PRIVACY

Welcome to the data protection area of formdrei Messe und Event GmbH. We are very pleased about your interest in our company. On the basis of this data protection information, we would like to inform you in detail about what data we collect, when we collect it and how it is processed.

The person in charge in accordance with Art. 4 Para. 7 of the EU General Data Protection Regulation (DSGVO) is:
formdrei Messe und Event GmbH
Managing Director: Armin Hollensteiner
Grafenheider Straße 75
33729 Bielefeld, Germany.

Telephone: +49 521 77006 0
E-mail: info@formdrei.de

You can reach our data protection officer at:
Gesellschaft für Personaldienstleistungen mbH
Pestalozzistrasse 27
34119 Kassel

Telephone: +49 561 78968-93
Fax: +49 561 78968-61
E-mail: datenschutz@gfp24.de

With the following information, we inform you transparently about the type and scope of the processing of personal data,
which is collected during your visit to our website,

• external online presences on social media platforms
• in the context of application procedures
• in business relationships with customers and service providers.

are collected.

The legal basis for our data protection is, in particular, the provisions of the German Data Protection Regulation (DSGVO) and the supplementary provisions of the German Federal Data Protection Act (BDSG, new).

In such cases where we obtain your consent for processing operations of personal data, Art. 6 (1) lit. a DSGVO serves as the legal basis.

When processing personal data that is necessary for the performance of a contract concluded between you and us, Art. 6 (1) lit. b DSGVO serves as the legal basis. This also applies to processing operations that are necessary for the implementation of pre-contractual measures.

In the event that the processing of personal data is necessary for the fulfilment of a legal obligation to which we are subject, Art. 6 (1) c DSGVO serves as the legal basis.

In the event that the vital interests of the data subject or another natural person make the processing of personal data necessary, Art. 6 (1) (d) DSGVO is the legal basis.

In the event that the processing of personal data is necessary to protect a legitimate interest of our company or a third party and your interests, fundamental rights and freedoms do not override the first-mentioned interest, Article 6 (1) (f) DSGVO is the legal basis for the processing.

If, in the course of our processing, we transfer your personal data to other bodies or disclose it to them, this is done exclusively on the basis of one of the aforementioned legal grounds. Recipients of this data may include, for example, payment service providers in the context of contract performance. In such cases where we are obliged to do so by law or by court order, we must disclose your data to bodies entitled to receive such information.

If external service providers support us in the processing of your data (e.g. data analysis, newsletter dispatch), this is done within the framework of commissioned processing in accordance with Art. 28 DSGVO. We only conclude contracts with service providers that offer sufficient guarantees that appropriate technical and organisational measures ensure the protection of your data.

Data is only transferred to third countries (outside the European Union or the European Economic Area) if this is in accordance with the legal requirements. Subject to express consent or contractually or legally required transfer, we only process or allow the data to be processed in third countries with a recognised level of data protection or in accordance with Art. 44 ff. of the Data Protection Act (DSGVO) on the basis of special guarantees. DSGVO on the basis of special guarantees, e.g. contractual obligation through so-called standard protection clauses of the EU Commission (information page of the EU Commission: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection_de).

As soon as the respective purpose of storage ceases to apply, we will delete or block your personal data. Furthermore, your personal data will only be stored if special legal retention periods (in particular commercial and tax retention obligations) at national or European level prevent deletion.

Our data protection notice is based on terms used in the GDPR and defined there. To ensure that our data protection notice is easy to read and understand, we would like to explain the most important terms in advance.

“Personal data” means any information relating to an identified or identifiable natural person (hereinafter “data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

“Processing” means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, filing, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

“Person in charge’ means the natural or legal person, public authority, agency or other body which alone or jointly with others determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its designation may be provided for under Union or Member State law.

“Pseudonymisation” means the processing of personal data in such a way that the personal data can no longer be attributed to a specific data subject without additional information, provided that such additional information is kept separately and is subject to technical and organisational measures which ensure that the personal data are not attributed to an identified or identifiable natural person.

“Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller.

“Recipient’ means a natural or legal person, public authority, agency or other body to whom personal data are disclosed, whether or not a third party. However, public authorities which may receive personal data in the framework of a specific investigation mandate under Union or Member State law shall not be considered as recipients.

“Third party” means any natural or legal person, public authority, agency or other body other than the data subject, the controller, the processor and the persons authorised to process the personal data under the direct responsibility of the controller or the processor.

“Consent” means any freely given specific and informed indication of the data subject’s wishes in the form of a statement or other unambiguous affirmative act by which the data subject signifies his or her agreement to the processing of personal data relating to him or her.

