Data protection

Name and Address of the Responsible Authority

The responsible authority within the meaning of the basic data protection regulation and other national data protection laws of the member states as well as other data protection regulations is:

Karlsruher Messe- und Kongress GmbH
Festplatz 9
D-76137 Karlsruhe
Germany
Phone: +49 (0)721 3720-0
Email: info@messe-karlsruhe.de
Website: www.messe-karlsruhe.de

Name and Address of the Data Protection Officer

The data protection officer of the responsible authority is:

Torsten-Harald Scholz
Festplatz 9
D-76137 Karlsruhe
Germany
Phone: +49 (0)721 3720-2193
Email: datenschutzbeauftragter@messe-karlsruhe.de

General Information about Data Processing

1. Scope of Processing of Personal Data

In principal, we collect and use personal data of our users only to the extent necessary to provide a functional website, our contents and our services. Collection and utilization of personal data regularly occurs only with the consent of the user. An exception applies to cases in which prior consent cannot be obtained for reasons of fact and the processing of the data is permitted by law.

2. Legal Basis for the Processing of Personal Data

Insofar as we obtain the consent of the data subject for processing personal data, article 6, paragraph 1, lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis. Article 6, paragraph 1, lit. b GDPR serves as the legal basis for the processing of personal data required for the performance of a contract to which the data subject is a party. This also applies to processing operations that are necessary for the implementation of pre-contractual measures. Insofar as the processing of personal data is necessary to fulfil a legal obligation to which our company is subject, article 6, paragraph, 1 lit. c GDPR serves as the legal basis. Article 6, paragraph 1, lit. d GDPR serves as a legal basis in the event that vital interests of the data subject or another natural person necessitate the processing of personal data. If the processing is necessary to safeguard a legitimate interest of our company or a third party, and if the interests, fundamental rights and fundamental freedoms of the data subject do not outweigh the first-mentioned interest, then article 6, paragraph 1, lit. f GDPR serves as the legal basis for the processing.

3. Deletion of Data and Duration of Storage

The personal data of the affected person will be deleted or blocked as soon as the purpose of the storage ceases to exist. In addition, storage may also occur if this storage is intended by the European or national legislator in EU regulations, laws or other guidelines to which the responsible authority is subject. Blocking or deletion of the data also occurs upon the expiration of a storage period prescribed by the aforementioned standards, unless there is a need for further storage of the data for conclusion or fulfilment of a contract.

4. SSL Encryption

We use state-of-the-art encryption procedures (e.g. SSL) via HTTPS to safeguard the security of your data during transmission.

Provision of the Website and Creation of Log Files

1. Description and Scope of Data Processing

Each time our website is accessed, our system automatically collects data and information from the computer system of the calling computer.

The following data are collected in this context:

  • (1) The IP address of the user
  • (2) The date and the time of the access
  • (3) Websites which the user’s system accesses via our website

These data are also stored in our system’s log files. The anonymization of the IP address does not lead to the storage of data which could facilitate their correlation with a specific user. Storage of these data does not occur together with other personal data of the user.

2. Legal Basis for the Data Processing

The legal basis for the temporary storage of data and log files is article 6, paragraph 1, lit. f GDPR.

3. Purpose of the Data Processing

The system temporarily stores the IP address because this storage is necessary to enable delivery of the website to the user’s computer. To accomplish this delivery, the user’s IP address must remain stored for the duration of the session.

Storage in log files is undertaken to ensure the functionality of the website. In addition, the data enable us to optimize the website and to ensure the security of our IT systems. An evaluation of the data for marketing purposes does not occur in this context.

These purposes also involve our legitimate interest in the processing of data pursuant to Art. 6 Abs. 1 lit. f GDPR.

4. Duration of Storage

The data will be deleted as soon as they are no longer needed to accomplish the purpose for which they were collected. In the case of collecting the data in order to provide the website, this deletion occurs when the respective session is ended.

In the case of data stored in log files, this deletion occurs no later than 14 days after the date of initial storage. Storage beyond this date is possible.

