Security and data protection

We use this data protection notice to inform you about what personal data we collect when you use our digital services (in particular websites and mobile apps) and the purposes for which this data is used.

You can view this information under “Security and Data Protection” at any time.

• Personal data in the sense of this privacy policy are any individual information relating to your personal or material circumstances. This includes in particular your name, your date of birth, your e-mail address, your address and your telephone number.
• Personal data in the sense of this privacy policy also includes information about your use of our website and mobile apps (“access data”). In addition to the access data, personal data is only stored by us when you freely provide us with this information, e.g. in the context of a registration, a survey, a prize competition, a contact query, a subscription to a newsletter or for carrying out an online order. Personal data are also only processed to the extent necessary and only for the purposes to which you have given consent or for legally permissible purposes.

3.1 Collection of access data via the websites

When you access our website, your terminal automatically transfers data for technical reasons. The following data are stored separately from other data that you may possibly transmit to us:

• Date, time and duration of your visit to our websites
• IP address, that has been assigned to you by your Internet provider
• the web page visited
• the user tool (i.e. web browser, operating system) you have used to access the site
• the action that you carried out on our website
• the terms you used in the search engines and in the site search and the search result
• whether a site was successfully accessed or not
• what information was called up (incl. downloads)
• from which server you accessed the website and the website from which you reached the current website

These data are stored for technical purposes and are not at any time associated with a specific person. However, if you have given your consent, this data can also be assigned to your person and used for marketing purposes.

The handling of your personal data for the purposes of providing this website and of communicating via this website are carried out on the basis of our legitimate interest pursuant to Article 6 (1) (f) General Data Protection Regulation (GDPR). It is technically necessary for us to process specific personal data (e.g. IP address) in order to provide this website, Section 25 (2) TTDSG. In order for you to communicate with us, it is necessary for us to handle respective personal data.

On our website, we use the web analysis tool Plausible Analytics from the provider Plausible Insights OÜ (Västriku tn 2, 50403, Tartu, Estonia) to collect statistics about the use of our website. We need these statistics to continuously improve our website and its content. This tool does not set cookies, nor does it set information in the browser, nor does it collect personal data. Instead, only general data such as pages viewed, browsers and devices used and origin are evaluated. Further information can be found here: https://plausible.io/data-policy

Our website is embedding social media plugins or widgets which are provided by Walls.io. When loading these widgets, your IP-address is transferred to Walls.io. Walls.io is operated by Walls.io GmbH, based in Vienna, Austria.

In the context of the necessary balancing of interests we have balanced your interest in the respective privacy of your personal data and our interest in the provision of this website and the establishment of contact with one another. Your interest in privacy is outweighed in both cases. If this were not the case, we would be unable to provide this website or to react to your contact query.

3.2 Collection of personal data via the mobile app of the respective event

As part of the function of this mobile app, we enable you to call up information regarding the trade fair and interact with exhibitors and other trade fair participants. You can, for example, see which exhibitors have a stand and in which hall they are located. You can search for sellers alphabetically, by location or by product range. The mobile app also offers you a hall plan, an overview of the events and additional features related to the trade fair.

3.2.1 Information that is collected during the download

Certain necessary information is transferred to your chosen app store (e. g. Google Play or Apple App Store) when the mobile app is downloaded in particular the username, the e-mail address, the customer number of your account, the time of the download, payment information and the individual identification number of your device can be processed. The processing of this data is carried out exclusively by the respective app store and is beyond our control.

3.2.2 Information that is collected automatically when using the mobile app

When you use the mobile app, we collect certain data via Google Analytics. These include: (i.) the internal device ID, (ii.) the type and version of your operating system, (iii.) the time of the access, (iv.) the pages you visited and (v.) the search terms you entered. In addition, the data listed in item 3.3 of this privacy policy are also processed.

