Status from 01.12.2021
Controller and data protection officer
Purposes and legal basis for the processing of personal data
Which personal data is processed?
Duration of storage of your personal data
Recipients of data
· How are cookies used?
· Your options regarding cookies and legal basis for cookie use
Other special processing
· Editorial Newsletters (e.g. by E-Mail) and E-Mail success measurement
· Online meetings, Conference calls, and web-based seminars via "zoom"
· Google maps
Controller and data protection officer
Mesago Messe Frankfurt GmbH (‘Mesago’), Rotebühlstr. 83 – 85, 70178 Stuttgart, Germany, email: email@example.com (hereinafter also referred to as ‘we’) is the controller responsible for processing personal data in connection with this website and the services provided through it within the meaning of the EU General Data Protection Regulation (GDPR). If you have any questions or comments relating to data protection, please contact the data protection officer of Mesago Messe Frankfurt GmbH (address: see above, email: firstname.lastname@example.org).
Purposes and legal basis for the processing of personal data
As part of the range of services we offer, we process personal data concerning you in order to provide customer-oriented services. Wherever possible, we will give you the opportunity to decide freely which data you wish to share with us.
We will process your data for the purposes described below on the legal basis indicated in each case:
We require your consent for certain processing purposes and we will request this from you separately at the relevant points. In these cases, our legal basis for processing your data is Article 6(1)(a) GDPR. For instance, this is the case when we carry out direct advertising by phone or email. Additionally, you can sign up to receive further editorial newsletters, such as by email, as part of some of our services. For more information, including on your right to withdraw your consent, see the section Editorial newsletters (e.g. by email) and email performance measurement.
If a contract is concluded between us, we will process your data in order to perform the contract on the basis of Article 6(1)(b) GDPR. This is necessary for the following purposes in particular:
- Purchasing of products or services for which a contractual relationship is established with you
- Registration for events (online/offline), e.g. public or private trade fairs or events. In this case, we will process your personal data in order to help participants to plan, sign up for, participate in and follow up on an event and to provide them with all necessary and useful information.
- Registration on portals and use of information services, e.g. to provide specialist information with which you can learn more about the products and services on offer in each sector or provide more information about your own products and services
- Personalisation of our website in order to provide you with an excellent user experience when you use our portals:
- Provision of specific services such as advice on the development and execution of advertising campaigns and advice on how to optimise the success of your advertisements, as well as the enrichment of your customer master data, market research, advice on and the execution of events for customers or employees, agency services and communication services.
- Provision of the service in order to enable you to carry out your own advertising on our communication channels, e.g. in our printed products, on our online portals, in our newsletters or as a partner in connection with exhibitions or other events.
- Processing and billing if you use one of our premium services.
In cases other than those listed above, the processing is based on the need to protect our legitimate interests pursuant to Article 6(1)(f) GDPR, especially to provide customer-oriented services and advertise identical and similar products from our range. In these cases, data is processed for the following purposes:
- To advertise products and services and to provide users and customers with information more effectively based on their interests and requirements.
- To tailor our website to the needs of users.
- To assess the success of our advertising.
- Market research, e.g. in the form of online surveys.
- To attract new customers.
- To get in touch in order to promote events.
- To send email advertisements promoting similar goods or services if we have received your email address from you through the sale of goods or services (see Section 7(3) of the German Act Against Unfair Competition (UWG)).
If the processing is based on our legitimate interests, you have a right to object (see Your rights below).
We are required by mandatory statutory regulations to collect and process certain data. In this case, the processing is based on Article 6(1)(c) GDPR. This is the case, for example, if we are required by law to disclose data to law enforcement agencies or if we are required by statutory regulations, such as those of commercial or tax law, to retain data for a specific period of time.
Which personal data is processed?
In order to optimise our products and services, we may also store data that, for instance, is publicly available online from your company, or check that your data is up to date by comparing it against data from suitable freely available databases. This is predominantly done using automated technical processes based on crawling technology.
Some data is also transferred automatically. For example, your computer automatically sends us information such as your IP address, browser type and the dates and times of your visits when you use our online portals. We require this data in order to optimise how our website is displayed by your hardware.
Duration of storage of your personal data
We will store your data for as long as is necessary to provide our services and/or execute the contract with you or for as long as we have a legitimate interest in continuing to store the data.
Where we process data on the basis of your consent or one of our legitimate interests and receive your withdrawal of consent or objection, the data in question will no longer be processed for the related purpose and will be erased unless exceptions are provided for by law. This notwithstanding, any data to which retention obligations apply under commercial or tax law will be erased when the statutory deadlines expire. Finally, the duration of storage is also determined by the statutory limitation periods which, for example, can be up to 30 years under Section 195 et seq. of the German Commercial Code (BGB), although the regular limitation period is three years.
