Privacy Policy - GCB German Convention Bureau e.V.
Welcome to our website and thank you for your interest in our company. We take the protection of your data very seriously. We process your data in accordance with the applicable legal provisions for the protection of personal data, in particular the General Data Protection Regulation (GDPR) and the country-specific laws applicable to us. With the help of this privacy policy, we will inform you how GCB German Convention Bureau e.V. processes your personal data and the rights you have.
Personal data means information that can lead to the identification of an individual and includes name, date of birth, address, phone number, e-mail address and also IP address. Anonymous data exists when no connection can be made to a user.
Responsible authority and data protection officer
Address
GCB German Convention Bureau e.V.
c/o WeWork
Taunusanlage 8
60329 Frankfurt am Main
Contact information
https://www.gcb.de
Telephone: (+49) 69 / 24 29 30 - 0
E-mail: info@gcb.de
Contact data protection
Mr. Michael Heidrich, Executive Director
heidrich@gcb.de
Your rights as a data subject
We would first like to inform you of your rights as a data subject as defined in Art. 15 - 22 GDPR These include:
- The right of access (Art. 15 GDPR),
- The right to erasure (Art. 17 GDPR),
- The right to rectification (Art. 16 GDPR),
- The right to data portability (Art. 20 GDPR),
- The right to restriction of processing (Art. 18 GDPR),
- The right to object (Art. 21 GDPR).
To exercise these rights, please contact: Mr. Michael Heidrich, Executive Director, e-mail: heidrich@gcb.de. The same applies if you have questions about data processing in our company. You also have the right to appeal to the data protection supervisory authority.
Right to object
Please note the following in connection with the right to object:
If we process your personal data for the purpose of direct marketing, you have the right to object at any time without giving reasons. This right also applies to profiling as long as it is connected with direct advertising.
If you object to the processing of your personal data for direct marketing purposes, we will no longer process it for these purposes. Objection is free of charge and can be made without the need for filling in a form at: info@gcb.de.
In the event that we process your data to safeguard legitimate interests, you can object to such processing at any time for reasons relating to your particular situation; this also applies to profiling based on these provisions.
We shall no longer process the personal data unless the we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subject or for the establishment, exercise or defence of legal claims.
Purposes and legal bases for data processing
Processing of your personal data complies with the provisions of the GDPR and all other applicable data protection regulations. Legal bases for data processing result in particular from Art. 6 GDPR.
We use your data for business initiation, fulfilment of contractual and legal obligations, execution of a contractual relationship, offering products and services and for strengthening the customer relationship, which may also include analyses for marketing purposes and direct marketing.
Your consent also constitutes a legal provision under data protection law. Before you grant your consent, we will provide you with details concerning the purpose of data processing and your right of revocation.
Transfer of data to third parties
We will only transmit your data to third parties within the scope of given statutory provisions or based on consent. In all other cases, information will not be transferred to third parties unless we are obliged to do so owing to mandatory legal regulations (disclosure to external bodies, including the supervisory authorities or law enforcement authorities).
Data recipients / categories of recipients
Within our company, we ensure that only those persons receive your data who need them to fulfil their contractual and legal obligations.
In certain cases, service providers assist our specialist departments to fulfil their tasks. The necessary data protection contract has been concluded with all service providers. (e.g. IT service provider).
Transfers of personal data to third countries / intention to transfer data to a third country
We may use some tools from companies who have their seats in the USA or another insecure third country concerning data protection law. When these tools are active, your personal data can be transferred to a third country and may be processed there. We would like to point out that in these countries no comparable data protection level to the European data protection level can be guaranteed. For instance, American companies are obliged to hand out personal data to security agencies. In this case, you – as a data subject - may not be entitled to legal recourse. Therefore, it cannot be excluded that American agencies (e.g. secret service) process, analyse and permanently store your data on theses servers in the USA for purposes of surveillance. We do not have any influence on these processing activities.
