Euroforum Deutschland GmbH (“Euroforum”, “we” or “us”), Toulouser Allee 27, 40211 Düsseldorf; Managing Director: Andrea Wasmuth, Sebastian Christensen
1. Purpose of this privacy notice
Almost every time you contact us, personal data is transferred. Personal data means information that can be traced back to someone and used to identify them. This usually means your name, e-mail address and / or telephone number. Technical data also counts as personal data if it can be traced back to a specific person. As a rule, you are not obliged to share personal data on this website. The only exceptions are the cases listed in this privacy notice. For example, we will need to process your personal data when you place an order, or when you want to use the full functionality of our website.
This privacy notice explains how, to what extent, and why we collect and use personal data when you visit a website listed below, register for an event, or purchase one of our products.
Our privacy policy applies to the services of Euroforum Deutschland GmbH on the following websites:
Domain/offering (incl. subdomains)
www.euroforum.de
veranstaltungen.handelsblatt.com
live.handelsblatt.com
www.konferenz.de
cti-symposium.world
www.marketing-tag.de
Here are the contact details of our Data Processing Officer:
Euroforum Germany GmbH
Toulouser Allee 27
40211 Dusseldorf
Email: datenschutz@handelsblattgroup.com
And here are the contact details of our Data Protection Officer:
DEGECO Deutsche Gesellschaft für Compliance mbH
Dornberger Straße 27
33615 Bielefeld
www.degeco.de
datenschutz@handelsblattgroup.com
2. General information about cookies or similar technology
Euroforum uses cookies or a similar technology on the websites listed above in Section 1. Cookies are small text files that are placed on your end device by the browser you use to view an event page on our website. This lets us recognize you and remember your previously selected preferences. Similar technology uses other data that is stored on your end device.
Cookies can make websites more user-friendly (for example by storing login data and settings), and can also enable features such as chat and feedback, as long as these are provided by us and not by a third party (see Section 3 below for more on this). Cookies also collect information about how you use our website; this data can be used for analyses, and also for advertising purposes.
Some cookies are automatically deleted from your end device as soon as you close a session (session cookies). Other cookies are stored for a specific period of time that does not exceed two years (persistent cookies). We also use cookies that are managed by third parties in order to offer specific services (third-party cookies). By default, third-party cookies only become active if you give your consent.
You can manage cookies yourself. Most browsers let you restrict or prevent the storage of cookies. That said, your browsing experience will probably be smoother if you allow cookies.
For cookies or similar technology that are essential (meaning we cannot provide our services without them), no consent is required. For all other cookies and similar technology, we always ask for your consent. You can give your consent in the cookie banner that appears at the bottom of your display when you begin a session. For each procedure listed in the cookie banner, we describe which cookies or similar technology are involved, the legal basis for data processing, whether any third parties receive data via cookies (in which case we provide their names), and how long the event organizer will store personal data obtained with the aid of cookies.
3. Overview of processing procedures
When you register for an event or order a product on our websites, we need the following data in order to process your order: Salutation, first name, last name, e-mail address, company, billing address (street, house number, post code, city, state), delivery address if applicable (street, house number, post code, city, state) and payment details. If you wish, you can also enter your phone number, fax number, company role and year of birth. For some events, we may also ask you to provide additional profile data, or to take part in a survey. This additional information is completely voluntary. Here is a full list of the procedures we carry out:
a) Participating in an event
(1) Login & registration
(2) Using an event platform
(3) Chats as part of the event
(4) Contact outside of chats (meeting tools)
(5) Video playouts
(6) Feedback
(1) Login & registration
To participate in an event, you first need to register. The registration mask / form shows you which data we store when you register. Normally, this will be your first name, last name, company, email address, phone number, and company role where applicable. All fields for mandatory data are marked ‘mandatory’.
In addition to mandatory data, you can also share information about your title, company role, level of training and interests.
Legal basis
When you register for an event, we process your personal data in accordance with Article 6 (1) (b) GDPR. This states that data processing is lawful if it is necessary to fulfil a contract. In this case, fulfilling the contract means enabling you to participate in the event you wish to book. Hence, Euroforum needs to process your personal data, as described above.
