Privacy Policy

This Privacy Policy contains information about the collection of personal data via the website of Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG https://www.kulturboerse-freiburg.de

1. Definitions and contact information

“Personal data” is all data that relates to you personally or can be related to you personally, for example your name, address, email addresses or user behaviour.

The data controller is Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG.
The data controller can be reached as follows:

Address: Neuer Messplatz 3, 79108 Freiburg                   
Phone: +49 761 3881 02
Fax: +49 761 3881 3006
Mail: messe.freiburg@fwtm.de
Web: www.fwtm.freiburg.de

The data Protection Officer of the FWTM Freiburg Wirtschaft Touristik und Messe GmbH & Co. KG ist the licensed lawyer for data protection Marc E. Evers.
The data controller can be reached as follows:

Address: DataSEKure Rechtsanwaltsgesellschaft mbH
Weilerstraße 9, 79252 Stegen
Phone: +49 761 3876955
Mail: datenschutz@datasekure.de

2. Purpose of data processing and legal basis

2.1. Collection of data in connection with event registration

When you register with us for an event, we collect the following information:

company data (company name, address, tax numbers etc.)
personal data (title, name, email address, telephone number) of managing directors, heads of sales and marketing, officers, contacts.

This data is collected to enable us to:

  • identify you as one of our exhibitors;
  • provide appropriate services for you;
  • contact you;
  • invoice you;
  • process any liability claims or assert any claims against you.

Your data are processed at your request; in accordance with Article 6 para. 1 sentence 1 (b) of the General Data Protection Regulation (GDPR). GDPR, this processing is necessary for the aforementioned purposes in order to ensure adequate organization of the event and the mutual fulfillment of obligations.

The personal data collected by us will be retained until the end of the statutory retention period, after which they will be deleted, unless we are obliged to retain the data for longer in accordance with Article 6 para. 1 sentence 1 (c) GDPR due to retention and documentation duties arising from tax or commercial law (the German Commercial Code HGB, German Criminal Code StGB or Fiscal Code of Germany AO), or unless you have given your consent to retention beyond this period in accordance with Article 6 para. 1 sentence 1 (a) GDPR.

2.2. Use of data when registering for the e-mail newsletter

2.2.1. You can choose to subscribe to our newsletter so that we can inform you about current interesting offers. The goods and services which are advertised in the newsletter are stated in the declaration of consent.

2.2.2. For newsletter subscriptions, rapidmail uses the “double opt-in” method. This means that, after you subscribe to the newsletter, an email will be sent to the email address you have provided asking you to confirm that you would like to receive the newsletter.
Your information will be stored by rapidmail until you confirm your subscription. The purpose of this procedure is to create proof of your subscription and to be able to resolve any potential misuse of your personal data.

2.2.3. The only information which we require in order to send the newsletter is your email address. Following your confirmation, rapidmail will store your email address as well as your IP address for the purpose of sending you the newsletter. The legal basis for this is Article 6 Paragraph 1 Sentence 1 (a) GDPR.

2.2.4. We use rapidmail to send our newsletter. Your data will therefore be transferred to rapidmail GmbH. However, rapidmail GmbH is prohibited from using your data for purposes other than dispatching the newsletter. rapidmail GmbH is not permitted to transfer or sell your information. rapidmail is a German certified newsletter software provider which we carefully selected in accordance with the requirements of the GDPR and the German Data Protection Act. A commissioned data processing agreement was concluded with rapidmail GmbH in compliance with Article 28 GDPR. 

2.2.5. You can withdraw your consent to the sending of the newsletter and unsubscribe from the newsletter at any time. You can withdraw consent by clicking on the link provided in every newsletter email (unsubscribe from newsletter), or by sending us a message using the contact information provided under “Imprint” on our website.

2.2.6. Please note that we will analyse your user behaviour when we send you the newsletter. To enable this analysis, the emails which we send contain “web beacons” or “tracking pixels”, which represent single-pixel image files that are stored on our website. To carry out the analysis, we combine the data listed in Section 2 and the web beacons with your email address and an individual ID. The data will only be collected in pseudonymised form, which means that the IDs will not be combined with other personal data belonging to you and it will not be possible to directly identify you.
The information will be stored for as long as you subscribe to the newsletter. With the exception of your email address, all stored personal data will be deleted after you unsubscribe.

