Security and data protection
General Data Protection Notice
(for e.g. registration for exhibitors or visitors of expositions)
You can view this information under “Security and Data Protection” at any time.
1. Data controller/contact
a) The data controller responsible under the German Federal Data Protection Act is:
b) Data Protection Officer
Data protection officer
e-mail: firstname.lastname@example.org .
2. Personal data
3. Collection and use of your data
3.1 Collection of access data
When you access our website, your terminal automatically transfers data for technical reasons. The following data are stored separately from other data that you may possibly transmit to us:
- Date, time and duration of your visit to our websites
- IP address, that has been assigned to you by your Internet provider
- the web page visited
- the user tool (i.e. web browser, operating system) you have used to access the site
- the action that you carried out on our website
- the terms you used in the search engines and in the site search and the search result
- whether a site was successfully accessed or not
- what information was called up (incl. downloads)
- from which server you accessed the website and the website from which you reached the current website
- These data are exclusively stored for technical purposes and are not at any time associated with a specific person.
The handling of your personal data for the purposes of providing this website and of communicating via this website are carried out on the basis of our legitimate interest pursuant to Article 6 (1) (f) General Data Protection Regulation (GDPR). It is technically necessary for us to process specific personal data (e.g. IP address) in order to provide this website. In order for you to communicate with us, it is necessary for us to handle respective personal data.
In the context of the necessary balancing of interests we have balanced your interest in the respective privacy of your personal data and our interest in the provision of this website and the establishment of contact with one another. Your interest in privacy is outweighed in both cases. If this were not the case, we would be unable to provide this website or to react to your contact query.
3.2 Ticket Shop
3.2.1 Various data on the visitor are required in order to purchase a ticket from our Ticket Shop. The following mandatory details are necessary:
- Your name
- Your e-mail address
- Company (only for trade visitors)
- Address (place, street, house number, postcode)
- Marketing characteristics
- A password
These data are necessary in order to set up and manage a user account for you. Not least we require these and possibly other data in order to be able to respond to possible future queries from you.
We process these data in order to be able to provide you with the services of our ticket shop and to fulfil the respective contracts agreed with you pursuant to Article 6 (1) (b) GDPR. The data is also processed for the promotion of our events and services (on the basis of Section 7 Paragraph 3 UWG (German Fair Trade Practices Act)) and for optimization and for market research and opinion research.
Insofar as we, as described above, require your data for the purposes of providing the functions of our ticket shop, you are contractually obliged to provide us with these data. Without these data we are unable to provide you with these functions.
3.2.2 Furthermore, you can enter the following voluntary details in the course of your registration in your profile:
- Academic title
- Other title
- Company (only voluntary for private visitors)
- House number
- P.O. Box
- P.O. Box, postcode:
- Web address
The entry of these details is voluntary and not necessary in order to purchase a ticket.
The processing of this personal data is only carried out on the basis of the express consent you have provided to us pursuant to Article 6 (1) (a) GDPR.
3.3 Community functions
We offer various community functions on our websites. You can use these community functions to interact with other users. These functions include Matchmaking365 and ambista.
Pease note that these areas could, corresponding to your settings, be publically accessible, and that all personal information that you set within them or provide in the course of your registration can be seen by others. We cannot control how other users of our website utilize this information. In particular, we cannot prevent unwanted messages being sent to you. Content placed in the community areas can be stored for an unlimited period. Should you, at some future time, wish the removal of specific placed material, send us a corresponding e-mail at the address given above.
We collect all data entered in the context of the community functions in order to be able to provide you with the community functions as intended, Article 6 (1) (b) GDPR.
Insofar as we, as described above, require your data for the purposes of providing the community functions, you are contractually obliged to provide us with these data. Without these data we are unable to provide you with the corresponding community functions.
3.4 Contact form
If you submit queries to us via our contact form, your details from the contact form including the contact data you have provided there
- First name
- Activity related with Koelnmesse
- Tel. no.
- Fax number
are saved and processed for the purpose of answering your query.
We collect these data in order to be able to accept and process your query, Article 6 (1) (b) GDPR.
Insofar as we, as described above, process your data for the purposes of accepting and processing your queries, you are contractually obliged to provide us with these data. Without these data we are unable to accept and process your queries.