Data storage
Euroforum will store your personal data for a maximum of 18 months, to help resolve any subsequent processing issues. After deletion, your data will only be stored in keeping with fiscal and commercial storage obligations for participants who have paid to attend.
(2) Using an event platform
For our events and webinars, we use digital conference and training rooms. These provide a wide range of services such as live streams, lectures, chats, discussion forums, breakout rooms, and contact opportunities for exhibitors and sponsors. In some cases, event platforms offer services themselves; in other cases, either Euroforum or one of our third-party partners can offer services via the same event platform. Hence, services on event platforms will regularly ask you to consent to their forwarding your data to the platform provider. We work with the following providers:
Hopin. Provider: Hopin Ltd., Seedcamp Office, 5 Bonhill Street, Shoreditch, London, England EC2A 4 BX. Hopin processes your end device’s system information, and also your profile data (to the extent you authorized), participation movements, length of your visit, and other personal data that you communicate via the event platform (e.g. photos, chats or comments). Click here to view the Hopin privacy policy: https://hopin.com/legal-policy-center
Swapcard. Provider: Swapcard Corporation SAS, 6, rue de Paradis, 75010 Paris, France. Swapcard processes your end device’s system information, and also your profile data (to the extent you authorized), participation movements, length of your visit, and other personal data that you communicate via the event platform (e.g. photos, chats or comments). Click here to view the Swapcard privacy policy: https://www.swapcard.com/privacy-policy/
Talque. Provider Real Life Interaction GmbH, Choriner Str. 3, 10119 Berlin. Talque processes your end device’s system information, and also your profile data (to the extent you authorized), participation movements, length of your visit, and other personal data that you communicate via the event platform (e.g. photos, chats or comments). Click here to view the Talque privacy policy: https://web.talque.com/de/privacy-policy/.
Teams. Provider: Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA. We use the Teams communication platform for some events. Teams processes your end device’s system information, and also your profile data (to the extent you authorized), participation movements, length of your visit, and other personal data that you communicate via the event platform (e.g. photos, chats or comments). Click here to view the Teams privacy policy: https://privacy.microsoft.com/de_de/privacystatement.
Webex. Provider: Cisco Systems GmbH, Parkring 20, 85748 Garching. We use the Webex communication platform for some events. Webex processes your end device’s system information, and also your profile data (to the extent you authorized), participation movements, length of your visit, and other personal data that you communicate via the event platform (e.g. photos, chats or comments). Click here to view the Webex privacy policy: https://www.cisco.com/c/de_de/about/legal/privacy-full.html
zoom. Provider: Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, California 95113, USA. This provider transmits video and audio data and stores them on its own servers, apart from live streams. Zoom works for Euroforum as a service provider or processor, which means zoom processes personal data exclusively on behalf of Euroforum.
edudip. Provider: edudip GmbH, Jülicher Str. 306, 52070 Aachen. edudip offers a platform for webinars, meetings and training courses. We use edudip for our participant management process, and for the transmission of audio and video files. edudip works for Euroforum as a processor, which means edudip processes personal data exclusively on behalf of Euroforum.
blink.it. Provider: blink.it GmbH & Co. KG, Robert-Bosch-Str. 13, 64293 Darmstadt. blink.it is an e-learning tool that can transmit internal and external learning content, and check on students’ progress. Any personal data sent to blink.it for these purposes is processed exclusively on behalf of Euroforum.
Legal basis
Our providers process your personal data in accordance with Article 6 (1) (a) and (b) GDPR. Under Article 6 (1) (a) GDPR, data processing is lawful on the basis of consent. We obtain this consent when you register for our events. Under Article 6 (1) (b) GDPR, data processing is lawful if it is necessary to fulfil a contract. In this case, fulfilling the contract means enabling you to participate in the event you wish to book. For this, Euroforum needs to have your data processed by the event platform provider. For the same reason, Euroforum needs to use e-learning tools in order to send out content and learning units.
Data storage
Once the event is over, event platform providers will delete the data unless you have given your consent for them to keep it. For details, please see to the privacy policy pages of the platform providers concerned.
