Data Protection Declaration
Name and Address of the Responsible Authority
The responsible authority within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:
Karlsruher Messe- und Kongress GmbH
Tel.: +49 (0)721 3720-0
Name and Address of the Data Protection Officer
The data protection officer of the responsible authority is:
Tel.: +49 (0)721 3720-2193
General Information about Data Processing
1. Scope of Processing of Personal Data
In principal, we collect and use personal data of our users only to the extent necessary to provide a functional website, our contents and our services. Collection and utilization of personal data regularly occurs only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.
2. Legal Basis for the Processing of Personal Data
Art. 6 Abs. 1 lit. a EU General Data Protection Regulation (DSGVO) serves as the legal basis insofar as we obtain the consent of the affected person for the purposes of processing personal data.
Art. 6 Abs. 1 lit. b DSGVO serves as the legal basis for the processing of personal data necessary for the performance of a contract to which the affected person is a party. This also applies to processing operations which are necessary to carry out pre-contractual actions.
Art. 6 Abs. 1 lit. c DSGVO serves as the legal basis insofar as processing of personal data is required to fulfil a legal obligation to which our company is subject.
Art. 6 Abs. 1 lit. d DSGVO serves as the legal basis in the event that vital interests of the affected person or another natural person require the processing of personal data.
Art. 6 Abs. 1 lit. f DSGVO serves as the legal basis for the processing if the processing is necessary to safeguard a legal interest of our company or of a third party, and if the interests, fundamental rights and fundamental freedoms of the affected person prevail over the first-mentioned interest.
3. Deletion of Data and Duration of Storage
The personal data of the affected person will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may also occur if this storage is intended by the European or national legislator in EU regulations, laws or other guidelines to which the responsible authority is subject. Blocking or deletion of the data also occurs upon the expiration of a storage period prescribed by the aforementioned standards, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.
4. SSL Encryption
We utilize state-of-the-art encryption techniques (e.g. SSL) via HTTPS to protect the security of your data during transmission.
Provision of the Website and Creation of Log Files
1. Description and Scope of Data Processing
Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.
The following data are collected in this context:
- (1) The IP address of the user
- (2) The date and the time of the access
- (3) Websites which the user’s system accesses via our website
These data are also stored in our system’s log files. The anonymization of the IP address does not lead to the storage of data which could facilitate their correlation with a specific user. Storage of these data does not occur together with other personal data of the user.
2. Legal Basis for the Data Processing
Art. 6 Abs. 1 lit. f DSGVO is the legal basis for the temporary storage of data and log files.
3. Purpose of the Data Processing
The system temporarily stores the IP address because this storage is necessary to enable delivery of the website to the user’s computer. To accomplish this delivery, the user’s IP address must remain stored for the duration of the session.
Storage in log files is undertaken to ensure the functionality of the website. In addition, the data enable us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not occur in this context.
These purposes also involve our legitimate interest in the processing of data pursuant to Art. 6 Abs. 1 lit. f DSGVO.
4. Duration of Storage
The data will be deleted as soon as they are no longer needed to accomplish the purpose for which they were collected. In the case of collecting the data in order to provide the website, this deletion occurs when the respective session is ended.
In the case of data stored in log files, this deletion occurs no later than 14 days after the date of initial storage. Storage beyond this date is possible.
5. Possibility for Objection and Removal
The collection of data for provision of the website and the storage of data in log files are essential for the operation of the website. There is consequently no possibility for the user to object to it.
1. Description and Scope of Data Processing
The following data are stored in, and transmitted by, the cookies:
- Login information
You can read additional information in the sectioned titled “Google Analytics und Google Tag Manager”.
Technical precautionary arrangements pseudonymize users’ data which are collected in this way. This pseudonymization assures that the data can no longer be assigned to the calling user. The data are not stored together with other personal data of the users.
2. Legal Basis for the Data Processing
Art. 6 Abs. 1 lit. f DSGVO is the legal basis for the use of technically necessary cookies in the processing of personal data.
3. Purpose of the Data Processing
We need cookies for the following applications:
- Language settings
User data collected via technically necessary cookies will not be used to create user profiles.
These purposes also involve our legitimate interest in the processing of data pursuant to Art. 6 Abs. 1 lit. f DSGVO.