2.3. Use of data for email advertising in the absence of a newsletter subscription, and your right to object
If we have obtained your email address in connection with the sale of a product or service and you have not objected, we reserve the right to regularly send you offers via email concerning products from our range which are similar to the item previously purchased. You can object to this use of your email address at any time by sending us a message using the contact details given above, or by clicking on the link provided for this purpose in the advertising email, without incurring any costs other than the transmission costs according to the basic rates. This serves to safeguard our legitimate interests, which are predominantly justified in the context of a weighing up of interests, in a promotional approach by our customers in accordance with Article 6 para. 1 sentence 1 (f) GDPR.

2.4. Use of data for postal advertising, and your right to object
Furthermore, we reserve the right to retain your name and surname, your postal address and – provided that we have received this additional information from you as part of the contractual relationship – your title, academic qualifications and professional title, industry description or trade name in databases or compiled lists, and to use this information for our own advertising purposes, for example to send interesting offers and information about our products by post. You can object to the retention and use of your data for these purposes at any time by sending us a message using the contact details given above. This serves to safeguard our legitimate interests, which are predominantly justified in the context of a weighing up of interests, in a promotional approach by our customers in accordance with Article 6 para. 1 sentence 1 (f) GDPR.

2.5. Collection of images or videos of individuals at events
Photos and videos are taken during events held in the rooms and open spaces used by Freiburg Wirtschaft und Touristik GmbH & Co. KG. As such, photos or videos may be taken in which individual visitors or organisers can be recognised. These photos and videos are collected for the purpose of presenting the events in brochures and press reports and on social media channels and FWTM websites.

This serves the purposes of our legitimate and, on balance, overriding interests in depicting the event for advertising purposes and in addressing our customers pursuant to Article 6 para. 1 sentence 1 (f) GDPR. We never use the data collected for the purpose of drawing conclusions about you.

You can find further explanations of your rights regarding photo and video recordings under Section 5 of this Privacy Policy.

2.6. Data collection in the Ticket Shop
If you purchase tickets for trade fairs or other events in our Ticket Shops, we will process the data which you have provided upon purchase. Data collection, processing and storage are carried out by our service provider A. Sutter Fair Business GmbH, Pretzfelder Str. 13, 90425 Nuremberg.

2.6.1. Why are my data being processed?
We process your data for the purpose of performance of a contract or in order to take steps prior to entering into a contract in advance of trade fairs or other events. In particular, we process your email address so that we can send you order confirmations and, if applicable, online tickets and inform you of any changes relating to the trade fair. We process your (company) name and your postal address so that we can send you your tickets, where available, for billing you and so that we can attribute your order exactly to your company. The legal basis regarding data you have provided in the compulsory boxes is Article 6 (1) b) of the GDPR, and with regard to data you have provided to us voluntarily it is your consent (Article 6 (1) (a) GDPR). We also process your data for purposes of market research and opinion polling for our own purposes. The legal basis is Article 6 (1) (f) GDPR. We have a legitimate interest in optimising the services we provide and adjusting them to your requirements.

2.6.2. For how long will the data be stored?
We will store your data for as long as is necessary to implement the contract. We may store much of your data at least until the contract is implemented and thereafter within the statutory limitation period of 3 years. We may, if necessary, store data up to the expiry of the maximum limitation periods for the purpose of asserting or defending against legal claims. If we are obliged to keep certain data, we have the right to store such data if necessary until the expiry of the custody periods mentioned in Section 257 of the German Commercial Code (Handelsgesetzbuch) and Section 147 of the German Tax Code (Abgabenordnung). The legal basis is Article 6 (1) (c) GDPR in conjunction with these laws. These periods last for up to 10 years.

2.6.3. Do I have to provide these data?
Our event is a voluntary offering. However, for your registration we will need you to provide us at least with your name and your email address, otherwise we will not be able to send you any confirmation of participation or ticket. For participation in the digital IKF and access to detailed programme and participant information, registration and publication of your data within the minimum scope of name, company and email address will be necessary. Your data will be published in the password-secured area where they will be visible only to other registered participants.

2.7 Processing directories
The respective processing activity of personal data is recorded in so-called processing directories.