(3) Chats as part of an event
Our hybrid and online events offer various chat options to help participants and speakers communicate, and to enable discussions. During the event, you can opt to share your chat history (and the personal data it contains) either with all the other participants, or just an individual group. In the same way, you can decide who sees your picture in video chats. We work with various providers, depending on the event. You can get details of these providers from the event organizers, from your event documentation, or on our registration page. Please note that while some of our partners act as our contractors (meaning we remain responsible for data processing), others also process data under their own responsibility. In that case, you need to give your consent first. We always ask before forwarding your data to an external partner. Please note that you may not be able to use some services if we cannot forward your data to an external partner.
We currently work with the following contractors:
sli.do. Provider: sli.do s.r.o., Vajnorksá 100/A, 831 04 Bratislava, Slovakia. sli.do works for Euroforum as a service provider or processor. This means sli.do processes personal data exclusively on our behalf.
The following partner processes your data independently:
wonder.me Provider: Wonder Technologies GmbH, Tempelhofer Ufer 1A, 10961 Berlin. wonder.me lets you contact event participants beyond the context of the event, with contacts initiated by the users concerned. Click here to view the wonder.me privacy policy: https://www.wonder.me/policies/privacy-policies
Legal basis
wonder.me processes personal data from chats in accordance with Article 6 (1) (a) GDPR. This states that data processing is lawful provided you have given your consent.
We have a legitimate interest in processing the services of our provider sli.do so that we can provide user-oriented, comprehensive digital conference services, and – depending on the event – so we can fulfil a contract made with you as described under Article 6 (1) (b) and (f) GDPR. Under Article 6 (1) (f) GDPR processing of personal data is lawful if the controller has a legitimate interest, and providing your fundamental rights, fundamental freedoms or interests do not prevail. You can object to this kind of data processing at any time if your personal situation gives grounds for doing so. All you need to do is email the provider concerned.
Data storage
Chat histories, together with all personal data processed in the context of chats, are deleted immediately after the end of the event.
(4) Out-of-chat contacts, meeting tools
Sharing your personal data is always voluntary when you contact Euroforum, a speaker or a fellow participant. Everyone who receives your personal data is individually responsible under data protection laws. All parties involved have signed an agreement to confirm that they will always use your data in accordance with applicable data protection regulations.
When we use meeting tools to enable you to contact speakers or other participants, these tools are often supplied by third-party providers. These providers then process your data themselves. You can contact these providers by means of a link that we provide. Each provider supplies details of how they handle your personal data.
Legal basis
Personal data from log files are processed on the basis of Article 6 (1) (f) GDPR. This states that personal data can be lawfully processed if the controller has a legitimate interest, and providing your fundamental rights, fundamental freedoms or interests do not prevail. Euroforum has a legitimate interest because it wishes to enable communication and reply to contact requests. You can object to this kind of data processing at any time if your personal situation gives grounds for doing so. All you need to do is email the organizer.
Data storage
All personal data from out-of-chat contacts and meeting tools are deleted as soon as the event ends, or your request has been fully processed.
(5) Video playouts
During events, we sometimes show pre-recorded or live videos featuring speakers, moderators, panellists or other participants. These videos are available to all registered participants.
In this context we work with various service providers, depending on the specific event. You can find full details of these videoconference providers in your event documentation. Alternatively, you can contact the event organizers, using the contact details in your documentation. Please note that while some of our partners act as our contractors (meaning we remain responsible for data processing), others also process data under their own responsibility. In this case, you need to give your consent first. We always ask before forwarding your data to an external partner. Please note that you may not be able to use some services if we cannot forward your data to an external partner.
We currently work with the following contractors:
vimeo. Provider: Vimeo Inc, 555 West 18th Street, New York, NY 10011, USA. The vimeo player offers on-demand access to video and audio data from livestreams, even after the event or webinar ends. Vimeo works for Euroforum as a service provider or processor, which means Vimeo processes personal data exclusively on behalf of Euroforum.
zoom. Provider: Zoom Video Communications, Inc., 55 Almaden Boulevard, 6th Floor, San Jose, California 95113, USA. This provider transmits video and audio data and stores them on its own servers, apart from live streams. Zoom works for Euroforum as a service provider or processor, which means zoom processes personal data exclusively on behalf of Euroforum.