“Profiling” means any automated processing of personal data which consists in using such personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects relating to that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or change of location

The processing of personal data gives you, as the natural person concerned, rights which you can exercise against us at any time.
These are:

• Right to revoke a declaration of consent under data protection law in accordance with Art. 7 (3) DSGVO
• Right to information about your personal data stored by us in accordance with Art. 15 DSGVO
• The right to correct inaccurate or incomplete data in accordance with Art. 16 DSGVO
• Right to have your data stored by us deleted in accordance with Art. 17 DSGVO
• Right to restrict the processing of your data pursuant to Art. 18 DSGVO
• Right to data portability pursuant to Art. 20 DSGVO
• Right to object pursuant to Art. 21 DSGVO
• Automated decisions in individual cases including profiling pursuant to Art. 22 DSGVO.

You have the right to find out from us whether and – if so – which personal data we process about you, as well as to request copies of your personal data from us. Please note that your right to information may be restricted under certain circumstances in accordance with the statutory provisions.

If the information concerning you is not (or is no longer) correct, you have the right to demand the immediate correction of the incorrect personal data concerning you and, if necessary, the completion of incomplete personal data.

In accordance with the statutory provisions, you have the right to demand that data concerning you be deleted immediately, e.g. if the data is no longer required for the purposes pursued and the statutory storage and archiving regulations do not prevent deletion.

Within the framework of the requirements of Art. 18 DSGVO, you have the right to request a restriction of the processing of the data concerning you, e.g. if you have objected to the processing, for the duration of the examination as to whether the objection can be granted.

You have the right to have data that you have provided to us handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another person responsible, this will only be done insofar as it is technically feasible.

If the processing of your personal data is based on consent given to us, you have the right to revoke this consent at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.

Please send your revocation informally to formdrei Messe und Event GmbH, Grafenheider Straße 75, 33729 Bielefeld, Germany, e-mail: info@formdrei.de. We would like to point out that your revocation can also be made in further procedures or must be made for technical reasons. You will find further information on this in the respective services described.

Under the conditions of Art. 21 (1) DSGVO, you may object to data processing on the basis of Art. 6 (1) e or f DSGVO for reasons arising from your particular situation. This also applies to profiling based on these provisions. If you exercise your right to object, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the assertion, exercise or defence of legal claims.

You can send your objection informally to formdrei Messe und Event GmbH, Grafenheider Straße 75, 33729 Bielefeld, Germany, e-mail: info@formdrei.de. We would like to point out that your objection can also be made in further procedures or must be made for technical reasons. You will find further information on this in the respective services described.

In accordance with Art. 77 DSGVO, you have the right to complain to the supervisory authority if you believe that the processing of your personal data is not lawful. The address of the supervisory authority responsible for our company is:

State Commissioner for Data Protection and Freedom of Information of North Rhine-Westphalia.
Kavalleriestrasse 2-4
40213 Düsseldorf

Telephone: +49 211 38424 0
E-mail: poststelle@ldi.nrw.de

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.

In the following, we inform you when and in what context data is processed when you use our online services.

When you use our website for information purposes only, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. When you view our website, we collect the data mentioned below. This is technically necessary in order to display our website to you and to ensure the stability and security of the presentation (legal basis is Art. 6 para. 1 p. 1 lit. f DSGVO):

• IP address
• Date and time of the request
• Time zone difference to Greenwich Mean Time (GMT)
• Content of the request (specific page)
• Access status / HTTP status code
• Amount of data transferred in each case
• Website from which the request came
• Browser
• Operating system and its interface

This data is temporarily stored in the log files of our system for a maximum of 14 days. Storage beyond this period is possible, but in this case the IP addresses are partially deleted or alienated so that it is no longer possible to assign the calling client.

In addition to the aforementioned data, cookies are stored on your end device (e.g. PC, laptop, smartphone) when you use our website. Cookies are small text files that are stored on your terminal device assigned to the browser you are using and through which certain information flows to the body that sets the cookie (in this case by us). Cookies cannot execute programs or transfer malware to your end devices. They serve to make the online offer as a whole more user-friendly and effective.

This website uses the following types of cookies, the scope and functionality of which are explained below:

Transient cookies: These are automatically deleted when you close the browser. These include in particular the session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. Session cookies are deleted when you log out or close your browser.

Persistent cookies: these are automatically deleted after a set period of time, which may vary depending on the cookie. You can delete the cookies in the security settings of your browser at any time.

We use cookies on our website which are generated by us as the website operator and which are necessary for the full function and presentation of our offer on the website. We use these cookies for legitimate interest according to Art. 6 para. 1 lit. f DSGVO to ensure our online offer.