5. Possibility for Objection and Removal

The collection of data for provision of the website and the storage of data in log files are essential for the operation of the website. There is consequently no possibility for the user to object to it.

Use of Cookies

1. Description and Scope of Data Processing

Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user’s computer system. When a user visits a website, a cookie can be stored on the user’s operating system. This cookie contains a characteristic string of characters which enables the browser to be uniquely identified when the website is accessed again. We use cookies to make our website more user-friendly. Some elements of our website require that the calling browser can be identified even after a page change. The following data are stored and transmitted in the cookies:

  • The session of the user

In addition to this, we also use cookies on our website which enable us to analyze the surfing behaviour of our users. These analytical cookies are used for the purpose of improving the quality of our website and its contents. Analytical cookies tell us how the website is used and enable us to continually optimize our services. You can find more information about this in the “Google Analytics and Google Tag Manager” section.

The user data collected in this way are pseudonymized by technical precautionary measures. It is therefore no longer possible to correlate the data to the specific users who accessed the site. The data are not stored together with other personal data of the users.

When users access our website, an information banner notifies the users about our use of cookies for analytical purposes and refers the users to this Data Protection Declaration. In this context, there is also an indication as to how the storage of cookies in the browser settings can be prevented.

2. Legal Basis for the Data Processing

The legal basis for the processing of personal data using cookies is article 6, paragraph 1, lit. f GDPR. The legal basis for the processing of personal data using technically necessary cookies is article 6, paragraph 1, lit. f GDPR. The legal basis for the processing of personal data using cookies for analytical purposes is article 6, paragraph 1, lit. a GDPR.

3. Purpose of the Data Processing

The purpose of using technically necessary cookies is to simplify the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For thesefunctions, it is necessary that the browser can also be recognized after a page change. We need cookies for the following applications:

  • (1) Language settings

The user data which are collected by technically necessary cookies are not used to create user profiles. In these purposes, our legitimate interest lies in the processing of personal data in accordance with article 6, paragraph 1, lit. f DSGVO.

4. Duration of Storage, Objection and Deletion Options

Cookies are stored on the user’s computer, which transmits them to our website. Therefore you, as the user, have full control over the use of cookies. You can deactivate or restrict the transmission of cookies by changing the settings in your internet browser. Please use the help features of your internet browser to learn how you can change these settings. Previously stored cookies can be deleted at any time. This can also be done automatically. If cookies for our website are deactivated, it may not be possible to use all of our website’s functions to their full extent.

Special Applications

Google Analytics and Google Tag Manager

Google Analytics and Google Tag Manager, web analysis services of Google Inc, (1600 Amphitheatre Parkway Mountain View, CA 94043, USA; hereinafter “Google”), are used on this website. The use includes the “Universal Analytics” mode of operation. This makes it possible to assign data, sessions and interactions across several devices to a pseudonymous user ID and thus to analyze the activities of a user across all devices. Google Analytics uses so-called “cookies”, i.e. text files which are placed on your computer to help the website analyze how users use the site. The information generated by the cookie about your use of the website will generally be transmitted to and stored by Google on servers in the United States. However, if IP anonymization is activated on this website, your IP address will be shortened beforehand by Google within member states of the European Union or in other signatory states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA, where it will be shortened. The IP address transmitted by your browser as part of Google Analytics will not be combined with other data from Google. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services relating to website activity and Internet usage to the website operator. Our legitimate interest in data processing also lies in these purposes. The legal basis for the use of Google Analytics is § 15, paragraph 3 TMG or article 6, paragraph 1, lit. f GDPR. Sessions and campaigns are terminated after a certain period of time. By default, sessions are terminated after thirty minutes without activity and campaigns are ended after six months. The time limit for campaigns can be a maximum of two years. You can find further information on terms of use and data protection at http://www.google.com/analytics/terms/us.html or https://www.google.de/intl/en/policies/.

