Connfair Logo

Data Privacy

Note: The German version of the privacy policy is the sole legally binding document. The English translation is provided for convenience only.

Privacy policy

With this privacy policy, we would like to inform you in accordance with Article 13 and 14 of the General Data Protection Regulation (GDPR) and §§ 32 and 33 of the Federal Data Protection Act (BDSG) about how our company processes personal data in the context of our online offerings (hereinafter individually referred to as “website” or “platform” and collectively as “online offerings“), and to enlighten you about your related rights.

Connfair, as a platform, provides organizers with the opportunity to simplify and streamline communication with you as an event participant, the registration process, ticket sales, and entrance management as much as possible. In this context, it may be necessary for Connfair to process your personal data. The processing of your personal data by us is carried out in compliance with the GDPR, as well as all other applicable data protection regulations.

This privacy policy uses the terminology of the GDPR. The terms used, such as “organizer,” “visitor,” or “user,” are chosen for clarity and are to be understood in a gender-neutral manner.

 

1. Data Controllers and Data Protection Officers

Controllers for the data processing described below:

Connfair GmbH

Brunnenweg 15, 64331 Weiterstadt, Germany

Email: privacy@connfair.com

 

Data Protection Officer:

Pridatect SL

C/ del Marqués de Campo, nº 13, 46007 Valencia, Spain

Email: legal@pridatect.com

 

2. Overview

Purposes and Legal Bases of Data Processing

We process personal data of visitors and users of our online offerings (hereinafter collectively referred to as “users”) when this data is technically necessary for the functionality of our online service or is provided to us by our users. The extent to which the following explanations apply to you depends on how you interact with us.

We process personal data for one or more of the following purposes:

  • For the functionality, security, and presentation of our online offerings,
  • For the creation, provision, and use of customer accounts,
  • For the contact you requested and the processing of your inquiry,
  • For the processing of the application submitted by you,
  • For the initiation or execution of contracts with you or between you and an organizer,
  • For the statistical evaluation and analysis of our website services, and/or
  • For advertising and optimization purposes.

 

Our processing of personal data is based on the following legal bases: your consent under Art. 6(1)(a) GDPR or, if applicable, Art. 9(2)(a) GDPR, for the initiation or performance of a contract with you or between you and an organizer under Art. 6(1)(b) GDPR or, if applicable, Art. 9(2)(b) GDPR, possibly in conjunction with § 26(1–3) BDSG, for compliance with legal obligations under Art. 6(1)(c) GDPR, or for a legitimate interest under Art. 6(1)(f) GDPR.

 

3. Specific Processing Activities: Categories of Processed Data, Scope, Purpose, and Legal Bases of Respective Data Processing

Below, we provide you with information on specific processing activities, the data processed in each case, the scope and purpose of the respective data processing, and the relevant legal bases.

 

3.1. Functionality, Security, and Presentation of Our Online Offerings, as well as Consent Request (Cookie Banner)

When you access our online offerings, it is technically necessary for data to be transmitted to our web server through your internet browser. The following data is recorded in a server log file during an active connection for communication between your internet browser and our web server:

  • Visited domain
  • Date and time of the request
  • Page from which the file was requested
  • Access status (file transferred, file not found, etc.)
  • Used web browser
  • Operating system used
  • Location and IP address of the requesting device (possibly also internet provider)
  • Transferred data volume
  • User ID (if applicable for authenticated platform access)

 

Additionally, the following data may be stored by us during the necessary consent request (Cookie Banner):

  • Consent status

 

The log file records may be evaluated to protect our online offerings against attacks, find and fix errors, and manage server loads. Our legitimate interest in confidential, available, and integral data processing is the basis for this, as per Article 6(1)(f) GDPR. We reserve the right to review log data if there is a justified suspicion of unlawful use based on specific indications.

Technically necessary cookies and other technologies may also be required for the complete and correct presentation of our online offerings, as well as for obtaining and storing your consent. Unless otherwise specified, the complete and correct presentation of our online offerings constitutes a legitimate interest under Article 6(1)(f) GDPR. The processing of personal data for the purpose of obtaining and storing your consent is done through the Borlabs Cookie and due to the legal obligation arising from § 25 TTDSG for consent request and ensuring that non-essential cookies and technologies are not used without prior consent, Article 6(1)(c) GDPR. If you wish to revoke your consent given during the consent request, simply delete the cookie from your browser. When you revisit/reload the website, you will be asked for your cookie consent again. (Further information about our cookies and technologies is also available in our Cookie Policy.)

If, during the consent request, you agree to the use of our marketing cookies, the visited domain, date and time of the request, and your User ID will be stored in our Customer Relationship Management System based on your consent (Article 6(1)(a) GDPR). The HubSpot cookie used for the creation, transmission, and tracking of the User ID expires after 6 months. Generally, we do not merge the aforementioned data with other data sources.

 

3.2. Use of Our Online Offerings

3.2.1. Customer Accounts

You can register for certain services we offer online and create a customer account or user profile for this purpose. We process the personal data you provide to offer our online offerings.

For new registrations, we collect, among other things, master data (e.g., name, address), communication data (e.g., email address), and access data (e.g., username, password).

                Note: Organizers must first create a customer account on the Connfair platform to later sell tickets for                            events through our platform. The data provided during setup and possibly later through forms,                                        such as address data and event data, are stored on servers of an instructed service provider in Frankfurt.                     The stored data can be viewed and modified at any time in the administration area.

The processing of your customer account data is based on the contractual relationship (initiation, execution) you enter into with us, as far as the data is necessary for contract conclusion and/or performance. The basis for this data processing is Article 6(1)(b) GDPR.

 

3.2.2. Contact

When you contact us (e.g., via chat, email, or contact form), we store your information to process your inquiry and for any follow-up questions that may arise. The processed data includes at least the contact details you provide (e.g., your email address in the case of an email inquiry), as well as other information you provide during contact or subsequent communication. To adhere to the principle of data minimization, we kindly ask you to limit your information to what is necessary, if possible.

If and to the extent that contact with you is desired, for example, because you send us a chat or email message or contact us via a contact form, the legal basis for processing is Article 6(1)(f) GDPR. We have a legitimate interest in the complete processing of your contact. Since you are contacting us, we assume that there are no conflicting interests on your part that would oppose our processing of your inquiry. If the contact aims at the conclusion or performance of a contract, the legal basis for processing is Article 6(1)(b) GDPR. If we have your consent, the legal basis for processing for contact purposes is your consent under Article 6(1)(a) GDPR or, if applicable, Article 9(2)(a) GDPR.

 

3.2.3. Ticket Purchase, Corona Status Validation, and Payment Processing

3.2.3.1. Ticket Purchase and Payment Processing

As part of using our platform, personal data is transmitted to us, stored on servers of instructed service providers, and processed by us if you enter the corresponding data into a form on our platform and submit the form.