In addition to the cookies set by us as the responsible party, cookies offered by other providers are also used. We process these cookies on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DSGVO or on the basis of our legitimate interest in accordance with Art. 6 Para. 1 lit. f DSGVO. Further information on the use of and cooperation with external service providers can be found in the data protection information of the respective online offers.

You can configure your browser settings according to your wishes and, for example, refuse to accept cookies from external providers or all cookies. However, we would like to point out that you may not be able to use all the functions of this website as a result. If you have agreed to accept cookies and would like to object to this for the future, you can delete the stored cookies in the settings of the browser you are using.

Web browsers can be set to notify you when cookies are set or to reject or disable cookies in general or in part. By deactivating and deleting all cookies, you can also revoke any consent you have previously given. If you deactivate or restrict cookies using your browser, various functions on our website may not be available to you. You can use your web browser to delete stored cookies at any time, even automatically.

You can find out about this option for the most commonly used browsers via the following links:

Mozilla Firefox: https://support.mozilla.org/de/kb/cookies-informationen-websites-auf-ihrem-computer
Google Chrome: https://support.google.com/chrome/bin/answer.py?hl=de&answer=95647
Apple Safari: https://support.apple.com/de-de/guide/safari/sfri11471/mac
Microsoft Internet Explorer: https://support.microsoft.com/de-de/help/17442/windows-internet-explorer-delete-manage-cookies
Microsoft Edge: https://support.microsoft.com/de-de/help/4027947/microsoft-edge-delete-cookies
Opera: https://help.opera.com/de/latest/web-preferences/

If no restrictions have been placed on the cookie settings, cookies that are intended to enable and ensure the necessary technical functions remain on your end device until you close the browser; other cookies may remain on your end device for longer. The exact cookie runtimes are displayed in the Consent banner.

Our website uses TLS encryption (formerly SSL) for security and to protect the transmission of confidential content. Orders or contact enquiries that you send to us are therefore sent using transport encryption. Depending on your browser type, you will recognise this either by the lock symbol and/or the https protocol in the address line.

When you contact us via a contact form, the data you provide (your e-mail address, your name if applicable, [your telephone number] and the content of your message) will be stored by us in order to respond to your enquiry. The processing of the data entered in the contact form is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. If your contact request is related to the fulfilment of a contract or the implementation of pre-contractual measures, we process your data on the basis of Art. 6 para. 1 lit. b DSGVO. We delete the data accruing in this context after storage is no longer necessary or restrict processing if there are legal obligations to retain data. You can revoke this consent at any time. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.

When you contact us by e-mail, telephone or fax, the personal data you provide (your e-mail address, your name if applicable, [your telephone number] and the content of your message) will be stored by us in order to process your request. We do not pass on this data without your consent.

Data processing is carried out on the basis of Art. 6 Para. 1 lit. b DSGVO, insofar as your enquiry is related to the fulfilment of a contract or is necessary for the implementation of pre-contractual measures. In all other cases, we process your data on the basis of your consent pursuant to Art. 6 para. 1 lit. a DSGVO and/or on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f DSGVO. Our legitimate interest lies in particular in the effective processing of your request.

The data you send to us via contact requests will remain with us until you request us to delete it, revoke your consent to store it or the purpose for storing the data no longer applies (e.g. after we have completed processing your request). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.

This website uses Google Analytics, a web analytics service provided by Google, Inc. (“Google”). Google Analytics uses so-called “cookies”. These are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by the cookie about your use of the website will be transmitted to and stored by Google on servers in the United States. In the event that IP anonymisation (AnonymizeIP) is activated on this website, however, your IP address will be truncated beforehand by Google within Member States of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to Google servers in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.

The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

This website uses Google Analytics with the extension “Anonymize IP”. This means that IP addresses are processed in abbreviated form, so that personal references can be virtually ruled out. Any personal data collected about you will be deleted immediately.

We use Google Analytics to analyse and regularly improve the use of our website. The statistics obtained enable us to improve our offer and make it more interesting for you as a user. The legal basis for the use of Google Analytics is based on your consent in accordance with Art. 6 Para. 1 lit. a DSGVO.

We also use Google Analytics for a cross-device analysis of visitor flows, which is carried out via a user ID. You can deactivate the cross-device analysis of your usage in your customer account under “My data”, “Personal data”.

You may refuse the use of cookies by selecting the appropriate settings on your browser, however please note that if you do this you may not be able to use the full functionality of this website. You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) by Google and the processing of this data by Google by downloading and installing the browser plug-in available at the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
Information of the third party provider: Google Dublin, Google Ireland Ltd., Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001. User conditions: https://www.google.com/analytics/terms/de.html, overview of data protection: https://support.google.com/analytics/answer/6004245?hl=de as well as the data protection declaration: https://policies.google.com/privacy?hl=de&gl=de.