You may prevent the use of cookies by selecting the appropriate settings on your browser; however, please note that if you do this, you may not be able to use the full functionality of this website. You can also prevent Google from collecting the data which are generated by the cookie and are related to your use of the website (including your IP address), and you can prevent Google from processing these data, by downloading and installing the following browser add-on: http://tools.google.com/dlpage/gaoptout?hl=en.

Google Maps

This website uses Google Maps API for the visual display of geographic information. When visitors use Google Maps, Google also collects, processes and uses data about the visitors’ utilization of the map features. For more information about Google’s data processing, please refer to Google’s Privacy Policy at http://www.google.com/privacypolicy.html. You can also change your personal privacy settings in the privacy centre there.

For detailed instructions on how to manage your own data related to Google products, click here: http://www.dataliberation.org/

Script Libraries (Google WebFonts)

In order to present our contents correctly and in a graphically attractive format across all browsers, we use script libraries and font libraries such as Google Web Fonts (https://www.google.com/webfonts/) on this website. Accessing script libraries automatically triggers a connection to the library’s operator. In this context, it is possible that the operators of such libraries might collect data. Google Web Fonts is a service of Google Inc. (“Google”). Google Web Fonts are transferred to the cache of your browser to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access to them, contents will be displayed in a standard font. These web fonts are integrated via a server call, usually to a Google server in the USA. This call will tell the server which of our web pages you have visited. Google also stores the IP address of the browser of the terminal device of the visitor to these Internet sites.

You can find more detailed information in Google’s data protection information, which you can access here: https://fonts.google.com/about#

https://policies.google.com/privacy

Embedded YouTube Videos

We embed YouTube videos on some of our websites. The operator of the corresponding plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a page with the YouTube plug-in, it will connect to YouTube’s servers. This will tell YouTube which pages you visit. If you are logged in to your YouTube account, YouTube can assign your surfing behaviour to you personally. You can prevent this by logging out of your YouTube account beforehand.

When a YouTube video is started, the provider utilizes cookies that collect information about user behaviour.

Anyone who has deactivated the storage of cookies for the Google Ad programme will not have to expect such cookies, also when viewing YouTube videos. However, YouTube does store non-personal usage information in other cookies. If you want to prevent this, you must block the storage of cookies in the browser.

You can find more detailed information about data protection at YouTube in the provider’s data protection declaration at: https://www.google.de/intl/en/policies/privacy/

Contact Form

A contact form is available on our website. This form can be used to contact us electronically. If a user makes use of this option, the data which the user enters in the input mask will be transmitted to and stored by us. These data are:

  • (1) The email address of the user
  • (2) The salutation of the user
  • (3) The first and last name of the user
  • (4) The message written by the user

When you contact us via the online form, we store the information which you provide in order to answer your enquiry and to ask possible follow-up questions.

In the context of the sending process, we will request your consent to allow us to process the data and we will refer you to this Data Protection Declaration.

Alternatively, you can contact us via the email address provided. In this case, we will store the personal data which the user transmits together with the email.

The data will not be passed on to third parties in this context. The data will be used exclusively for the processing of the conversation.

Applicant Management / eRecruiting Portal

In order to be able to participate in the Karlsruher Messe- und Kongress GmbH online application selection procedure, each applicant must create a user account. These data are collected, processed and used exclusively for the purpose of handling application procedures and filling vacancies in compliance with the German Federal Data Protection Act and the Telemedia Act. The data which you enter can only be viewed by the responsible employees who are involved in filling the respective position. If the Karlsruher Messe- und Kongress GmbH commissions personnel consultancies to accompany and carry out the selection procedure and passes on your data to them, it will be contractually agreed and monitored to ensure that an identical level of data protection is guaranteed. If your application documents indicate that there exists a serious disability or a claim to equal opportunity within the meaning of SGB IX, the Representative Body for Disabled Persons / Works Council will become involved in processing the application. Otherwise, the Karlsruher Messe- und Kongress GmbH undertakes to pass on your data only if it is legally obliged to do so, e.g. to courts of law or other official authorities.

Duration of the Storage of Personal Data

Your data and the information you provided in the course of the online application procedure will be retained in compliance with the legal framework for as long as is necessary for the application procedure, but for no longer than three months after completion of the selection procedure.

