Data protection policy of NürnbergMesse GmbH
Last update: 05/2022
We thank you for visiting our website and for your interest in our company. We are very serious about protecting your personal data. We process your data in accordance with the laws and regulations applicable to the protection of personal data, particularly including the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementing laws applicable to us. In this data protection policy, we provide you with comprehensive information about the processing of your data by NürnbergMesse GmbH and your rights in this respect.
Personal data is information that makes it possible to identify a natural person, particularly including the name, date of birth, address, telephone number, e-mail address and IP address.
Anonymous data is data from which no one can establish a personal connection to the user.
1. Controller and Data Protection Officer The controller according to the definition of the General Data Protection Act and other national data protection laws of the EU member states and other data protection regulations is: NürnbergMesse GmbH Exhibition Centre 90471 Nuremberg Germany +49 9 11 86 06-0 E-Mail: email@example.com Website: www.nuernbergmesse.de/en Contact information of the Data Protection Officer: firstname.lastname@example.org send enquiry
2. Your rights as a data subject First, we would like to inform you of your rights as a data subject. These rights are codified in Art. 15 - 22 EU-GDPR. They are: The right of access (Art. 15 EU-GDPR), The right to erasure (Art. 17 EU-GDPR), The right to rectification (Art. 16 EU-GDPR), The right to data portability (Art. 20 EU-GDPR), The right to restriction of data processing (Art. 18 EU-GDPR), The right to object to data processing (Art. 21 EU-GDPR). To assert these rights, please contact: email@example.com. Any questions about data processing in our company should be directed to the same e-mail address. You are also entitled to complain to the data protection supervisory authority.
3. Rights of objection Please note the following with respect to the rights of objection: When we process your personal data for purposes of direct advertising, you have the right to object to such data processing at any time without indication of reasons. The same applies to profiling to the extent that it is related to direct advertising. When you object to processing for purposes of direct advertising, we will no longer process your personal data for these purposes. You can notify you objection free of charge and without observing requirements of form, ideally at: firstname.lastname@example.org . In the event that we process your data for the sake of legitimate interests, you can object to such processing at any time for reasons having to do with your particular situation; the same applies to any profiling on the basis of these provisions. We will no longer process your personal data unless we can demonstrate compelling, legitimate reasons for the processing that override your interests, rights and freedoms, or when the processing serves the purpose of asserting, exercising or defending against legal claims.
4. Purposes and legal grounds of data processing In processing your personal data, we comply with the provisions of the EU-GDPR and all other applicable provisions of data protection law. The legal grounds for data processing are particularly set out in Art. 6 EU-GDPR. We use your data for business initiation, the fulfilment of contractual and statutory obligations, the performance of the contractual relationship, the offering of products and services and the strengthening of customer relationships, which can also include analyses for marketing and direct advertising purposes. This particularly includes the organisation of trade fairs, exhibitions, congresses and similar events and the operation of the Exhibition Centre Nuremberg. Specifically, we use data for the following purposes, although this list is not exhaustive: Order/payment processing Registration as exhibitor and/or visitor Purchase of tickets Redemption of coupons. Coupons can be redeemed online and an e-ticket can be printed out. That saves you wait times on site. Registration of future tickets “with a click”. For some trade visitor exhibitions pre-legitimation information is sent by e-mail or letter (legitimation of trade visitors), which makes it easier to purchase tickets the next time. Delivery, payment and online publication of trade fair directories and catalogues (e.g. exhibitors and products database). Verification of a person’s status as a trade visitor (trade visitor legitimation). Personalisation of ID cards in ID management: exhibitor IDs, assembly and disassembly IDs, tickets. Planning your trade fair visit on the basis of announcements and targeted trade information sent by e-mail and post. Smooth execution of your trade fair participation as an exhibitor by providing targeted information about service offers and services. Registration for newsletters. Voluntary participation in market and opinion research surveys. Review of conditions for the accreditation of media representatives and bloggers. Your consent is also required under data protection laws. In asking for your consent, we inform you about the purposes of data processing and your right to object. If the consent also refers to the processing of special categories of personal data, we will expressly inform you of this in the consent declaration. Processing of special categories of personal data within the meaning of Art. 9 para. 1 EU-GDPR is only done when required by statutory regulations and there is no reason to assume that your legitimate interests in preventing such processing are overriding.
5. Transfer to third parties We will transfer your data only within the limits of the statutory provisions or when you have granted your consent. Otherwise, your personal data will not be transferred to third parties unless we are obligated to do so by virtue of binding statutory regulations (transfer to external entities such as supervisory authorities or criminal prosecution authorities).
