Data protection statement for participants according to the European General Data Protection Regulation (GDPR)
The following information will give you an overview of how our company processes your personal data as well as your rights according to the GDPR.
1. Name and address of those responsible and data protection officer
The responsible party (“we”) in relation to the General Data Protection Regulation and other member state’s national data protection laws as well as other provisions related to data protection is:
VDI Wissensforum GmbH
Tel.: +49 (0)2116214-201
Name and address of the data protection officer
The responsible party’s data protection officer is:
TÜV Technische Überwachung Hessen GmbH
2. Data sources and nature of the use of personal data
We process personal data that we collect in relation to our business relationship with you as an interested party and/or as a participant in our events. During the business facilitation phase and during the business relationship itself, both you and our company generate personal data. This includes, as a rule:
Name, salutation, title, address, telephone number, fax number, email address, bank details, company (with tax number), department, position, attendance at an event, questions about an event, personal details of speakers (CV, qualification, contributions, interests).
Furthermore, we process personal data that we legally obtain from publically accessible sources (press, media, Internet, public event registers) or from other event participants that have been legally provided to us. This includes the following data:
Name, salutation, title, address, telephone number, fax number, email address, company (with tax number), department, position.
3. Purpose and legal basis for data processing
Your personal data is processed in accordance with applicable data protection provisions, in particular the GDPR and the German Federal data protection law (BDSG). Specifically, this is done for the following reasons and is subject to the following legal provisions:
a) On the basis of your consent in accordance with article 6, paragraph 1 sentence 1 lit. a DSGVO
If you have given us consent to process your data for specific purposes, such as subscription to our email service or to analyze usage of our email service, then we process your data on the legal basis of your consent. The scope and purpose of data processing is described in the corresponding consent agreement.
b) To fulfill contractual obligations according to article 6, paragraph 1 sentence 1 lit. a DSGVO
Personal data is processed to complete contracts and your name used to execute your participation in our events, to organize these events and to print in event particulars as well as publication on our website. Further information about the purposes and scope of the contractual services for which this data is processed can be found in the corresponding contracts and terms and conditions.
c) To fulfill legal requirements according to article 6, paragraph 1 sentence 1 lit. c DSGVO
As a company we are subject to various legal requirements in relation to tax checks and reporting. In order to fulfill these requirements, personal data is processed in relation to business facilitation and completion according to legal provisions.
d) In relation to weighing of interests according to article 6, paragraph 1 sentence 1 lit. f DSGVO
We process your data above and beyond the actual fulfillment of a contract to preserve our legitimate interests or those of third parties:
- Advertising about similar events by email or post, insofar as you have not objected to receive information about our current offers (our legitimate interest)
- Evaluation of events based on your feedback to optimize future events (our legitimate interest)
- Completion or correction of your information on the basis of voluntarily provided or legal obtain publically accessible information for the purpose of planning future events or to be able to address you more personally and to avoid sending you irrelevant information (our legitimate interest)
4. Who gets my data?
Your personal data is accessible to those parties that need them in order to fulfill contractual and legal obligations. This includes hotels and event venues as well as printers, if your data is required for the execution of an event and your booking. For bookings, we give your payment details to our bank. Event leaders and moderators receive speaker resumes in order to be able to introduce them. If service providers and executive aides are involved in data processing, then this is only possible if the provisions outlined in GDPR and BDSG are fulfilled.
5. Is my personal data transmitted to a ‘third country’?
In principle, transmission of your personal data to countries outside the EU or EEC only occurs when you have given us the permission to do so or if it is necessary for the fulfillment of a contract.
6. How long is my data stored?
Your personal data is processed and stored for as long as it is necessary to fulfill our contractual and legal obligations. Upon completion of contractual and legal provisions, personal data is regularly deleted. Exceptions include:
- Compliance with commercial and tax-related storage periods. The periods involved range from between two and ten years.
- Retention of evidence in relation to statutes of limitations. According to §§ 195 ff. of the citizen’s legal code, this can mean periods of up to 30 years. The regular statute of limitations is three years measured at the end of a calendar year.
7. What data protection rights do I have as a client?
You have the following rights in terms of your personal data:
- The right of disclosure
- The right of amendment or deletion
- The right to limit processing
- The right to object to processing
- The right of data transferability
In terms of rights to disclosure and deletion, the limitations of §§ 34 and 35 BDSG apply.
A right to lodge a complaint at a data protection agency continues to exist according to article 77 GDPR in combination with § 19 BDSG. This also applies to consent that has been given before the 25th of May 2018 (validity of the GDPR). Withdrawal takes effect in future. Processing of personal data before withdrawal of consent remains unaffected.
8. Obligation to provide data
The data we retrieve in relation to a business relationship and necessary for the fulfillment of contractual obligations must be provided. Provision also applies to data that we are required to obtain to fulfill legal provisions. If this data is not provided, then we are obliged to terminate our existing contractual relationship or reject cooperation with you. Specifically this applies to the following data:
Speaker: company, concat person, position, address, telephone number, email address
Exhibitors: company, concat person, address, telephone number, email addres
Sponsors: company, concat person, address, telephone number, email addres