If you have decided to include your data in the talent pool, your data will also be kept for this purpose for use within the city, but for no longer than twelve months after the last activity, e.g. inclusion in a recruitment process.

Otherwise, only a part of your data will be stored in anonymous form so that no personal assignation can be established. The data record thus no longer enables any conclusions to be drawn about your person and serves only as a basis for statistical evaluations. The attachments of your applications will be completely deleted, e.g. curriculum vitae, certificates, etc.

If your application is successful, i.e. if you are hired by the Karlsruher Messe- und Kongress GmbH, then the data which you provided will become part of your personnel file in accordance with the statutory provisions.

Automatic Deletions

Your system access will be automatically deactivated twelve months after your last login to the system.

Security in the Handling of Personal Data

Your data will be automatically encrypted whenever they are transmitted, thus protecting them against unauthorized access by third parties. The precautions for data storage correspond to the latest technological standard.

You may revoke your consent to the use of your personal data for the future in writing at any time. After revoking your consent, you can no longer participate in the online application process.

Please also note the separate data protection provisions in our eRecruiting Portal.

Newsletter

If you subscribe to our newsletter, we will use the information that you provide solely for this purpose or to notify you about circumstances relevant to this service or the subscription. We will not share these data with third parties.

A valid email address is required in order to receive the newsletter. In addition to this email address, we also save the IP address that you used to sign up for the newsletter and the date on which you ordered the newsletter. These data serve us as proof of misuse if a foreign email address is registered for the newsletter. To further ensure that third parties do not misuse an email address in our mailing list, we also work, in accordance with the law, with the so-called “double opt-in” procedure. In the context of this procedure, a record is kept of the order of the newsletter, the sending of the confirmation email, and the receipt of the confirmation of registration.

Art. 6 Abs. 1 lit. a GDPR is the legal basis for the processing of data after the user has subscribed to the newsletter and after the user has consented to such processing.

You have the option to revoke, at any time, your consent to the storage of data, to the storage of your email address, and to its utilization for sending the newsletter. To facilitate your cancellation, we include a corresponding link in each edition of the newsletter. You also have the option to notify us of your desire to cancel your subscription via the contact options mentioned in this document.

Social Plug-ins

On our website, we offer you the option of using so-called “social media buttons”. To protect your data, we use the “Shariff” solution during implementation. This means that these buttons on the website are integrated only as a graphic, which contains a link to the corresponding website of the button’s provider. When you click on the graphic, you will accordingly be forwarded to the services of the respective provider. Only then will your data be sent to the respective providers. If you do not click on the graphic, there will be no exchange of data between you and the providers of the social media buttons. You can find information about the collection and use of your data in the social networks by consulting the terms of use of the respective providers. You can find more information about the Shariff solution here: https://www.heise.de/ct/artikel/Shariff-Social-Media-Buttons-mit-Datenschutz-2467514.html

We have included the social media buttons of the following companies on our website:

  • Facebook Inc. (1601 S. California Ave, Palo Alto, CA 94304, USA)
  • Twitter Inc. (795 Folsom St., Suite 600, San Francisco, CA 94107, USA)
  • Google Plus/Google Inc. (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
  • XING AG (Gänsemarkt 43 D-20354 Hamburg, Germany )
  • LinkedIn Corporation (2029 Stierlin Court, Mountain View, CA 94043, USA)

Rights of the data subject

If your personal data are processed, you are the data subject within the meaning of the GDPR and you are entitled to the following rights vis-à-vis the controller:

Right to Information

You can request confirmation from the controller (i.e. the data controller) as to whether personal data relating to you will be processed by us. In the event of such processing, you may request the following information from the responsible individual:

  • (1) the purposes for which the personal data will be processed;
  • (2) the categories of personal data which will be processed;
  • (3) the recipients or categories of recipients to whom the personal data relating to you has been or will be disclosed;
  • (4) the planned duration of the retention of the personal data relating to you or, if it is not possible to provide specific information in this regard, criteria for determining the retention period;
  • (5) the existence of a right to rectify or delete personal data concerning you, a right to limit the processing by the responsible individual or a right to object to such processing;
  • (6) the existence of a right of appeal to a supervisory authority;
  • (7) all available information on the origin of the data, if the personal data are not collected from the data subject;
  • (8) the existence of automated decision-making including profiling in accordance with articles 22 (1) and (4) GDPR and, at least in these cases, meaningful information on the logic involved and on the scope of such processing and the intended effects on the data subject.

