Data Protection Notice for Speakers/Exhibitors/Sponsors According to the European General Data Protection Regulation (GDPR)
The following information provides you with an overview of the processing of your personal data by our company and the rights arising for you from the GDPR.
1. Responsible body for data processing and data protection officer
The entity responsible for data processing is ("Company", "we"):
VDI Wissensforum GmbH
VDI-Platz 1
40468 Duesseldorf
Germany
Tel.: +49 (0)2116214-201
E-Mail: wissensforum@vdi.de
The Data Protection Officer of the responsible entity is:
Nicolas Kurze
TÜV Technische Überwachung Hessen GmbH
Robert-Bosch-Str. 16
64293 Darmstadt
E-Mail: datenschutz-wf@vdi.de
2. Data sources and types of personal data processed
We process personal data that we receive from you as an interested party and/or as a participant in our events within the scope of our business relationship. For exhibitors and sponsors, this generally concerns the contact persons designated by the respective company. Personal data is generated by us and you during the initiation and execution of the business relationship.
The personal data is: Name, salutation, title, address, telephone number, fax number, email address, account details, company (with VAT ID), department, position, event participation, event inquiries and correspondence regarding participation, feedback on individual events, personal details of speakers (CV, qualifications, contributions, interests).
We also process personal data that we have lawfully obtained from publicly accessible sources (press, media, Internet, public event directories) or from other event participants we are allowed to process. This data includes: Name, salutation, title, address, telephone number, fax number, email address, company (with VAT ID), department, position, interests.
3. Purpose and legal basis for data processing
Your personal data is processed in accordance with applicable data protection regulations, particularly the GDPR and the Federal Data Protection Act (BDSG). This is done specifically for the following purposes and based on the following legal bases:
a) Due to your consent according to Art. 6 Para. 1 Sentence 1 lit. a GDPR
If you have given us consent to process data for specific purposes, e.g., to receive the email service or to evaluate the use of the email service, we process your data on the legal basis of consent. The scope and purpose of data processing are described in the corresponding consent declaration communicated to you
b) To fulfill contractual obligations according to Art. 6 Para. 1 Sentence 1 lit. b GDPR
The processing of personal data takes place for the purpose of contract execution, namely to carry out your event bookings, to organize the events you have booked, to issue certificates, and to print name badges. Further information on the purposes and the scope of contractual services for which the data is processed can be taken from the respective contract documents and our general terms and conditions.
c) To comply with legal requirements according to Art. 6 Para. 1 Sentence 1 lit. c GDPR
As a company, we are subject to various legal requirements to fulfill tax control and reporting obligations. To ensure these requirements, personal data is processed during the initiation and execution of the business relationship in accordance with legal requirements.
d) Within the framework of the balancing of interests according to Art. 6 Para. 1 Sentence 1 lit. f GDPR
We process your data beyond the actual fulfillment of the contract to protect the legitimate interests of us or third parties:
• Email advertising for similar events or by post, unless you have objected, to inform you about our current offers (our legitimate interest).
• Evaluation of events based on your feedback for optimizing future events (our legitimate interest).
• Completion and correction of your data based on voluntarily provided or permissible publicly accessible information, to address you correctly and, if necessary, more individually for advertising purposes or when planning future events and to save you irrelevant information (our legitimate interest).
4.Who receives my data?
Access to your personal data is granted to those bodies that need it to fulfill contractual and legal obligations. These include hotels and event venues as well as printers, exhibition builders, graphic designers and typesetting agencies, as far as necessary for the execution of the event and your booking. For payment transactions, we pass on your payment data to our bank. Event leaders and moderators receive CVs of the speakers to be able to introduce them. If service providers and agents are also involved in the data processing process, this is generally only possible if they comply with the legal obligations prescribed in the GDPR and BDSG.
5. Is there a transfer of my personal data to a "third country"?
A transfer of your personal data to countries outside the EU or the EEA generally only takes place if you have given us consent or if it is a necessary condition for the execution of a contract
6. How long will my data be stored?
Your personal data is processed and stored as long as it is necessary to fulfill our contractual and legal obligations. After fulfilling the contractual and legal obligations, the personal data is regularly deleted or anonymized. Exceptions to this are:
- The fulfillment of commercial and tax retention periods. The periods for this are between two and ten years.
- The preservation of evidence within the framework of the statute of limitations. According to §§ 195 ff. of the Civil Code (BGB), these limitation periods can be up to 30 years. The standard limitation period is three years until the end of the year.
7. What data protection rights do I have?
You have the following rights regarding your personal data concerning you (Art. 15 ff. GDPR):
- Right to information
- Right to correction or deletion
- Right to restriction of processing
- Right to object to processing
- Right to data portability
The restrictions of §§ 34 and 35 BDSG apply to the right to information and the right to deletion.
Furthermore, there is a right to lodge a complaint with a data protection supervisory authority according to Article 77 GDPR in connection with § 19 BDSG.
Consent given by you for the processing of personal data can be revoked at any time. This also applies to consents given before May 25, 2018 (application of the European General Data Protection Regulation). The revocation only affects the future. Processing of personal data before the revocation is not affected by this.
8. Obligation to provide data
The data requested by us in the context of the business relationship and for the fulfillment of contractual obligations must be provided. The provision also applies to data that we must collect due to legal regulations. Without providing this data, we must reject you as a contractual partner or terminate an existing contractual relationship. Specifically, this involves the following data:
Speakers: Company, contact person, position, address, telephone, email
Exhibitors: Company, contact person, address, telephone, email
Sponsors: Company, contact person, address, telephone, email
May 25, 2018