Controller within the meaning of the General Data Protection Regulation (GDPR): Messe Berlin GmbH, Messedamm 22, 14055 Berlin, Germany, e-mail: info@messe-berlin.de. 

Data protection officer:  group data protection officer of Messe Berlin (address: as before, Germany; e-mail: datenschutz@messe-berlin.de).

Messe Berlin processes the data of users/participants in the event, who may in particular be exhibitors or participating companies (hereinafter referred to as "exhibitors") and their employees, private visitors, trade visitors, sponsors, media representatives, speakers and lecturers, business partners or other ticket holders (hereinafter all together referred to as "participants").

Participants in the event are given access to a virtual platform, also via an event app, through which they can present themselves and, if applicable, their company (profile), visit the event virtually, watch presentations and lectures live or as a follow-up (participation) and meet and network (communication and networking).

The data are collected as part of the online registration and creation of a profile and partly automated by various technologies.  Messe Berlin can invite participants to take part in this and other events if participants buy a ticket or are users or customers of (online) services of Messe Berlin in some other context. For exhibitors, the following data will be transferred from the customer database: name of the company/organisation, address, telephone, e-mail, website and contact person with first and last name, gender, telephone and personal e-mail address.

Online registration
Participation in an event via app without interacting is possible without registration. In order to interact, e.g. to network, registration and authentication as a participant of the event is necessary. This requires the specification and processing of the participant's e-mail address. For separate event functions -or content- an online registration form may have to be filled out in the ticket store of the event or on the website. Further information can be found in separate data protection notices, if applicable.

Profile creation
For the profile creation on the event app “ILA Berlin”, the following mandatory data are processed: first name, last name, language, email address, job title and company/organisation. The following voluntary data are processed: country as well as address (address, postcode, city), official contact details (telephone number), photo, professional interests and biographical information as well as social media accounts. In addition, further voluntary information may be provided. The data can be manually synchronized between the event platform and the event app by clicking the "Start synchronization now" button in the event app.

The data of the exhibitor profiles (company name and address, homepage, exhibitor description, business field, industry, products, media uploads, logo, contact person, contact data, categories) are stored in the Digital Event Platform and played out to the event app, where they are also displayed. The data is stored on the mobile device.

Communication, networking
For this purpose, the following data are processed on the participant's basic profile: first name, last name. If networking is switched on, the aforementioned and the following data are processed: role and name of the company/organisation of participants in calls or chats as well as, if applicable, picture, video and sound, content, time stamp and history of the chat as well as date and time of agreed appointments, name of the conversation partner, type of appointment, notes on appointment entries, availability and the calendar ID. In order to enable some of these functionalities, the following hardware of the respective end device is optionally accessed after activation by the participant himself/herself: camera, microphone, headphones or loudspeaker. When downloading the personal business card, in addition to the above-mentioned data, the e-mail address and the telephone numbers provided are also processed. Appointments and business cards can be saved by the user in the calendar and contacts of the respective end device or downloaded as a list.

Technical usage data
When participating in virtual events via the event app and to ensure platform operation, including live streaming, the following technical usage data are processed after registering by using a user ID: services used and activities performed within the virtual event as well as date, time and duration of participation and services used as well as activities. In addition, information on content interactions, such as content downloads, streams and playback details, including duration and number of simultaneous streams and downloads, as well as network details for streaming and download quality, including information on Internet Protocol (IP) address of the Internet service provider, versions and time settings are processed.

In addition, in standard http access logs, the Internet Protocol (IP) address connecting computers and other end devices to the Internet; timestamp, http method, resource path, domain, response time and user agent are processed for debugging purposes and for analysing or optimising interface usage patterns for three months. In application and error logs, errors, warning and information messages and related information are processed for error detection and correction purposes for a maximum of one month.

Insofar as participants register or provide information for another person (third party) or provide a third party’s data participants ensure and assure that they are authorised to provide these data to Messe Berlin and that Messe Berlin may lawfully process those data for the purposes mentioned in section 3 and that the third parties concerned have been sufficiently informed by the participants about the processing of the personal data pursuant to this notice.
 