This data is automatically transferred to us, (1) in order to provide you with the service and the functions associated with the service; (2) to improve the functions and features of the app and (3) to prevent and eliminate misuse and malfunctions. This data processing is lawful because (1) the processing is necessary for the purpose of fulfilling the contract between you as the data subject and ourselves pursuant to Article 6 (1) sentence 1 (b) GDPR for the use of the mobile app, or (2) we have a legitimate interest in guaranteeing the functioning and the error-free operation of the mobile app and being able to offer a service which is appropriate to the market and our interests, which in this case overrides your rights and interests in the protection of your personal data pursuant to Article 6 (1) sentence 1 (f) GDPR.

3.2.3 Use of the mobile app

The mobile app also requires the following permissions for the use of all its functions, which you can optionally set:

• Internet access: This is required to download the current trade fair data to your device. In addition, functions such as sending contact requests (networking) or watching livestreams (event programme) require internet access.
• Camera access: This is required so that QR codes can be scanned. These are used, for example, to import contact details of scanned trade fair participants (QR code on trade fair ticket or networking QR code in the app) into the networking address book in the mobile app. The function also makes it possible to transfer favourites from the online exhibitor search to the mobile app. In addition, the camera access is required for navigation purposes on the Koelnmesse exhibition grounds, provided that this service is offered at the respective event.
• Access to location, Bluetooth, movement and fitness data: Access is required for location-based navigation and in-formation purposes on the Koelnmesse exhibition grounds, provided this service is offered at the respective event (see also Item 3.2.6). The “movement and fitness data” is a term used by the operator Apple for the iOS operating system. When using a smartphone with such an operating system, this mobile app only accesses data that helps to improve the accuracy of positioning.
• Access to the gallery: This is required if you wish to upload a profile photo from your photo album.
• Access to the address book: This is required to be able to save contacts in your device's address book or to check whether the user is in the local address book after access has been granted in order to invite them to use the mobile app if they are not yet an app user or networking participant.
• Calendar access: This is required in order to import/save appointments made via the mobile app into your calendar.
• Device memory access: This is needed to save export files of contact lists on your device.

The processing and use of the usage data is carried out for the purpose of providing the service. This data processing is lawful because the processing is necessary for the purpose of fulfilling the contract between you as the data subject and us pursuant to Article 6 (1) sentence 1 (b) GDPR for the use of the mobile app.

3.2.4 Participant groups

The mobile app differentiates between "public participants" and "private participants" of the event. This differentiation is relevant to whether and when the respective contact is listed in public directories and whether this service is optional, if applicable.

• "Public participants" are (i.) the persons named by the respective exhibitor and (ii.) those who provide a specific service within the scope of an agreement with Koelnmesse, such as a moderator. These persons are always listed in the respective lists of persons and can optionally participate in networking.
  
  Public participants also include (iii) trade visitors who have not deactivated the networking functions.
• "Private participants" are all participants who have deactivated the networking function. These persons, if they have deactivated this function, will be removed from the People directory.

The networking function is activated by default. However, you can deactivate or reactivate it under Home/"My Profile".

Furthermore, the mobile app can be used by third parties (e. g. private visitors) who are not assigned to any of the aforementioned participant groups.

3.2.5 Further functions

a) Networking

In addition to the basic functions, there are so-called additional functions which are reserved for registered and logged-in participants (partly only with a valid ticket). Details of these functions can be found in the relevant terms and conditions, unless otherwise stated in this data protection notice.

For optimal use of the networking functions, we process your following personal data: Name, first name, position, company, country, mobile number, e-mail address, (profile) picture and interests. Your contact and profile data are imported into the mobile app from previous systems such as the ticket shop and our CRM system, if available.

Contact data will only be displayed for approved profiles of trade visitors once you have accepted a "request" from the enquirer. Only in this case is your full profile linked to that of the enquirer and made visible.

The legal basis for data processing for private participants (trade visitors etc.) is based on Art. 6 para. 1 sentence 1 lit. a) GDPR and for public participants on Art. 6 para. 1 sentence 1 lit. b) and f) GDPR.

Each participant can revoke their consent for the networking function at any time in the mobile app under Home/"My Profile" with the function "Deactivate Networking" with effect for the future (opt-out).

b) Push messages

If included in the scope of services of the respective mobile app and if you have agreed to this function when using the mobile app, the mobile app will inform you about interesting news concerning your trade fair stay (e. g. event highlights, new products, etc.) via push messages on your terminal device. The push messages can be deactivated and reactivated at any time in the settings of your operating system.