The following providers also process personal data independently:
YouTube. Provider: Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland. At some events, we embed videos from YouTube. A cookie will only be placed on your computer if you play a video. If you want to ensure that no data is passed on to YouTube, do not click on the video. Click here to view the YouTube privacy policy: https://policies.google.com/privacy
Streamyard. Provider: Streamyard Inc., 2810 N. Church St., Wilmington, Delaware 19802, Streamyard is a service that supports live streaming of videos on one of our chosen event platforms (see Section 2 above). Streamyard enables us to design and display user-optimized backgrounds, image sizes, chats, etc. Click here to view the Streamyard privacy policy: www.streamyard.com/resources/docs/privacy.
Legal basis
In the context of video playouts, data processing is based on Article 6 (1) (a) and (b) GDPR. According to Article 6 (1) (b) GDPR, data processing is lawful if it is necessary to fulfil a contract. In order to provide the event format as defined per contract, Euroforum must process the personal data described in this section. Euroforum's legitimate interest lies in the use of a specialized service provider for video playouts.
Data storage
All video recordings that were not live streams anyway will be deleted immediately after the event ends, unless explicitly agreed otherwise with you.
(6) Feedback
After their visit and during the event, participants can give voluntary feedback on how the event and any related services performed. Participants at face-to-face events normally receive a feedback form. Alternatively, or additionally, they can also get a link to an online evaluation platform run by a service provider that we use. In both cases, participants can rate the event according to preset general parameters, and can also leave comments voluntarily, either anonymously or with clear data if desired. Either we store this data directly, or the service provider stores it on their server and processes it on behalf of Euroforum.
We currently work with the following service providers:
SurveyMonkey. Provider: SurveyMonkey Europe UC, 2nd Floor, 2 Shelbourne Buildings, Shelbourne Road, Dublin, Ireland. This Euroforum service provider stores data on its server and processes it on behalf of Euroforum. SurveyMonkey works for Euroforum as a service provider or processor, which means SurveyMonkey processes personal data exclusively on behalf of Euroforum.
Legal basis
Personal data in log files are processed on the basis of Article 6 (1) (f) GDPR. Participants are prompted to voluntarily submit feedback. Under the concept of legitimate interest, personal data can be lawfully processed unless your fundamental rights, fundamental freedoms or interests prevail. In this case, Euroforum has a legitimate interest in receiving and evaluating feedback from event participants, and in using a specialized service provider for this purpose. You can object to this kind of data processing at any time if your personal situation gives grounds for doing so. All you need to do is email the organizer.
Data storage
No personal data is stored in the long term. Your feedback will be completely anonymized upon receipt, unless you voluntarily submit a rating with clear data.
b) Ordering our products
If you wish to order a product (event or training documents, subscriptions, CD-ROMs or files) via our website, we need the following data for each order, so that we can fulfil the contract: Salutation, first name, last name, billing address (street, house number, post code, city, state), delivery address (street, house number, post code, city, state), payment details, email address and date of birth. If desired, you can also share your phone number.
Legal basis
When you place an order, your personal data is processed according to Article 6 (1) (b) GDPR. This states that data processing is lawful if it is necessary to fulfil a contract.
Data storage
Euroforum will store your personal data for a maximum of 18 months, to help resolve any subsequent processing issues. After deletion, your data will only be stored in keeping with fiscal and commercial storage obligations for participants who have paid to attend.
c) Contacts
When you contact us (e.g. by email, or with the contact form), we process the information you provide so we can deal with your request and any follow-up questions that may arise.
Legal basis
When you contact us, we process the information you provide on the basis of Article 6 (1) (f) GDPR. This states that personal data may be lawfully processed if the controller has a legitimate interest, and providing your fundamental rights, fundamental freedoms or interests do not prevail. Here, our legitimate interest lies in processing the contact. You can object to this kind of data processing at any time if your personal situation gives grounds for doing so. All you need to do is email our Data Protection Officer (datenschutz@euroforum.com).