6. Recipients of data / categories of recipients Within our enterprise, we ensure that only those persons who need your personal data to fulfil our contractual and statutory obligations receive it. Because NürnbergMesse GmbH operates all over the world, we may possibly send your data to subsidiaries or international representatives of the NürnbergMesse Group, and specifically to the subsidiary or international representative that is located in your country or is responsible for your territory in order to process your order or request. In many cases, our departments are assisted in the performance of their duties by service providers and service partners, e.g. visitor registration processing, newsletter distribution, e-mailings, payment processing, order processing, credit check, web hosting, maintenance and analysis of data. All service providers and service partners have been carefully selected and the necessary data protection agreements have been concluded with all service providers and service partners. Personal data is processed by our service providers and service partners in compliance with the applicable data protection regulations for the provision of support and information to customers and interested parties and to provide the offered services. Your data will be transmitted to exhibitors in the following cases: When you use a coupon for your trade fair visit, you accept that the data you enter in your visitor registration will be transmitted to the exhibitor who has invited you to visit the trade fair free of charge. This can serve the purpose of billing the tickets between the exhibitor and NürnbergMesse GmbH, the inspection of the redeemed coupons and communication between exhibitors and their visitors. If you do not agree to this, you naturally have the option of purchasing your admission ticket at the cash desk without providing information. If you participate in so-called “lead tracking”. You participate in lead tracking when you allow an exhibitor to scan the bar code on your ticket while visiting an event. In a manner similar to providing a business card, scanning the bar code means that the contact data you provided in your visitor registration (company name, form of address, title, last name, first name, company, street address, postal code, post town, e-mail, possibly also sector information and other information provided by you) will be transmitted to the exhibitor, regardless of whether the exhibitor is from Germany, the EU or other third countries. Your participation in lead tracking is voluntary and will not take place without your further cooperation.
7. Transmission of data/ Intent to transmit data to third countries The transmission of data to third countries (outside of the European Union or the European Economic Area) is only done when this is necessary to fulfil our obligations or is legally required or when you have granted us your consent to do this. We may potentially transmit your personal data to subsidiaries or international representatives of NürnbergMesse GmbH outside of the European Economic Area: India, China, Brazil, United States. The international representatives of NürnbergMesse can be found on our website at www.nuernbergmesse.de/representatives . Compliance with the level of data protection is ensured, among other things, by the use of EU standard data protection clauses and - where necessary - by additional guarantees. The service providers are obligated by corresponding contractual regulations to comply with the data protection standards and thus the data protection level of the EU. Data processing or storage in third countries may also take place on the basis of your consent (Art. 49 para. 1 p. 1 letter a EU-GDPR), in which case you will be informed of this separately when obtaining your consent.
8. Duration of data storage We will store your data for as long as needed for the given processing purpose. Please note that numerous retention periods require that data continues to be stored. We are particularly required to do this by retention obligations under commercial law or tax law (e.g. German Commercial Code, Tax Code, etc.). Data is routinely erased as soon as no further retention obligations are in effect. Furthermore, we may store your data when you have granted us your consent to do this or in the event of legal disputes, when we use the data as evidence for purposes of statutory limitation periods, which can last up to three years; the regular limitation period is three years.
9. Secure transmission of your data We employ appropriate technical and organisational safeguards to protect the data stored with us as well as possible against accidental or intentional manipulations, loss, destruction or access by unauthorised persons. The level of security is continually reviewed and adapted to meet new security standards in collaboration with security experts. Data transfers from and to our website are always encrypted. As the transmission protocol for our websites, we offer HTTPS and we always use the latest encryption protocols. It is also possible to use alternative communication channels (e.g. postal service).
10. Obligation to provide data Some personal data is necessary for the establishment, performance and termination of the obligation and the fulfilment of the related contractual and statutory obligations. The same applies to the use of our website and the various functions it provides. We summarised the details in the section above. In certain cases, data must also be collected and/or provided due to statutory provisions. Please note that it is not possible to process your request or perform the underlying contractual obligations without having this data provided to us.