The legal basis for data processing for participants (trade visitors, etc.) is also based on Art. 6 (1) sentence 1 lit. a) GDPR.

c) Location- and interest-based news and navigation service

For selected events, Koelnmesse also offers a location- and interest-based news and navigation service in the mobile app. All participants can use this service by granting permission in the mobile app to receive notifications and to access their location and Bluetooth function. Depending on their location at the exhibition grounds, participants can receive advertising messages from exhibitors at the event and/or Koelnmesse if the Bluetooth function is activated and depending on the data they provided during registration or ticket purchase (e. g. country of origin, interests).

This function uses so-called geofencing/Bluetooth technology on the exhibition grounds, which makes it possible to trigger a message in the app from Koelnmesse based on the location of the mobile device. The location of the mobile device is not stored.

Unless you have given us your consent to do so (see section 3.2.6), your location data will not be used to create movement profiles beyond your current location and will therefore not be logged or stored by us.

You can revoke access at any time in the settings of your operating system. Please note that individual functions may not be available or may not be fully available if you do not allow access to your location data.

Koelnmesse does not pass on any data to the exhibitor as a result of the participant using this function.

The legal basis for data processing for participants (trade visitors, etc.) is also based on Art. 6 (1) sentence 1 lit. a) GDPR.

3.2.6 Profiling

Provided that you have given your explicit consent and have not revoked it, we process the following data within the framework of profiling: Name, company, job title, contact details, interests, your user behaviour and interactions as well as your movement behaviour during our events at our trade fair grounds.

The purpose of this data processing is to get to know you better and to be able to send you marketing measures matched to your interests and needs. In addition, on the basis of this data, we can suggest other trade fair participants to you who might fit your profile and at the same time suggest your person to other trade fair participants. This applies in cases where the other trade fair participant has also consented to this.

Your movement behaviour during our events on our exhibition grounds is recorded by us via the mobile app for the respective event installed on your mobile phone and the WLAN, Bluetooth and mobile phone GPS signals of your mobile phone. This enables us to track the exhibitors you have visited and the routes you have taken, to get to know your interests and needs better and, on the basis of this, to provide you with marketing measures matched to your interests during and after the event, as well as suggestions for other trade fair participants and exhibitors. This information will enable you to move around the trade fair grounds using indoor navigation. If offered, this data can also be used to navigate you to a specific exhibitor during the event.

The legal basis for this handling of your data is Art. 6 (1) sentence 1 lit. a) GDPR. You can revoke your consent at any time by e-mail to datenschutz-km@koelnmesse.de with effect for the future.

3.3 Creation of a user account (registration) and logon

You can create a user account via the respective trade fair website and use it for your registration in the mobile app. Mandatory information required during registration is indicated with an asterisk and is required for the agreement of a contract of use. If this data is not supplied, you cannot create a user account.

In addition, you can also supply information, e. g. internet address, postal address, profile picture or interests, voluntarily during the registration process.

We use the mandatory information in order to authenticate you during the login and to follow up queries for resetting your password and display your tickets in the ticket wallet. The data that you enter during the registration or when logging on is processed and used by us, (1) in order to verify your right to administer the user account; (2) to enforce the terms of use of the mobile app including all of the associated rights and duties and (3) to get in contact with you in order to be able to send you technical or legal notes, updates, security messages or other messages that relate to the administration of your user account.

We use voluntary information in order to display these items according to the settings that you have made while using the mobile app and to make them accessible to other users of the app at your request.

When creating your user account, you can use the social log-ins offered by third-party networks. The respective third-party network will transmit certain data you have stored there (e-mail address, first name, surname, profile picture). We process this data in order to create your user account and make it available to you, including all functions.

This data processing is lawful because (1) the processing is necessary for the purpose of fulfilling the contract between you as the data subject and ourselves pursuant to Article 6 (1) sentence 1 (b) GDPR for the use of the mobile app, or (2) we have a legitimate interest in guaranteeing the functioning and the error-free operation of the mobile app, which in this case overrides your rights and interests in the protection of your personal data pursuant to Article 6 (1) sentence 1 (f) GDPR. Insofar as the data collection by us is based on your consent, Art. 6 (1) sentence 1 lit. a) GDPR is the legal basis. You can withdraw your consent at any time with effect for the future.