3.1. Performance of the contract and implementation of the event

Messe Berlin processes the personal data pursuant to Section 2 for the purpose of the establishment and performance of the contract and participation in the event (legal basis: Art. 6 (1) (b) GDPR). The technologies mentioned in section 2 are also used to navigate the event app and to provide some functionalities.

This processing purpose and legal basis shall also include, in particular, the following functionalities of the event app, if available:

Profiles and exhibitor profile
This enables the creation of a personal user profile or an exhibitor profile for the presentation of exhibitors / companies in order to establish new contacts and network with other participants and/or to present the respective company and its products and services and to present job advertisements on the job board. For this purpose, participants can be informed by e-mail about news within the profile, such as new contact requests.
If exhibitors/companies or participants post URL links to their own content or similar (e.g., social media), participants will leave the event platform by clicking on this link and will be forwarded to the linked website. The respective website operator is the controller for this linked website in accordance with the Data Protection Regulation (GDPR). Further information can be found in the data protection and cookie notices of the respective website operator (legal basis: the participant's consent pursuant to Art. 6 (1) (a) GDPR). The content, availability and/or function and/or terms of use of these linked websites are not controlled by Messe Berlin and Messe Berlin is not responsible for them; the external links are subject to the terms of use of the third parties and may be changed and/or discontinued by the third parties without the knowledge of Messe Berlin.

Video/live streaming
This feature allows retrieval of live streaming and video on demand.

Communication and networking
This enables participants to communicate with other participants (e.g. chats), also using so-called emoticons, and to communicate, set up and organise meetings, take notes, as well as to arrange and conduct appointments between different participants (including notification function). Within the user communication centre, contacts can be searched for, recommended, favoured and blocked, as well as one's own status can be indicated, and the network function can be activated or deactivated.

Profiling/matchmaking
Search/filter functions within the event platform enable filtering by various categories such as sectors, employee functions/roles or product groups. These interest filters can be defined by the participants themselves. This involves an automated matching of the set filters with the aim of optimising networking. If the participants agree, suitable contacts are suggested on the basis of the profiles and information. These and other settings can be changed at any time in the personal profile.

Coupons
Exhibitors can provide participants with digital vouchers, discount codes or similar within the framework of an event for a limited period of time. These can be accessed via linked exhibitor websites (see Profiles on the event platform and exhibitor profile).

Favorites sync
In order to enable the favorites created in the app to be synchronized with the watch lists on the digital platform, in addition to the favorites, login data is also transferred to the platform as an identifying feature for the user account. This login data must be entered by the user himself in the app before the first synchronization. This login data is stored in the app to simplify subsequent synchronization processes. The synchronization only takes place when the "Synchronize favorites" button is pressed in the app. If the favorites synchronization is not used, no data will be collected.

Push notifications
Users of the app can be centrally informed about the event term via push notifications with a wide variety of information about the event itself or its exhibitors and products. The push notification service can be switched off individually and the processing of data can be objected to. In the case of push messages, the data is generally deleted as soon as the request has been processed.

3.2.    Exhibitor Tracking
Exhibitors can book the transmission of personal data from the participant profiles (mandatory fields) as part of additional digital exhibitor packages for the event. 
In addition to the data of the mandatory fields mentioned in section 2, the optional information from the profile will be transmitted, provided that participants have explicitly agreed to this. The legal basis for the processing is the participant's consent (Art. 6 (1) (a) GDPR).

3.3.    Surveys
Survey tools from external service providers (e.g., sli.do s. r. o) are used for voluntary online surveys during the event period in connection with participation in the event. If a survey tool is used in the event app see section 4 for more information.

3.4.    Analysis and evaluation
In addition, Messe Berlin processes personal data for its legitimate interest in analysis and evaluation for statistical purposes and to optimise future offers by Messe Berlin (legal basis: Art. 6 (1) (f) DS-GVO). For this purpose, an external service provider (so-called order processor) is used, which creates aggregated statistics from the accruing data (see section 2) of the event platform, the event app as well as the registration data from the ticket shop, in order to obtain target group-specific findings on the use of offers as well as on focal points of interest and topics. The analyses provided only allow for an aggregated view of user groups. Conclusions about a specific or identifiable natural person are excluded.