If you are a ticket buyer, this may involve – depending on the requirements of the organizer – information about your person, contact and communication data, as well as data about your order. Depending on the event, this includes at least your first and last name and the email address you provided, but sometimes also additional data such as your address, phone number, company name, or date of birth. Additional information, such as your preferred payment method and, if applicable, your bank or credit card details, is processed for payment processing. The Connfair GmbH has no influence on the scope of the requested information.

The processing of the aforementioned personal data is based on Article 6(1)(b) GDPR for the purpose of initiating and performing a contract with us or between you and an organizer.

 

3.2.3.2. Corona Status Validation

As part of the ticket purchase, we also offer you the opportunity to voluntarily validate your Corona status in advance and release your ticket for a period aligned with your status. This service is provided in collaboration with the Robert Koch Institute (Corona Warning App) and a validation service (T-Systems), saving you waiting time in the context of any necessary Corona measures at the event location. At the same time, this solution contributes to combating the pandemic.

After you have given your consent to the use of Corona status validation, we send a request to the aforementioned entities. The validation service transmits only the result of the independently conducted validation to us after examining and validating your status. If the validation of the digital COVID certificate fails, the reasons for the failure are provided by the validation service.

The data processed in the context of the triangular inquiry and validation include, in conclusion: your first and last name; your date of birth; the country and region of service use; for travel: departure country and region, country and region of service use, and destination country and region; the time for which the digital COVID certificate is validated; the period for which the digital COVID certificate is validated; the identifier and designation of the booking; the rules by which the digital COVID certificate is validated; the random public key generated anew for each validation; the respective identifiers of the data packets; the signed digital COVID certificate; and the result of the validation along with any error messages about the failure of an examination.

The legal basis for this processing is your consent under Article 6(1)(a) GDPR or, if applicable, Article 9(2)(a) GDPR. You can revoke a given consent at any time with effect for the future. The legality of processing based on your consent until revocation remains unaffected by this.

 

3.2.4. Statistical Evaluation and Analysis of Our Website Services and Data Processing by Google and Microsoft

3.2.4.1. Statistical Evaluation and Analysis of Our Website Services by Us

If you consent to our statistical and analysis cookies, we process your personal data based on your consent for the statistical evaluation and analysis of our website services, for example, through cookies and other technologies. For this purpose, we use Google Analytics (see also section 3.2.4.2 of this privacy policy, including the note on possible risks of EU-US data transfer) and Microsoft Clarity (see also section 3.2.4.3 of this privacy policy, including the note on possible risks of EU-US data transfer). The data obtained through this process is (i) converted into a neutral user ID that prevents tracking but allows the evaluation of, for example, the date and time of the visit, usage data, and click paths in a non-attributable manner, and then (ii) used for the purpose of statistical evaluation and analysis of our website services, as well as (iii), in anonymized form, for the purpose of statistical analysis of the key performance indicators of our economic activities. The data processed in each case includes:

 

  • IP address (partially anonymized in the case of Google Analytics; “anonymizeIP”)
  • Date and time of the visit
  • Usage data (including scroll depth and conversion funnels)
  • Click path
  • App updates
  • Browser information
  • Device information
  • JavaScript support
  • Visited pages
  • Referring URL
  • Downloaded files
  • Flash version
  • Location information
  • Purchase activity

 

The legal basis for processing the aforementioned personal data is your consent in accordance with Art. 6 para. 1 lit. a GDPR, § 25 para. 1 TTDSG. You can revoke a given consent at any time with effect for the future through our “Privacy Settings” function. The legality of processing based on your consent until revocation remains unaffected by this.

To ensure data protection-compliant processing and protection of your data, we have concluded data processing agreements with Google Ireland Ltd. and Microsoft Corporation within the meaning of Art. 28 GDPR. In these agreements, the service providers undertake, in particular, to process personal data only to the extent necessary to fulfill their performance obligations.

The processing carried out as part of the use of Google Analytics is intended to take place within the EU, according to the assurance provided by Google Ireland Ltd. However, in individual cases (such as in support cases), access to personal data from the USA cannot be ruled out. The processing carried out as part of the use of Microsoft Clarity takes place in the USA. Therefore, we have concluded standard contractual clauses with Google and Microsoft to ensure an adequate level of data protection even in cases of access from or transfer to the USA.

We use Google Analytics in accordance with the minimum requirements formulated in the decision of the Datenschutzkonferenz (DSK) dated May 12, 2020. To ensure anonymized collection of IP addresses (so-called IP masking), Google Analytics is extended with the code “anonymizeIp.” With this addition, the IP address of the internet connection of the data subject is shortened and anonymized by Google. The service is also used only with and based on your informed consent. Your consent to the use of Google Analytics is requested by us before use. Once given, consent can be revoked at any time through the “Privacy Settings” function provided on our website with effect for the future. Processing already carried out until your revocation remains unaffected by this. To do this, you would simply set the slider for statistical and analysis cookies to “Off.” The legality of processing based on your consent until revocation remains unaffected by this. Sessions and campaigns are also terminated after a certain period. By default, sessions end after 30 minutes of inactivity, and campaigns end after six months. The time limit for campaigns is a maximum of two years.

As part of our use of Microsoft Clarity, we also ensure the protection of your data by masking all HTML elements on our website that collect data from our users through the use of the attribute. We add the attribute data-clarity-mask=”true” to our tags. Additionally, Microsoft Clarity itself claims to mask sensitive data before forwarding it to Microsoft.

 

3.2.4.2. Data processing by Google within the scope of our use of Google Analytics

If you agree to our statistical and analysis cookies, we use Google Analytics for the purpose of statistical evaluation and analysis of our website. Google Analytics is a web analytics service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), operated in Europe by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland).

Google Analytics uses so-called “cookies.” These are text files that are stored on your device with your consent. By setting the cookie, Google is enabled to analyze the usage of our website. Each time one of the individual pages of the website, on which a Google Analytics component has been integrated, is accessed, the internet browser on the user’s IT system is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of web analysis. Through the cookie, personal information, such as device and browser information, access time, access location, information about user behavior, or the frequency of visits to our website, is stored and processed by Google. (The complete list of processed data can be found under section 3.2.4.1. of this privacy policy.)

The legal basis for the described processing of your personal data by Google is your consent given to us, Art. 6 para. 1 lit. a GDPR. You can revoke a given consent at any time for the future through our “Privacy Settings” function by setting the slider for statistics and analysis cookies to “Off.” The legality of processing based on your consent until revocation remains unaffected.