You have the right to request information as to whether the personal data concerning you will be transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate guarantees in connection with the transfer pursuant to article 46 GDPR.

Right to Rectification

If the personal data processed concerning you are inaccurate or incomplete, you have the right to have your personal data corrected and/or completed by the controller (i.e. the data controller), who must immediately carry out the requested rectification.

Right to Restriction of Processing

Under the following conditions, you can demand the restriction of the processing of the personal data that apply to you:

  • (1) if you contest the accuracy of the personal data that apply to you for a period of time that enables the controller or authority to verify the correctness of the personal data;
  • (2) the processing is unlawful and you refuse the deletion of the personal data, demanding instead that the use of the personal data be restricted;
  • (3) the controller or authority no longer needs the data for processing purposes, but you need the data to assert, exercise or defend legal claims; or
  • (4) if you have objected to the processing pursuant to Art. 21 Abs. 1 GDPR and it has not yet been determined whether the legitimate needs of the controller or authority outweigh your reasons.

If the processing of personal data that apply to you has been restricted, these data – with the exception of their storage – may only be used with your consent or for the purpose of asserting, exercising or defending legal claims or to protect the rights of another natural or legal person or for reasons of important public interest of the European Union or one of its member states.

If the restriction of the processing according to the abovementioned conditions is curtailed, you will be notified by the controller or authority before the restriction is lifted.

Right to erasure

a) Obligation to Delete

If one of the following reasons exists, then you can demand that the controller or authority immediately delete the personal data which apply to you and the controller or authority is obliged to delete these data without delay:

  • (1) The personal data that apply to you are no longer necessary for the purposes for which they were collected or otherwise processed.
  • (2) You revoke your consent, under Art. 6 Abs. 1 lit. a or Art. 9 Abs. 2 lit. a GDPR, upon which the processing is based, and no other legal basis exists for the processing.
  • (3) You object to the processing under Art. 21 Abs. 1 GDPR and no superseding legal reasons exist for the processing, or you object to the processing pursuant to Art. 21 Abs. 2 GDPR.
  • (4) The personal data that apply to you were unlawfully processed.
  • (5) The deletion of the personal data that apply to you is necessary to fulfil a legal obligation according to the law of the European Union or the law of the member states to which the responsible individual or authority is subject.
  • (6) The personal data that apply to you were collected in relation to services offered by the information company according to Art. 8 Abs. 1 GDPR.

b) Information to Third Parties

If the controller or authority has made public personal data that apply to you, and if the controller or authority is obliged to delete these data pursuant to Art. 17 Abs. 1 GDPR, then the controller or authority shall undertake appropriate activities, including activities of a technical nature, taking into consideration the available technology and the cost of implementation, to notify the controllers or authorities responsible for processing the personal data, that you, as the affected person, have demanded the deletion of all links to these personal data or to copies or replications of these personal data.

c) Exceptions

The right to deletion does not exist if the processing is necessary:

  • (1) to exercise the right of freedom of expression and information;
  • (2) to fulfil a legal obligation to which the processing is subject under the law of the Union or of the Member States to which the controller is subject or to perform a task carried out in the public interest or in the exercise of official authority vested in the responsible individual;
  • (3) for reasons of public interest in the field of public health pursuant to article 9, paragraph 2, lit. h and i as well as article 9, paragraph 3 GDPR;
  • (4) for archival purposes in the public interest, scientific or historical research purposes or for statistical purposes in accordance with article 89, paragraph 1 GDPR, insofar as the law referred to under a) is likely to make it impossible or seriously impair the attainment of the objectives of such processing; or
  • (5) to assert, exercise or defend legal claims.