3.5.    Contact for information and advertising purposes by companies of the Messe Berlin group
Messe Berlin process the personal data from the profile and the contact data for the purpose of contacting participants in order to provide them with information concerning the trade fair/event and information on opening, side and subsequent events as well as other products and services of the trade fair portfolio, including in particular (editorial) newsletters, print and digital media offers, industry-specific web portals and lead campaigns. Subsequent events also include other trade fairs and events organised or held by Messe Berlin or other Messe Berlin group companies in Germany and abroad. For these purposes Messe Berlin also transmits the data to other companies within the group of companies. Personal data are also processed for the purposes of market and user research and for voluntary online surveys in order to constantly improve our own offers, products and services and to adapt them to requirements as part of a market and user analysis. The processing is based on the legitimate interest of Messe Berlin in providing the participants with optimum support before, during and after the trade fair or event and in advertising identical and similar products or services from the trade fair portfolio of the Messe Berlin group of companies (legal basis: Art. 6 (1) (f) GDPR). 

3.6. Crash Reporting
The so-called crash reporting is a separate function to determine the error in the event of an app crash. In this context, the following data is processed: the device ID, the device model, the name of the device, the operating system, the time stamp and the cause of the error. The data is required for crash reporting in order to analyze and fix errors or crashes in the app. This purpose represents our legitimate interest in data processing and the processing is therefore based on the legal basis of Article 6 Paragraph 1 lit. f GDPR. The data will be deleted as soon as they are no longer required to achieve the purpose for which they were collected.

3.7. Location Based Services (option)

Access to the location of the device is required for so-called location-based services. This service is used to obtain helpful information about the respective event, depending on the individual location. The location data is determined using GPS data, identifiers of WLAN networks in the vicinity, mobile phone data and Bluetooth and is only used for the technical execution of the corresponding functions.

The location data is not used to create movement profiles beyond your current location and is therefore neither logged nor stored.

This access can be revoked at any time in the app settings. (Legal basis: Art. 6 (1) (a) GDPR).

3.8.    Calendar access (option)
The calendar access offers the possibility to save the dates of the trade fair visit planning in the personal calendar. No personal data is read from the calendar or stored centrally. Access can be revoked at any time in the app settings. (Legal basis: Art. 6 (1) (a) GDPR).

3.9.    Address book access (option)
Access to the address book offers the option of saving the contacts received via the digital business card or the exhibitor directory. The system checks locally on your device whether the contact is already saved in your address book. To save the exhibitor contacts, the app requires access to your address book.
Address book access also offers the option of inviting your own contacts to use the app. As soon as you search for a contact in Networking who is not yet an app user / net-working participant, you can check whether the user exists in the local address book after granting access to the address book and then invite them to use the app.
Access will only take place if you have given your prior consent. The legal basis for this is your consent in accordance with Art. 6 (1) (a) GDPR, which can be revoked at any time. To do so, please deactivate access in the app settings on your device.

3.10. Camera access (option)
Access to the camera offers the option of reading digital business cards in the form of QR codes. The data is stored on the device. Access can be revoked at any time in the app settings. (Legal basis: Art. 6 (1) (a) GDPR).

3.11. Memory access (option)
Memory access offers the possibility to select the profile photo, to save your own digital business card and to save the individually generated trade fair visit data on the device. Access can be revoked at any time in the app settings. (Legal basis: Art. 6 (1) (a) GDPR).

3.12.    Security
The log data mentioned in section 3 are processed for the legitimate interest of Messe Berlin in ensuring the security of the event platform, the event app and the data collected on it (legal basis: Art. 6 (1) (f) GDPR).
 