3. Purpose of data processing and legal basis

3.1. Collection of personal data during visits to the website
When the website is used purely for information purposes, i.e. when you visit our website, we do not process any personal data, with the exception of the data that your browser transfers to enable you to visit the website. This means that we only store access data in files known as server log files, which are stored until they are automatically erased. Access data includes:

  • IP address
  • Date and time of access
  • Time difference from Greenwich Mean Time (GMT)
  • Content of the request (specific page)
  • Access status / HTTP status code
  • Quantity of data transmitted
  • Website from which the request comes
  • Browser
  • Operating system and interface
  • Language and version of browser software.

We process the data listed for the following purposes:

  • To ensure the website can establish a smooth connection
  • To ensure the website can be used comfortably
  • To evaluate system security and stability, and
  • For other administrative purposes.

The legal basis for data processing is Article 6 para. 1 sentence 1 (f) of GDPR. Our legitimate interest is derived from the data collection purposes listed above. We never use the data collected for the purpose of drawing conclusions about you.

We also use cookies and analytical services when you visit our website. Further details on this can be found in Sections 3.2 and 3.3 of this Privacy Policy.

3.2. Cookies

3.2.1. We use cookies on our website. These are small files that your browser automatically creates and that are stored on your device (laptop, tablet, smartphone, etc.) when you visit our website. Cookies do not harm your device, and do not contain viruses, Trojans or other malware.

3.2.2. Cookies store information that is generated in connection with the specific device used. However, this does not mean that we can directly identify you.

3.2.3. Session cookies are deleted immediately after leaving the website. Temporary cookies remain stored on your end device for a certain defined period of time. Permanent cookies remain stored on your terminal device until you or the web browser deletes them.

3.2.4. Cookies have various functions. Many cookies are technically necessary for the error-free functioning of the website. The data processed by cookies is required for the purposes mentioned above to safeguard our legitimate interests and those of third parties in accordance with Article 6 para. 1 sentence 1 (f) GDPR. Furthermore, we do not use cookies that are absolutely necessary. These enable us to optimise the user-friendliness of our website, anonymously evaluate the use of our website and display personalised advertising. The legal basis for this is your consent in accordance with Article 6 para. 1 sentence 1 (a) GDPR.

3.2.5. If we obtain your consent to store cookies, your data will be processed exclusively on the basis of this consent in accordance with Article 6 para. 1 sentence 1 (a) GDPR. You can revoke your consent at any time.

3.2.6. You can configure your browser so that no cookies are stored or a message always appears before a new cookie is created. You can also exclude the acceptance of cookies in certain cases. You can also specify that the cookies are automatically deleted when you close the browser. However, completely deactivating cookies may mean that you cannot use all the functions of our website.

3.3 Consent Management Tool Usercentrics
In order to fulfill our obligations under data protection law, we use the consent management tool Usercentrics of Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, Germany ("Usercentrics").
Through the use of Usercentrics, website visitor data on consent given or revoked (opt-in ,opt-out data, consent ID, consent number, date and time of consent, implicit or explicit consent, banner language, customer preference, template version) and device data (device information, browser information (http agent, http referrer), anonymized IP address) are processed. This data is transmitted to Usercentrics.
The data processing is carried out in order to fulfill our legal obligations according to Article 6 para. 1 sentence 1 (c) GDPR. For more information on data processing at Usercentrics, please visit https://usercentrics.com/privacy-policy/
You can adjust your preferences at any time in our cookie settings.

3.4 Use of Google Analytics
We use the Google Analytics tracking tool from Google on our website. We use Google Analytics to evaluate your use of the website, to compile reports on the activities within this website and to provide other services related to the use of the website and thus to improve the user experience. When Google Analytics is used, the interactions of website visitors are primarily recorded and systematically evaluated with the aid of cookies. Details on the cookies used can be found in our cookie information. We use Google Analytics with the extension "anonymizeIp()". This shortens IP addresses within the member states of the EU or EEA. If a transmission to Google's servers in the USA takes place, the full IP address is only transmitted in exceptional cases and shortened there. A direct reference to a person is therefore generally excluded. In particular, an assignment to the called computer or terminal of the website visitor is no longer possible.

The following data is processed through the use of Google Analytics:

  • 3 bytes of the IP address of the called system of the website visitor (anonymized IP address),
  • the website called up,
  • the website from which the user reached the accessed page of our website (referrer),
  • the subpages accessed from the website,
  • the time spent on the website
  • the frequency with which the website is accessed.