Period of data storage
We will store your data only for as long as it is needed for the purposes it was collected. Please note that numerous retention periods require that data continue to be (must be) stored. This applies in particular to commercial or tax storage obligations (e.g. German Commercial Code, Fiscal Code, etc.). If there are no further storage obligations, the data will be routinely deleted once the purpose has been achieved.
In addition, we may retain data if you have given us permission to do so or if legal disputes arise and we use it as evidence within statutory limitation periods of up to thirty years; the regular limitation period is three years.
Secure data transfer
In order to protect data from accidental or deliberate manipulation, loss, damage or access by an unauthorised person, we have taken appropriate technical and organisational security measures. To this end, the level of security is continually tested and adjusted to reflect new standards in security, in collaboration with security experts.
Data transferred to and from our website is always encrypted. We offer HTTPS as the transmission protocol for our website, in each case using the current encryption protocols. In addition, we offer our users content encryption for contact forms and applications. It is also possible to use alternative communication channels (e.g. by post).
Obligation to provide data
Various personal data are necessary for the establishment, execution and termination of the obligation and the fulfilment of the associated contractual and legal duties. The same applies to the use of our website and the various functions it provides.
We have summarised the details for you. In certain cases, data must also be collected or made available on the basis of legal regulations. Please note that it is not possible to process your request or to perform the underlying obligation without providing this data.
Data categories, sources and origins
When you visit our website, we collect and process the following data:
- the browser type and version
- Connected operating system
- the referral URL
- host name of the used computer
- the server requests including time stamps
- the IP address
- For reasons of technical security (in particular to safeguard against attempts to attack of our web server), this data is stored in accordance with Art. 6 Para. 1 S. 1 (f) GDPR. Anonymisation takes place no later than after fourteen days by abbreviating the IP address so that no reference is made to the user.
To process registrations for events, we collaborate with the service provider idloom s.a. As part of the registration, we collect the following data:
- First name
- Last name
- Company
- Country
- Email address
For events including a registration fee, we collaborate with the following service providers depending on the chosen payment method:
-
When purchasing on invoice, the service provider idloom s.a collects and processes the following data:
- Company
- Address
- Country
- Payment details
-
For credit card or instant bank transfer payment processing, we partner with Mollie H.Q. The following data is collected and processed:
- Payment details such as credit card number
- Your IP address
- Your internet browser and device type
- In some cases, your first and last name
- In some cases, your address details
- In some cases, your email address and/or phone number
- In some cases, information about the product or service you wish to purchase
- Other personal data that you actively provide, for example, through correspondence or phone calls when contacting Mollie H.Q. customer service.
The instances in which your personal data may be processed depend on factors such as the payment method you use, the API employed, or whether you contact Mollie H.Q. customer service.
As part of the registration for events through EventMobi GmbH, we collect and process the following data:
- First Name
- Last Name
- Email address
- Password
When you subscribe to a newsletter, we collect and process the following data:
- Last name, first name
- Email address
- Form of address
EventMobi GmbH (Art. 6 Abs. 1 lit. b DS-GVO)
For event bookings, we use the service provided by EventMobi GmbH, c/o WeWork, Warschauer Platz 11-13, 10245 Berlin, Germany.
When making a booking, only the personal data that is essential for the booking must be provided. This includes the following data: salutation, first name, last name, company, address, country, email address, password, and payment details. Additionally, for technical necessity and legal protection, your IP address will be processed. Unfortunately, without these data, we will have to reject the conclusion of the contract, as we will be unable to carry it out or may need to terminate an existing contract. Of course, you are welcome to provide more data voluntarily if you wish.
For more information on data processing by EventMobi GmbH, please refer to their privacy policy: Privacy Policy EventMobi GmbH
Event registration (Art. 6 Para. 1 S. 1 (b) GDPR)
On our website we offer you the possibility to register for events directly by us. All data required to complete the form is subject to the principles of data reduction and data economy, you only have to provide the data required to register for the event, i.e. first name, last name and email address.