3.4 Ticket Shop

3.4.1
Various data on the visitor are required in order to purchase a ticket from our Ticket Shop. The following mandatory details are necessary:

• Your name
• Your e-mail address
• Company (only for trade visitors)
• Country
• Address (place, street, house number, postcode)
• Marketing characteristics
• A password

These data are necessary in order to set up and manage a user account for you. Not least we require these and possibly other data in order to be able to respond to possible future queries from you.

We process these data in order to be able to provide you with the services of our ticket shop and to fulfil the respective contracts agreed with you pursuant to Article 6 (1) sentence 1 (b) GDPR. The data is also processed for the promotion of our events and services (on the basis of Section 7 Paragraph 3 UWG (German Fair Trade Practices Act)) and for optimization and for market research and opinion research.

Insofar as we, as described above, require your data for the purposes of providing the functions of our ticket shop, you are contractually obliged to provide us with these data. Without these data we are unable to provide you with these functions.

3.4.2
Furthermore, you can enter the following voluntary details in the course of your registration in your profile:

• Academic title
• Other title
• Position
• Company (only voluntary for private visitors)
• House number
• P.O. Box
• P.O. Box, postcode:
• Tel.:
• Fax
• Web address

The entry of these details is voluntary and not necessary in order to purchase a ticket.

The processing of this personal data is only carried out on the basis of the express consent you have provided to us pursuant to Article 6 (1) sentence 1 (a) GDPR.

3.5 Community functions

We offer various community functions on our websites. You can use these community functions to interact with other users.

Pease note that these areas could, corresponding to your settings, be publically accessible, and that all personal information that you set within them or provide in the course of your registration can be seen by others. We cannot control how other users of our website utilize this information. In particular, we cannot prevent unwanted messages being sent to you. Content placed in the community areas can be stored for an unlimited period. Should you, at some future time, wish the removal of specific placed material, send us a corresponding e-mail at the address given above.

We collect all data entered in the context of the community functions in order to be able to provide you with the community functions as intended, Article 6 (1) sentence 1 (b) GDPR.

Insofar as we, as described above, require your data for the purposes of providing the community functions, you are contractually obliged to provide us with these data. Without these data we are unable to provide you with the corresponding community functions.

3.6 Chatbot and Contact form

If you submit queries to us via our chatbot or our contact form, your details from the chatbot or from the contact form including the contact data you have provided there

• Name
• First name
• Activity related with Koelnmesse
• Company
• Address
• Tel. no.
• Fax number

are saved and processed for the purpose of answering your query.

We collect these data in order to be able to accept and process your query, Article 6 (1) sentence 1 (b) GDPR.

Insofar as we, as described above, process your data for the purposes of accepting and processing your queries, you are contractually obliged to provide us with these data. Without these data we are unable to accept and process your queries.

3.7 Registration as an exhibitor or a visitor

You can register on our website as a visitor, trade visitor or exhibitor. We process the personal data that you have provided us with in the course of your registration (see item 3.3) in order to accomplish this.

The processing of your personal data is carried out for the purposes of initiating, executing and winding up the corresponding user contract, Article 6 (1) sentence 1 (b) GDPR.

You are not required to register in order to participate in Koelnmesse events. You can of course also purchase an anonymous ticket at the box office counters on site or - if offered - purchase online via our guest order form.

Without registration, we are unfortunately unable to provide you with services such as simplified repeat ticket sales, networking, travel services or other services. In addition, the mobile apps for our events can only be used to a limited extent.

In detail, we process your personal data for the following purposes:

• The purchase of tickets for our events;
• The redeeming of vouchers;
• The registration of future tickets “with one click.”
• The delivery of and payment for other services of Koelnmesse (e.g. trade fair directories and catalogues);
• Checking trade visitor status;
• Announcements, trade information and other materials concerning events of interest to you;
• The offer of individually customized services;
• Query regarding participation in our market and opinion research;
• The prevention or discovery of misuse and fraud, in particular in the case of vouchers and free tickets;
• If necessary, simple actualization of your personal data over the Internet.