Google states that it will not associate your IP address with any other data held by Google.
The legal basis for the data processing is your prior consent in accordance with Article 6 para. 1 sentence 1 (a) GDPR.

Revocation of your consent
You can revoke your consent at any time with effect for the future by adjusting your preferences in our cookie settings or the settings options at http://www.google.de/ads/preferences. Please also note the information on the use of data by Google in the Google Partner Network at: http://www.google.com/intl/de/policies/privacy/partners/

3.5. Use of social media plug-ins
Social media plug-ins (“plug-ins”) provided by social networks are used on our website. This serves the purposes of our legitimate and, on balance, overriding interests in optimal marketing of our range of products and services pursuant to Article 6 para. 1 sentence 1 (f) GDPR.

In order to strengthen the protection of your data when you visit our website, plug-ins are not directly integrated into the page but are embedded via an HTML link (using the “Shariff” solution developed by c’t). This means that, when you visit pages on our website containing plug-ins of this kind, this will not automatically create a connection with the servers of the social network provider in question. If you click on one of the buttons, a new browser window will open and will display the site of the relevant service provider, where you will be able to click the “like” or “share” button, for example (you may first need to enter your login details). Please consult the privacy statements of the service providers for information on the purpose and scope of data collection and the further processing and use of the data by the providers on their sites, as well as your rights in this regard and the settings which you can use to protect your privacy.

http://www.facebook.com/policy.php
https://help.instagram.com/155833707900388

Your data may be transferred to and stored on servers in the USA. We have no influence on this.

3.6. Embedding of YouTube videos

3.6.1. We have embedded YouTube videos in our online offering, which are stored at https://www.YouTube.com and can be played directly from our website. [These are all embedded in the “extended data privacy" mode, which means that no data about you as a user can be transmitted to YouTube if you do not play the videos. The data mentioned in Para. 2 will only be transmitted when you play the videos. We have no influence over this data transfer.]

The legal basis for the integration of YouTube videos is your consent according to Article 6 para. 1 sentence 1 (a) GDPR.

3.6.2. When you visit the website, YouTube receives the information that you have accessed the relevant sub-page of our website. In addition, the data mentioned in Para. 2 of this statement are transmitted. This takes place regardless of whether YouTube has provided a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be attributed directly to your account. If you do not wish them to be attributed to your YouTube profile, you will need to log out of YouTube before activating the button. YouTube stores your data as a user profile and uses them for the purposes of advertising, market research and/or needs-oriented design of its website. Such evaluation is carried out in particular (even for users who are not logged in) to enable provision of needs-oriented advertising and to inform other users of the social network about its activities on our website. You have a right to object to these user profiles being formed, but to exercise this right you must contact YouTube directly.

This information may be transmitted to Google's servers in the USA and stored there. We have no influence on this. The use of YouTube videos is in accordance with the conditions agreed upon by the German data protection authorities with Google. We have concluded a contract with Google for order processing.

3.6.3. You can get further information about the purpose and scope of data collection and processing by YouTube from its data privacy statement, where you can also get further information about your rights and configuration possibilities to protect your privacy:

https://www.google.de/intl/de/policies/privacy.

3.7. Data security
When you visit our website, your security is protected by the widely used SSL (Secure Sockets Layer) technology combined with the highest level of encryption which is supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. If an individual page of our website is being transmitted in encrypted form, the key or lock depicted in the lower status bar of your browser will be shown as closed or locked.

We also take appropriate technical and organisational safety precautions in order to protect your data against accidental or deliberate manipulation, partial or complete loss, destruction or unauthorised access by third parties. We are continuously improving our safety precautions in line with technological developments.

4. Duration of storage of your data

4.1. When you contact us by e-mail, the data you provide (your e-mail address, your name and your telephone number if applicable) will be stored by us in order to answer your questions. We delete the data arising in this connection after storage is no longer necessary or restrict processing if there are legal storage obligations.

4.2. The data stored by you will also be stored for the duration of the current business relationship with you or as long as necessary.
If this contractual relationship expires or if you make use of your rights under §6, your data will be treated in accordance with your exercise of your rights in the sense of §5, or deleted if necessary, unless longer retention periods are provided for by law.
In the event of statutory retention periods, the storage period of certain data can be up to 10 years, irrespective of the processing purposes.