Duration of data storage
We delete the personal data you share when making contact once the issue you contacted us about has been fully resolved, providing there are no reasons to assume the same issue will become relevant again in future.
d) Sending marketing information
If you have given us consent (in the context of an event, or when placing an order), we will send you emails with further offers about the products concerned. Besides event newsletters, this can also mean other information about our services and offers.
Legal basis
The legal basis for this is your declaration of consent (Article 6 (1) (a) GDPR). You can revoke your consent at any time by sending a message to datenschutz@euroforum.com
Alternatively, you can use the ‘unsubscribe’ link for newsletters.
Data storage
We continue to process the contact data we collect for marketing purposes until you revoke your declaration of consent.
e) Log files and metadata when visiting an event
Whenever someone accesses our event pages, we automatically collect a range of technical data, which may be personal data. These are:
We do not merge this data with other personal data that you actively share on the event website (e.g. when registering). Euroforum collects server log files for the purpose of administering the website, and so that we can recognize and repel unauthorized access.
Notes on IP addresses
IP addresses are assigned to every device (smart phone, tablet, PC etc.) that is connected to the Internet. Which IP address you have will depend on what kind of Internet access your end device is currently using. This might be the IP address your Internet provider has assigned you (for instance if you are connected to the Internet at home, via your W-LAN). It could also be an IP address assigned to you by your mobile network provider, or the IP address of a provider of a public or private W-LAN, or other Internet access. Currently, the most common form of IP address is IPv4. This consists of four blocks of numbers. As a private user, your IP address will probably be a dynamic IP address (i.e. one assigned temporarily by your provider), as opposed to one that remains constant. With a permanently assigned IP address (also known as a static IP address), assigning user data clearly is easier. Except for the purpose of tracking unauthorized access to our website, we do not use this data in a person-specific way. We simply evaluate, on an anonymous basis, which of our web pages are most popular, how many hits they attract per day, and other statistics of this nature.
Our event website already supports the new IPv6 addresses. If you already have one, here is some information you might find useful:
An IPv6 address consists of eight blocks of four. For private users, the first four blocks are usually assigned dynamically, just like an IPv4 address. But the last four blocks of an IPv6 address (the ‘interface identifier’) are determined by the device you are using to browse the website. By default, this will be the device’s MAC address. A MAC address is a kind of serial number that is unique to every IP-enabled device worldwide. As an organizer, we do not save the last four blocks of your IPv6 address. In general, we recommend that you activate the Privacy Extensions on your end device. This will anonymize the last four blocks of your IPv6 address better. Most common operating systems have a Privacy Extensions function, though not always as a factory preset.
Legal basis
The personal data in log files are processed on the basis of Article 6 (1) (f) GDPR. This states that personal data can be lawfully processed if the controller has a legitimate interest, and providing your fundamental rights, fundamental freedoms or interests do not prevail. In this case, Euroforum has a legitimate interest in simplifying administration, and in being able to detect and track hacking. You can object to this kind of data processing at any time if your personal situation gives grounds for doing so. All you need to do is email the organizer.
Duration of data storage
The server log files with the data described above are automatically deleted after 30 days. Euroforum reserves the right to store server log files longer if facts indicate the possibility of unauthorized access (such as a hacking attempt, or a DDOS attack).
4. Who receives your data
We process your data to manage either your participation in an event, or an order you place through Euroforum. We also forward your data to the following recipients:
a) Companies of the HANDELSBLATT MEDIA GROUP
We forward your data to process an order, hold an event, improve the offers and websites of Euroforum Deutschland GmbH and our group companies, and to send out marketing communications. We only forward your data if you have given consent, or if we are legally allowed to do so.
For individual events, we also use processing services supplied by group companies of Handelsblatt Media Group GmbH & Co. KG, to which we also belong. Examples here include billing, obtaining feedback on our events, or sending out newsletters on our behalf (assuming you have registered).