Data collected subsequently is also assigned to your customer account. These include, for example, data collected when ordering a ticket.

We reserve the right pursuant to Section 7 (3) UWG to send you by e-mail information on goods and services similar to those that you have purchased from us. You can object to the receipt of such information via e-mail at any time. Every e-mail contains the information about how you can unsubscribe from the receipt of future e-mails.

5.1
We use so-called browser cookies to collect information about your use of our website. Cookies are small text files that are stored on your hard drive where specific preferences and data regarding the exchange of information between our system and your browser is stored. A cookie generally contains the name of the domain from which the cookie data was sent and information about the age of the cookie and an alphanumeric identification sign. Cookies enable our systems to recognize the user’s device and to make possibly existing settings available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the respective user’s computer. Cookies help us to improve our website and enable us to offer you a better service that is even-more customized to your needs. They enable us to recognize your computer when you return to our website and so:

• To store information about your preferred activities on our website and so to orient our website on your individual interests. This includes, for example, advertising that corresponds to your personal interests;
• To increase the speed with which your queries are processed; The use of cookies is justified on the basis of our legitimate interest in a needs-based design and the statistical evaluation of our website and the fact that your legitimate interests are not overriding pursuant to Article 6 (1) (f) GDPR.

5.2
The cookies used by us only store the aforementioned data about your use of our website. This is carried out not on the basis of an assignment to you personally, but by the allocation of an identification number to the cookie (“cookie ID”). The cookie ID is not associated with your name, IP address or similar data that would enable the attribution of the cookie to you. You can find out how to prevent the use of browser cookies under Item 5.5.

In addition, we use so-called server-side tracking. This has the advantage for you that once you have given your consent to the setting of cookies, your data (such as your IP address) will be shortened/anonymized by us before being passed on to third parties. For this purpose, a separate server is used by us as an intermediary in the process. In any case, your data will not be collected and processed without your consent, where necessary.

5.3
Our website uses so-called tracking technologies (you will find further details in Item 6). We use these technologies in order to make the Internet offer more interesting for you. This technology enables Internet users who have already shown an interest in our website to be presented with advertising on the websites of our partners. The display of these advertisements on our partners’ websites takes place based on the use of cookie technology and an analysis of the previous user behaviour. This analysis is carried out using a pseudonym and user profiles with your personal data are not put together.

Should you wish to opt out of this tracking process, you can refuse to allow the setting of a cookie required by this process:

• For example, by means of a browser setting that deactivates the automatic setting of cookies in general. Please use e.g. the “Do not track” (“DNT”) option of your web browser

5.4
We work together with business partners who support us in designing our Internet presence and the website to make it more interesting for you. For this reason, cookies from these partner companies are also stored on your hard drive when you visit the website. These cookies automatically delete themselves after a preset time. The cookies from our partner companies are also only used with a cookie ID to collect data that enables our advertising partners to address you with advertising that could genuinely be of interest to you. You can find out how to prevent the use of cookies under Item 5.5.

5.5
Should you not wish the use of browser cookies, you can set your browser in such a way that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website on a limited basis or not at all. Should you wish to only accept our own cookies, and not the cookies of our service providers and partners, you can select the setting “Block third-party cookies” in your browser.

For more Information about cookies and pseudonymous user profiles please have a look at our cookie-notice.

We maintain publicly accessible profiles in social networks. The individual social networks that we use are listed below.

Social networks such as Facebook, Google+ etc. can normally carry out comprehensive analyses of your behaviour as a user when you visit their websites or a website with integrated social media content (e.g. Like buttons or advertising banners). Numerous processing operations that are relevant to data protection are triggered by a visit to one of our social media sites.

Specifically, if you visit one of our social media sites while you are logged in to your social media account, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded when you are not logged in or if you do not have an account with the respective social media portal. In this case, the data acquisition is accomplished e.g. by using cookies that are saved on your terminal or by recording your IP address.