3.5 Registration as an exhibitor or a visitor
You can register on our website as a visitor, trade visitor or exhibitor. We process the personal data that you have provided us with in the course of your registration in order to accomplish this.
The processing of your personal data is carried out for the purposes of initiating, executing and winding up the corresponding user contract, Article 6 (1) (b) GDPR.
You are not required to register in order to participate in Koelnmesse events. You can of course also purchase an anonymous ticket at the box office counters on site.
Without registration, we are unfortunately unable to provide you with services such as online advance ticket sales or simplified repeat ticket sales, matchmaking, travel services or other services.
In detail, we process your personal data for the following purposes:
- The purchase of tickets for our events;
- The redeeming of vouchers;
- The registration of future tickets “with one click.”
- The delivery of and payment for other services of Koelnmesse (e.g. trade fair directories and catalogues);
- Checking trade visitor status;
- Announcements, trade information and other materials concerning events of interest to you;
- The offer of individually customized services;
- Query regarding participation in our market and opinion research;
- The prevention or discovery of misuse and fraud, in particular in the case of vouchers and free tickets;
- If necessary, simple actualization of your personal data over the Internet.
Data collected subsequently is also assigned to your customer account. These include, for example, data collected when ordering a ticket.
We reserve the right pursuant to Section 7 (3) UWG to send you by e-mail information on goods and services similar to those that you have purchased from us. You can object to the receipt of such information via e-mail at any time. Every e-mail contains the information about how you can unsubscribe from the receipt of future e-mails.
5. Information on cookies and targeting
- 5.1 We use so-called browser cookies to collect information about your use of our website. Cookies are small text files that are stored on your hard drive where specific preferences and data regarding the exchange of information between our system and your browser is stored. A cookie generally contains the name of the domain from which the cookie data was sent and information about the age of the cookie and an alphanumeric identification sign. Cookies enable our systems to recognize the user’s device and to make possibly existing settings available immediately. As soon as a user accesses the platform, a cookie is transferred to the hard drive of the respective user’s computer. Cookies help us to improve our website and enable us to offer you a better service that is even-more customized to your needs. They enable us to recognize your computer when you return to our website and so:
- To store information about your preferred activities on our website and so to orient our website on your individual interests. This includes, for example, advertising that corresponds to your personal interests;
- To increase the speed with which your queries are processed;
- 5.2 The cookies used by us only store the aforementioned data about your use of our website. This is carried out not on the basis of an assignment to you personally, but by the allocation of an identification number to the cookie (“cookie ID”). The cookie ID is not associated with your name, IP address or similar data that would enable the attribution of the cookie to you. You can find out how to prevent the use of browser cookies under Item 5.5.
- 5.3 Our website uses so-called tracking technologies (you will find further details in Item 6). We use these technologies in order to make the Internet offer more interesting for you. This technology enables Internet users who have already shown an interest in our website to be presented with advertising on the websites of our partners. The display of these advertisements on our partners’ websites takes place based on the use of cookie technology and an analysis of the previous user behaviour. This analysis is carried out using a pseudonym and user profiles with your personal data are not put together. Should you wish to opt out of this tracking process, you can refuse to allow the setting of a cookie required by this process:
- For example, by means of a browser setting that deactivates the automatic setting of cookies in general. Please use e.g. the “Do not track” (“DNT”) option of your web browser
- Alternatively, you can use the following link:
Please note that you must carry out this step individually for every one of your terminals and/or browsers.
- 5.5 Should you not wish the use of browser cookies, you can set your browser in such a way that the storage of cookies is not accepted. Please note that in this case you may only be able to use our website on a limited basis or not at all. Should you wish to only accept our own cookies, and not the cookies of our service providers and partners, you can select the setting “Block third-party cookies” in your browser.
7. Data processing by social networks
We maintain publicly accessible profiles in social networks. The individual social networks that we use are listed below.
Social networks such as Facebook, Google+ etc. can normally carry out comprehensive analyses of your behaviour as a user when you visit their websites or a website with integrated social media content (e.g. Like buttons or advertising banners). Numerous processing operations that are relevant to data protection are triggered by a visit to one of our social media sites.