For reasons of technical security and in particular to prevent attempts to breach our systems, we will also process your IP address. Without this data we will unfortunately have to reject the completion of the contract as we cannot perform it or we will probably terminate an existing contract. You can of course provide us with more data if you wish.
Payment Systems (Art. 6 Para. 1 S. 1 (b) GDPR)
When you have registered for an event, you have the option to pay by invoice. For this purpose, we collect the payment-relevant data to complete your order and payment. For reasons of technical security and in particular to prevent attempts to breach our systems, we will also process your IP address.
All data required to complete the form is subject to the principles of data reduction and data economy, you only have to provide the data required to complete payment and therefore execute the contract or for the collection of which we are legally obliged.
Without this data we will unfortunately have to reject the contract, as we will then not be able to perform our obligations.
The payment system we use employs SSL encryption to ensure the secure transfer of your data.
idloom s.a.
If the individual selects the payment option 'Invoice' during the registration for an event, automated data of the individual will be transmitted to idloom (idloom s.a., Dreve Richelle 161L box, 76, 1410 Waterloo, Belgium).
By choosing this payment option, the individual consents to the necessary transmission of personal data for payment processing. The personal data typically transmitted to idloom includes company information, address, country, payment details, or other data necessary for payment processing.
Also necessary for the execution of the purchase contract are personal data related to the respective order. Details about data protection at idloom can be obtained at https://www.idloom.com/de/privacy-notice
Mollie H.Q.
If the individual selects the payment options 'Credit Card' or 'Sofortüberweisung' during the registration for an event, automated data of the individual will be transmitted to Mollie (Mollie H.Q., Keizersgracht 126, 1015CW Amsterdam, Netherlands).
By choosing one of these payment options, the individual consents to the necessary transmission of personal data for payment processing. The personal data typically transmitted to Mollie includes payment details such as credit card number, as well as IP address, internet browser, and device type. In some cases, your first and last name, address details, email address, and/or phone number may also be transmitted, along with information about the product or service you wish to purchase, and any other personal data you actively provide, for example, through correspondence or phone calls when contacting Mollie H.Q. customer service.
Also necessary for the execution of the purchase contract are personal data related to the respective order. Details about data protection at Mollie can be obtained at https://www.mollie.com/privacy
Newsletter (Art. 6 Para. 1 S. 1 (a) GDPR)
You can subscribe to our free newsletter via our website. The e-mail address and name provided during the registration process are used to send a personalised newsletter.
The principle of data economy and data reduction is observed, as only the e-mail address (and, if applicable, the name in case of personalised newsletters) is marked as mandatory field. Due to technical and legal reasons, we will also process your IP address.
We use the so-called double opt-in procedure for sending newsletters by e-mail. This means that you will only receive advertising by e-mail if you have expressly confirmed in advance that we can activate the newsletter service. This includes us sending you a notification e-mail and requesting that you confirm that you want to have our newsletter sent to this email address by clicking on a link in said e-mail.
Of course, you can cancel your subscription at any time via the unsubscribe option provided in the newsletter and therefore revoke your consent. You also have the option to unsubscribe directly via our website.
rapidmail (Art. 6 Para. 1 S. 1 (a) GDPR)
For sending newsletters, this website uses rapidmail of the supplier rapidmail GmbH, Wetzingerstraße 21, 79106 Freiburg im Breisgau (in the following ‘rapidmail’). rapidmail is a service that organizes and analyses the dispatch of newsletters. Your provided data for the newsletter registration is processed on the servers of rapidmail.