This website uses the “Google Tag Manager”, a service of Google Ireland Limited. Google Tag Manager offers the possibility to manage website tags via an interface. The Google Tag Manager tool that implements the tags is a cookie-less domain and does not itself collect any personal data. Google Tag Manager triggers other tags, which in turn may collect data. Google Tag Manager does not access this data. If a deactivation has been made at domain or cookie level, this remains in place for all tracking tags implemented with Google Tag Manager.

FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Google Tag Manager Terms of Use: https://www.google.com/intl/de/tagmanager/use-policy.html

On this website we use the offer of Google Maps. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.

By visiting the website, Google receives the information that you have called up the corresponding sub-page of our website. In the process, metadata is transmitted to the service provider, which may be personally identifiable. Google also obtains your IP address. This occurs regardless of whether Google provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not wish your data to be associated with your Google profile, please log out before activating the function. The information collected by Google is also transmitted to Google (Google Inc.) servers in the USA. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or designing its website to meet user needs. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you should preferably contact Google to exercise this right.

The legal basis for the processing of your data is Art. 6 para. 1 lit. f DSGVO (legitimate interest). Our legitimate interests lie in the presentation of our online offers and in making it easy to find the places we indicate on the website.

Information of the third-party provider: Google Dublin, Google Ireland Ltd, Gordon House, Barrow Street, Dublin 4, Ireland, Fax: +353 (1) 436 1001.
For more information on the purpose and scope of data collection and its processing by the plug-in provider, please refer to the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: https://policies.google.com/privacy?hl=de&gl=de.

We have integrated YouTube videos into our online offer, which are stored on https://www.youtube.com/ and can be played directly from our website. These are all integrated in “extended data protection mode”, i.e. no data about you as a user is transmitted to YouTube if you do not play the videos. According to YouTube, data is only transmitted when you play the videos. We have no influence on this data transmission.

By visiting the website, YouTube receives the information that you have accessed the corresponding sub-page of our website. In addition, metadata is transmitted to the service provider, which may be personal. This occurs regardless of whether YouTube provides a user account via which you are logged in or whether no user account exists. If you are logged in to Google, your data will be directly assigned to your account. If you do not want your data to be associated with your YouTube profile, log out before activating the function. YouTube stores your data as usage profiles and uses them for the purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you should preferably contact YouTube to exercise this right.

YouTube is used in the interest of an appealing presentation of our online offers. This constitutes a legitimate interest within the meaning of Art. 6 Para. 1 lit. f DSGVO.

Information from the third-party provider: Google Ireland Limited, Google Building Gordon House, Barrow St, Dublin 4, Ireland.
Further information on data protection can be found on the following Google website: https://policies.google.com/privacy?hl=de.

We use the tool “Microsoft Teams” to conduct telephone and video conferences, online meetings, video consulting, digital coaching and/or webinars (hereinafter: “online meetings”). Microsoft Teams is a service of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

If you call up the Microsoft Teams website (https://teams.microsoft.com/), Microsoft is responsible for data processing. Calling up this website is necessary for downloading the necessary software if use should not or cannot take place directly and without a download via an Internet browser.

Data categories:
When using Microsoft Teams, different types of data are processed. The total volume of data processed also depends on the information provided by the user before, during and after an “online meeting”.

The following personal data may be processed:

User details:
first name, last name, telephone (optional), e-mail address, password (if “single sign-on” is not used), profile picture (optional), department (optional).

Meeting metadata:
Topic, description (optional), date, time, duration, participant IP addresses, device/hardware information.

For recordings (optional):
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

For dial-in with the telephone:
information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data:
You may have the opportunity to use the chat, question or survey functions in an “online meeting”. The text entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data is processed during the meeting to a microphone and a possible video camera of the end device. The data transmission from the camera and microphone can be switched off or muted at any time and by any user independently via the Microsoft Teams applications.

In order to participate in an “online meeting” or to enter the “meeting room”, at least your name is required.

Legal basis for data processing:
Insofar as personal data is processed by employees of formdrei Messe und Event GmbH, Grafenheider Straße 75, 33729 Bielefeld, § 26 BDSG is the legal basis for data processing.

If, in connection with the use of Microsoft Teams, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component in the use of Microsoft Teams, Art. 6 (1) lit. f DSGVO is the legal basis for the data processing. In these cases, our interest lies in the effective implementation of “online meetings”.

In addition, the legal basis for data processing when conducting “online meetings” is Art. 6 (1) (b) DSGVO, insofar as the meetings are conducted in the context of contractual relations.

