base.skip_to_main_content
Header
 
Veranstaltung
Time left: Minutes
+49 711 4605376-0
 

Privacy Policy for the website EMENDO Event + Congress


I. Name and Address of the Controller

The controller for the purposes of the General Data Protection Regulation and other national data protection regulations of Member States, as well as other data protection regulations is:

here company
here address
here postcode and city
here country

here phone
here e-mail address

II. Name and Address of the Data Protection Officer

The data protection officer for the controller is:

here company of data protection officer
here address of data protection officer
here postcode and town of data protection officer
here country of data protection officer

here telephone number of data protection officer
here e-mail address of data protection officer

III. Rights of the Data Subject

The following list contains all the rights of the data subject according to the GDPR.

If your personal data is processed, then you are the data subject as laid down in the GDPR, and you may exercise the following rights against the controller:

1. Right to Information

You can demand confirmation from the controller as to whether we are processing personal data which concerns you. If we are processing your personal data, you can demand information from the controller about the following:

(1) The purposes for which the personal data are being processed;

(2) The categories of personal data which are being processed;

(3) The recipients or categories of recipients to whom your personal data has been disclosed or is still being disclosed;

(4) The planned period for which your personal data will be stored or, should specific details about this not be possible, criteria for determining the duration of storage;

(5) The existence of the right to correction or deletion of your personal data, the right to restriction of processing by the controller, or the right to object to this processing;

(6) The existence of the right to lodge a complaint with a supervisory (data protection) authority;

(7) All available information about the source of the data if the personal data was not acquired from the data subject;

(8) The existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.

You have the right to demand information about whether your personal data is transferred to a third country or to an international organization. In this context, you can demand to be informed about the appropriate safeguards in accordance with Article 46 of the GDPR regarding the information transfer.

2. Right to Correction

In as far as the processed personal data concerning you is incorrect or incomplete, you have the right to demand that the controller corrects and/or completes your personal data. The controller must perform the rectification without delay.

3. Right to Restriction of Processing

You can demand that the processing of your personal data is restricted if the following conditions apply:

(1) You are contesting the accuracy of your personal data for a period enabling the controller to verify the accuracy of your personal data;

(2) The processing is unlawful and you oppose the deletion of your personal data and instead request the restriction of their use;

(3) The controller no longer needs the personal data for the purposes of the processing, but you require the data for the establishment, exercise or defense of legal claims, or

(4) You have objected to processing pursuant to Article 21(1) of the GDPR pending verification as to whether the legitimate grounds of the controller override yours as the data subject.

Where processing of your personal data has been restricted, such personal data shall, with the exception of storage, only be processed with your consent or for the establishment, exercise or defense of legal claims, or for the protection of the rights of another natural or legal person, or for reasons of important public interest of the Union or of a Member State. If you have obtained restriction of processing pursuant to the conditions stated above, you shall be informed by the controller before the restriction of processing is lifted.

4. Right to Deletion

a) "Right to be forgotten"

You have the right to demand that the controller deletes your personal data without undue delay, and the controller shall be obliged to delete this data without undue delay, in as far as one of the following grounds applies:

(1) Your personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.

(2) You withdraw your consent upon which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2) of the GDPR, and where there is no other legal ground for the processing.

(3) You object to the processing pursuant to Article 21(1) of the GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) of the GDPR.

(4) Your personal data was processed unlawfully.

(5) Your personal data has to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.

(6) Your personal data was collected in relation to the offer of information society services referred to in Article 8(1) of the GDPR.

We would like to point out that if your data is deleted, participation in the event will not be possible.

b) Information to third parties

Where the controller has made your personal data public and is obliged pursuant to Article 17(1) of the GDPR to delete the personal data, the controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform controllers who are processing the personal data that you have requested the deletion by such controllers of all links to, or copies or replications of, your personal data.

c) Exceptions

The right to deletion shall not apply to the extent that processing is necessary

(1) for exercising the right of freedom of expression and information;

(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

(3) for reasons of public interest in the area of public health in accordance with points (h) and (i) of Article 9(2) of the GDPR as well as Article 9(3) of the GDPR;

(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) of the GDPR in so far as the right referred to in section a) is likely to render impossible or seriously impair the achievement of the objectives of that processing, or

(5) for the establishment, exercise or defense of legal claims.

5. Notification Obligation

If you have made use of your right to correction, deletion or restriction of processing, the controller shall communicate any correction or deletion or restriction of processing of your personal data to each recipient to whom your personal data have been disclosed, unless this proves impossible or involves disproportionate effort. You have the right to request the controller for information about these recipients.

6. Right to Data Portability

You have the right to receive the personal data you have provided to the controller in a structured, commonly used and machine-readable format. Furthermore, you have the right to transmit this data to another controller without hindrance from the controller to which the personal data have been provided, where

(1) the processing is based on consent pursuant to point (a) of Article 6(1) of the GDPR or point (a) of Article 9(2) of the GDPR or on a contract pursuant to point (b) of Article 6(1) of the GDPR and

(2) the processing is carried out by automated means.

In exercising this right, you also have the right to have your personal data transmitted directly from one controller to another, where technically feasible. The freedoms and rights of others must not be adversely affected by this.
The exercise of the right to data portability shall not apply to processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

7. Right to Object

At any time, you have the right to object on grounds relating to your particular situation to processing of your personal data which is based on point (e) or (f) of Article 6(1) of the GDPR, including profiling based on those provisions.