 

Please note: Despite the location of Google Ireland Ltd. in Ireland, your personal data, including the (partially) anonymized IP address of your internet connection, may be transferred to Google servers in the USA or accessed from America. The United States of America is currently classified as an insecure third country, meaning there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both Google and possibly US authorities have access to the transmitted data. Google may link your data with other data, such as your search history, personal accounts, usage data from other devices, and any other data Google has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without providing you notice or notification (during and also after the processing) or affording you comparable remedies and data subject rights. Unfortunately, we have no influence on the processing by Google and US authorities in these cases.

 

For further information on Google’s privacy policy and terms of use, or the terms of use of Google Analytics, you can refer to the following links:

 

3.2.4.2. Data processing by Microsoft in the context of our use of Microsoft Clarity

If you agree to our statistical and analysis cookies, we use Microsoft Clarity for the purpose of statistical evaluation and analysis of our website. Microsoft Clarity is a web analytics service provided by Microsoft Corporation (1 Microsoft Way, Redmond, Washington 98052, USA; “Microsoft”).

Microsoft Clarity is a free web analytics service that enables us to analyze traffic and user behavior on our website. Through features such as session replays, heatmaps (click & scroll), and the insights dashboard, we can track and understand how users interact with our website. Session recordings help us trace and visualize the user’s path by replaying individual web sessions. Heatmaps provide an overview of the user’s movements on our website, such as which clicks and scrolls were made and how long a specific area was stayed on. Microsoft Clarity’s dashboard also offers key metrics and an overview of data segments of interest.

Microsoft Clarity uses so-called “cookies.” These are text files that are stored on your device with your consent. By setting the cookie, Microsoft is enabled to analyze the usage of our website. Each time one of the individual pages of the website, on which a Clarity component has been integrated, is accessed, the internet browser on the user’s IT system is automatically prompted by the respective Clarity component to transmit data to Microsoft for the purpose of web analysis. Through the cookie, personal information, such as device and browser information, access time, access location, information about user behavior, click paths, or mouse and scroll movements, is stored and processed by Microsoft. (The complete list of processed data can be found under section 3.2.4.1. of this privacy policy.)

The legal basis for the described processing of your personal data by Microsoft is your consent given to us, in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke a given consent at any time for the future through our “Privacy Settings” function by setting the slider for statistics and analysis cookies to “Off.” The legality of processing based on your consent until revocation remains unaffected.

 

Please note: If you agree to our statistical and analysis cookies, your personal data, including the IP address of your internet connection, will be transferred to Microsoft servers in the USA. The United States of America is currently classified as an insecure third country, meaning there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both Microsoft and possibly US authorities have access to the transmitted data. Microsoft may link your data with other data, such as your personal accounts, usage data from other devices, and any other data Microsoft has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without providing you notice or notification (during and also after the processing) or affording you comparable remedies and data subject rights. Unfortunately, we have no influence on the processing by Microsoft and US authorities in these cases.

 

For further information on Microsoft’s privacy policy and terms of use, you can refer to the following links:

 

3.2.5. Marketing measures

We also process your personal data in the context of marketing measures for analysis, advertising, and optimization purposes. The respective data processing is detailed below.

 

3.2.5.1. Google Ads

On our website, we use Google Ads, an advertising system by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), operated in Europe by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), for analysis, advertising, and optimization purposes.

Through this service, advertisers in the Google network can display advertisements on web pages relevant to the content, particularly aligning with search results generated within the use of various Google services (e.g., Google Search, Google Shopping, Google Maps).

Google Ads uses so-called “cookies.” These are text files that are stored on your device with your consent. By setting the cookies, Google is enabled to read and store your IP address and interactions on our website if you have been redirected to our website through an advertisement. This data is transmitted to Google, stored on Google servers, and processed by Google, for example, to measure and invoice the costs for possible conversions (“conversion tracking”).

The legal basis for the respective data processing by Google and us is your consent given to us, in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke a given consent at any time for the future through our “Privacy Settings” function by setting the slider for marketing cookies to “Off.” The legality of processing based on your consent until revocation remains unaffected.

 

Please note: We have no influence on the area of the affiliated network preceding our website (e.g., the third-party website containing the advertisement). Therefore, we cannot guarantee compliance with GDPR requirements or be held liable for any deficiencies in information or other deficiencies within a consent request that we cannot influence.

 

Please also note: Despite the location of Google Ireland Ltd. in Ireland, your personal data, including the IP address of your internet connection, may be transferred to Google servers in the USA or accessed from America. The United States of America is currently classified as an insecure third country, meaning there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both Google and possibly US authorities have access to the transmitted data. Google may link your data with other data, such as your search history, personal accounts, usage data from other devices, and any other data Google has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without providing you notice or notification (during and also after the processing) or affording you comparable remedies and data subject rights. Unfortunately, we have no influence on the processing by Google and US authorities in these cases.

 

If you have a Google account, you can object to personalized advertising using the following link: https://adssettings.google.com/authenticated?hl=de.

 

For more information on Google Ads’ privacy policy and terms of use, as well as the respective technologies, please refer to the following:

 

3.2.5.1.1. Google Ads Conversion Tracking

If you consent to our marketing cookies, we use Google Ads Conversion Tracking on our website, a service provided by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), operated in Europe by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), for analysis, optimization, and billing purposes.

With the help of this service, Google and we can recognize the actions you have taken on our website. For example, we can evaluate how often buttons on our website are clicked and which products are viewed or purchased most frequently—without obtaining information that allows us to personally identify the user. This information is used to create conversion statistics and to further develop our approach and products.

For the purpose of conversion tracking, Google Ads uses so-called “cookies.” These are text files that are stored on your device based on your consent. By setting the cookies, Google is enabled to read and store your IP address and interactions on our website if you have been redirected to our website through an advertisement. This data is transmitted to Google, stored on Google servers, and processed by Google, for example, to measure and invoice the costs for possible conversions (“Conversion Tracking”).

The legal basis for the respective data processing by Google and us is your consent given to us, in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke a given consent at any time for the future through our “Privacy Settings” function by setting the slider for marketing cookies to “Off.” The legality of processing based on your consent until revocation remains unaffected.

 

Please note:

Despite the location of Google Ireland Ltd. in Ireland, your personal data, including the IP address of your internet connection, may be transferred to Google servers in the USA or accessed from America. The United States of America is currently classified as an insecure third country, meaning there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both Google and possibly US authorities have access to the transmitted data. Google may link your data with other data, such as your search history, personal accounts, usage data from other devices, and any other data Google has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without providing you notice or notification (during and also after the processing) or affording you comparable remedies and data subject rights. Unfortunately, we have no influence on the processing by Google and US authorities in these cases.

 

If you have a Google account, you can object to personalized advertising using the following link: https://adssettings.google.com/authenticated?hl=de.

