Data protection policy of NürnbergMesse GmbH
We thank you for visiting our website and for your interest in our company. We are very serious about protecting your personal data. We process your data in accordance with the laws and regulations applicable to the protection of personal data, particularly including the EU General Data Protection Regulation (EU-GDPR) and the country-specific implementing laws applicable to us. In this data protection policy, we provide you with comprehensive information about the processing of your data by NürnbergMesse GmbH and your rights in this respect.
Personal data is information that makes it possible to identify a natural person, particularly including the name, date of birth, address, telephone number, e-mail address and IP address.
Anonymous data is data from which no one can establish a personal connection to the user.
1. Controller and Data Protection Officer
The controller according to the definition of the General Data Protection Act and other national data protection laws of the EU member states and other data protection regulations is:
Tel.: +49 9 11 86 06-0
Contact information of the Data Protection Officer:
2. Your rights as a data subject
First, we would like to inform you of your rights as a data subject. These rights are codified in Art. 15 – 22 EU-GDPR. They are:
- The right of access (Art. 15 EU-GDPR),
- The right to erasure (Art. 17 EU-GDPR),
- The right to rectification (Art. 16 EU-GDPR),
- The right to data portability (Art. 20 EU-DSGVO),
- The right to restriction of data processing (Art. 18 EU-GDPR),
- The right to object to data processing (Art. 21 EU-GDPR).
To assert these rights, please contact: email@example.com. Any questions about data processing in our company should be directed to the same e-mail address. You are also entitled to complain to the data protection supervisory authority.
3. Rights of objection
Please note the following with respect to the rights of objection:
When we process your personal data for purposes of direct advertising, you have the right to object to such data processing at any time without indication of reasons. The same applies to profiling to the extent that it is related to direct advertising.
When you object to processing for purposes of direct advertising, we will no longer process your personal data for these purposes. You can notify you objection free of charge and without observing requirements of form, ideally at: firstname.lastname@example.org.
In the event that we process your data for the sake of legitimate interests, you can object to such processing at any time for reasons having to do with your particular situation; the same applies to any profiling on the basis of these provisions.
We will no longer process your personal data unless we can demonstrate compelling, legitimate reasons for the processing that override your interests, rights and freedoms, or when the processing serves the purpose of asserting, exercising or defending against legal claims.
4. Purposes and legal grounds of data processing
In processing your personal data, we comply with the provisions of the EU-GDPR and all other applicable provisions of data protection law. The legal grounds for data processing are particularly set out in Art. 6 EU-GDPR.
We use your data for business initiation, the fulfilment of contractual and statutory obligations, the performance of the contractual relationship, the offering of products and services and the strengthening of customer relationships, which can also include analyses for marketing and direct advertising purposes. This particularly includes the organisation of trade fairs, exhibitions, congresses and similar events and the operation of the Exhibition Centre Nuremberg. Specifically, we use data for the following purposes, although this list is not exhaustive:
- Order/payment processing
- Registration as exhibitor and/or visitor
- Purchase of tickets
- Redemption of coupons. Coupons can be redeemed online and an e-ticket can be printed out. That saves you wait times on site.
- Registration of future tickets “with a click”. For some trade visitor exhibitions, pre-legitimation information is sent by e-mail or letter (legitimation of trade visitors), which makes it easier to purchase tickets the next time.
- Delivery, payment and online publication of trade fair directories and catalogues (e.g. exhibitors and products database).
- Verification of a person’s status as a trade visitor (trade visitor legitimation).
Personalisation of ID cards in ID management: exhibitor IDs, assembly and disassembly IDs, tickets.
- Planning your trade fair visit on the basis of announcements and targeted trade information sent by e-mail and post.
- Smooth execution of your trade fair participation as an exhibitor by providing targeted information about service offers and services.
- Registration for newsletters.
- Voluntary participation in market and opinion research surveys.
- Review of conditions for the accreditation of media representatives and bloggers.
Your consent is also required under data protection laws. In asking for your consent, we inform you about the purposes of data processing and your right to object. If the consent also refers to the processing of special categories of personal data, we will expressly inform you of this in the consent declaration.