Recipients / passing on of data
Personal data processed in connection with participation in “online meetings” will not be passed on to third parties as a matter of principle, unless they are intended to be passed on. Apart from this, data will only be passed on to third parties if we are legally obliged to do so (e.g. by court order), or if the persons concerned have expressly consented to the passing on of their data.

The Microsoft Teams provider who supports us in conducting “online meetings” necessarily receives knowledge of the above-mentioned data, insofar as this is provided for in the context of our order processing agreement with Microsoft.

Microsoft is obliged to comply with the legal requirements of the applicable data protection law via the order processing agreement concluded with Microsoft teams on the basis of EU standard contractual clauses. A currently valid version can be viewed at the following link:
https://www.microsoftvolumelicensing.com/Downloader.aspx?DocumentId=18030.

Data processing outside the European Union
Data processing outside the European Union (EU) does not take place as a matter of principle, as we have restricted our storage location to data centres in the European Union. However, we cannot technically completely rule out routing or storage on servers outside the European Union by the order processor Microsoft.

A secure level of data protection is guaranteed by the conclusion of supplemented EU standard data protection clauses as well as technical and organisational measures. For example, the data is encrypted during transport over the Internet and thus generally protected against unauthorised access by third parties. Furthermore, in a statement dated 20 July 2020, Microsoft guarantees that, with regard to personal data stored by Microsoft in the USA and Europe which may be subject to official requests for information from authorities in the USA, such orders will be challenged in court with which access to personal data would be possible.

For more information about Microsoft Teams’ privacy practices
For more information about Microsoft’s privacy practices, please visit https://privacy.microsoft.com/de-de/privacystatement (section “Online Services for Business”), or visit: https://www.microsoft.com/de-de/trust-center/privacy/customer-data-definitions

We use the tool “Zoom” to conduct telephone and video conferences, online meetings, video consulting and digital coaching (hereinafter: “online meetings”). Zoom is a service of Zoom Video Communications, Inc. 55 Almaden Blvd, Suite 600, San Jose, CA 95113, USA.

If you access the Zoom website (https://zoom.us), Zoom is responsible for data processing. You must access this website in order to download the necessary software if you do not want to or cannot use Zoom directly without a download via an Internet browser.

You can also use Zoom by entering the respective meeting ID and, if necessary, further access data for the online meeting directly in the Zoom app. Basic functions can also be used without the app via a browser version.

Data categories
When using Zoom, different types of data are processed. The total volume of data processed also depends on the information that the user provides before, during and after an online meeting.

If you participate in an online meeting as an external participant, you will receive an access link from the host by e-mail. When you register for the online meeting, you must then enter your name and, if applicable, your e-mail address.

In addition, the tool collects user data that is required for the provision of the service. This includes in particular technical data on your devices, your network and your internet connection, such as IP address, device type, operating system type and version, client version, camera type, microphone or loudspeaker, type of connection.

The following personal data may in principle be the subject of processing:

User details:
first name, last name, phone (optional), email address, password (if “single sign-on” is not used), profile picture (optional), department (optional).

Meeting metadata:
Topic, description (optional), date, time, duration, participant IP addresses, device/hardware information.

For recordings (optional):
MP4 file of all video, audio and presentation recordings, M4A file of all audio recordings, text file of the online meeting chat.

For dial-in with the telephone:
information on the incoming and outgoing call number, country name, start and end time. If necessary, further connection data such as the IP address of the device can be stored.

Text, audio and video data:
You may have the opportunity to use the chat, question or survey functions in an “online meeting”. The text entries you make are processed in order to display them in the “online meeting” and, if necessary, to record them. In order to enable the display of video and the playback of audio, the data is processed during the meeting to a microphone and a possible video camera of the end device. The data transmission from the camera and microphone can be switched off or muted at any time and by any user independently via the Zoom applications.

Data storage
Online meetings” are not recorded. If we want to record “online meetings”, we will inform you in advance and obtain your consent. The fact of the recording will also be displayed to you in the Zoom app. Recordings stored on Zoom’s cloud servers are automatically deleted after 30 days at the latest. Insofar as online meetings are not recorded, the provider states that it does not store the meeting content after the online meeting has been concluded.

If it is necessary for the purpose of recording the results of an online meeting, we will record the chat contents. However, this will not usually be the case.
If you are logged in to a Zoom account, then reports of “online meetings” (meeting metadata, telephone dial-in data, questions and answers in webinars, survey function in webinars) may be stored by Zoom for up to one month.

The “attention monitoring” available at Zoom is deactivated. The text within the chat function is stored in a separate file and is not part of the video in case of recording. Automated decision-making within the meaning of Article 22 of the GDPR is not used.