4. Duration of Storage, Objection and Deletion Options
Google Analytics and Google Tag Manager
This website uses Google Analytics and Google Tag Manager. These are web-analytics services provided by Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google”). The use includes the “Universal Analytics” operating mode, which makes it possible to assign data, sessions and interactions across multiple devices to a pseudonymous user ID, thus analyzing the activities of a user across devices.
You can prevent the storage of cookies by setting your browser’s software accordingly; however, please note that if you do this, you may not be able to use all of this website’s features to the fullest extent possible. Moreover, you can prevent Google from collecting the data generated by the cookie related to your use of the website (including your IP address) and you can prevent Google from processing these data. You can accomplish this prevention by downloading and installing the following browser add-on: http://tools.google.com/dlpage/gaoptout?hl=en .
For detailed instructions on how to manage your own data related to Google products, click here: http://www.dataliberation.org/
Script Libraries (Google WebFonts)
We use script libraries such as Google WebFonts (https://www.google.com/webfonts/) on this website in order to display our contents across browsers correctly and in a visually appealing form. Accessing script libraries automatically triggers a connection to the library’s operator. In such instances, it is possible that the operators of such libraries might collect data.
Google WebFonts is a service of Google Inc. (“Google”). Google WebFonts are transferred to your browser’s cache to prevent multiple loading.
If the browser does not support Google WebFonts or prohibits access, contents will be displayed in a standard font.
Embedded YouTube Videos
We embed YouTube videos on some of our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, it will connect to YouTube’s servers. This will tell YouTube which pages you visit. If you are logged in to your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.
When a YouTube video is started, the provider utilizes cookies that collect information about user behaviour.
Anyone who has deactivated the storage of cookies for the Google Ad programme will not have to expect such cookies, also when viewing YouTube videos. However, YouTube does store non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.
You can find more detailed information about data protection at YouTube in the provider’s data protection declaration at: https://www.google.de/intl/de/policies/privacy/
One of the features of this Internet presence is that it uses what are called social plugins ("plugins") from the social network facebook.com, which are operated by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA ("Facebook"). These plugins are indicated by a Facebook logo. When you access this Internet presence, your browser establishes a direct connection with the Facebook servers. The content of the plugin is transferred by Facebook directly to your browser, which then integrates it into the website. Integration of the plugin causes Facebook to receive the information that you have accessed on the corresponding page of this Internet presence. If you are logged in with Facebook, it will be able to assign your visit to your Facebook account. Please note that an exchange of this information already takes place when you visit our Internet presence, regardless of whether you interact with the plugin or not. If you interact with the plugins, such as by pressing the “Like” button, the corresponding information is sent directly to Facebook by your browser and saved there.
You can find information on the purpose and extent of data acquisition as well as how the data is processed further and used by Facebook, together with your rights and optional settings to protect your private sphere, in the Facebook data protection notes ( http://www.facebook.com/policy.php ).
If you do not want Facebook to gather data about you via our Internet presence, you must log out of Facebook before visiting this Internet presence.
If you subscribe to our newsletter, we will use the information that you provide solely for this purpose or to notify you about circumstances relevant to this service or the subscription. We will not share these data with third parties.
A valid email address is required in order to receive the newsletter. In addition to this email address, we also save the IP address that you used to sign up for the newsletter and the date on which you ordered the newsletter. These data serve us as proof of misuse if a foreign email address is registered for the newsletter. To further ensure that third parties do not misuse an email address in our mailing list, we also work, in accordance with the law, with the so-called “double opt-in” procedure. In the context of this procedure, a record is kept of the order of the newsletter, the sending of the confirmation email, and the receipt of the confirmation of registration.
Art. 6 Abs. 1 lit. a DSGVO is the legal basis for the processing of data after the user has subscribed to the newsletter and after the user has consented to such processing.
You have the option to revoke, at any time, your consent to the storage of data, to the storage of your email address, and to its utilization for sending the newsletter. To facilitate your cancellation, we include a corresponding link in each edition of the newsletter. You also have the option to notify us of your desire to cancel your subscription via the contact options mentioned in this document.
Rights of the Affected Person
If your personal data is processed, you are the “affected person” within the meaning of the DSGVO and you have the following rights vis-à-vis the responsible individual or authority:
1. Right to Information
You can demand that the responsible individual or authority confirm or deny whether we process personal data that apply to you.