Processing of special categories of personal data within the meaning of Art. 9 para. 1 EU-GDPR is only done when required by statutory regulations and there is no reason to assume that your legitimate interests in preventing such processing are overriding.
5. Transfer to third parties
We will transfer your data only within the limits of the statutory provisions or when you have granted your consent. Otherwise, your personal data will not be transferred to third parties unless we are obligated to do so by virtue of binding statutory regulations (transfer to external entities such as supervisory authorities or criminal prosecution authorities).
6. Recipients of data / categories of recipients
Within our enterprise, we ensure that only those persons who need your personal data to fulfil our contractual and statutory obligations receive it. Because NürnbergMesse GmbH operates all over the world, we may possibly send your data to subsidiaries or international representatives of the NürnbergMesse Group, and specifically to the subsidiary or international representative that is located in your country or is responsible for your territory in order to process your order or request.
In many cases, our departments are assisted in the performance of their duties by service providers and service partners, e.g. visitor registration processing, newsletter distribution, e-mailings, payment processing, order processing, credit check, web hosting, maintenance and analysis of data. All service providers and service partners have been carefully selected and the necessary data protection agreements have been concluded with all service providers and service partners. Personal data is processed by our service providers and service partners in compliance with the applicable data protection regulations for the provision of support and information to customers and interested parties and to provide the offered services.
Your data will be transmitted to exhibitors in the following cases:
- When you use a coupon for your trade fair visit, you accept that the data you enter in your visitor registration will be transmitted to the exhibitor who has invited you to visit the trade fair free of charge. This can serve the purpose of billing the tickets between the exhibitor and NürnbergMesse GmbH, the inspection of the redeemed coupons and communication between exhibitors and their visitors. If you do not agree to this, you naturally have the option of purchasing your admission ticket at the cash desk without providing information.
- If you participate in so-called “lead tracking”. You participate in lead tracking when you allow an exhibitor to scan the bar code on your ticket while visiting an event. In a manner similar to providing a business card, scanning the bar code means that the contact data you provided in your visitor registration (company name, form of address, title, last name, first name, company, street address, postal code, post town, e-mail, possibly also sector information and other information provided by you) will be transmitted to the exhibitor, regardless of whether the exhibitor is from Germany, the EU or other third countries. Your participation in lead tracking is voluntary and will not take place without your further cooperation.
7. Transmission of data/ Intent to transmit data to third countries
The transmission of data to third countries (outside of the European Union or the European Economic Area) is only done when this is necessary to fulfil our obligations or is legally required or when you have granted us your consent to do this.
We may potentially transmit your personal data to subsidiaries or international representatives of NürnbergMesse GmbH outside of the European Economic Area: India, China, Brazil, United States. The international representatives of NürnbergMesse can be found on our website at www.nuernbergmesse.de/auslandsvertretungen. Standard EU contractual clauses ensure an appropriate level of data protection.
8. Duration of data storage
We will store your data for as long as needed for the given processing purpose. Please note that numerous retention periods require that data continues to be stored. We are particularly required to do this by retention obligations under commercial law or tax law (e.g. German Commercial Code, Tax Code, etc.). Data is routinely erased as soon as no further retention obligations are in effect.
Furthermore, we may store your data when you have granted us your consent to do this or in the event of legal disputes, when we use the data as evidence for purposes of statutory limitation periods, which can last up to three years; the regular limitation period is three years.
9. Secure transmission of your data
We employ appropriate technical and organisational safeguards to protect the data stored with us as well as possible against accidental or intentional manipulations, loss, destruction or access by unauthorised persons. The level of security is continually reviewed and adapted to meet new security standards in collaboration with security experts.
Data transfers from and to our website are always encrypted. As the transmission protocol for our websites, we offer HTTPS and we always use the latest encryption protocols. It is also possible to use alternative communication channels (e.g. postal service).
10. Obligation to provide data
Some personal data is necessary for the establishment, performance and termination of the obligation and the fulfilment of the related contractual and statutory obligations. The same applies to the use of our website and the various functions it provides.
We summarised the details in the section above. In certain cases, data must also be collected and/or provided due to statutory provisions. Please note that it is not possible to process your request or perform the underlying contractual obligations without having this data provided to us.