Under certain circumstances, it will be necessary to store your data for even longer if, for example, a ban is imposed on the deletion of the data for the duration of official or judicial proceedings.
Recipients of data
In some cases, we rely on service providers to process personal data on our behalf. By means of a data processing agreement, we have bound these service providers to us such that they may only process the data for our business purposes and in line with our instructions. First and foremost, the service providers include technical service providers (including affiliates) which maintain, host and support our IT infrastructure, including this website, and service providers which send emails, carry out lead campaigns and perform other marketing activities.
Tracking and other cookie technology service providers
Disclosure of your data to third parties
With your consent, we also share your data with customers whose services you have accessed on one of our online portals (e.g. the white paper of a certain manufacturer). When you access the service, we will notify you of the company in question and, when downloading, you can decide whether or not you wish to consent to the use of your data by that company and download that third-party service. These companies are themselves controllers within the meaning of the data protection legislation. This sharing of data is only for the purposes of advertising, market research and opinion surveys.
Articles and other published information about the authors can be accessed by registered users all over the world. When articles are published on digital media, they can be found using search engines and linked with other information, which may facilitate the creation of personality profiles in relation to the authors. If you consent to being published, the content can ‘multiply’ as the original publication is shared; we have no influence over sharing by users and the content may be used for purposes over which we have no control.
Data transfers to third countries
As a rule, we do not transfer your data to other countries, third countries (i.e. countries that are not members of the European Union or the European Economic Area) or international organisations. However, in exceptional cases, data may be transferred to third countries if this is necessary for the performance of services for you, required by law or you have consented to it. Some of the service providers that process personal data for us are situated in third countries that do not offer the same level of protection for your personal data as in the EU, whether due to a lack of laws, a lack of rights or a lack of regulation in those countries. Some recipients, especially the providers of social media channels or registered users who process your data, are also situated in such third countries. Personal data is only transferred to such third countries outside of the EU if the European Commission has decided that there is an adequate level of protection for personal data (Article 45(3) GDPR; see here) or if safeguards as described in Article 46 GDPR have been provided for, especially standard data protection clauses adopted by the European Commission in accordance with point (c) of Article 46(2) GDPR (see here). You can request a copy of these (e.g. by email) – see Controller and data protection officer above for contact information.
Additionally, information on any transfer of your data to third countries is available in the privacy policies of the recipients that transfer data to third countries. You can also find information on this in the section “Settings” of our cookie management tool, where our cookie-based processing is explained.
Where the statutory criteria have been met, you have the following rights under Articles 12 to 21 GDPR as a data subject:
|Information:||You have the right to request information about the data concerning you we have stored as well as the scope of our processing and transfer of the data, and to a copy of the personal data concerning you which we have stored.|
|Rectification:||You have the right to request the immediate rectification of stored personal data concerning you if the data is incomplete or inaccurate.|
|Erasure:||You have the right to request the immediate erasure of stored personal data concerning you if the statutory criteria have been met. In particular, this is the case when Your personal data is no longer required for the purposes for which it was collected; Your consent was the only legal basis for the processing and you have withdrawn it; You have objected to processing on the basis of legitimate interests (Article 6(1)(f) GDPR) for personal reasons and we are unable to prove that there are overriding legitimate reasons to process the data; Your personal data has been processed unlawfully; Your personal data must be erased in order to comply with statutory requirements. If we have shared your data with third parties, we shall notify them of the erasure where we are required to do so by law. Please take note of the limitations of your right to erasure. For example, we are not able to erase data that we are required to continue storing due to statutory retention periods. Furthermore, your right to erasure does not apply to data that we require for the establishment, exercise or defence of legal claims.|
|Restriction of processing:||You have the right to demand the restriction of processing if one of the following criteria has been met: You contest the accuracy of the personal data and we need to verify the accuracy of the personal data. The processing is unlawful and you oppose the erasure of the personal data and request the restriction of its use instead. We no longer need your personal data for the purposes of the processing, but you need the data for the establishment, exercise or defence of legal claims. You have objected to the processing pending verification of whether our legitimate grounds override yours. If processing has been restricted, the data will, with the exception of storage, be blocked centrally and only processed with your consent or for the purposes of establishing, exercising or defending legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the EU or an EU Member State.|
|Data portability:||If we process your personal data which you have provided to us on the basis of your consent or a contract with you (including your employment contract) automatically, you have the right to receive the data in a structured, commonly used and machine-readable format and to transmit this data to another controller without hindrance from us. You also have the right to have the personal data transferred directly from us to another controller, where technically feasible.|
|Objection:||If we process your personal data on the basis of a legitimate interest or in the public interest, you have the right to object to the processing of your data for personal reasons. Furthermore, you have an unrestricted right to object if we process your data for our direct marketing. Please take note of our separate notice under ‘Your right to object’ below.|
|Complaint:||You also have the right to lodge a complaint with a supervisory authority in accordance with Article 77 GDPR and Section 19 of the German Federal Data Protection Act (BDSG) if you consider that the processing of your personal data is unlawful. The right to lodge a complaint exists without prejudice to any other administrative or judicial remedy.|
Your right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is based on point (f) of Article 6(1) GDPR; this also applies to profiling based on these provisions.