Legal basis of data processing
Insofar as personal data of employees of formdrei Messe und Event GmbH, Grafenheider Straße 75, 33729 Bielefeld are processed, § 26 BDSG is the legal basis for data processing.

If, in connection with the use of Zoom, personal data is not required for the establishment, implementation or termination of the employment relationship, but is nevertheless an elementary component of the use of Zoom, the legal basis for data processing is Art. 6 para. 1 lit. f DSGVO. In these cases, our interest is in the effective implementation of “online meetings”.

In addition, the legal basis for the processing of data when conducting “online meetings” is Art. 6 para. 1 lit. b DSGVO, insofar as the meetings are conducted in the context of contractual relations.

Recipients / passing on of data
Personal data processed in connection with participation in “online meetings” will not be passed on to third parties unless it is intended to be passed on. Apart from this, data will only be passed on to third parties if we are legally obliged to do so (e.g. by court order), or if the persons concerned have expressly consented to the passing on of their data.

Zoom Video Communications Inc. supports us in the processing of your data as an external service provider and processor within the meaning of Art. 28 DSGVO. As an order processor, Zoom Video Communications Inc. processes your data strictly in accordance with instructions and on the basis of a separately concluded order processing agreement.

Data processing outside the European Union
Data processing may also take place outside the EU or the EEA. The data collected directly in the course of online meetings (such as images, sound, conversation content) are generally processed at Zoom’s nearest server location, and thus regularly within the EU, otherwise exclusively on US servers. The remaining metadata is processed on US servers.

The transfer of data takes place on the basis of standard data protection clauses of the EU Commission as an appropriate guarantee for an adequate level of data protection pursuant to Art. 46 para. 2 lit. c DSGVO as well as technical-organisational measures. For example, the data is encrypted during transport via the internet and thus generally protected from unauthorised access by third parties. Zoom also provides end-to-end encryption for online meetings and the use of the data routing function.

Further information on Zoom’s data protection can be found at https://zoom.us/de-de/privacy.html.

We use the TeamViewer software for technical support and training within the scope of our products. We also offer online meetings via TeamViewer.

If you wish to use our services, you must download the TeamViewer software from the provider using a link provided by us and run it on your computer. Only the data protection provisions of TeamViewer GmbH as your contractual partner for the use of the software apply here, which can be accessed at https://www.teamviewer.com/de/datenschutzerklaerung/..

The data processing is based on the user’s consent in accordance with Art. 6 Para. 1 lit. a DSGVO. If the processing is related to the fulfilment of a contract or the implementation of pre-contractual measures, we also process your data on the basis of Art. 6 para. 1 lit. b DSGVO.

If we obtain knowledge of personal data in the course of using TeamViewer, this is solely for the purpose of providing the service you have requested and not for processing the data on your behalf. If we are to process personal data on your behalf using TeamViewer, we request that you first conclude a processing agreement.

You can cancel remote access at any time by closing the TeamViewer software. We do not store such data and we were data secrecy for them.
Information about the service provider: TeamViewer Germany GmbH, Jahnstr. 30, 73037 Göp-pingen. For details on data processing, please refer to TeamViewer’s privacy policy: https://www.teamviewer.com/de/datenschutzerklaerung/.

We operate publicly accessible profiles in social networks in order to draw attention to our services and products. There we would like to get in touch with you as a visitor and user of these pages and our website.

In doing so, user data may be processed outside the European Union. This may result in risks for you as a user and may make it more difficult to enforce your rights. When selecting the social media platforms we use, we ensure that the operators undertake to comply with the data protection standards of the EU.

If you visit one of our social media sites (e.g. Facebook), we, form-drei Messe und Event GmbH, Grafenheider Straße 75, 33729 Bielefeld, are jointly responsible with the operator of the respective social media platform within the meaning of the DSG-VO and other data protection regulations.

We have no influence on the processing of personal data by the respective platform operator. For example, social networks such as Facebook use your data for market research and advertising purposes. Among other things, user behaviour can be analysed and a user profile created from the resulting interests of the user. The social media operators use cookies to store and further process this information. These are text files that are stored on the user’s various end devices. If you have a profile on the respective social media platform and are logged in to it, the storage and analysis even takes place across devices. In this way, interest-based advertising can be displayed to you inside and outside the respective social media presence. Persons who are not registered as users with the respective social media platform may also be affected by the data processing.

Via social media platforms, statistical data of different categories are retrievable for us. These statistics are generated and made available by the social media operator. As the operator of the fan page, we have no influence on the generation and presentation of these statistics. We use this data, which is available in aggregated form (total number of page views, “Like” votes, page activities, post interactions, reach, video views, post reach, comments, shared content, responses, proportion of men and women, country and city origin, language, clicks on route planners, clicks on telephone numbers), to make our posts and activities on our fan page more attractive to users. Due to the constant development of social media platforms, the availability and processing of data changes, so that we refer to the data protection declarations of the platforms for further details.