The controller shall no longer process your personal data unless the controller demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.

Where your personal data are processed for direct marketing purposes, you have the right to object at any time to processing of your personal data for such marketing, which includes profiling to the extent that it is related to such direct marketing.

If you object to processing for direct marketing purposes, your personal data shall no longer be processed for such purposes.

In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.

8. Right to Withdraw Consent to the Processing of your Personal Data

You can withdraw your consent to the processing of your personal data at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.

9. Automated Individual Decision-Making, Including Profiling

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects which concern you, or which affects you in a similarly significant way. This shall not apply if the decision

(1) is necessary for entering into, or fulfillment of, a contract between you and the data controller,

(2) is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or

(3) is based on your explicit consent.

However, these decisions shall not be based on special categories of personal data referred to in Article 9(1) of the GDPR, unless point (a) or (g) of Article 9(2) of the GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.

In the cases referred to in points (1) and (3), the controller shall implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least including the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

10. Right to Lodge a Complaint with a Data Protection Authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a data protection authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement, if you consider that the processing of your personal data infringes the GDPR.

The Data Protection Authority to which the complaint was submitted will inform the complainant about the status and results of the complaint, including the option of a legal remedy according to Article 78 of the GDPR.

Responsible Data Protection Authority:

here company of data protection authority, if desired
here address of data protection authority, if desired
here postcode and town of data protection authority, if desired
here country of data protection authority, if desired

here telephone number of data protection authority, if desired
here e-mail address of data protection authority, if desired

The online complaint form can be found at:

here complaint form here, if available

If you wish to exercise your rights, you can send your concern via e-mail to the data protection officer at data protection officer's company: e-mail address of data protection officer

IV. General Information about Data Processing

1. Scope of Personal Data Processing

We collect and use the personal data of users of this website for the documentation and administration of event participants, for the purposes of organizing and implementing the name of event here, hereinafter referred to as "the event". The collection and use of our users' personal data generally occurs only after the user gives consent: by signing up for and registering for the event.

On our website URL here we enable users to sign up for the event with the submission of their personal details. The data is entered in an input screen, transferred to our service provider EMENDO and saved there.

Furthermore, the data will not be transferred to third parties.

We collect the following data during the registration process:

The following list must be adapted to match the data collected

  • Form of address (title), first name and last name
  • Company, department
  • E-mail address
  • Details regarding vegetarian/vegan dietary requirements, allergies and other information relating to eating habits
  • Participation in workshops and other (ancillary) event program items
  • Hotel: check-in, check-out date, special wishes; additional overnight stay after the event and desired room category
  • Arrival and departure: mode of transport (arriving and departing) and times, if applicable train and flight numbers and details of shuttle transfer, plus any other remarks regarding arrival/departure


2. Legal Basis for the Processing of Personal Data

The collection and use of our users' personal data occurs on the basis of consent given by the user: when the user signs up for and is registered for the event.
The legal basis for this is point (a) of Article 6(1) of the EU General Data Protection Regulation (GDPR).

3. Data Deletion and Duration of Storage

The personal data of the data subject will be deleted or blocked as soon as the reason for its storage no longer applies.

Moreover, storage may take place if this is provided for under European or national regulatory authorities in Union provisions, laws or other regulations to which the controller is subject.
The data will also be deleted or blocked if a data-retention period specified by the stated standards expires: unless continued storage of the data is required for concluding or fulfilling a contract.

4. External Services and Content on our Website

We incorporate external services and/or content in our website. If you use such a service or if third-party content is displayed to you, then, for technical reasons, communication data will be exchanged between you and the relevant provider. The following external services are currently incorporated:

  • EMENDO Event + Congress GmbH & Co. KG

Find this provider's privacy statement here:

V. Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Every time our website is called up, our system automatically records data and information from the computer system calling up the website.
Here the following data are collected:
(1) The IP address of the user
(2) Date and time of access
(3) Any changes to the existing personal data
(4) The exceeding of an individual registration step
(5) Sending of an e-mail
(6) Selection of bookings (e.g. workshops, etc.)
(7) Websites called up by the user's system via our website

VI Data Protection Information for Card Payments

For card payments (credit cards, debit cards), we work with Nexi Germany GmbH, Helfmann Park 7, D-65760 Eschborn, Germany, represented by its managing directors Mark Freese, Jens Mahlke and Luca Zanotti.

In this context, card details are also transferred to the above-named company, along with the purchase amount and the date.

All payment data, including data for any return debits made, are only stored for as long as they are necessary to process the payment (including processing any return debits and debt collection) and for combating misuse. In general, this data is deleted 13 months after its collection, at the latest.
Furthermore, continued storage may occur in as far as and for as long as it is required to adhere to a legal retention period or for pursuing a specific case of misuse. The legal basis for the data-processing is point (f) of Article 6(1) of the GDPR.

You can demand information about your data and, if applicable, correction or deletion of your data as well as restriction of its processing. If applicable, you also have the right to revoke your consent to the processing of your data. For questions about data processing by Nexi Germany GmbH or to exercise your above-stated rights, please contact the Data Protection Officer, who can be reached at the address below or via e-mail at Datenschutzbeauftragter@concardis.com.

Furthermore, you have the right to lodge a complaint with a Data Protection Authority (in Germany, with the Federal State Data Protection Commissioner). We would like to point out that there are no legal or contractual requirements for you to provide your payment data. If you do not wish to provide your payment details, you can use a different payment process.