11. Categories, sources and origin of data
The data we process is determined by the context: This depends, for example, on whether you place an order online or make a request to send us a job application or submit a complaint in our contact form.
Please note that we may also separately provide information for special processing situations in an appropriate place, as when uploading job application documents or making a contact request, for example.
When you visit our website and web shops, we collect and process the following data:
- Name of the Internet service provider
- Information about the website you visited before visiting us
- Web browser and operating system used
- The IP address assigned by your Internet service provider
- Requested files, transmitted data quantity, downloads/ file exports
- Information about the web pages you access on our websites, including dates and times
- For technical security reasons (particularly to defend against attempted attacks on our web server), this data is stored in accordance with Art. 6 para. 1 letter F EU-GDPR. After 7 days at the latest, the data is anonymised by shortening the IP address so that no link to the user can be established.
When you make a contact request, we collect and process the following data:
- Last name, first name
- Contact data
- Indications of desired information
When you place an order, we process the following data:
- Last name, first name
- Date of birth
- Shipping address
- Billing address
- E-mail address
- Data that may be permissibly processed from other sources
When you file online job applications, we collect and process the following data:
- Last name, first name
- Contact data
- We also use data that we have permissibly obtained from publicly available directories (e.g. professional networks).
For newsletters, we collect and process the following data:
- Last name, first name
- E-mail address
12. Contact form/ Contact by e-mail (Art. 6 para. 1 letter a, b EU-GDPR)
Contact form / contact by e-mail NürnbergMesse GmbH
A contact form that can be used for contacting us electronically is available on our website. When you write to us using the contact form, we will process the data you enter into the contact form to contact you and answer your questions and wishes.
In this respect, we observe the principle of data minimisation and data avoidance in that you only need to enter the data that we absolutely need to contact you. That includes your e-mail address and the message field itself. In addition, your IP address is also processed as a matter of technical necessity and for legal protection. All other data is requested in optional fields and can be provided optionally (e.g. to answer your questions more specifically in relation to you).
If you contact us by e-mail, we process the personal data communicated in the e-mail only for the purpose of processing your request.
Contact form for direct contact with exhibitors
In the exhibitors and products database on our website, you will find a specific contact form for each exhibitor that can be used to establish direct electronic contact with the exhibitor. If you write to the exhibitor using the contact form, the data entered into the entry form will be directly transmitted to the exhibitor and stored there. The exhibitor will process the data entered into the contact form for scheduling appointments, making contact and answering your questions and wishes.
In this process, the principle of data minimisation and data avoidance is observed in that you only need to enter the data which the exhibitor definitely needs from you. This includes your e-mail address and the message field itself. In addition, your IP address will be processed as a matter of technical necessity and to legally protect your IP address. All other data are voluntary fields and can be indicated optionally (e.g. to answer your questions in a more individualised way).
13. Newsletter (Art. 6 para. 1 letter a EU-GDPR)
You can also subscribe to a free newsletter on our website. The e-mail address indicated in the newsletter application and your name will be used for sending you the personalised newsletter.
In this respect, we observe the principle of data minimisation and data avoidance in that the only mandatory field is your e-mail address (and potentially your name, in the case of a personalised newsletter). As a matter of technical necessity and for legal protection, your IP address is also processed when you order the newsletter.
Naturally, you can always terminate the subscription by exercising the cancellation option provided in the newsletter, thereby revoking your consent. It is also possible to cancel your newsletter subscription directly in our website.
14. Exhibitors’ shop/ web shop (Art. 6 para. 1 letter b EU-GDPR)
If you do not consent to further use, we will process the data you entered into the order form only for the purpose of performing or executing the contractual relationship.
The principle of data minimisation and data avoidance is observed in that you only need to enter the data that we absolutely need to perform the contract and fulfil our contractual obligations (thus, your name, address, e-mail address and the payment data required for the chosen form of payment), or data that we are legally required to collect.
As a matter of technical necessity and for legal protection, your IP address will also be processed. Without this data, we would unfortunately have to refuse the contract or terminate an existing contract because we would not be able to perform it. Naturally, you can provide more data if you wish.