11. Categories, sources and origin of data The data we process is determined by the context: This depends, for example, on whether you place an order online or make a request to send us a job application or submit a complaint in our contact form. Please note that we may also separately provide information for special processing situations in an appropriate place, as when uploading job application documents or making a contact request, for example. When you visit our website and web shops, we collect and process the following data: Name of the Internet service provider Information about the website you visited before visiting us Web browser and operating system used The IP address assigned by your Internet service provider Requested files, transmitted data quantity, downloads/ file exports Information about the web pages you access on our websites, including dates and times For technical security reasons (particularly to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6 para. 1 letter F EU-GDPR. After 7 days at the latest, the data is anonymised by shortening the IP address so that no link to the user can be established. When you make a contact request, we collect and process the following data: Last name, first name Contact data (Email address) Title Indications of desired information When you place an order, we process the following data: Title Last name, first name Date of birth Shipping address Billing address E-mail address Data that may be permissibly processed from other sources When you file online job applications, we collect and process the following data: Last name, first name Address Contact data Application data We also use data that we have permissibly obtained from publicly available directories (e.g. professional networks). For newsletters, we collect and process the following data: Title Last name, first name E-mail address
12. Contact form/ Contact by e-mail (Art. 6 para. 1 letter a, b EU-GDPR) Contact form / contact by e-mail NürnbergMesse GmbH A contact form that can be used for contacting us electronically is available on our website. When you write to us using the contact form, we will process the data you enter into the contact form to contact you and answer your questions and wishes. In this respect, we observe the principle of data minimisation and data avoidance in that you only need to enter the data that we absolutely need to contact you. That includes your e-mail address and the message field itself. In addition, your IP address is also processed as a matter of technical necessity and for legal protection. All other data is requested in optional fields and can be provided optionally (e.g. to answer your questions more specifically in relation to you). If you contact us by e-mail, we process the personal data communicated in the e-mail only for the purpose of processing your request. Contact form for direct contact with exhibitors In the exhibitors and products database on our website, you will find a specific contact form for each exhibitor that can be used to establish direct electronic contact with the exhibitor. If you write to the exhibitor using the contact form, the data entered into the entry form will be directly transmitted to the exhibitor and stored there. The exhibitor will process the data entered into the contact form for scheduling appointments, making contact and answering your questions and wishes. In this process, the principle of data minimisation and data avoidance is observed in that you only need to enter the data which the exhibitor definitely needs from you. This includes your e-mail address and the message field itself. In addition, your IP address will be processed as a matter of technical necessity and to legally protect your IP address. All other data are voluntary fields and can be indicated optionally (e.g. to answer your questions in a more individualised way).
13. Newsletter (Art. 6 para. 1 s. 1 letter a EU-GDPR) You can also subscribe to a free newsletter on our website. The e-mail address indicated in the newsletter application and your name will be used for sending you the personalised newsletter. In this respect, we observe the principle of data minimisation and data avoidance in that the only mandatory field is your e-mail address (and potentially your name, in the case of a personalised newsletter). As a matter of technical necessity and for legal protection, your IP address is also processed when you order the newsletter. Naturally, you can always terminate the subscription by exercising the cancellation option provided in the newsletter, thereby revoking your consent. It is also possible to cancel your newsletter subscription directly in our website.
14. Online Exhibitor Shop / TicketCenter (Art. 6 para 1 s. 1 letter b EU-GDPR) If you do not consent to further use, we will process the data you entered into the order form only for the purpose of performing or executing the contractual relationship. The principle of data minimisation and data avoidance is observed in that you only need to enter the data that we absolutely need to perform the contract and fulfil our contractual obligations (thus, your name, address, e-mail address and the payment data required for the chosen form of payment), or data that we are legally required to collect. As a matter of technical necessity and for legal protection, your IP address will also be processed. Without this data, we would unfortunately have to refuse the contract or terminate an existing contract because we would not be able to perform it. Naturally, you can provide more data if you wish. We offer exhibitors the option of registering with us by providing personal data. A particular advantage of registration is that you can view your order history and store the data you have entered into the order from so that when you place another order, you will not need to enter it again. Registration is therefore possible either to perform a contract with you (via our online shop) or to take pre-contractual measures. When the registration process is completed, your data will be stored with us so that you can use the protected customer section. As soon as you log in to our website with your e-mail address as your user name and password, this data will be provided for the actions you perform on our website (e.g. orders in our online shop). Orders that have been filled can be viewed in the order history. You can enter changes to the billing or shipping address here. Registered persons are at liberty to make their own changes or corrections to the billing or shipping address in the order history. Our Customer Service will also gladly make such changes or corrections when you contact them. Naturally, you can always cancel the registration and delete your customer account.
15. Advertising purposes with established customers (Art. 6 para. 1 s. 1 letter f EU-GDPR) We have an interest in cultivating customer relationships with our exhibitors and visitors and providing you with information and offers about our own similar events and services. Therefore, the data transmitted upon submitting the application (company name, address, telephone/ fax number and e-mail address) is processed by us and possibly by our service partners so that we can send you event-related information and offers by e-mail, in accordance with Art. 6 para. 1 s. 1 letter f EU-GDPR. If you do not want this, you can object to the use of your personal data for direct advertising purposes at any time; the same applies to profiling to the extent that it is related to direct advertising. When you notify your objection, we will no longer process your data for this purpose. The objection can be notified without observing formal requirements and without indication of reasons and without incurring separate costs aside from customary transmission costs at standard rates. It should be directed to NürnbergMesse GmbH, Exhibition Centre, 90471 Nuremberg, or email@example.com .