 

For more information on the privacy policies and terms of use of Google and Google Ads, as well as the respective technologies, please refer to the following:

 

3.2.5.1.2. Google Ads Remarketing

If you consent to our marketing cookies, we also use Google Ads Remarketing, an analysis and advertising system by Google LLC (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA; “Google”), operated in Europe by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland), for analysis, optimization, and advertising purposes.

Google Ads Remarketing analyzes your user behavior on our website (e.g., clicks on specific products) to categorize you into specific advertising target groups. Subsequently, when you visit other online platforms, it delivers relevant advertising messages to you (“Remarketing” or “Retargeting”). Additionally, the advertising target groups created with Google Ads Remarketing can be linked to Google’s cross-device features. This enables you to receive interest-based, personalized advertising messages that have been adapted to your previous usage and browsing behavior on one device on another of your devices (e.g., tablet or PC).

The legal basis for the respective data processing by Google and us is your consent granted to us under Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with future effect through our “Privacy Settings” by setting the slider for marketing cookies to “Off.” The lawfulness of processing based on your consent before its withdrawal remains unaffected.

 

Please note the following: Despite the location of Google Ireland Ltd. in Ireland, your personal data, including the IP address of the internet connection you use, may be transferred to Google servers in the United States or accessed from the United States. The United States is currently classified as an insecure third country, meaning there is neither an adequacy decision under Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both Google and, if applicable, US authorities have access to the transmitted data. Google may link your data with other data such as your search history, your personal accounts, usage data from other devices, and all other data Google has about you. Google may also share your personal data with third parties. In addition, US authorities may access and process your data without providing notice or notification to you (during and after the processing), and you may not have comparable legal remedies and data subject rights. Unfortunately, we have no influence over the processing by Google and US authorities.

 

If you have a Google account, you can object to personalized advertising at the following link: https://adssettings.google.com/authenticated?hl=de.

 

For more information on Google Ads’ privacy policies and terms of use, as well as the respective technologies, please visit:

 

3.2.5.2. Facebook Pixel

This website uses the Facebook Visitor Action Pixel for conversion measurement and optimization, provided by Meta Platforms Inc. (1601 Willow Road, Menlo Park, CA 94025, USA; “Facebook”). The European provider of this analytics service is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).

Through this pixel, the behavior of website visitors can be tracked after they have been redirected to our website by clicking on a Facebook advertisement. This allows the effectiveness of Facebook advertisements to be evaluated for statistical and market research purposes, and future advertising measures to be optimized.

The collected data is anonymous for us as the operator of this website, and we cannot draw any conclusions about the identity of the users. However, Facebook processes personal data. This enables Facebook to display advertisements on Facebook pages and outside of Facebook. This use of the data cannot be influenced by us as the site operator.

The use of the Facebook tracking pixel is exclusively based on your prior consent, Art. 6 para. 1 lit. a GDPR. You can revoke a given consent at any time for the future through our “Privacy Settings” function by setting the slider for marketing cookies to “Off.” The legality of processing based on your consent until revocation remains unaffected.

Insofar as personal data is collected on our website and transmitted to Facebook using the described tool, Meta Platforms Ireland Limited (4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), and we are jointly responsible for this data processing (Art. 26 GDPR). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The processing by Facebook after the transmission is not part of the joint responsibility and is solely the responsibility of Facebook. The obligations jointly incumbent on us have been recorded in an agreement on joint processing. The wording of the agreement can be found at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Rights of data subjects (e.g., requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert your rights as a data subject against us, we are obliged to forward your request to Facebook.

 

According to Facebook’s statement, the collected data is also transferred to and processed in the USA and other third countries. The data transfer to the USA is supported by Facebook on the basis of the Standard Contractual Clauses  of the EU Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

 

Please note: Despite the location of Meta Platforms Ireland Ltd. in Ireland, your personal data, including the IP address of your internet connection, may be transferred to Facebook servers in the USA or other third countries if you consent to our marketing cookies. The United States of America is currently classified as an insecure third country, meaning there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both Facebook and possibly US authorities have access to the transmitted data. Facebook may link your data with other data, such as your personal accounts, usage data from other devices, and any other data Facebook has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without providing you notice or notification (during and also after the processing) or affording you comparable remedies and data subject rights. Unfortunately, we have no influence on the processing by Facebook and US authorities in these cases.

 

If you wish, you can deactivate the remarketing function “Custom Audiences” in the ad preferences settings at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen when you are logged into Facebook.

If you do not have a Facebook account, you can also deactivate usage-based advertising from Facebook on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

For further information on Facebook’s privacy policies, please refer to Facebook’s Privacy Policy at the following link: https://de-de.facebook.com/about/privacy/.

 

3.2.5.3. Blog Newsletter

As part of the registration for our blog newsletter and when subscribing to and unsubscribing from our blog newsletter, we process personal data if you choose to subscribe, provide us with the relevant information, and subscribe to our blog newsletter through our double-opt-in procedure.

During the new registration for our blog newsletter, this includes your first name and your email address. This data is also stored by our mailing service provider for the purpose of sending and is used for the delivery. In addition, an analysis and measurement of the success of the blog newsletter (access numbers, duration of stay, click paths, and conversion rates) take place. The legal basis for the processing of your personal data within the scope of registration and subscription is your consent pursuant to Art. 6 Para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future via the link provided for this purpose in the newsletter. The legal basis for the processing of your data within the scope of the analysis and measurement of the success of the blog newsletter is our legitimate interest in the continuous development of our blog newsletter pursuant to Art. 6 Para. 1 lit. f GDPR.

In a few cases, the processing of your personal data may also take place based on our legitimate interest in promoting our products (Art. 6 Para. 1 lit. f GDPR), for example, if you are a regular customer of our company (see also Recital 47 GDPR and § 7 UWG).

Upon unsubscribing from our blog newsletter, your aforementioned personal data will be deleted from the distribution list. However, your email address will be stored in a blacklist by our mailing service provider to prevent future mailings. Data stored by us for other purposes remains unaffected by this process. The data in the blacklist is solely used to prevent future mailings and is not merged with other data. This serves both your interest and our interest in complying with legal requirements when sending our blog newsletter (legitimate interest within the meaning of Art. 6 Para. 1 lit. f GDPR). The storage in the blacklist is not time-limited. If you object to the storage, we will delete your personal data unless your interests outweigh our legitimate interest.

 

3.2.5.4. YouTube Videos

Our website embeds videos from YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA; “YouTube”), which is a subsidiary of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”). The European operator of the YouTube video portal is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

We use YouTube in extended privacy mode. According to YouTube, this mode ensures that YouTube does not store information about visitors to this website before they watch a video. However, the extended privacy mode does not necessarily exclude the sharing of data with YouTube partners. Thus, YouTube – regardless of whether you watch a video – establishes a connection to the Google DoubleClick network.