We offer exhibitors the option of registering with us by providing personal data. A particular advantage of registration is that you can view your order history and store the data you have entered into the order from so that when you place another order, you will not need to enter it again. Registration is therefore possible either to perform a contract with you (via our online shop) or to take pre-contractual measures. When the registration process is completed, your data will be stored with us so that you can use the protected customer section. As soon as you log in to our website with your e-mail address as your user name and password, this data will be provided for the actions you perform on our website (e.g. orders in our online shop). Orders that have been filled can be viewed in the order history. You can enter changes to the billing or shipping address here.
Registered persons are at liberty to make their own changes or corrections to the billing or shipping address in the order history. Our Customer Service will also gladly make such changes or corrections when you contact them. Naturally, you can always cancel the registration and delete your customer account.
15. Advertising purposes with established customers (Art. 6 para. 1 letter f EU-GDPR)
We have an interest in cultivating customer relationships with our exhibitors and visitors and providing you with information and offers about our own similar events and services. Therefore, the data transmitted upon submitting the application (company name, address, telephone/ fax number and e-mail address) is processed by us and possibly by our service partners so that we can send you event-related information and offers by e-mail, in accordance with Art. 6 para. 1 letter f EU-GDPR.
If you do not want this, you can object to the use of your personal data for direct advertising purposes at any time; the same applies to profiling to the extent that it is related to direct advertising. When you notify your objection, we will no longer process your data for this purpose.
The objection can be notified without observing formal requirements and without indication of reasons and without incurring separate costs aside from customary transmission costs at standard rates. It should be directed to NürnbergMesse GmbH, Exhibition Centre, 90471 Nuremberg, or email@example.com.
16. Job application portal (Art. 6 para. 1 letter a, b EU-GDPR)
We are pleased with your interest in working for NürnbergMesse GmbH. We are well aware of the importance of your data and will process the personal data you provide in the application form only for the purpose of effectively and correctly handling the application process and communicating with you in connection with the application process. Your data will not be transferred to third parties without your consent.
When filling out the application form, you will be asked to submit personal data. In this respect, we observe the principle of data minimisation and data avoidance in that you only need to indicate the data we need to completely review your application materials, such as your curriculum vitae for example, or data which we are legally required to collect. This mandatory information is marked with an asterisk (*). As a matter of technical necessity and for legal protection, your IP address will also be processed.
Without this data, we will unfortunately not be able to review your application materials and for this reason our application system will not permit you to upload your application materials. Naturally, you are at liberty to provide the voluntary information in the application form.
We employ appropriate safeguards to protect the security and confidentiality of your data as well as possible. Our application system will transmit your application documents to us in encrypted form.
We will store your data for the aforementioned purpose until the application process is completed and the related time periods have expired, and at the latest six months after you are notified of our decision. However, you will have the option of storing your application materials with us for a longer period of time and checking them against other vacant positions that match your profile.
You can provide the consent we need for this purpose by checking the box before uploading your application materials. In this case, we will store your data for 12 months. Naturally, you can always revoke your consent with future effect without indication of reasons by calling us at +49 9 11 86 06-0, sending us an e-mail at firstname.lastname@example.org or mailing us a letter to NürnbergMesse GmbH, Messezentrum, 90471 Nuremberg.
17. Automated decision-making
We do not employ purely automated processing procedures in making our decision.
18. Cookies (Art. 6 para. 1 letter f EU-GDPR / Art. 6 para. 1 letter a EU-GDPR with consent)
Our web pages use so-called “cookies” in several places. They serve the purpose of making our offering more user-friendly, effective and secure. Cookies are small text files that are placed on your computer and stored by your browser (locally on your hard drive).
These cookies make it possible for us to analyse how users use our websites. They allow us to design the website contents to meet the needs of users, for example. Cookies also enable us to measure the effectiveness of a given advertisement and place it in accordance with the user’s topical interests, for example.
Most of the cookies we use are so-called “session cookies.” These are automatically deleted after your visit. Permanent cookies are automatically deleted by your computer when the corresponding period of validity has expired (usually after six months) or when you delete them yourself before the expiration of the period of validity.