Specifically, if you visit one of our social media sites while you are logged in to your social media account, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded when you are not logged in or if you do not have an account with the respective social media portal. In this case, the data acquisition is accomplished e.g. by using cookies that are saved on your terminal or by recording your IP address.
The operators of the social media portals can use the data collected in this way to create user profiles in which your preferences and interests are stored. As a result, you can be presented with interest-based advertising both inside and outside the respective social media site. If you have an account with the respective social network, the interest-based advertising can be displayed on all devices on which you are, or have been, logged in.
Please also note that we are unable to trace all of the processing operations on the social media portals. Depending on the provider, further processing operations could be carried out by the operators of the social media portals. You can find details of such further processing in the terms and conditions of use and the privacy policies of the respective social media portals.
Our social media sites are intended to ensure the most comprehensive possible presence in the Internet. This is in our legitimate interest pursuant to Article 6 (1) (f) GDPR. The analytical processes initiated by the social networks may be based on differing legal foundations, which must be stated by the operators of the social networks (e.g. consent pursuant to Article 6 (1) (a) GDPR).
Controller and assertion of rights
When you visit one of our social media sites (e.g. Facebook), we are jointly responsible with the operator of the social media platform for the data processing operations triggered by this visit. You can basically assert your rights (access, rectification, deletion, restriction of processing, data portability and complaint) both against us and against the operator of the respective social media portal (e.g. against Facebook).
Please note that despite our joint responsibility with the operators of the social media portals we do not have comprehensive influence on the data processing operations of the social media portals. Our opportunities essentially depend on the corporate policies of the respective provider.
Duration of storage
The data we collect directly through our social media sites is deleted by our systems as soon as there is no longer any need for storing this data, if you ask us to delete it, or if you revoke your consent to have the data stored. Stored cookies remain on your device until you delete them. This clause does not affect mandatory legal requirements, in particular those specifying storage periods.
We have no influence on the length of time that your data is stored by the operators of the social networks for their own purposes. To find out more, please refer to the information provided by the operators of the respective social networks (e.g. read their privacy policies; see below).
Special social networks
We have a Facebook page. This service is provided by Facebook Inc., 1 Hacker Way, Menlo Park, California 94025, USA.
We have an agreement with Facebook (Controller Addendum) concerning the joint processing of the data. This agreement stipulates which data is processed by us and which is processed by Facebook whenever you visit our Facebook page. You can read this agreement by clicking on the following link: https://www.facebook.com/legal/terms/page_controller_addendum
You can adjust your advertising settings yourself in your user account. To do so, click on the following link and log in: https://www.facebook.com/settings?tab=ads .
We do not use the plugins of the social networks Facebook, Twitter, Google+, LinkedIn and Xing themselves on our website. Our buttons for sharing content via social media are implemented using the software “Shariff,” which first transmits the data to the respective network operator when you click the buttons. If you would like to learn more about Shariff, click here .
Various data are first transferred to the respective social network when you click on the corresponding button. These data can include:
- Date and time of the website access
- URL of the website which the visitor is browsing
- URL of the website which the visitor previously visited
- Browser used
- Operating system used
- IP address of the visitor
Insofar as you are logged in to the respective social network (Facebook, Twitter, Google+, LinkedIn or Xing) in parallel with your visit to our site, it is not excluded that the provider can associate the visit with your social network account. When you use the plugin functions (e. g. clicking on the “Like” button, posting a comment), this information is also transferred directly by your browser to the respective social network and possibly stored there. Please consult the privacy policies of Facebook, Twitter, Google+, LinkedIn and Xing to find out more about the purpose and scope of the networks’ data collection activities as well as their further processing and use of the data.
9. Transfer of data
In principle, a transfer of your personal information without your prior express consent will only take place in the following cases:
- When it is required for the investigation of an unlawful use of our services or for the prosecution, personal data are transferred to the law-enforcement authorities and if necessary to injured third parties. However, this only occurs when there are concrete indications of unlawful or abusive behaviour. A transfer can also take place when it is necessary for the enforcement of terms and conditions of use or of other agreements. We are also legally obliged to provide information to specific public authorities on request. These are prosecutorial authorities, authorities that prosecute misdemeanours punishable by fines and the financial authorities. The transfer of this data takes place on the basis of our legitimate interest in combatting misuse, the prosecution of criminal offences, the safeguarding, assertion and enforcement of claims and the fact that your rights and interests with regard to the protection of personal data are not overriding pursuant to Article 6 (1) (f) GDPR.