The operation of these fan pages, including the processing of the users’ personal data, is based on our legitimate interests in a timely and supportive information and interaction opportunity for and with our users and visitors pursuant to Art. 6 para. 1 lit. f. DSGVO. Under certain circumstances, you may also have given a platform operator consent to data processing, in which case Art. 6 para. 1 lit. a DSGVO is the legal basis.

For a comprehensive description of the respective data processing and the opt-out options, please refer to the data protection declarations and information provided by the respective platform operator.

The data collected directly by us via the social media sites will be deleted from our systems as soon as the purpose for storing it no longer applies, you request us to delete it or revoke your consent to store it. Stored cookies remain on your end device until you delete them. Mandatory legal provisions – in particular retention periods – remain unaffected.

We have no influence on the storage period of your data that is stored by social network providers for their own purposes. You can find more information on this directly from the operator of the social network (e.g. in their privacy policy, see below).

In principle, you can assert your rights (information, correction, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective portal (e.g. Facebook).

Despite joint responsibility, we would like to point out that we do not have complete access to your personal data. For this reason, you should contact the providers of the social media platforms directly when requesting information and asserting data subject rights. This is because only the providers have access to the user data and can take direct measures and provide information. Should you require assistance in this regard, please contact us: formdrei Messe und Event GmbH, Gra-fenheider Straße 75, 33729 Bielefeld, e-mail: info@formdrei.de.

Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
Facebook Personal Data Sharing Agreement: https://www.facebook.com/legal/terms/page_controller_addendum
Privacy policy: https://www.facebook.com/about/privacy
Opt-out option: https://www.facebook.com/settings?tab=ads

Provider: Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland
Privacy Policy: http://instagram.com/about/legal/privacy
Opt-out option: http://instagram.com/about/legal/privacy

Provider: XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany
Privacy policy: https://privacy.xing.com/de/datenschutzerklaerung
Opt-out option: https://privacy.xing.com/de/datenschutzerklaerung

Provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Privacy policy: https://policies.google.com/privacy
Opt-out option: https://adssettings.google.com/authenticated

We offer you the opportunity to apply to us by e-mail, post and via our application portal. In the following, we will inform you about the scope, purpose and use of your personal data collected as part of the application process.

In order for us to consider you in the application process for a specific position, you are required to submit customary and meaningful application documents informing us about your personality profile and qualifications.

The personal data you provide and send to us as part of your application generally includes: cover letter, CV with the usual personal details (first and last name, date of birth, address, telephone number, e-mail address, photo) as well as supporting documents and certificates.

As a matter of principle, we only use your application documents to decide whether to fill the position for which you have expressly applied. We only process the personal data provided to us insofar as this is necessary for the purpose of deciding on the establishment of an employment relationship with us. The legal basis for this is Art. 6 para. 1 lit. b DSGVO, Art. 88 DSGVO in conjunction with. § Section 26 (1) sentence 1 BDSG (new), insofar as it concerns information that we receive from you as part of the application process (name, contact details, date of birth, details of your professional qualifications and school education or details of further professional training). If you voluntarily provide us with further information, we process this on the basis of your consent in accordance with Art. 6 Para. 1 lit. a DSGVO. In the course of the application process, further personal data may be collected from you personally and from generally accessible sources for this information purpose. Your personal data will only be passed on within our company to persons who are involved in processing your application.

If we process personal data about you to defend legal claims asserted by you against us from the application process, we refer to Art. 6 (1) lit. f DSGVO as the legal basis. The legitimate interest is, for example, a duty to provide evidence in proceedings under the General Equal Treatment Act (AGG).

Your personal data will only be transferred to third parties for the purposes listed below. We will only pass on your personal data, which we have received as part of the application process, to third parties if:

• you have given your express consent in accordance with Art. 6 Para. 1 lit. a DSGVO, § 26 BDSG (new),
• the disclosure is necessary for the assertion, exercise or defence of legal claims in accordance with Art. 6 Para. 1 lit. f DSGVO and there is no reason to assume that you have an overriding interest worthy of protection in the non-disclosure of your data,
• in the event that there is a legal obligation to disclose your data in accordance with Art. 6 Para. 1 lit. c DSGVO, or
• this is legally permissible and necessary in accordance with Art. 6 Para. 1 lit. b DSGVO, § 26 Para. 1 Sentence 1 BDSG (new) for the establishment or processing of contractual relationships with you.

A transfer of your data to third countries outside the EU or the European Economic Area is not intended.