Most web browsers accept cookies automatically. Usually, however, you can also change your browser settings if you would rather not send us the information. In this case, you will still be able to use the offerings of our website without restrictions (exception: configurators).
Please note that when you deactivate cookies, all the functions of our website may not be fully usable.
19. User profiles / Web tracking processes
This website uses the Matomo web analysis service in order to evaluate the volume of user access to the site.
For the purposes of this evaluation cookies are saved on your computer. The information gathered in this process is stored by the provider exclusively on his server in Germany. If you prevent the saving of cookies, we would like to point out that you may then be unable to make full use of this website.
This website uses Matomo with the “AnonymizeIP” extension. This enables IP addresses to be further processed in shortened form thus excluding any direct personal reference. The IP address relayed from your browser using Matomo is not combined with other data we have gathered.
The Matomo program is an open-source project. You can obtain information from the third-party provider on data protection at http://matomo.org/privacy/policy.
20. Social media plug-ins of social networks / YouTube
We have no influence on the data collected and the data processing procedures and we also do not know the full extent of data collection, the purposes of processing or the storage periods. We also have no information about the deletion of collected data by the plug-in provider.
The plug-in provider stores the data collected on you in the form of usage profiles and uses them for purposes of advertising, market research and/or designing its websites to meet the needs of users. Such analysis is particularly performed (also for users who are not logged in) to present relevant advertisements and to inform other users of the social network about your activities on our website. You have the right to object to the formation of these user profiles, for which purpose you must contact each plug-in provider. With these plug-ins, we give you the opportunity to interact with the social networks and other users so that we can improve our offering and make it more interesting for you as the user. The legal basis for the use of plug-ins is Art. 6 para. 1 sentence 1 letter f DS-GVO.
Data is transferred regardless of whether you have an account with the plug-in provider and are logged in to it. When you are logged in to the plug-in provider, your data that is collected by us is directly attributed to your account with the plug-in provider. If you activate the button and link to the page (for example), the plug-in provider will also store this information in your user account and publicly share it with your contacts. We recommend that you always log out after using a social network, but especially before activating the button because this way you can prevent the attribution of information to your profile with the plug-in provider.
You can find additional information about the purpose and scope of data collection and processing by the plug-in provider in the data protection policies of these providers, which are shared in the following. There you will also find additional information about your rights and setting options to protect your privacy.
Addresses of plug-in providers and URLs with their data protection policies:
- Facebook Inc., 1601 S California Ave, Palo Alto, California 94304, USA; http://www.facebook.com/policy.php; additional information on the subject of data collection: http://www.facebook.com/help/186325668085084, http://www.facebook.com/about/privacy/your-info-on-other#applications and http://www.facebook.com/about/privacy/your-info#everyoneinfo. Facebook has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Google Inc., 1600 Amphitheater Parkway, Mountain View, California 94043, USA; https://www.google.com/policies/privacy/partners/?hl=de. Google has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Twitter, Inc., 1355 Market St, Suite 900, San Francisco, California 94103, USA; https://twitter.com/privacy. Twitter has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Xing AG, Gänsemarkt 43, 20354 Hamburg, DE; http://www.xing.com/privacy.
- LinkedIn Corporation, 2029 Stierlin Court, Mountain View, California 94043, USA; http://www.linkedin.com/legal/privacy-policy. LinkedIn has subjected itself to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.
- Instagram, LLC Instagram Inc., 1601 Willow Road, Menlo Park, CA 94025, USA; http://instagram.com/about/legal/privacy/#.
Our website includes links to videos from the external video platform YouTube. The associated plugins are operated by YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. By default, only inactivated images from the YouTube channel are embedded and do not provide an automatic connection to YouTube’s servers. Consequently that operator receives no user data when you view these Web pages.
You can decide for yourself whether YouTube videos should be activated. Your consent for the necessary data to be transferred to the operator (including the Internet address of the current page and the user’s IP address) will only be given when you approve for the video to play by clicking “Play.”