When you start a YouTube video on this website, a connection is made to YouTube’s servers. The YouTube server is informed about which of our pages you have visited. If you are logged into your YouTube account, you allow YouTube to associate your browsing behavior directly with your personal profile. You can prevent this by logging out of your YouTube account. Furthermore, YouTube may store various cookies on your device or use similar recognition technologies (e.g., device fingerprinting) after starting a video. This allows YouTube to obtain information about visitors to this website. This information is used, among other things, to capture video statistics, improve user-friendliness, and prevent fraud attempts. Additionally, after starting a YouTube video, further data processing operations may be triggered. We have no control over the specific data processing by YouTube or Google in these cases.

The integration of YouTube is carried out in the interest of an appealing presentation of our website. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR. If consent has been requested, the processing is based exclusively on Art. 6(1)(a) GDPR and § 25(1) TTDSG, insofar as the consent includes the storage of cookies or access to information on the user’s device (e.g., device fingerprinting) within the meaning of TTDSG. You can revoke a given consent at any time with effect for the future through our “Privacy Settings” function by setting the slider for marketing cookies to “Off”. The legality of processing based on your consent until revocation remains unaffected.

 

Please note: Despite the location of Google Ireland Ltd. in Ireland, your personal data, including the IP address of your internet connection, can be transferred to Google servers in the USA or accessed from America. The United States of America is currently classified as an insecure third country, meaning that there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. By transmitting your data, both Google and potentially US authorities have access to the transmitted data. Google may link your data with other information such as your search history, personal accounts, usage data from other devices, and any other data Google has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without having to inform you (during and also after the processing) or provide you with similar legal remedies and data subject rights. Unfortunately, we have no influence over the processing by Google and US authorities in these cases.

 

For more information on privacy at YouTube, please refer to their privacy policy at: https://policies.google.com/privacy?hl=en

 

3.2.5.5. Social Plugins

3.2.5.5.1. Facebook Plugins (Like & Share Button)

This website integrates plugins from the social network Facebook (Meta Platforms Inc., 1601 Willow Road, Menlo Park, CA 94025, USA “Facebook”). The service provider for this service is Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).

You can recognize the Facebook plugins by the Facebook “Like” or “Share” button on this website. An overview of Facebook plugins can be found here: https://developers.facebook.com/docs/plugins/?locale=en_US .

When you visit this website, a direct connection is established between your browser and the Facebook server via the plugin. Facebook thereby receives the information that you have visited this website with your IP address. If you click the Facebook “Like” or “Share” button while logged into your Facebook account, you can link the content of this website to your Facebook profile. This allows Facebook to associate your visit to this website with your user account. We would like to point out that, as the operator of this website, we have no knowledge of the content of the data transmitted to Facebook or its use by Facebook. For more information, please refer to Facebook’s privacy policy at: https://www.facebook.com/privacy/explanation .

If you do not want Facebook to associate your visit to this website with your Facebook user account, please log out of your Facebook user account.

The use of Facebook plugins by us is based on our legitimate interest in achieving the broadest possible visibility on social media, Art. 6 Abs. 1 lit. f DSGVO. If we have your consent, the processing is carried out exclusively based on your consent, Art. 6 Abs. 1 lit. a DSGVO. You can revoke a given consent at any time through our privacy settings with future effect by adjusting the slider for marketing cookies to “Off”. The legality of processing based on your consent before revocation remains unaffected.

Regarding the collection and transmission of personal data to Facebook through the described tool on our website, the Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland) and we share responsibility for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of data and its transmission to Facebook. The subsequent processing by Facebook after transmission is not part of the joint responsibility and is solely the responsibility of Facebook. Our joint obligations have been documented in an agreement on joint processing. You can find the wording of the agreement at: https://www.facebook.com/legal/controller_addendum. According to this agreement, we are responsible for providing data protection information when using the Facebook tool and for the data protection-compliant implementation of the tool on our website. Facebook is responsible for the data security of Facebook products. Rights of data subjects (e.g., requests for information) regarding data processed by Facebook can be asserted directly with Facebook. If you assert your rights as a data subject to us, we are obliged to forward your request to Facebook.

According to Facebook, the collected data is transferred to the USA and other third countries, where it is processed. Facebook relies on the Standard Contractual Clauses of the EU Commission for data transfer to the USA. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum.

 

Please note: Despite the location of Meta Platforms Ireland Ltd. in Ireland, your personal data, including the IP address of your internet connection, may be transferred to Facebook servers in the USA or other third countries if you consent to our marketing cookies or click on the respective Like or Share button. The United States of America is currently classified as an insecure third country, meaning there is no adequacy decision according to Art. 45 GDPR, and there is no comparable level of protection. With the transmission of your data, both Facebook and, if applicable, US authorities have access to the transmitted data. Facebook may link your data with other information, such as your personal accounts, usage data from other devices, and any other data Facebook has about you, and may additionally disclose your personal data to third parties. Moreover, US authorities may access and process your data without providing notice or notification to you (during and after the processing), and you may not have similar legal remedies and rights. Unfortunately, we have no influence over the processing by Facebook and US authorities in these cases.

 

Additional information on the privacy regulations of Facebook can be found in Facebook’s privacy policy at the following link: https://de-de.facebook.com/about/privacy/.

 

3.2.5.5.2. Twitter Plugin

On this website, features of the Twitter service are integrated. These features are provided by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA; “Twitter”).

By using the plugin and the “Re-Tweet” function, the websites you visit are linked to your Twitter account and shared with other users. Data is also transmitted to Twitter.

We would like to point out that the processing carried out via the Twitter plugin is done by Twitter as the responsible party. As the operator of this website, we do not have knowledge of the content of the data transmitted to Twitter or its use by Twitter.

The use of the Twitter plugin is based on Art. 6 Abs. 1 lit. f DSGVO. The website operator has a legitimate interest in achieving the broadest possible visibility on social media. If we have your consent, the processing is carried out exclusively on the basis of this consent, Art. 6 Abs. 1 lit. a DSGVO. You can revoke a given consent at any time through our privacy settings, affecting future processing, by turning off the slider for marketing cookies. The legality of processing based on your consent until revocation remains unaffected by this.

Since processing by Twitter takes place in the USA, we have entered into Standard Contractual Clauses with Twitter to ensure an adequate level of data protection for the transfer of data to the USA and processing there. Details can be found at the following link: https://gdpr.twitter.com/en/controller-to-controller-transfers.html.