With the help of rapidmail we can analyse our newsletter campaigns. So we can for example find out whether a newsletter message has been opened and which links have been clicked on often. Besides, we can see if after opening/clicking specific defined actions are carried out (conversion rate). For example, we can reveal if you made a purchase after clicking the newsletter.
rapidmail furthermore enables us to subdivide newsletter recipients into different categories (‘cluster’). This division can for example be done by age, sex or place of residence. In this way we are able to adjust the newsletter to the different target groups. If you do not wish an analysis through rapidmail, you have to cancel your newsletter subscription. We provide you the relevant link in every newsletter message for this.
You can find the privacy policy from rapidmail (in German) at: https://www.rapidmail.de/datenschutz.
The legal basis for data processing is your consent (Art. 6 Para. 1 S. 1 (a) GDPR). You may revoke your content with the effect for the future at any time by clicking on the de-registration link in the newsletter.
Data which has been stored for the purpose of the deposit of the newsletter is stored by us or the newsletter service supplier until you unsubscribe. After unsubscribing or after purpose cessation the data is deleted.
After unsubscribing your email address will be stored by us or our newsletter service supplier in a blacklist to prevent mailings in the future.
Secure Download (Art. 6 Para. 1 S. 1 (a, b) GDPR)
We provide documents like whitepapers etc. You have the possibility to download these documents. For this reason, we process the following data:
your email address
We use this data to make the download of the document possible, Art. 6 Para. 1 S. 1 (b) GDPR.
It is required to subscribe to our mailings to be able to download our document.
Within the download, you consent to your data being used to approach via email and being put on our mailing list. The legal basis for this is your consent, Art. 6 Para. 1 S. 1 (a) GDPR. You can revoke your consent at any time via the unsubscribe link provided in the newsletter or by mailing info@gcb.de.
Automated case-by-case decision
We do not use purely automated processing to make decisions.
Cookies (Art. 6 Para. 1 S. 1 (f) GDPR, § 25 Para. 2 Nr. 2 TDDDG)
Our website use cookies at various points. Their purpose is to make our site more user friendly, more effective and more secure. Cookies are small files that are saved on your computer and in your browser (locally on your hard drive). Within the scope of our legitimate interest (Art. 6 Para. 1 S. 1(f) GDPR, § 25 Para. 2 Nr. 2 TDDDG) we utilise cookies that are technically necessary for the running of the website and to secure its functionality. Depending on the purpose, these are permanently stored — even after the session has ended — (persistent cookies, e.g. opt out) or are deleted when the browser closes (so-called session cookies that are only valid for one browser session).
With your consent, we also use other cookies. These cookies help us to see how users use our website, enabling us to design the website content according to the visitor’s needs. The legal basis for this is your consent (Art. 6 Para. 1 S. 1(a) GDPR, § 25 Para. 1 TTDSG).
If you have given your consent, this can be revoked at any time without providing a reason via the cookie settings at the end of the page.
Most web browsers automatically accept cookies as default. Of course, cookies can also be manually deactivated, restricted or deleted on your end device via your browser settings or via software-support. Please note: If you deactivate cookies, not all functions of our website may be fully usable under certain circumstances.
Cookies which are not purely functional (Art. 6 Para. 1 S. 1(a) GDPR, § 25 Para. 1 TDDDG)
Matomo (formerly Piwik)
In cases you have given your consent (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG) we use on our website the service “Matomo” (formerly “Piwik”), an OpenSource web analysis service of the InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand. Matomo stores cookies on your end device that allow an analysis of how you use our website. By using Matomo, we can analyse how our website and its individual features and offers are used so that the user experience can be improved continuously. For data protection reasons, all data we collect will be stored locally only:
- two bytes of the IP address of the user accessing the system
- the accessed website
- the website referring the user to the accessed website (referrer)
- the subpages accessed from the accessed website
- time spent on the website
- number of times the website is accessed
We use Matomo with the setting “Anonymize Visitors’ IP addresses”. This means that IP addresses will be processed in a shortened form, making it impossible to link them to a particular individual. The software is configured to only save partial IP addresses by masking 2 bytes of the IP address. This makes it impossible to trace the shortened IP address to the accessing computer. The IP address transferred by your browser via Matomo will not be combined with other data we collect.