We will no longer process the personal data concerning you unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or unless the processing is for the purposes of establishing, exercising or defending legal claims.
Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, your personal data will no longer be processed for these purposes.
In the context of the use of information society services, and Directive 2002/58/EC notwithstanding, you may exercise your right to object by automated means using technical specifications.
You can contact the joint controllers in order to exercise your rights. The contact information is available under ‘Controller and data protection officer’ and by email from email@example.com.
Cookies are files which are stored on your computer when you visit this website and which your browser ‘remembers’. A cookie is stored by your web browser and enables the website or a third-party provider to recognise you and optimise the website for you when you next visit. Cookies and tracking pixels enable us to provide you with our services more effectively and efficiently and optimise your experience on our website.
Tracking pixels are small graphics which are connected to our servers and enable us to track your use of our website and its features. We also use tracking pixels or GIF files to support online advertising and, where necessary, to measure the distribution of advertising media. This enables us to analyse the number of visitors to our website and which advertisements they clicked on. The information collected using cookies or GIF files does not contain your name, address, phone number or email address.
How are cookies used?
When you visit and use our website, a number of cookie files are saved in your web browser which are essential to the operation and presentation of our websites. These cookies are absolutely technically necessary, e.g. session cookies or cookies that store certain settings for your device (e.g. language, resolution, volume, page transitions). Additionally, we use not absolutely technically necessary cookies which are mainly implemented by third parties in order to compile statistics on the use of the website and to make our marketing efforts more targeted.
Detailed information regarding cookie-based applications can be found in the section “Settings” of our cookie management tool. You will find a list of cookies used on our websites in the section “Cookies” in our cookie management tool.
What options do you have with regard to cookies and on what legal basis are cookies used?
The legal basis for this permission-based cookie-based processing is § 25 para. 1 p. 1 TTDSG, art. 6 para. 1 letter a DS-GVO, otherwise art. 6 sec.1 lit. f GDPR (our legitimate interest in the purposes described in detail in our cookie management tool).
If you wish to erase cookies yourself or have your browser erase or block cookies, please visit the support page for your web browser and change its settings accordingly.
Other special processing
Editorial newsletters (e.g. by email) and email performance measurement
Users of our website can subscribe to free editorial newsletters. The data you are prompted to provide during the registration process is transferred to us:
- First name and surname
- Company name
- Business email address
- Job title
- Field of activity
- Career stage
- Main sector and sub-sector
- Company size
- Interests, if applicable
Additionally, the following (usually technical) data is collected when you log in:
- IP address of the computer accessing the website
- Date and time of registration
After a user registers, the legal basis for the processing of data is the performance of the contract in accordance with Article 6(1)(b) GDPR, or the user’s consent (Article 6(1)(a) GDPR). The same applies to sending the editorial newsletters; an additional legal basis is provided here by Section 7(2) no. 3 UWG.
We collect your email address in order to send you the newsletter. We collect other personal data as part of the registration process in order to prevent misuse of the services or of the email address you use.
The data is erased as soon as it is no longer necessary for the purpose for which it was collected, or if you withdraw your consent. As such, we will store your email address for as long as you remain subscribed to editorial newsletters.
Right to unsubscribe from the newsletter
You can unsubscribe from editorial newsletters and withdraw the consent you have granted in this context at any time. For this purpose, every editorial newsletter contains a link which you can click in order to unsubscribe. Alternatively, you can unsubscribe via the email address firstname.lastname@example.org or you can change your account settings (e.g. under ‘My Account’) in order to opt out of receiving individual newsletters, provided that this option is available on the portal for which you have registered and from which you receive editorial newsletters by email. The withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
We measure the performance of our editorial newsletters by analysing how many of the emails are opened and analysing clicks within them. We use this technology to determine the level of interest in certain subjects and gauge the effectiveness of our communication measures. We use the success measurement data analysed to fulfil our contractual duty to provide you with a personalised user experience in our media landscape on the basis of the contract you enter into with us when you register for our services (see Purposes and legal bases). The legal basis for this is provided by point (b) of Article 6(1) GDPR. Where the analysis is not for the performance of the contract, the legal basis is our legitimate interest in evaluation in accordance with point (f) of Article 6(1) GDPR.