To store the setting that a user wishes, we set a cookie that contains these parameters. When we set these cookies, we do not store any personal data – the cookies contain only anonymized data to adjust the browser. Then the videos will be active and you can play them. If you want to inactivate automatic loading for YouTube videos, you can change your Web browser’s settings to reject cookies or limit their acceptance.
21. About data protection on Facebook
NürnbergMesse GmbH maintains Facebook pages. To the extent that we have control over how your data are processed, we make sure the applicable data protection regulations are obeyed.
Below, you can find the most important information about data protection law as it applies to our company websites.
Name and address of data controller for business
In addition to NürnbergMesse GmbH, the following is a data controller for the company’s Web pages under the terms of the EU General Data Protection Regulation (GDPR) and other provisions of data privacy law:
(Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
However, if you use the Facebook platform and its functions, you do so at your own risk. This especially applies to using interactive functions (e.g., Comment, Share, Like).
We would also like to point out that in these cases your data may be processed outside the territory of the European Union. We should point out that US providers certified under the “Privacy Shield” have agreed to comply with EU data protection standards.
Purpose and legal basis
We ourselves maintain the fan pages to communicate with those pages’ visitors and to keep them informed about our latest developments.
We also gather data for statistical purposes, so that we can refine and optimise content and make our services more attractive. The social networks process the necessary data for this purpose (e.g., total number of page visits, page activities and data provided by visitors, interactions) and make them available. We have no influence over how these data are generated or presented.
Your personal data will also be processed for market research and advertising purposes by the Facebook providers, and by NürnbergMesse GmbH as well. It may thus happen that user profiles may be developed from your usage and the interests that usage indicates. These profiles may be used for such purposes as displaying ads that presumably match your interests, both on and off the platforms. As a rule, cookies are stored on your computer for such purposes. Irrespective of those cookies, your user profiles may also store data that are not gathered directly on your devices. Such data may also be stored and analysed across multiple devices, especially – though not only – if you are a registered member and have logged into the platform.
Other than the above, we do not gather or process any personal data.
NürnbergMesse GmbH will process your personal data on the basis of our legitimate interest in effectively providing information and communication under Art. 6 (1) (f) of the EU GDPR.
If your consent is requested for data processing – in other words, if you indicate your consent by confirming on a button or the like (“opt in”) – your data will be processed on the basis of Art. 6 (1) (a) and Art. 7 of the EU GDPR.
Your rights / Right to object
If you are a Facebook member and do not want the network to gather data about you by way of our page and to link those data with the member data the network has stored for you, you must:
- log out of the network before visiting our fan page,
- delete the cookies on your device, and
- close and restart your browser.
However, once you log in again, the network will again be able to recognise you as a particular user.
For a detailed discussion of the various ways in which your data are processed and how you can object to that processing (“opt out”), please see the information in the following links:
- Opt-Out: www.facebook.com/settings and youronlinechoices.com;
- Privacy Shield: https://www.privacyshield.gov.
Overall, you have the following rights concerning how your personal data are processed: a right of access; a right to rectification; a right to erasure; a right to restrict processing; a right to object to processing; a right to data portability; a right to lodge a complaint with a supervisory authority about unlawful processing of your personal data.
However, as NürnbergMesse GmbH does not have full access to your personal data, you should assert your rights directly to the provider of the social media. These providers have access to their users’ personal data, and they are the ones who can take the appropriate measures and provide information.
Nevertheless, we will of course be happy to assist you if you need help. Please contact email@example.com
Notes on copyright
If you wish to publish pictures, text, maps, videos, music, etc. on our site, you should be aware that you may thereby assign all rights of use to the network. This may ultimately have legal consequences for you if you yourself are not the author of the materials or do not hold the rights to them.
22. Links to other providers
Our website contains clearly recognisable links to the websites of other companies. When we link to the websites of other providers, we have no influence on their content. Therefore, we also assume no responsibility and liability for this content. Each provider or website operator is responsible for the content of these web pages.
The linked pages were checked for potential legal violations and discernible infringements at the time when the links were placed. No unlawful content was discernible at the time of placing the links. However, we cannot be reasonably expected to permanently review the content of linked websites without concrete indications of a legal infringement. Such links are removed immediately when we become aware of legal infringements.