You may withdraw your consent to the use of Matomo at any time through the cookie settings at the end of the page.
YouTube (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG)
On this website, we have embedded YouTube videos of the Provider Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland) which are hosted on http://www.youtube.com and can be directly played on our website. They all are embedded in the “advanced data protection mode”. This mode ensures any data collection will only start once the video is actually played. We do not have any influence on this transfer of data. Through embedding the videos in the advanced data protection mode no cookies are activated that will analyse the user’s behaviour in order to personalize the playback of the video. However, the advanced data protection mode only refers to user’s behaviour neither to the provision of announces, nor to further reloaded contents of third parties, nor to the transfer of fonts or possible connections to a user account from YouTube. When you start playing the video this causes further data processing proceedings, on which we do not have any influence. The legal basis is your consent (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG).
You may revoke your content anytime in our cookie settings at the end of the page.
This service may transfer the captured data to another country. Please be aware that this service may transfer data into a third country outside of the European Union and the European Economic Ares that does not provide an appropriate data protection level. In this occasion there’s a risk, that your data is processed by American authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
By visiting our website YouTube obtains the information that you have accessed the relevant subpage of our website. Data transfers occur independently of being logged in into a YouTube user’s account or not. When you are logged in at Google, your data is directly allocated to your account. If an allocation with the YouTube account is not desired, please log out before activating the button. YouTube stores data as user profiles and uses them for purposes of advertisement, market research and/or design of the website. This analysis is especially (even for not logged in users) there in order to provide advertisement and to inform other users of the social network of your activities. You have the right to contradict the formation of user profiles, but you have to contact YouTube for this.
Further information concerning data protection, you will find at: https://policies.google.com/privacy.
Vimeo (Art 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG)
In addition to YouTube embeds, some parts of our website also include videos of the platform Vimeo. The provider is the Vimeo Inc., 555 West 18th Street, New York, New York 10011, USA. Again, data will be transferred to the Vimeo server. Such processing is based on your consent (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG) that you may withdraw at any time in the cookie settings at the end of the page.
Please note that your IP address will be transmitted to Vimeo (Vimeo, LLC555 West 18th Street New York, NY 10011, United States) and that the provider will place cookies in your browser. In addition to that it is communicated to the Vimeo server which of our websites you have accessed.
This service may transfer the captured data to another country. Please be aware that this service may transfer data into a third country outside of the European Union and the European Economic Ares that does not provide an appropriate data protection level. In this occasion there’s a risk, that your data is processed by American authorities for purposes of control and surveillance. In this case, you may not be entitled to legal recourse. But we will take all feasible measures and measures required under data protection law pursuant to Art. 44 et seq. GDPR to achieve adequate data protection in the third country.
All Vimeo embeds are deactivated by default. A direct connection to the servers of Vimeo is only made when you have agreed into the use of Vimeo in the cookie settings or activate it by yourself by clicking.
Further Information about how it is dealt with data of users, you will find in the privacy policy form Vimeo: https://vimeo.com/privacy.
walls.io (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG)
Our website is embedding social media plugins or widgets which are provided by Walls.io. When loading these widgets, your IP-address and cookie information is transferred to Walls.io. Walls.io is operated by "Walls.io GmbH, based in Vienna, Austria.
Adobe Express (Art. 6 Para. 1 S. 1(a) GDPR, § 25 Para. 1 TDDDG)
On our website we may integrate functions and contents of the service Adobe Express of Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland.
The functions and contents of the service Adobe Express enable us to build dynamic cross-media pages for members and the conference and congress venue Germany which are visually designed by the GCB German Convention Bureau e.V.. For this reason, the pages are embedded easily accessible into our website. In addition, Adobe Express enables our members to integrate the pages into their own websites.