Click here for a list of HANDELSBLATT MEDIA GROUP companies that receive your data: https://www.handelsblattgroup.com/portfolio/
b) Service partners
We forward your data to service partners that we use to process contracts, such as:
IT service providers (e.g. for interface functionality)
Login tools
Providers of tools for checking recovery and/or vaccination status
Payment service providers, to process payment transactions (e.g. financial institutions, payment services)
Vendors or providers of events who offer their services via our websites (only where necessary for fulfilling the contract)
Commercial agents
Printing logistics companies such as telecommunications service providers, or delivery services
Debt collection service providers or credit agencies, where necessary in order to exercise our rights
Consulting firms
Credit bureaux
Call centres
Service providers who provide applications and services on our websites, e.g. calculators or comparison portals, technical providers for displaying RSS feeds, automatic voting tools or similar services
Exhibition service providers
Caterers and delivery services
Financial service providers (for instance, to provide custody account and watch list functionalities)
Under the contracts these service providers sign with Euroforum, they can only use your data to process orders for us and for our services. Anything else – including contacting you on their own initiative – is not permitted without your prior consent.
c) Subscriber directories
If you take part in an event (live or digital) and do not object beforehand, we enter your name, your company’s name and your company role in a participant list. We provide these lists at the event, in an event app, or as part of the digital event platform. Other participants, speakers and event partners can use the data on this list to contact you.
d) Law enforcement agencies
Upon receipt of a valid request, we forward your data to law enforcement authorities, public bodies (e.g. tax authorities, social security agencies), supervisory authorities, or third parties that are authorized to receive them
Requests can be connected to any of the following:
Request for / obligation to provide information
Judicial action
Investigative proceedings
e) Consultants
We forward data to our consultants (such as tax consultants, auditors and lawyers) to exercise our rights and our legal obligations.
f) Change of ownership
If we merge or amalgamate with another company, we will transfer your data to that company. Unless you consent, we will only transfer data to places outside the European Union (third country) if the respective contract demands it, to fulfil legal obligations, or to protect our legitimate interests. Data transfers to a third country are also subject to Adequacy Decisions made by the EU Commission. These cover data protection levels, or the existence of corresponding suitable and appropriate guarantees. For details, please contact our Data Protection Officer at datenschutz@euroforum.com
Legal basis
We process your profile data, and the data we collect to process your contract, in accordance with Article 6 (1) (a) and (b) GDPR. This states that personal data can be lawfully processed for reasons of consent, and for the purpose of fulfilling a contract. We also have a legitimate interest (Article 6 (1) (f) GDPR) in providing the services promised effectively, and in making our event prices cost efficient. To do this, we use the existing capacities of our group companies. Article 6 (1) (f) GDPR states that personal data can be lawfully processed if the controller has a legitimate interest, and providing your fundamental rights, fundamental freedoms or interests do not prevail. You can object to this kind of data processing at any time if your personal situation gives grounds for doing so. All you need to do is email the provider.
When we forward data to authorities, we always comply with the legal provisions of Article 6 (1) (c) and (e) GDPR.
Duration of data storage
The personal data in your profile will be deleted if you, or we, delete your customer account. In keeping with the Retention Period under commercial and tax law, data on previous orders will only be deleted after 10 years.
5. Your rights
You have the right to request, free of charge, information about the personal data we store about you. You also have the right to get incorrect data corrected, to request processing restrictions if data has been processed too extensively, and to delete personal data that has been processed unlawfully or stored too long (providing there is no Statutory Retention Obligation, and no other valid reason exists under Article 17 (3) GDPR). You also have the right to transfer all the data you have given us in the context of consent, or to fulfil a contract. Data transfers must use a common file format (right to data portability).
If you also have the right to object to processing as part of individual procedures, we will point this out when we describe these individual procedures.
To exercise your rights, please contact either the organizer, or their Data Protection Officer.
You also have the right to lodge a complaint with a data protection supervisory authority. Click here for a list of German and European data protection officers and their contact details: https://www.bfdi.bund.de/DE/Infothek/Anschriften_Links/anschriften_links-node.html
Dusseldorf 03/2022