The operators of the social media portals can use the data collected in this way to create user profiles in which your preferences and interests are stored. As a result, you can be presented with interest-based advertising both inside and outside the respective social media site. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are, or have been, logged in.

Please also note that we are unable to trace all of the processing operations on the social media portals. Depending on the provider, further processing operations could be carried out by the operators of the social media portals. You can find details of such further processing in the terms and conditions of use and the privacy policies of the respective social media portals.

Legal basis

Our social media sites are intended to ensure the most comprehensive possible presence in the Internet. This is in our legitimate interest pursuant to Article 6 (1) sentence 1 (f) GDPR. The analytical processes initiated by the social networks may be based on differing legal foundations, which must be stated by the operators of the social networks (e.g. consent pursuant to Article 6 (1) sentence 1 (a) GDPR).

Controller and assertion of rights

When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. You can basically assert your rights (access, rectification, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).

Please note that despite our joint responsibility with the operators of the social media portals we do not have comprehensive influence on the data processing operations of the social media portals. Our opportunities essentially depend on the corporate policies of the respective provider.

Duration of storage

The data we collect directly through our social media sites is deleted by our systems as soon as there is no longer any need for storing this data, if you ask us to delete it, or if you revoke your consent to have the data stored. Stored cookies remain on your device until you delete them. This clause does not affect mandatory legal requirements, in particular those specifying storage periods.

We have no influence on the length of time that your data is stored by the operators of the social networks for their own purposes. To find out more, please refer to the information provided by the operators of the respective social networks (e.g. read their privacy policies; see below).

Special social networks

Facebook

We have a Facebook page. This service is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.

We have an agreement with Facebook (Controller Addendum) concerning the joint processing of the data. This agreement stipulates which data is processed by us and which is processed by Facebook whenever you visit our Facebook page. You can read this agreement by clicking on the following link: https://www.facebook.com/legal/terms/page_controller_addendum

You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads.

For more information, read Facebook’s privacy policy: https://www.facebook.com/about/privacy/.

We do not use the plugins of the social networks Facebook, Twitter, Google+, LinkedIn and Xing themselves on our website. Our buttons for sharing content via social media are implemented using the software “Shariff,” which first transmits the data to the respective network operator when you click the buttons. If you would like to learn more about Shariff, click here.

Various data are first transferred to the respective social network when you click on the corresponding button. These data can include:

• Date and time of the website access
• URL of the website which the visitor is browsing
• URL of the website which the visitor previously visited
• Browser used
• Operating system used

IP address of the visitor Insofar as you are logged in to the respective social network (Facebook, Twitter, Google+, LinkedIn or Xing) in parallel with your visit to our site, it is not excluded that the provider can associate the visit with your social network account. When you use the plugin functions (e. g. clicking on the “Like” button, posting a comment), this information is also transferred directly by your browser to the respective social network and possibly stored there. Please consult the privacy policies of Facebook, Twitter, Google+, LinkedIn and Xing to find out more about the purpose and scope of the networks’ data collection activities as well as their further processing and use of the data.

In principle, a transfer of your personal information without your prior express consent will only take place in the following cases:

• When it is required for the investigation of an unlawful use of our services or for the prosecution, personal data are transferred to the law-enforcement authorities and if necessary to injured third parties. However, this only occurs when there are concrete indications of unlawful or abusive behaviour. A transfer can also take place when it is necessary for the enforcement of terms and conditions of use or of other agreements. We are also legally obliged to provide information to specific public authorities on request. These are prosecutorial authorities, authorities that prosecute misdemeanours punishable by fines and the financial authorities. The transfer of this data takes place on the basis of our legitimate interest in combatting misuse, the prosecution of criminal offences, the safeguarding, assertion and enforcement of claims and the fact that your rights and interests with regard to the protection of personal data are not overriding pursuant to Article 6 (1) sentence 1 (f) GDPR.
• We rely on contractually bound external companies and external service providers (“processors”) for the provision of the services. In such cases personal data are transferred to these processors in order to enable them to carry out the further processing. These processors are carefully selected by us and regularly checked in order to ensure that your right to privacy remains protected. The processors may only use the data for the specific purposes of the processing as specified by us and are in addition contractually obligated by us to handle your data exclusively in accordance with this privacy policy and the German data protection legislation.
• In the context of the further development of our business it is possible that the structure of Koelnmesse GmbH changes in that the legal form is changed or subsidiaries, business units or constituent parts are established, purchased or sold. In the event of such transactions the customer information will be transferred along with the part of the company being transferred. We will ensure that every such transfer of personal data to third parties to the extent described above takes place in conformity with this privacy policy and with the relevant data protection legislation.