A possible transfer of the personal data is justified by our legitimate interests in adapting our business form to economic and legal factors as required and the fact that your rights and interests with regard to the protection of personal data are not overriding pursuant to Article 6 (1) (f) GDPR.
10. Transfer of data to third countries
The data can in some cases be transferred in the scope described above to countries outside the European Economic Area (EEA). These countries do not have a standard of data protection comparable with the standard of protection within the EU (e. g. USA, China or India). For the protection of your data, those of our group companies and contract partners located outside the EEA to whom data should be transferred, such as foreign representatives, are obligated on the basis of the EU standard contractual clauses for the transfer of personal data to third countries to guarantee adequate data protection.
You will find the EU standard contractual clauses for the transfer of personal data to third countries under the following link:
You will also find information on international data protection under the following link: https://www.lda.bayern.de/en/international.html
11. Changes of purpose
The processing of your personal data for purposes other than those described will only take place to the extent permitted by a legal regulation or subject to your consent for the change of purpose of the data processing. In the event of further processing for purposes other than those for which the data were originally collected, we will inform you of these other purposes before the further processing and make all relevant information available to you.
12. The deletion of your data
We delete or anonymize your personal data as soon as they are no longer required for the purposes according to the aforementioned items for which we collected them. As a rule, we store your personal data for the duration of your user relationship with respect to the website.
After the expiry of these periods of notice, the data are deleted, insofar as these data are no longer required due to legal retention periods, for criminal prosecution or for the safeguarding, assertion or enforcement of legal claims. In this case, they are locked. The data are then no longer available for further use.
13. Automatic case-by-case decision making or profiling measures
We do not use any automated processing steps in order to reach a decision – including profiling – in connection with our website.
14. Your rights as an affected individual
14.1 Right to information
Pursuant to Article 15 GDPR, you have the right to request us at any time to provide you with information concerning personal data relating to you that we process. You can make this request by sending a postal letter or e-mail to the above address.
14.2 Right to rectification of incorrect data
You have the right to request us to immediately rectify your personal data if they are inaccurate. To do so, please contact the above addresses.
14.3 Right to erasure
You have the right to obtain from us the erasure of personal data on the grounds described in Article 17 GDPR. These grounds especially give you the right to erasure if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed, if the personal data have been unlawfully processed, if we have received an objection to the processing, or the personal data have to be erased in compliance with a legal obligation in Union or Member State law to which Koelnmesse is subject. With regard to the duration of the data storage, see Item 12 of this data protection declaration. To exercise the aforementioned right, please contact the above addresses.
14.4 Right to restriction of processing
You have the right to request us to restrict processing pursuant to Article 18 GDPR. This right applies, in particular, to the following cases: When the accuracy of the personal data is contested between the user and ourselves, for a period enabling us to verify the accuracy of the personal data; the user has an existing right to erasure but opposes the erasure of the personal data and requests the restriction of their use instead; the data are no longer needed for our purposes, but they are required by the user for the establishment, exercise or defence of legal claims; the user has objected to processing pending the verification whether our legitimate grounds override those of the user. To exercise the aforementioned right, please contact the above addresses.
14.5 Right to data portability
You have the right to receive the personal data concerning yourself, which you have provided to us, in a structured, commonly used and machine-readable format pursuant to Article 20 GDPR. To exercise the aforementioned right, please contact the above addresses.
14.6 Right to object
Pursuant to Article 21 GDPR, you have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning yourself which is based on point (e) or (f) of Article 6 (1) GDPR. In that case, we shall no longer process your personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
14.7 Right of appeal
If you have a complaint, you also have the right to appeal to the responsible regulatory authority. The responsible regulatory authority is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen
Postfach 20 04 44
40102 Düsseldorf, Germany
Tel.: +49 211/38424-0
fax: +49 211/38424-10
Status: 21 August 2020