16. Job application portal (Art. 6 para. 1 s. 1 letter a, b, Art 9 para. 2 letter a EU-GDPR) We are pleased with your interest in working for NürnbergMesse GmbH. We are well aware of the importance of your data and will process the personal data you provide in the application form only for the purpose of effectively and correctly handling the application process and communicating with you in connection with the application process. Your data will not be transferred to third parties without your consent. When filling out the application form, you will be asked to submit personal data. In this respect, we observe the principle of data minimisation and data avoidance in that you only need to indicate the data we need to completely review your application materials, such as your curriculum vitae for example, or data which we are legally required to collect. This mandatory information is marked with an asterisk (*). As a matter of technical necessity and for legal protection, your IP address will also be processed. Without this data, we will unfortunately not be able to review your application materials and for this reason our application system will not permit you to upload your application materials. Naturally, you are at liberty to provide the voluntary information in the application form. We employ appropriate safeguards to protect the security and confidentiality of your data as well as possible. Our application system will transmit your application documents to us in encrypted form. We will store your data for the aforementioned purpose until the application process is completed and the related time periods have expired, and at the latest six months after you are notified of our decision. However, you will have the option of storing your application materials with us for a longer period of time and checking them against other vacant positions that match your profile. You can provide the consent we need for this purpose by checking the box before uploading your application materials. In this case, we will store your data for 12 months. Naturally, you can always revoke your consent with future effect without indication of reasons by calling us at +49 9 11 86 06-0, sending us an e-mail at firstname.lastname@example.org or mailing us a letter to NürnbergMesse GmbH, Datenschutz Messezentrum, 90471 Nuremberg
18. Automated decision-making We do not employ purely automated processing procedures in making our decision.
23. Links to other providers Our website contains clearly recognisable links to the websites of other companies. When we link to the websites of other providers, we have no influence on their content. Therefore, we also assume no responsibility and liability for this content. Each provider or website operator is responsible for the content of these web pages. The linked pages were checked for potential legal violations and discernible infringements at the time when the links were placed. No unlawful content was discernible at the time of placing the links. However, we cannot be reasonably expected to permanently review the content of linked websites without concrete indications of a legal infringement. Such links are removed immediately when we become aware of legal infringements.
24. Video Conferencing Microsoft Teams (Art. 6 para. 1 letter b EU-GDPR) We use the video conferencing tool Microsoft Teams to communicate with our customers, business partners or exhibitors. We use this tool to conduct video conferences, telephone conferences or online meetings. Microsoft Teams is a service provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052-6399, USA). Microsoft Teams can be used either via your web browser or, alternatively, via the MicrosoftTeams app installed on your end device. When using Microsoft Teams, different types of data are processed. Which data is processed also depends on the information you provide. When using Microsoft Teams, your user data stored with Microsoft Teams (e.g. name, mail address, profile picture, language, etc.) will be processed. Furthermore, connection data (e.g. IP address) and metadata (e.g. meeting ID, phone numbers, dates, etc.) are collected. Finally, image and sound data from you will be processed. For this purpose, Microsoft Teams obtains access to the camera and microphone of your end device for the duration of the transmission, if you allow this. You can interrupt the image and sound transmission at any time. In addition, it is possible to make text entries (chat) and to transfer files together with their content (in the case of file exchange). A logging of the chat process does not take place. Likewise, no video or audio recording is made and is prohibited. If, in exceptional cases, a recording is to be made, the express consent of all persons concerned will be obtained in advance. The processing of data is carried out for the purpose of conducting video conferences and serves to carry out pre-contractual measures or contract performance, Art. 6 para. 1 letter b EU-GDPR. The data will only be stored for as long as is necessary to achieve the purpose and no legal retention obligations prevent deletion. Please note that the data may have to be stored for verification purposes based on legal retention obligations. In this case, the data will be deleted at the latest after expiry of the respective retention obligation. The processing of personal data takes place exclusively within the EU/EEA. Only in certain exceptional cases (e.g. creation of a support ticket), it cannot be excluded that personal data is also processed outside the EU/EEA. Microsoft is obligated by corresponding contractual regulations to comply with EU data protection standards and to guarantee the European level of data protection. The necessary contractual framework for data processing by Microsoft Teams has been concluded. Further information on data processing by Microsoft Teams can be found at: https://privacy.microsoft.com/de-de/privacystatementvv