Right to Notification

If you have exercised the right to rectification, deletion or restriction vis-à-vis the controller or authority, this person or authority is obliged to notify all recipients to whom the personal data that apply to you have been disclosed about this rectification or deletion of the data and about the restriction in the data’s processing, unless such notification proves to be impossible or would involve a disproportionately great effort.

You have the right to demand that the controller or authority inform you about these recipients.

Right to Data Portability

You have the right to receive the personal data concerning you that you have provided to the responsible person in a structured, common and machine-readable format. In addition, you have the right to communicate these data to another controller (i.e. another data controller) without being hindered by the data controller to whom the personal data was first made available, provided that:

  • (1) the processing is based on consent pursuant to article 6, paragraph 1, lit. a GDPR or article 9 paragraph 2, lit. a GDPR or on a contract pursuant to article 6, paragraph 1 lit. b GDPR and
  • (2) the processing is carried out by automated means.

In exercising this right, you also have the right to request that the personal data concerning you be transferred directly from one controller to another responsible individual, insofar as this is technically feasible. Freedoms and rights of other persons must not be affected by this. The right to data transfer does not apply to the processing of personal data necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

Right to object

You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data on the basis of article 6, paragraph 1, lit. e or f GDPR; this also applies to profiling based on these provisions. The responsible individual will no longer process the personal data relating to you unless he or she can prove compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or the process serves to assert, exercise or defend legal claims. If the personal data concerning you are processed for the purpose of direct advertising, you have the right to object at any time to the processing of the personal data concerning you for the purpose of such advertising; this also applies to profiling insofar as it is connected with such direct advertising. If you object to the processing for direct marketing purposes, the personal data concerning you will no longer be processed for these purposes. You have the option of exercising your right of objection in relation to the use of information society services, notwithstanding Directive 2002/58/EC, by means of automated procedures in which technical specifications are used.

Right to revoke the declaration of consent under data protection law

You have the right to revoke your declaration of consent under data protection law at any time. The revocation of your consent does not affect the legality of the processing carried out on the basis of your consent until you revoke it.

Automated decision in individual cases including profiling

You have the right not to be subject to any decision based solely on automated processing, including profiling, that has any legal effect on you or similarly significantly affects you. This does not apply if the decision:

  • (1) is necessary for the conclusion or performance of a contract between you and the controller;
  • (2) is authorized by legislation of the Union or of the Member States to which the controller is subject and contains appropriate measures to safeguard your rights, freedoms and legitimate interests; or
  • (3) is taken with your express consent.

However, these decisions may not be based on special categories of personal data pursuant to article 9, paragraph 1 GDPR, unless article 9, paragraph 2, lit. a or g GDPR applies and appropriate measures have been taken to protect your rights, freedoms and legitimate interests. With regard to 1) and 3) above, the controller shall take reasonable measures to protect your rights, freedoms and legitimate interests, including at least the rights to obtain the intervention of a person on the part of the controller, to state your own position and to challenge the decision.

Right to Complain to a Supervisory Authority

Without prejudice to any other administrative or judicial remedy, you have the right to complain to a supervisory authority, especially to an authority in the member state in which you reside, in which you work, or which contains the location of the alleged infringement, if you believe that the processing of the personal data that apply to you violates the GDPR.

The supervisory authority to which the complaint was submitted shall notify the complainant about the status and the results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

Changes to our privacy policy

We reserve the right to make changes in this Declaration at any time in order to ensure that our Data Protection Declaration always remains in compliance with current legal requirements. This also applies in the event that the Data Protection Declaration requires modification due to the introduction of new or revised services, for example, the provision of new services. The new Data Protection Declaration will then take effect upon your next visit to our offer.

This website uses cookies to ensure our visitors get the best user experience. By continuing to use this website you are giving consent to cookies being used.
Additional information and the option to revoke your acceptance can be found on our Legal notice page
I agree | close notification