The data published in the profile are visible to other participants of the event worldwide. In order to carry out certain processing activities in connection with the event (in particular hosting and IT support, platform and data management, platform performance / security, digital communication (email, chat, video chat, video, streaming and screen sharing), app, analysis and marketing) as well as assistance and support, external service providers are used which process the personal data on behalf of Messe Berlin (so-called processors).

Messe Berlin also transmits the data to other companies in the Messe Berlin group of companies for the purposes stated in section 3.6. In the case of events held in cooperation with associations or business partners, the data will also be transmitted to them. If Messe Berlin conducts market research or an online survey together with a cooperation partner or exhibitor, the latter will receive the results of the survey (on an anonymous basis).

Many participants of the event, some processors, service providers and technology providers and some companies of the Messe Berlin group of companies, partner companies and exhibitors are located in third countries outside the EU, which do not provide the same level of data protection as the EU, in particular due to the absence of a legal framework, independent supervisory authorities or data protection rights and remedies. Messe Berlin will only transfer personal data to those third countries if the European Commission ("EU Commission") has adopted a so-called adequacy decision in this respect (Art. 45 GDPR) or otherwise where appropriate safeguards in accordance with Art. 46 GDPR have been provided, in particular standard data protection clauses adopted by the EU Commission pursuant to Art. 46 (2) (c) GDPR and, where necessary, supplementary measures. A copy of the safeguards can be obtained upon request (e.g., by e-mail – for contact details see section 1 above).

With regard to the transfer of data to other participants of the event, the transfer is necessary for the performance of the contract (Art. 49 (1) (b) GDPR). With regard to the transfer of data to cooperation partners or exhibitors, the data transfer is based on the explicit consent of the participant despite the lack of adequate data protection in third countries outside the EU and the associated risks (Art. 49 (1) (a) GDPR). Messe Berlin has no control on the processing of personal data (including re-contacting, advertising, invitations, etc.) by exhibitors and other participants of the event in their area of responsibility, but the exhibitors and other participants are solely responsible for this under data protection law.
 

Participants can delete the event app incl. its content data from the mobile device at any time.  Participants can delete their voluntarily provided profile data in the event platform at any time. The mandatory data of the personal profile, except the email address, can be changed by the participants at any time. The personal data mentioned in section 2 will be deleted no later than two (2) years after the end of the event. This excludes profile data, including contact details of participants and exhibitors (with the exception of photos), which will be processed for information and marketing purposes (section 3.6) until an objection to the processing is received. Stored personal data will be erased once they are no longer needed for achieving the relevant purpose of their processing. Insofar as processing is based on consent or on the basis of a legitimate interest of Messe Berlin, the data concerned will no longer be processed for the associated purpose after receipt of the revocation of consent or objection and, if applicable, will be deleted, unless there are statutory exceptional circumstances. Notwithstanding the foregoing, personal data which are subject to retention obligations under commercial or tax laws will only be deleted after the expiry of the statutory retention periods.
For the storage period of the technical usage data and the data collected by the aforementioned technologies, see section 2.
 

To exercise the following rights, data subjects can contact the controller or the event at any time (for contact details, see section 1). 
Rights of the data subjects pursuant to Art. 12-21 GDPR: the right to access about personal data, the right to rectification, erasure and data portability as well as to restriction of processing. If consent has been given, this can be revoked at any time with effect for the future.

If the processing is based on legitimate interest (see section 3 above), there is a right to object to the processing of personal data, including profiling, at any time on grounds relating to the specific situation of the data subject.

Furthermore, there is the right to object to the processing and use of data for advertising purposes at any time. The newsletters also include an unsubscribe link.

If data subjects are of the opinion that the data processing violates data protection law, they have the right to lodge a complaint with the competent supervisory authority of their choice (Art. 77 GDPR in conjunction with section 19 of the German Federal Data Protection Act (Bundesdatenschutzgesetz)).
Within the settings of the web browser, the aforementioned technologies (see section 2 - Technical usage data) can be deleted, rejected/blocked or de-/activated. If essential cookies or technologies are deleted or rejected/blocked, the website/platform may not function properly or may not be accessible.