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained (retention period) for a maximum of 6 months after the end of the application process in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f DSGVO).

Should an application process lead to a recruitment, we will include your application documents in your personnel file on the basis of Art. 6 para. 1 lit. b DSGVO, § 26 para. 1 BDSG-neu for the purpose of establishing the employment relationship as well as the personality profile described by you and your stated qualifications on which the recruitment is based.

The provision of your personal data is not required by law in the initiation phase of an employment relationship. However, the provision of personal data is necessary for the conclusion of a contract of employment with us. This means that if you do not provide us with personal data when applying, we cannot and will not enter into an employment relationship with you.

We provide you with access to the Internet in our business premises in the form of WLAN access (“guest WLAN”) for use free of charge. In the following, we inform you about the personal data collected in this context.

The data processing is carried out for the purpose of the technical provision of a guest WLAN and to ensure smooth use by our guests. The processing is necessary for the performance of a contract (provision of internet access via the guest WLAN) pursuant to Art. 6 (1) lit. b DS-GVO.

Furthermore, we process your data to protect our legitimate interests pursuant to Art. 6 (1) lit. f DS-GVO. Our legitimate interests lie in ensuring the security of our information technology systems and in defending against liability claims in the event of non-legal use of the guest WLAN.

When using our guest WLAN, the MAC address and the host name of your end device are stored in this context. In addition, each device is assigned its own IP address.

The data is transmitted directly to us by our guests when they register for the guest WLAN.

We do not pass on your personal data to third parties. Your data will only be passed on or transferred if it is necessary for the processing of the contract, if it is based on a legal basis, if there is a legitimate interest or if it is based on your prior consent.

If external service providers support us in the processing of your data (e.g. IT service providers), this is done within the framework of order processing in accordance with Art. 28 DSGVO. We only conclude contracts with service providers that offer sufficient guarantees that appropriate technical and organisational measures ensure the protection of your data.

A data transfer to third countries does not take place and is not intended.

If we are unable to make you a job offer, you reject a job offer, withdraw your application, revoke your consent to data processing or request us to delete the data, the data you have submitted, including any remaining physical application documents, will be stored or retained for a maximum of 6 months after completion of the application process (retention period) in order to be able to trace the details of the application process in the event of discrepancies (Art. 6 para. 1 lit. f GDPR).

If we are currently unable to offer you a suitable position that matches your profile, but would like to consider your application documents for potential future vacancies, we ask for your consent to include your application in our applicant pool (retention period: 6 months). This consent is voluntary and you have the option to withdraw it at any time.

If an application procedure leads to employment, we will include your application documents in your personal file on the basis of Art. 6 para. 1 lit. b GDPR, § 26 para. 1 BDSG-new, for the purpose of establishing the employment relationship and the personality profile described by you and your stated qualifications on which the recruitment is based.

The provision of personal data about the data subject is technically necessary for the use of the guest WLAN. Without this data, you cannot use our guest WLAN.

The following information shows you how we handle your data when you contact us, when contractual negotiations take place with us and/or when contractual agreements exist with us.

The data processing is carried out for the purpose of processing the contract. The processing of your data is necessary for the initiation and fulfilment of contracts according to Art. 6 (1) lit. b DSGVO.

Furthermore, the processing of your personal data may be necessary on the basis of Art. 6 para. 1 lit. f DSGVO to protect our legitimate interests. Our legitimate interests consist of avoiding economic disadvantages through credit checks, inviting you to events, asserting legal claims and avoiding legal disadvantages (e.g. in the event of insolvency), averting dangers and liability claims and avoiding legal risks, mails, preventing criminal offences.

We process the following categories of data:

Master and contact data: Title, name (first and last name), department and function in the company, address, e-mail, telephone, fax, date of birth, purchase history, contract data, billing data.

The data from the aforementioned data categories were provided to us directly by our customers, interested parties and partners.

We do not pass on your personal data to third parties. Exceptions to this are our service partners, if this is necessary for the fulfilment of the contract, such as parcel and letter delivery companies, service providers for project realisation (forwarding agents and subcontractors, photographers), banks, credit agencies, tax consultants.

The data stored about you will be deleted after the contract has been fulfilled, provided that there are no further legal obligations to retain data. This includes data required by commercial and financial law. This data will be deleted after ten years in accordance with legal regulations, unless longer retention periods are prescribed or required for justified reasons. If you revoke your consent to the use of your data, it will be deleted immediately, unless the above reasons indicate otherwise.

You have the right to object to the processing. You can object to the use of your data at any time for the future.

The provision of personal data is contractually required or necessary for the conclusion of a contract. Failure to provide the required personal data would result in us not being able to enter into a business relationship with you.