Online meetings, conference calls, and web-based seminars via “Zoom”
Purpose: We use the tool “Zoom” for conference calls, online meetings, video conferences, and/or web-based seminars (hereinafter: “online meetings”). “Zoom” is a service provided by Zoom Video Communications, Inc., located in the USA.
Responsible party for processing data directly connected to “online meetings” is the Mesago (see section Controller and data protection officer for contact details).
If you access the “Zoom” website, the provider of “Zoom” is responsible for data processing. However, accessing the website in order to use “Zoom” is only necessary to download the software required to use “Zoom”. You can also use “Zoom” by entering the respective meeting ID and potential additional access data for the meeting directly in the “Zoom” app.
In case you do not wish to use the “Zoom” app, all basic functions are available using a browser version which can also be found at the “Zoom” website.
Different types of data are being processed when using “Zoom”. The range of data depends on your personal data preferences specified prior to or during your participation in an “online meeting”.
The following personal data are subject to processing:
User information: First name, last name, telephone (optional), email address, password (if “Single-Sign-On” is not being used), profile picture (optional), department (optional)
Meeting meta data: Topic, description (optional), participants’ IP addresses, device / hardware information
For recorded sessions (optional): MP4 file of all video, audio, and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.
Bei Joining via telephone: Information regarding Inbound and outbound phone number, country name, start and end time. Further connection data such as the device’s IP address can be saved where necessary.
Text, audio, and video data: You may have the option to use the chat, question, and survey features during an “online meeting”. In this case, your messages will be processed in order to display them in the “online meeting” and to log them if necessary. In order to allow video or audio to be played, the respective data of your device’s microphone and video camera will be processed for the duration of the meeting. Using the “Zoom” app, you can personally turn off or mute the camera or the microphone at any point.
In order to participate in an “online meeting” or to enter the “meeting room”, you need to at least provide information regarding your name.
Range of processing: We use “Zoom” to have “online meetings”. To ensure transparency, we will inform you ahead of time if we wish to record “online meetings” and will ask for your consent if needed. Additionally, the “Zoom” app will inform you of any recording taking place.
We will log chat files in case they are vital to protocol the outcomes of an online meeting. Usually, however, this will not be the case.
For web-based seminars, we can also process the questions asked by seminar participants for recording and post-processing purposes.
For registered “Zoom” users, “online meeting” reports (meeting meta data, telephone data, questions and answers in web-based seminars, survey feature in web-based seminars) can be stored for up to one month at “Zoom”.
An automated individual decision-making according to Art. 22 GDPR is not used.
Legal basis of data processing: In case of mesago employees processing personal data, §26 BDSG (Federal Data Protection Act) is the legal basis of data processing. If, in connection with the use of "Zoom", personal data is not required for the establishment, realisation, or termination of the employment relationship, but is nevertheless an integral part of the use of "Zoom", art. 6 sec. 1 lit. f GDPR constitutes the legal basis for data processing. We are focused on the effective conduct of "online meetings” in these cases.
Additionally, the legal basis for data processing in connection with "online meetings" is art. 6 sec. 1 lit. b GDPR for meetings held within the framework of contractual relationships.
If no contractual relationship exists, the legal basis is art. 6 sec. 1 lit. f GDPR. Here too, we are focused on the effective conduct of "online meetings".
Recipient / transfer of data: Personal data processed in connection with participation in "online meetings" will strictly not be shared with third parties, unless they are explicitly intended to be shared. Please note that contents from "online meetings" - as is the case with personal meetings - are often used to share information with customers, interested parties, or third parties and are therefore intended to be shared.
Other recipients: The provider of "Zoom" necessarily obtains knowledge of the above-mentioned data, within the scope of our data processing agreement with "Zoom".
Data processing outside of the European Union:“Zoom” is a service offered by a provider from the USA. Thus, personal data is also processed in a third country. We have formed a data processing contract with the provider of "Zoom" which meets the requirements of art. 28 GDPR and is based on the standard EU contract clauses.
To make it easier for you to find us, we have integrated maps from the Google Maps service of Google LLC into our website via an API. Google can only present this integrated content in your browser when collecting your IP address.
The legal basis for this data processing is article 6 sec. 1 lit. b GDPR, as the IP address is required to provide you with content. For this processing, our cooperation with Google is based on a contract on joint responsibility in accordance with article 26 GDPR which can be found here.