of the personal data pertaining to you is required to comply with a legal obligation in accordance with European Union law or the law of the Member States to which the party responsible is subject.
- (6) personal data pertaining to you has been collected in relation to services offered by the information society under Art. 8, para. 1 of the DSGVO.
b) Information to third parties
If the party responsible has made the personal data pertaining to you public and if under Art. 17, para. 1 of the DSGVO it is obliged to delete them, then it shall take appropriate measures, taking into account the available technology and implementation costs, including of a technical kind, to inform the person responsible for data processing who processes the personal data that you as the data subject have requested from them the deletion of all links to this personal data or copies or replicas of this personal data.
There is no right to deletion if processing is necessary
- (1) for exercising the right to freedom of expression and information;
- (2) for the fulfilment of a legal obligation which requires processing in accordance with the law of the European Union or Member States, to which the party responsible is subject, or for the exercise of a task which is in the public interest or is made in the exercise of public authority which has been delegated to the party responsible;
- (3) on the grounds of public interest in the area of public health under Art. 9, para. 2, subsections h and i, as well as Art. 9, para. 3 of the DSGVO;
- (4) for archive purposes in the public interest, scientific or historical research purposes or for statistical purposes under Art. 89, para 1 of the DSGVO, to the extent that the law mentioned in section a) is expected to make the realisation of the objectives of this processing impossible or seriously impaired, or
- (5) for the raising, exercise or defence of legal claims.
5. Right to information
If you have asserted to the party responsible your right to correction, deletion or restriction of processing, it is obligated to communicate to all recipients to whom the personal data pertaining to you was disclosed the correction or deletion of this data or restriction to its processing, unless this proves impossible or would involve disproportionate effort.
You are entitled with respect to the party responsible to be informed about these recipients.
6. Right to data portability
You have the right to receive the personal data pertaining to you that has been made available by the party responsible in a structured, common and machine-readable format. You also have the right to share this data with another party responsible without interference from the party responsible to which the personal data was provided, if
- (1) the processing is based on a consent in line with Art. 6, para. 1, sub-para. a of the DSGVO or Art. 9, para. 2, sub-para. a of the DSGVO or on a contract in line with Art. 6, para. 1, sub-para. b of the DSGVO and
- (2) the processing takes place by means of automated procedures.
In exercising this right, you also have the right to effect that the personal data pertaining to you is directly transferred from one party responsible to another, insofar as this is technically feasible. The liberties and rights of other persons must not be infringed by this.
The right to data portability does not apply to the processing of personal data that is required for the exercise of a task which is in the public interest or is made in the exercise of public authority which has been delegated to the party responsible.
7. Right to objection
You have the right, for reasons related to your particular situation, to at any time lodge an objection to the processing of personal data pertaining to you which occurs on account of Art. 6, para. 1, sub-para. e or f of the DSGVO; this also applies to profiling based on these provisions.
The party responsible shall cease processing the personal data pertaining to you unless it can demonstrate compelling reasons, worthy of protection, for this processing, which outweigh your interests, rights and freedoms, or the processing is used for the raising, exercise or defence of legal claims.
If the personal data pertaining to you is processed in order to conduct direct marketing, then you have the right at any time to lodge an objection to the processing of the personal data pertaining to you for the purposes of advertising of this kind; this also applies to profiling, provided that it is connected to such direct marketing.
If you object to processing for the purposes of direct marketing, personal data pertaining to you will no longer be processed for these purposes.
In connection with the use of information society services, you have the option – regardless of Directive 2002/58/EG – to exercise your right of objection by means of automated processes in which technical specifications are used.
8. Right of revocation of the declaration of consent to data protection
You have the right to revoke your declaration of consent to data protection at any time. By revoking consent, the legality of the processing that took place prior to revocation remains unaffected.
9. Automated decision-making on a case-by-case basis, including profiling
You have the right to not solely be subject to a decision based on automated processing – including profiling – which can take legal effect with respect to yourself or in a similar way make a significant negative impact. This does not apply if the decision
- (1) is required for the conclusion or fulfilment of a contract between you and the party responsible,
- (2) is permissible on the basis of legal regulations of the EU or the Member States to which the party responsible is subject, and these legal regulations contain appropriate measures in order to safeguard your rights and freedoms as well as your legitimate interests or
- (3) is made with your explicit consent.
However, these decisions may not be based on special categories of personal data under Art. 9, para. 1 of the DSGVO, unless Art. 9, para. 2, sub-para. a or g of the DSGVO applies and adequate measures for the protection of your rights and freedoms, as well as your legitimate interests, have been taken.
With regard to the cases referred to in (1) and (3), the party responsible shall take appropriate measures in order to safeguard your rights and freedoms as well as your legitimate interests, to which shall belong at a minimum an individual’s right to obtain an intervention on the part of the party responsible, to present their own point of view and to challenge the decision.
10. Right to lodge a complaint with a regulatory authority
Regardless of any other administrative or legal remedy, you have the right to lodge a complaint with a regulatory authority, in particular in the Member State of your place of residence, place of work or the location of the alleged infringement, if you are of the opinion that the processing of personal data pertaining to you contravenes the DSGVO.
The regulatory authority with whom the complaint has been lodged shall inform the complainant about the status and outcome of the complaint, including the possibility of a judicial remedy, in accordance with Art. 78 of the DSGVO.