5. Who receives your data

5.1. Your data will not be transferred to third parties without your explicit consent. We sometimes use external service providers to process your data. We carefully select and instruct these service providers, and they are bound to our instructions and are subject to regular checks. We will not transfer your personal data to third parties for any purposes other than those listed below.

We will only transfer your personal data to third parties if:

  • You have given express consent pursuant to Article 6 para. 1 sentence 1 (a) GDPR,
  • Data transfer is required for the establishment, exercise or defence of legal claims, and there is no reason to assume that you have an overriding legitimate interest in your data not being transferred, pursuant to Article 6 para. 1 sentence 1 (f) GDPR,
  • Transfer is necessary for compliance with a legal obligation pursuant to Article 6 para. 1 sentence 1 (c) GDPR, and
  • This is legally admissible and is necessary for the performance of a contract to which you are party pursuant to Article 6 para. 1 sentence 1 (b) GDPR.

Insofar as this is required in accordance with Article 6 para. 1 sentence 1 (b) GDPR for the organization of the event with you, your personal data will be transferred to third parties. This includes, in particular, the transfer of these data to co-organisers and their representatives as well as to companies or their representatives in the following fields:

  • Stand construction, service, technology, fittings
  • The media / publishers / communications / the internet
  • Authorities and other groups

These third parties may only use the transferred data for the purposes stated.

5.2. We may also pass on your personal data to third parties in the event that we offer special promotions, competitions, the conclusion of contracts or similar services in collaboration with partners. You will receive more detailed information on this when you provide us with personal data or in the description of the offer in question.

5.3. If any of our service providers or partners are headquartered in a state outside of the European Economic Area (EEA), we will inform you of the implications of this in the description of the offer.

5.4. Note on data transfer to the USA:
We have included tools from companies based in the USA on our website. Your personal data may be transferred to the US servers of these companies if these tools are active.
US companies are required to disclose personal information to security authorities. As a data subject, you have no right to object to this and cannot take legal action against it.
We cannot exclude the possibility that US authorities (e.g. secret services) may access, evaluate and permanently store your personal data on US servers.

We would therefore like to point out that the USA is not a safe third country in the sense of EU data protection law.

6. Rights of data subjects

You have the right:

  • to withdraw the consent once given to us at any time, in accordance with Article 7 para. 3 GDPR. This means that we will not be allowed to continue the data processing for which the consent was originally given;
  • to request information about your personal data which are processed by us, in accordance with Article 15 GDPR. In particular, you may request information about the processing purposes, the category of personal data, the categories of recipients to whom your data have been or are disclosed, the planned retention period, the existence of a right to correction, erasure, restriction of processing or objection, the existence of a right to make a complaint, the origin of your data, if they were not collected by us, and the existence of automated decision-making including profiling and any significant information regarding details of this;
  • to request the immediate correction or completion of your personal data which are stored by us, in accordance with Article 16 GDPR;
  • to request the erasure of your personal data which are stored by us, in accordance with Article 17 GDPR, insofar as the processing of these data is not required in order to exercise the right to freedom of expression and information, in order to fulfill a legal obligation, for reasons of public interest or in order to establish, exercise or defend legal claims;
  • to request a restriction on the processing of your personal data, in accordance with Article 18 GDPR, insofar as you contest the accuracy of the data, the processing of the data is unlawful but you oppose their erasure and we no longer require the data but you require them for the establishment, exercise or defense of legal claims, or you have filed an objection against the processing of the data in accordance with Article 21 GDPR;
  • to receive the personal data which you have provided to us, in a structured, commonly used and machine-readable format, or to request the transmission of these data to another controller, in accordance with Article 20 GDPR, and
  • to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR. As a general rule, you may lodge a complaint with the supervisory authority with jurisdiction over your habitual residence or place of work.

7. Right to object

Provided that your personal data are being processed on the basis of legitimate interests in accordance with Article 6 para. 1 sentence 1 (f) GDPR, you have the right to object to the processing of your personal data, in accordance with Article 21 GDPR, provided that there are reasons for this resulting from your particular situation.

To use your right to object, simply send an email to the address shown above.                

Last updated February 8, 2021

 


 

Save the date(s)

34th IKF 2022
23. – 26. Jan 2022

35th IKF 2023:
22. - 25. Jan 2023

Internationale
Kulturbörse
Freiburg

Mit freundlicher Unterstützung