By using the Adobe Express page on this website data is transferred to Adobe – but only when you click on an Adobe Express presentation. We would like to point out that we do not have any knowledge of the content of the transferred data or its usage through Adobe. Privacy policy from Adobe: https://www.adobe.com/uk/privacy.html.
The legal basis is your consent, Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG. Your consent can be revoked at any time in our cookie settings at the end of our website.
Wakelet (Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG)
Whit your consent we use the functions and contents of Waklet. This is a service of Waklet Limited, Bright Building, Manchester Science Park, Pencroft Way, Manchester M15 6GZ.
The utilisation of Waklet enables us to present you an overview of social media posts of a specific topic. The service for example allows a compact, easily accessible review of social media activities of GCB German Convention Bureau e.V. during an event.
Through the service various personal data is transferred to Waklet. This consist for example the operating system and version, language setting, website or service that referred you to Waklet, date and time, information about your monitor display and your IP address.
Further information about the use of data through Waklet can be found here: https://wakelet.com/privacy.html.
We use Waklet on the legal basis of your consent, Art. 6 Para. 1 S. 1 (a) GDPR, § 25 Para. 1 TDDDG. Your consent can be revoked at any time in our cookie settings at the end of our website.
Social Media Links
On our website, you can find links to the social media services of Instagram, YouTube, LinkedIn and Flickr. You can recognise links to social media websites by the respective company logo. If you follow these links, you will be redirected to our company page of GCB German Convention Bureau e.V. with the social media in question. When clicking a social media link, a connection to the servers of that service will be established. This alerts the servers of the social media provider that you have visited our website. Other data are transmitted to the service provider as well. This includes, for example:
- Address of the website on which the activated link can be found
- Date and time the website was accessed and the link activated
- Information about the browser and operating system used
- IP address
Should you already be logged into the social media service at the time of activating the link, the social media service provider can use the transferred data to find your user name and possibly your real name and can combine this information with your personal user account with the social media service. You can prevent such connection to your personal user account by logging out of your user account first.
The servers of the social media service are located in the USA and other countries outside of the European Union. This means that the social media service provider can also process data in countries outside of the European Union. Please bear in mind that companies in these countries are subject to data protection legislation that does not guarantee the same level of data protection as the laws in the Member States of the European Union.
Please be aware that we have no influence over the scope, type and purpose of the data processed by the social media service providers. More detailed information concerning the use of your data by social media services integrated into our website can be found in the privacy policy of the respective social media service provider.
Advertising to existing customers (Art. 6 Para. 1 (f) GDPR)
The GCB German Convention Bureau e.V. would like to maintain a relationship to its customers and send information and offers on products and services. We therefore use your data to email you relevant information and offers.
If you would prefer us not to do so, you can object at any time to the use of your personal data for direct marketing purposes. This right also applies to profiling as long as it is connected with direct advertising. As soon as we receive your objection, your data will no longer be processed for this purpose.
An objection is free of charge and can be made without the need for filling in a form by calling (+49) 69 / 24 29 30 - 0, by e-mail to info@gcb.de or by post to GCB German Convention Bureau e.V., Kaiserstrasse 53, 60329 Frankfurt am Main.
Online offers for children
Individuals under the age of 16 may not submit personal data to us or give a declaration of consent without the authorisation of their legal guardian. We encourage parents and guardians to actively participate in the online activities and interests of their children.
Links to other providers
Our website also contains links to the online presences of other companies. These are clearly labelled. Where we provide links to websites of other providers, we have no influence on their content. We can therefore not assume any guarantee or liability for such content. It is always the respective provider or operator of the website who is responsible for their content.
The linked websites were checked for potential and obvious violations of the law at the time we included the link. At the time we included the link, there was no unlawful content. However, without concrete evidence of legal violations, we cannot be reasonably expected to check content on a permanent basis. Should we become aware of legal violations, such links will be removed immediately.