If such processing exists, you can demand that the responsible individual or authority provide you with the following information:
- (1) the purposes for which the personal data are processed;
- (2) the categories of personal data which are being processed;
- (3) the recipients or the categories of recipients to whom the personal data were disclosed or are still being disclosed;
- (4) the planned duration of the storage of the personal data that apply to you or, if specific information about this is not available, the criteria for determining the duration of storage;
- (5) the existence of the right to rectification or deletion of personal data that apply to you, the right to restrict their processing by the responsible individual or authority, or the right to object to this processing;
- (6) the existence of a right to appeal to a supervisory authority;
- (7) all available information about the source of the data if the personal data were not obtained directly from the affected person;
- (8) the existence of automated decision-making, including profiling in accordance with Art. 22 Abs. 1 and 4 DSGVO and – at least in these cases – meaningful information about the logic involved, as well as about the scope of such processing and its intended consequences for the affected person.
You have the right to demand information about whether your personal data will be shared with a third country or an international organization. In this context, you can demand notification about the appropriate guarantees related to the transmission of the data in accordance with Art. 46 DSGVO.
2. Right to Rectification
You have the right to rectify and/or augment the data vis-à-vis the responsible individual or authority, insofar as the processed personal data that apply to you are incorrect or incomplete. The responsible individual or authority must make the correction(s) without delay.
3. Right to Restriction of Processing
Under the following conditions, you can demand the restriction of the processing of the personal data that apply to you:
- (1) if you contest the accuracy of the personal data that apply to you for a period of time that enables the responsible individual or authority to verify the correctness of the personal data;
- (2) the processing is unlawful and you refuse the deletion of the personal data, demanding instead that the use of the personal data be restricted;
- (3) the responsible individual or authority no longer needs the data for processing purposes, but you need the data to assert, exercise or defend legal claims; or
- (4) if you have objected to the processing pursuant to Art. 21 Abs. 1 DSGVO and it has not yet been determined whether the legitimate needs of the responsible individual or authority outweigh your reasons.
If the processing of personal data that apply to you has been restricted, these data – with the exception of their storage – may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or one of its member states.
If the restriction of the processing according to the abovementioned conditions is curtailed, you will be notified by the responsible individual or authority before the restriction is lifted.
4. Right to Deletion
a) Obligation to Delete
If one of the following reasons exists, then you can demand that the responsible individual or authority immediately delete the personal data which apply to you and the responsible individual or authority is obliged to delete these data without delay:
- (1) The personal data that apply to you are no longer necessary for the purposes for which they were collected or otherwise processed.
- (2) You revoke your consent, under Art. 6 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a DSGVO, upon which the processing is based, and no other legal basis exists for the processing.
- (3) You object to the processing under Art. 21 Abs. 1 DSGVO and no superseding legal reasons exist for the processing, or you object to the processing pursuant to Art. 21 Abs. 2 DSGVO.
- (4) The personal data that apply to you were unlawfully processed.
- (5) The deletion of the personal data that apply to you is necessary to fulfil a legal obligation according to the law of the European Union or the law of the member states to which the responsible individual or authority is subject.
- (6) The personal data that apply to you were collected in relation to services offered by the information company according to Art. 8 Abs. 1 DSGVO.
b) Information to Third Parties
If the responsible individual or authority has made public personal data that apply to you, and if the responsible individual or authority is obliged to delete these data pursuant to Art. 17 Abs. 1 DSGVO, then the responsible individual or authority shall undertake appropriate activities, including activities of a technical nature, taking into consideration the available technology and the cost of implementation, to notify the individuals or authorities responsible for processing the personal data, that you, as the affected person, have demanded the deletion of all links to these personal data or to copies or replications of these personal data.
The right to deletion does not exist if the processing is necessary for one or more of the following purposes:
- (1) to exercise the right of freedom of expression and information;
- (2) to fulfil a legal obligation required by the law of the European Union or the law of the member states to which the responsible individual or authority is subject, or to perform a task of public interest or to exercise official powers which have been conferred upon the responsible individual or authority;
- (3) for reasons of public interest in the field of public health pursuant to Art. 9 Abs. 2 lit. h and i and Art. 9 Abs. 3 DSGVO;
- (4) for archival purposes of public interest, for purposes of scientific or historical research, or for statistical purposes pursuant to Art. 89 Abs. 1 DSGVO, insofar as the law referred to under Subparagraph a) is likely to render impossible, or to exert a serious deleterious influence on, the achievement of the purposes of this processing; or
- (5) to assert, exercise or defend legal claims.