A possible transfer of the personal data is justified by our legitimate interests in adapting our business form to economic and legal factors as required and the fact that your rights and interests with regard to the protection of personal data are not overriding pursuant to Article 6 (1) sentence 1 (f) GDPR.

The data can in some cases be transferred in the scope described above to countries outside the European Economic Area (EEA). These countries do not have a standard of data protection comparable with the standard of protection within the EU (e. g. USA, China or India). For the protection of your data, those of our group companies and contract partners located outside the EEA to whom data should be transferred, such as foreign representatives, are obligated on the basis of the EU standard contractual clauses for the transfer of personal data to third countries to guarantee adequate data protection.

You will find the EU standard contractual clauses for the transfer of personal data to third countries under the following link: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_de

You will also find information on international data protection under the following link: https://www.lda.bayern.de/en/international.html

The processing of your personal data for purposes other than those described will only take place to the extent permitted by a legal regulation or subject to your consent for the change of purpose of the data processing. In the event of further processing for purposes other than those for which the data were originally collected, we will inform you of these other purposes before the further processing and make all relevant information available to you.

We delete or anonymize your personal data as soon as they are no longer required for the purposes according to the aforementioned items for which we collected them. As a rule, we store your personal data for the duration of your user relationship with respect to the website.

After the expiry of these periods of notice, the data are deleted, insofar as these data are no longer required due to legal retention periods, for criminal prosecution or for the safeguarding, assertion or enforcement of legal claims. In this case, they are locked. The data are then no longer available for further use.

We do not use any automated processing steps in order to reach a decision – including profiling – in connection with our website.

14.1 Right to information
Pursuant to Article 15 GDPR, you have the right to request us at any time to provide you with information concerning personal data relating to you that we process. You can make this request by sending a postal letter or e-mail to the above address.

14.2 Right to rectification of incorrect data
You have the right to request us to immediately rectify your personal data if they are inaccurate. To do so, please contact the above addresses.

14.3 Right to erasure
You have the right to obtain from us the erasure of personal data on the grounds described in Article 17 GDPR. These grounds especially give you the right to erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if the personal data have been unlawfully processed, if we have received an objection to the processing, or the personal data have to be erased in compliance with a legal obligation in Union or Member State law to which Koelnmesse is subject. With regard to the duration of the data storage, see Item 12 of this data protection declaration. To exercise the aforementioned right, please contact the above addresses.

14.4 Right to restriction of processing
You have the right to request us to restrict processing pursuant to Article 18 GDPR. This right applies, in particular, to the following cases: When the accuracy of the personal data is contested between the user and ourselves, for a period enabling us to verify the accuracy of the personal data; the user has an existing right to erasure but opposes the erasure of the personal data and requests the restriction of their use instead; the data are no longer needed for our purposes, but they are required by the user for the establishment, exercise or defence of legal claims; the user has objected to processing pending the verification whether our legitimate grounds override those of the user. To exercise the aforementioned right, please contact the above addresses.

14.5 Right to data portability
You have the right to receive the personal data concerning yourself, which you have provided to us, in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR. To exercise the aforementioned right, please contact the above addresses.

14.6 Right to object
Pursuant to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6 (1) GDPR. In that case, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

14.7 Right of appeal
If you have a complaint, you also have the right to appeal to the responsible regulatory authority. The responsible regulatory authority is:

Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf, Germany
Tel.: +49 211/38424-0
Fax: +49 211/38424-999
e-mail: poststelle@ldi.nrw.de

The current version of this privacy policy can always be called up under “Security and Data Protection”.

Status: 20 February 2025