 

Please note: In the context of using the Twitter plugin, your personal data will be transferred to Twitter servers in the USA if you consent to our marketing cookies or click the “Re-Tweet” button. The United States of America is currently classified as an insecure third country, meaning there is neither an adequacy decision according to Article 45 of the GDPR nor a comparable level of protection assumed. With the transmission of your data, both Twitter and, if applicable, US authorities have access to the transmitted data. Twitter may link your data with other information, such as your personal accounts, usage data from other devices, and any other data Twitter has about you, and may additionally share your personal data with third parties. Furthermore, US authorities may access and process your data without providing notice or notification to you (during and also after the processing), and you may not have comparable remedies and data subject rights. Unfortunately, we have no control over the processing by Twitter and US authorities in these cases.

 

You can adjust your privacy settings on Twitter in the account settings at https://twitter.com/account/settings.

For more information on Twitter’s privacy policy, please refer to Twitter’s privacy statement at: https://twitter.com/de/privacy.

 

3.2.5.6. Promotion of our social media presences through external graphics or text links

On our website, we also promote our presence on the following social networks:

  • Facebook – Social network operated by Meta Platforms Inc. (1601 Willow Road, Menlo Park, CA 94025, USA), which is operated in Europe by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).
  • Instagram – Social network operated by Meta Platforms Inc. (1601 Willow Road, Menlo Park, CA 94025, USA), which is operated in Europe by Meta Platforms Ireland Limited (4 Grand Canal Square, Dublin 2, Ireland).
  • LinkedIn – Social network operated by LinkedIn Corporation Inc. (1000 West Maude Avenue, Sunnyvale, CA 94085, USA), which is operated in Europe by LinkedIn Ireland Unlimited Company (Wilton Place, Dublin 2, Ireland).
  • Twitter – Social network operated by Twitter Inc. (1355 Market Street, Suite 900, San Francisco, CA 94103, USA).
  • YouTube – Video platform of YouTube LLC (901 Cherry Avenue, San Bruno, CA 94066, USA), which is a subsidiary of Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA). The European operator of the YouTube video portal is Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland).

 

The integration is done through a linked graphic of the network. The use of this linked graphic prevents automatic connection to the respective server of the social network when accessing a website with social media promotion. Only by clicking on the corresponding graphic is the user redirected to the service of the social network.

After the user is redirected, the social network collects information about the user. It cannot be ruled out that processing of the data collected in this way takes place in the USA. The operator of this website has no influence on the processing carried out by the respective social network after redirection, which is done at the sole responsibility of the social network.

The data processed in this context initially includes personal data such as IP address, date, time, and the visited page. If the user is also logged into their user account of the respective network during this time, the network operator may potentially associate the collected information from the specific visit with the user’s personal account. If the user interacts via a “Share” button of the respective network, this information can be stored in the user’s personal account and possibly published. If the user wants to prevent the collected information from being directly associated with their user account, they must log out of their account before clicking on the graphic. Additionally, there is the option to configure the respective user account accordingly.

The legal basis for the integration of the linked graphics and text links on our website is our legitimate interest in promoting and increasing the visibility of our social media presences, Art. 6 Abs. 1 lit. f GDPR. There is no apparent conflicting interest on your part.

 

Please note: Clicking on the respective graphic link will redirect you to the website of the corresponding social network. As a result of this redirection, your personal data may be transferred to servers in the USA, despite the possible presence of subsidiaries in Europe. The United States of America is currently classified as an unsafe third country, meaning it is a third country for which there is neither an adequacy decision according to Art. 45 GDPR nor a comparable level of protection. With the transmission of your data, both the network operator and, if applicable, US authorities have access to the transmitted data. The respective network operator may link your data with other information, such as your personal accounts, usage data from other devices, and all other data available to the network operator about you, and may additionally disclose your personal data to third parties. Moreover, US authorities may access and process your data without providing you with notice or notification (during and also after the processing), and you may not have comparable legal remedies and data subject rights. Unfortunately, we have no influence over the processing by the respective network operator and US authorities in these cases.

 

For additional information on the respective privacy policies of the social networks, please refer to the following links:

 

3.3. Contracts

We process personal data in the context of initiating and/or fulfilling a contractual relationship that you enter into with us or through us with organizers, to the extent that the processed data is necessary for the initiation, conclusion, or performance of the contract. The processed personal data in this context includes, within the relationships outlined below:

  • Customers (end customers/organizers): Name, customer number, address, contact details (email address, phone number), bank account information, if applicable, username, and password.
  • Suppliers: Name, address, if applicable, information about the contact person, agreements, e.g., on permanent prices, etc.
  • Employees: Name, address, contact details, date, and possibly place of birth, employee ID, social security number, health insurance, religious affiliation, as well as bank details.

 

The basis for the related data processing is the respective contract being initiated or executed, according to Art. 6(1)(b) GDPR. If it involves processing employee data in the context of establishing or performing an employment relationship, the legal basis is Art. 6(1)(b) GDPR or, if applicable, Art. 9(2)(b) GDPR in conjunction with § 26(1) and (3) BDSG.

 

3.4. Job Application and Hiring Process

When you apply to us (e.g., via email or contact form), we process your information and the documents you submit to us, including the personal data contained therein, for the purpose of processing your application. The processed data in this context includes at least the mandatory information such as first and last names, address, email address, and telephone number. Additionally, it may include voluntary information such as place and date of birth, nationality, your application photo, and any other information or documents provided by you.

If you apply to us via email or contact form, the legal basis for the processing is our legitimate interest according to Art. 6(1)(f) GDPR. We have a legitimate interest in the comprehensive processing of your application. Since you transmit your application to us, we assume that there are no conflicting interests on your part regarding our processing. If we have your consent, the legal basis for processing is this consent, Art. 6(1)(a) GDPR or, if applicable, Art. 9(2)(a) GDPR. If an employment relationship is established, the processing of personal applicant data for the purpose of establishing and implementing the employment relationship is based on § 26(1) and (3) BDSG. In cases where applications do not lead to an employment contract, we also have a legitimate interest according to Art. 6(1)(f) GDPR to retain the application data for a limited period (see section 7 of this privacy policy) to enforce our legal claims or defend against legal claims.

 

3.5. Google Maps

To display relevant locations and facilitate route planning for arrivals and departures, our platform offers you the option, through redirection to the provider’s website, to use Google Maps, an internet mapping service provided by Google LLC (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; “Google”), operated in Europe by Google Ireland Ltd. (Gordon House, Barrow Street, Dublin 4, Ireland).

As part of the use of Google Maps, personal data is transferred to Google, stored on Google servers, and processed by Google. According to Google, it is necessary to store your IP address and, if applicable, the location of your device to use the features of Google Maps. Additionally, Google stores your search queries and information to ultimately provide you with tailored advertisements. Google Maps uses “cookies,” which are text files stored on your device with your consent, to retrieve your personal data and search queries.