5. Right to Notification
If you have exercised the right to rectification, deletion or restriction vis-à-vis the responsible individual or authority, this person or authority is obliged to notify all recipients to whom the personal data that apply to you have been disclosed about this rectification or deletion of the data and about the restriction in the data’s processing, unless such notification proves to be impossible or would involve a disproportionately great effort.
You have the right to demand that the responsible individual or authority inform you about these recipients.
6. Right to Data Portability
You have the right to receive the personal data that apply to you and that you have provided to the responsible individual or authority in a structured, commonplace and machine-readable format. In addition, you have the right to transmit these data to another responsible individual or authority, without hindrance by the individual or authority to whom or to which the personal data were originally provided, insofar as:
- (1) the processing is based on consent pursuant to Art. 6 Abs. 1 lit. a DSGVO or Art. 9 Abs. 2 lit. a DSGVO or on a contract pursuant to Art. 6 Abs. 1 lit. b DSGVO and
- (2) the processing is done by automated means.
In exercising this right, you also have the right to demand that the personal data which apply to you are transmitted directly from one responsible individual or authority to another responsible individual or authority, insofar as this is technically feasible. This must not infringe upon the freedoms and rights of other persons.
The right to data portability does not apply to the processing of personal data which are necessary for the performance of a task that lies in the public interest or that occurs in the exercise of official authority which was conferred upon the responsible individual or authority.
7. Right of Objection
You have the right at any time, for reasons arising from your particular situation, to object to the processing of the personal data that apply to you and which occurs on pursuant to Art. 6 Abs. 1 lit. e or f DSGVO; this right also applies to profiling based on these provisions.
The responsible individual or authority will no longer process the personal data that apply to you unless this responsible individual or authority can prove that there exist urgent reasons, worthy of protection, for such processing and that these reasons outweigh your interests, rights and freedoms, or if the processing serves to assert, exercise or defend legal claims.
If the personal data that apply to you are processed for the purpose of conducting direct advertising, you have the right at any time to object to the processing of these personal data for purposes of such advertising; this also applies to profiling insofar as it is associated with such direct advertising.
If you object to the processing for the purposes of direct advertising, the personal data that apply to you will no longer be processed for these purposes.
Regardless of Directive 2002/58/EG, you have the option, in the context of the use of services provided by the information company, to exercise your right of objection via automated means in which technical specifications are utilized.
8. Right to Revoke the Data Protection Consent Declaration
You have the right at any time to revoke your Data Protection Consent Declaration. Your revocation of consent does not affect the legality of processing which occurred based on your consent prior to your revocation of same.
9. Automated Decision on a Case-by-Case Basis, Including Profiling
You have the right to not be subjected to a decision based exclusively upon automated processing, including profiling, which will have a legal effect or which exerts significantly deleterious effects on you in a similar manner. This does not apply if the decision:
- (1) is necessary for the conclusion or fulfilment of a contract between you and the responsible individual or authority;
- (2) is permitted by European Union legislation or legal provisions of member states to which the responsible individual or authority is subject, and these legal provisions contain appropriate measures to safeguard your rights and freedoms and your legitimate interests; or
- (3) occurs with your express consent.
However, these decisions may not be based on special categories of personal data pursuant to Art. 9 Abs. 1 DSGVO, insofar as Art. 9 Abs. 2 lit. a or g DSGVO does not apply and suitable measures have been taken to safeguard the rights and freedoms and your legitimate interests.
With regard to the cases referred to in (1) and (3), the responsible individual or authority shall take appropriate measures to safeguard the rights and freedoms and your legitimate interests, which include at least the right to obtain the intervention of a person by the responsible individual or authority, to express one’s own position, and to challenge the decision.
10. Right to Complain to a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, especially to an authority in the member state in which you reside, in which you work, or which contains the location of the alleged infringement, if you believe that the processing of the personal data that apply to you violates the DSGVO.
The supervisory authority to which the complaint was submitted shall notify the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 DSGVO.
Changes of Our Data Protection Declaration
We reserve the right to make changes in this Declaration at any time in order to ensure that our Data Protection Declaration always remains in compliance with current legal requirements. This also applies in the event that the Data Protection Declaration requires modification due to the introduction of new or revised services, for example, the provision of new services. The new Data Protection Declaration will then take effect upon your next visit to our offer.