The use of Google Maps on our platform is in the interest of an attractive presentation, good customer service, and easy accessibility of the locations indicated on the platform. This constitutes a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

We do not process your personal data ourselves, nor do we have any influence on the processing carried out by Google in the context of using Google Maps. Therefore, we cannot guarantee or be held responsible for the adequate protection of your data during the use of the Google Maps service. Our platform solely directs you to the website of the Google Maps service without processing the aforementioned personal data itself.

 

Please note: Despite the presence of Google Ireland Ltd. in Ireland, your personal data, including the IP address of your internet connection, may be transferred to Google servers in the United States or accessed from America. The United States of America is currently classified as an insecure third country, meaning that there is neither an adequacy decision according to Art. 45 GDPR nor an assumed comparable level of protection. With the transmission of your data, both Google and, if applicable, US authorities have access to the transmitted data. Google may link your data with other information, such as your search history, personal accounts, usage data from other devices, and any other data Google has about you, and may additionally disclose your personal data to third parties. Furthermore, US authorities may access and process your data without having to provide you with notice or notification (during and after the processing), and you may not have similar legal remedies and data subject rights. Unfortunately, we have no control over the processing by Google and US authorities in these cases.

 

More information on the privacy policies and terms of use for Google Maps can be found at the following links:

 

4. Legitimate Interests

Unless otherwise specified in this privacy policy, when we base the processing of your personal data on legitimate interests according to Art. 6(1)(f) GDPR, such interests include protection against misuse, enforcement of our legal claims, adaptation and evaluation of our services, and handling of incoming inquiries.

 

5. Recipients or Categories of Recipients of Personal Data

5.1. Data Processors

In the processing of your data, we collaborate with service providers who are subject to our instructions based on binding data processing agreements, allowing them access to your data. These include, for example, cloud computing providers who provide the IT infrastructure for our products and systems.

Some of these instruction-bound recipients of personal data are exemplified by:

 

Google Cloud EMEA Limited

We use the Google Cloud and Firebase services from Google Cloud EMEA Ltd. to host our Connfair services and perform the necessary user management. During this process, personal data may be disclosed.

 

Google Ireland Limited

We use Google Analytics, a service provided by Google LLC, executed in Europe through Google Ireland Ltd., for the purpose of statistical evaluation and analysis of our website. In this process, personal data may be disclosed.

HubSpot Germany GmbH

We use the services of HubSpot Germany GmbH for and within the scope of our Customer Relationship Management (CRM) system.

 

Kinsta Inc.

We use the services of Kinsta Inc. to host our website. In this process, personal data may be disclosed.

Kinsta Privacy Policy

 

PayPal S.a.r.l. & Cie, S.C.A.

We use the services of PayPal S.a.r.l. & Cie, S.C.A., for the purpose of payment processing in the context of ticket purchases and other contracts. In this process, personal data may be disclosed.

PayPal Privacy Policy

 

Pleo Technologies A/S

We use the services of PLEO for the purpose of payment processing in the context of ticket purchases and other contracts. In this process, personal data may be disclosed.

PLEO Privacy Policy

 

SendGrid Inc.

We use the services of SendGrid for the purpose of sending emails. In this process, personal data may be disclosed.

SendGrid Privacy Policy

 

Sendinblue GmbH

We use the services of Sendinblue for the purpose of sending our blog newsletter. In this process, personal data may be disclosed.

Sendinblue Privacy Policy

 

Stripe Payments Europe Limited

We use the services of Stripe Inc., executed in Europe through Stripe Payments Europe Ltd., for the purpose of payment processing in the context of ticket purchases and other contracts. In this process, personal data may be disclosed.

Stripe Privacy Policy

 

                Note: If you would like more information, a complete overview of our data processors, or a copy of                                 the relevant documentation, please contact us at privacy@connfair.com.

 

5.2. Organizers and Contractual Partners

5.2.1. Organizers and Other Third Parties

When you purchase tickets for an event, register for an event, provide your personal information through a web form, or engage with an organizer in any other way (e.g., by filling out a web form), the respective organizer will have access to your details, including your personal data. Other third parties involved in or promoting the event or activity on behalf of the organizer may also have access to your personal data.

 

5.2.2. Contractual Partners

For the purpose of fulfilling the contract, we may also transmit your personal data to anyone to whom we assign rights resulting from the contractual relationship with you.

 

5.3. Other Recipients

Furthermore, data exchange may occur with the following entities:

  • With third parties providing goods and services (e.g., ticket insurance or merchandise) purchased by you, so that they can process and fulfill your orders.
  • Governmental or other authorized authorities, as far as legally permissible or required.
  • Any legal successor of our company or any part thereof.

 

6. Transfer to Third Countries

As explained in detail in section 3 of this privacy policy, data transfer to the United States of America, and thus to an insecure third country, may occur. Information we collect from you, in this case, will be processed in the United States of America. Currently, there is no adequacy decision by the European Union regarding the United States of America (Article 45 GDPR). This means that there is no level of protection comparable to the GDPR concerning your personal data, as well as potential data subject rights and remedies.

In light of this, our processors and we strive to implement appropriate security measures to safeguard your privacy and the security of your personal data. Therefore, our international data transfers are exclusively based on legally prescribed contractual or other provisions that are intended to ensure adequate protection of your data and can be viewed upon request. In this regard, we rely on the provisions set out in Article 49 of the GDPR or, if applicable, on guarantees pursuant to Article 46 of the GDPR.

                Note: If you desire further information regarding this matter, please contact us at privacy@connfair.com.

 

7. Storage Duration

We only store your personal data for as long as necessary to achieve the respective processing purpose. We store your data: (i) if you have given your consent to the processing, for a maximum duration until you revoke your consent; (ii) if we need the data to perform a contract, for a maximum duration as long as the contractual relationship with you exists (including the defense and enforcement of claims within the statutory limitation periods); (iii) if we use the data based on a legitimate interest, for a maximum duration as long as your interest in deletion or anonymization of the data does not outweigh.

Storage may also occur if provided for by the European or national legislator in regulations, laws, or other provisions to which the data controller is subject (including tax law, commercial law, combating money laundering). To avoid violating legal regulations or losing the possibility to enforce a claim or defend against one, we reserve the right to delete the data only after the expiration of the last applicable retention period that legitimizes data storage.

We store applicant documents for the duration of the application process and an additional period of two months from the date of rejection, provided that (i) the application does not lead to an employment relationship, (ii) no further storage consent has been given, and (iii) no claims have been asserted by an applicant within the exclusion period specified in § 15 (4) of the General Equal Treatment Act (AGG). If claims are asserted within the aforementioned exclusion period, the retention period is extended at least by the 3-month period stipulated in § 61 b (1) of the Labor Court Act. If no lawsuit is filed within this period, we will destroy the applicant documents; otherwise, we will keep the documents until the court decision becomes legally binding. In the case of a successful application, we store the applicant documents, if necessary, for the duration of the employment relationship and the statutory limitation periods in the employee’s personnel file. In the event of a lawsuit based on the employment relationship, we also keep the documents until the court decision becomes legally binding.

For the dispatch of our blog newsletter, we store your first name and email address until you unsubscribe from the blog newsletter via the link provided for this purpose. The storage of your email address in the blacklist of our dispatch service provider, which occurs upon unsubscribing from the newsletter, is not time-limited. If you object to the storage, we will delete your personal data unless your interests outweigh our legitimate interests.

 

8. Your Rights as the Data Subject

When processing your personal data, the General Data Protection Regulation (GDPR) grants you the following rights. Regarding the rights described under sections 8.1-8.7, you can contact us at any time to exercise these rights, preferably by email at privacy@connfair.com. The right to lodge a complaint, as explained under section 8.8, should be exercised with the respective supervisory authority.

 

Please note: When exercising your rights under Articles 15 to 22 of the GDPR, the personal data you provide will be processed to handle your request and provide evidence thereof. These processing activities are based on the legal basis of Article 6(1)(c) GDPR in conjunction with Articles 15 to 22 GDPR and Section § 34(2) of the Federal Data Protection Act (BDSG).

 

8.1. Right to Information (Art. 15 GDPR in conjunction with §§ 29, 34 BDSG)

You have the right to request confirmation as to whether personal data concerning you is being processed. If this is the case, you have the right to obtain information about this personal data and the specific details listed in Article 15 of the GDPR.

 

8.2. Right to Rectification (Art. 16 GDPR)

You have the right to request the correction of inaccurate personal data concerning you without undue delay and, if necessary, the completion of incomplete data.

 

8.3. Right to Erasure (Art. 17 GDPR in conjunction with § 35 BDSG)

You have the right to demand the immediate deletion of personal data concerning you if the conditions specified in Article 17 of the GDPR are met, and no legal provision justifies further processing.

 

8.4. Right to Restriction of Processing (Art. 18 GDPR)

You have the right to request the restriction of processing when one of the conditions listed in Art. 18 GDPR is met, such as if you dispute the accuracy of processed data or have objected to the processing. If you exercise this right, the restriction of processing applies at least for the duration of the examination by the data controller. During this period, except for storage, affected data will only be processed with your consent or for the assertion, exercise, or defense of legal claims, or to protect the rights of another natural or legal person, or for reasons of important public interest of the European Union or a member state.

 

8.5. Right to Data Portability (Art. 20 GDPR)

In certain cases specified in Art. 20 GDPR, you have the right to receive your personal data concerning you in a structured, commonly used, and machine-readable format, or to request the transmission of this data to another controller. If you request the direct transfer of data to another controller, this will only be done to the extent that it is technically feasible.

 

8.6 Right to Object according to Art. 21 GDPR

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you based on Article 6(1)(e) (performance of a task carried out in the public interest or in the exercise of official authority) or (f) (legitimate interests) GDPR, including profiling based on these provisions. If you exercise your right, we will no longer process the affected personal data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights, and freedoms, or the processing serves the establishment, exercise, or defense of legal claims (objection pursuant to Art. 21(1) GDPR in conjunction with § 36 BDSG).

 

If your personal data is processed for direct marketing purposes, you have the right to object at any time to the processing of personal data concerning you for the purpose of such advertising, including profiling, to the extent that it is related to such direct marketing (objection pursuant to Art. 21(2) GDPR).

 

8.7. Revocation of Consents

You also have the right to revoke any given consent to the processing of personal data at any time with effect for the future. To do so, you can either change the respective consent status through the configuration provided by us or send us an informal notification by email to the above-mentioned email address. The revocation of consent does not affect the lawfulness of the processing carried out based on the consent before the revocation.

 

8.8. Right to Lodge a Complaint with a Supervisory Authority

According to Art. 77 GDPR, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, your place of work, or the place of the alleged infringement, if you believe that the processing of personal data concerning you violates the GDPR or other data protection regulations. This right to lodge a complaint is without prejudice to any other administrative or judicial remedies.

 

9. Necessity of Providing Personal Data

We inform you that the provision of personal data may be required by law (e.g., tax regulations) or may result from contractual arrangements or pre-contractual necessities (e.g., information about the contracting party). At times, it may be necessary for an individual to provide us with their personal data, which will subsequently be processed by us. Failure to provide personal data could, for example, result in the inability to conclude a contract between the affected party and us or between the affected party and the organizer.

Before providing personal data, the individual can contact us. We provide case-specific information about whether the provision of personal data is legally or contractually required or necessary for the conclusion of a contract, whether there is an obligation to provide personal data, and what consequences the failure to provide data would have in each case.

Regarding our online offerings, it is generally indicated which personal data is necessary for use. In the event of non-provision of this necessary personal data, certain functions may not be available, or our services may not be utilized.

 

10. Automated Decision-Making

We do not employ mechanisms for automated decision-making, including profiling, that would have legal effects on or significantly impact the data subject in a similar manner.

 

11. Data Security

We make every effort to ensure the security of your data in accordance with applicable data protection laws and technological possibilities. To secure your data, we maintain technical and organizational security measures in accordance with Article 32 of the GDPR, which we continuously update to reflect the latest technological advancements.

 

In cases where we engage third-party services for the processing of your data, the selection of such services is done carefully and in compliance with legal provisions.

                Note: If you wish to obtain further information regarding this matter, please contact us at                                                  privacy@connfair.com.

 

12.Cookies

Our website uses cookies and similar technologies. Cookies are text files that are stored in the internet browser or by the internet browser on the user’s computer system. When a user accesses a webpage, a cookie may be stored on the user’s operating system. Cookies contain a characteristic string that can enable the unique identification of the browser when the website is accessed again. Similar technologies refer to other technical tools that allow the identification of website visitors, such as tracking pixels or localStorage.

Technically necessary cookies and technologies are those without which our website would not be functional and usable. This category only includes cookies and technologies that ensure basic functions and security features of the website. Technically necessary cookies and technologies can be set without the user’s consent.

Non-essential cookies include all cookies and technologies that are not particularly necessary for the functioning of the website and are specifically used to collect personal data from the user, through tracking, advertisements, and other embedded content. Non-essential cookies and technologies (such as cookies for marketing, advertising, or customer analysis purposes) require your consent.

By changing the settings in your internet browser, you can deactivate or restrict the transmission of cookies. Already stored cookies can be deleted at any time, and this can also be done automatically. However, if cookies are deactivated for the website, not all functions of the website may be fully available.

 

For more information about the cookies used by our website, please refer to our Cookie Policy.

 

13. Changes to this Privacy Policy

We reserve the right to change this privacy policy at any time in compliance with applicable laws and regulations.

For the use of our online offerings, the version available online at the time of your visit applies.

 

Last modified: August 1, 2022